Effective Tips To Manage Microsoft Defender XDR Tables
Updated—12/02/2026 — For supported Microsoft Defender XDR tables (MDE/MDO/MDA), you can now stream directly to the Microsoft Sentinel data lake while keeping XDR retention at 30 days (included in license)….
Solution – Fix Microsoft Sentinel Missing Incident Description
In early July 2025, Microsoft announced that Microsoft Sentinel in the Azure Portal will be deprecated as of July 1, 2026. From that date forward, all access requests to the…
Master Log Tiering With Microsoft Sentinel data lake
Updated—12/02/2026 — For supported Microsoft Defender XDR tables (MDE/MDO/MDA), you can now stream directly to the Microsoft Sentinel data lake while keeping XDR retention at 30 days (included in license)….
Collect Security Events with Azure Monitor Agent on Workstations
Microsoft Defender for Endpoint (MDE) with Plan 2 provides a really great and relatively affordable way of ingesting large-scale events into your SIEM, like Microsoft Sentinel, for detection, correlation, and…
Demystifying Microsoft Sentinel Roles and Permissions
Effective access control is the keystone of any secure, well‑managed Microsoft Sentinel deployment. By carefully scoping permissions at each level—from your Azure tenant down to individual log records—you ensure that…
Auxiliary Logs Transformations in Microsoft Sentinel: A Step-by-Step Guide
Updated — 20/08/2025 — The tool below has been updated to create Microsoft Sentinel Data Lake tier tables, which are the same as Auxiliary tier Tables. Updated — 15/07/2025 — Starting 1…
Ultimate Health Check for Microsoft Sentinel: Boost Security & Savings
A robust Microsoft Sentinel deployment is more than just a “set and forget” cloud SIEM solution. As your organization’s security posture evolves, so too do your data sources, threat models,…
Strengthen Microsoft 365 to Combat Phishing Threats
Phishing remains one of the most effective and persistent cyber threats to organizations of all sizes. With the shift to cloud productivity platforms, especially Microsoft 365, attackers are evolving their…
Enhancing Security Visibility with Microsoft Sentinel Summary Rules for Fortinet Logs and Threat Intelligence
Microsoft Sentinel is a powerful cloud-native SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) solution to help organizations aggregate, analyze, and act on security data….
Azure Files Storage and Access Tiers: A Comprehensive Guide
Azure Files is a core component of Microsoft Azure’s storage offerings, providing fully managed file shares in the cloud that are accessible via industry-standard Server Message Block (SMB) and (in…
Revolutionizing Threat Intelligence in Microsoft Sentinel: Transitioning to Enhanced Modeling and Advanced Threat Hunting
Cybersecurity is an ever-evolving field, and staying ahead of potential threats requires constant innovation. Microsoft Sentinel continues to lead the way with its advanced threat intelligence capabilities. Recently, Microsoft announced a significant…
Forward Logs to Microsoft Sentinel with a Private Link
In today’s hybrid and multi-cloud world, securing log data is critical for any organization’s cybersecurity posture. Microsoft Sentinel is a cloud-native Security Information and Event Management (SIEM) and Security Orchestration,…