Tag: Azure Security
-
Reflecting on the Journey Since 2025 with Security Day with Mike: Thank you!
As we close another chapter and look back to when It’s Security Day with Mike! first launched in 2025, I want to take a moment to say Thank You This blog started with a simple goal: translate complex Microsoft security capabilities into practical, real world guidance for technical leaders and practitioners. What it’s grown into Read more
-
Microsoft Ignite 2025 Security Announcements: What Technical Leaders Need to Know
Microsoft Ignite 2025 introduced a major shift in enterprise security, focusing on AI governance, identity centric protection, and autonomous security operations. This post breaks down the most important Microsoft security announcements and what CISOs, Security Architects, and technical leaders need to know. Read more
-
Simple Syslog Ingestion with Microsoft Sentinel Data Lake
Learn how to easily connect your Syslog collector VM, configure a Data Collection Rule, and validate real-time log ingestion into Microsoft Sentinel Data Lake. This step-by-step guide helps you streamline Syslog ingestion for scalable and cost-efficient security analytics. Read more
-
The Proven Way Sentinel Data Lake Slashes Cost
Introduction Security teams have long faced a tough challenge: balancing visibility with cost. A year ago, many organizations hesitated to adopt Microsoft Sentinel because of the high cost of the Analytics tier, forcing them to strip data down to the bare minimum. Microsoft listened. The Sentinel Data Lake tier is the proven way to slash Read more
-
Revolutionize Security Data Exploration with Microsoft Sentinel MCP Tools
Introduction Last week, we explored what Sentinel MCP is and how it integrates with Microsoft Sentinel. As security operations evolve at lightning speed, AI-driven workflows are becoming the cornerstone of modern SOCs. With Microsoft Sentinel MCP (Model Context Protocol), your team can harness agentic automation to interact with security data using natural language while maintaining Read more
-
Unlocking Scalable Security Analytics: Bolster Sentinel Data Governance
Introduction Throughout this series, we’ve explored how Microsoft Sentinel evolves to meet modern security analytics needs—from onboarding and cost optimization to advanced KQL automation and notebook-based data science. One of the key components in this ecosystem is the Sentinel Data Lake, which plays a crucial role in storing and managing security data efficiently. In this Read more
-
Unlocking Scalable Security Analytics: How to Optimize KQL Queries in Sentinel Data Lake
Introduction In Part 3 of this series, we covered how to onboard Microsoft Sentinel Data Lake. Once onboarding is complete, the next step is learning how to query your data effectively. Efficient Kusto Query Language (KQL) queries are critical for SOC teams during historical investigations. Well-structured queries reduce costs, accelerate investigations, and reveal meaningful patterns. Read more
-
Mastering SecOps: Drive Better SOC Decisions Today
Welcome back to Mastering SecOps, a five-part blog series built to help you mature your Microsoft Sentinel environment with confidence. So far, we’ve explored smart detection with MITRE ATT&CK and UEBA, and how to destroy response time delays with Sentinel Playbooks and Threat Intelligence. Now, we’ll focus on how to leverage Sentinel Workbooks to visualize Read more
-
Mastering SecOps: Destroy Response Time with Sentinel Playbooks
Welcome back to Mastering SecOps, a five-part blog series designed to help you fully operationalize Microsoft Sentinel with tools like Sentinel Playbooks. In our last post, we focused on strengthening detection using MITRE ATT&CK and UEBA. Today, let’s dive into a key part of any modern SOC: automation and alert enrichment, enabled by Sentinel Playbooks. Read more