Simplified onboarding of Microsoft Defender for Endpoint using the Defender deployment tool
Rolling out endpoint protection across an organization can sometimes feel more complex than it should be. Microsoft has simplified the onboarding process for Microsoft Defender for Endpoint (MDE) in the past months with deployment packages that make onboarding devices straightforward,...
Automatic migration from Defender for Identity Sensor v2 to v3.x and gMSA changes
Microsoft has enhanced Defender for Identity with the introduction of the new v3.x sensor, designed to simplify onboarding and streamline configuration. This update makes deployment faster and more efficient. Previously, migrating from v2.x to v3.x was a complex process that...
Automatic Windows event auditing configuration for Defender for Identity V3.x sensor
Defender for Identity is crucial for capturing events, alerting on MDI threats, and collecting information from on-premises systems through the installed sensor. For environments still running on-premises, ensuring Defender for Identity is running optimally is key for effective attack disruption...
How to natively archive Defender XDR logs for up to 12 years
For years, customers have asked for ways to extend data retention in Microsoft Defender XDR beyond the default limits to support advanced hunting and long-term archiving needs. By default, Defender XDR retains incidents, alerts, and related data for up to...
Microsoft Sentinel Cost Management: How to get insights in data lake usage
Microsoft announced the public preview of Microsoft Sentinel Cost Management at Microsoft Ignite 2025. The new feature brings more in-depth cost visibility into the usage of Sentinel and Sentinel Data Lake. With the release of Microsoft Sentinel data lake, it...
2025 Microsoft Defender Optimization & Configuration Cheat Sheet
With just 2 remaining months in 2025, it is a good idea to check the Microsoft Defender environment and check of new features are correctly configured. In recent months, Microsoft has released numerous new features and security solutions to protect...
AiTM/ MFA phishing attacks in combination with “new” Microsoft protections (2026 edition)
Adversary-in-the-middle phishing attacks are still more common in use. In the last year and the start of 2026, there is still a more visible increase in AiTM/ MFA phishing. Since the removal of basic authentication from Exchange Online, more and...
How to store Defender XDR data for years in Sentinel data lake without expensive ingestion cost
In recent years, an increasing number of customers have requested options to extend retention in Microsoft Defender XDR beyond the default 30 days at a low cost, all with the requirement of having the KQL experience available. Blog information: Feature is...
Microsoft Sentinel data lake: How to use/enable and set-up the unified data lake
Microsoft released the new Microsoft Sentinel data lake in public preview this month. With the data lake feature, it is possible to scale and store data more easily for less cost. The new Microsoft Sentinel data lake is a new...
Configure automatic Attack Disruption in Microsoft Defender XDR
Microsoft Defender XDR includes a powerful response capability with the name Attack Disruption. As part of the Defender XDR solution attack disruption capabilities can protect the environment against sophisticated, high-impact attacks. Attack Disruption works automatically; however, it still needs manual...
