Microsoft Sentinel Cost Management: How to get insights in data lake usage
Microsoft announced the public preview of Microsoft Sentinel Cost Management at Microsoft Ignite 2025. The new feature brings more in-depth cost visibility into the usage of Sentinel and Sentinel Data Lake. With the release of Microsoft Sentinel data lake, it...
Troubleshoot configured Defender AV settings with effective settings in Defender
To ensure Microsoft Defender Antivirus (Defender AV) provides full protection and leverages all its capabilities, it must be configured with the correct antivirus settings. Since Defender AV can be managed through multiple methods, it’s essential to monitor and identify potential...
2025 Microsoft Defender Optimization & Configuration Cheat Sheet
With just 2 remaining months in 2025, it is a good idea to check the Microsoft Defender environment and check of new features are correctly configured. In recent months, Microsoft has released numerous new features and security solutions to protect...
AiTM/ MFA phishing attacks in combination with “new” Microsoft protections (2025 edition)
Adversary-in-the-middle phishing attacks are still more common in use, in the last year and the start of 2025 there is still a more visible increase in AiTM/ MFA phishing. Since the removal of basic authentication from Exchange Online more and...
How to store Defender XDR data for years in Sentinel data lake without expensive ingestion cost
In recent years, an increasing number of customers have requested options to extend retention in Microsoft Defender XDR beyond the default 30 days at a low cost, all with the requirement of having the KQL experience available. Blog information: Feature is...
Microsoft Sentinel data lake: How to use/enable and set-up the unified data lake
Microsoft released the new Microsoft Sentinel data lake in public preview this month. With the data lake feature, it is possible to scale and store data more easily for less cost. The new Microsoft Sentinel data lake is a new...
Defender for Office 365 Auto-Remediation of Malicious Messages (AIR)
In Defender for Office Automated Investigation and Response (AIR) is important. Microsoft has improved the features surrounding Auto-Remediation of Malicious Messages in the Automated Investigation and Response (AIR) capability over the past months, aiming to avoid manual actions when malicious...
Automated incident triage with Security Copilot and Microsoft Sentinel/ Defender XDR
With the use of Security Copilot, it is possible to enrich and triage alerts automatically using GenAI data. Microsoft recently developed new SOC automation playbooks to accelerate AI-automated triage based on Security Copilot and Microsoft Sentinel. Since the launch of...
AI workload threat protection in Microsoft Defender for Cloud
Recently, Microsoft announced a new protection plan for AI workloads as part of the Microsoft Defender for Cloud suite. AI security is becoming more important as AI continues to rise, with more products and companies leveraging its capabilities.” This version...
Configure automatic Attack Disruption in Microsoft Defender XDR
Microsoft Defender XDR includes a powerful response capability with the name Attack Disruption. As part of the Defender XDR solution attack disruption capabilities can protect the environment against sophisticated, high-impact attacks. Attack Disruption works automatically; however, it still needs manual...
