Transition from Microsoft Sentinel to Defender XDR - Practical challenges

Transition from Microsoft Sentinel to Defender XDR - Practical challenges

Microsoft announced on the 1st of July 2025 that the Microsoft Sentinel Azure Portal UI will be deprecated at the 1st of July 2026, and all requests will be redirected to the Security Portal instead. This means that all Microsoft Sentinel customers have 1 year time to transition to the Unified experience between Microsoft Sentinel and Defender XDR.
12 min read
Defender XDR Microsoft Sentinel Security Portal Migration
MDE Device Discovery - Improving the monitored network page

MDE Device Discovery - Improving the monitored network page

This blogpost is probably the first of a series that I will create in the coming months on Device Discovery. I regularly see organizations buy a specific tool to create an asset inventory list of what lives in their networks, while this is something we can actually do with Microsoft technology
7 min read
MDE Device Discovery Asset Management Network Monitoring
Correlating Defender for Endpoint and Global Secure Access Logs

Correlating Defender for Endpoint and Global Secure Access Logs

If you are working with Microsoft security solutions, you might have heard of the new kid on the block called Microsoft Global Secure Access. Being a blue teamer myself, I asked myself how we can use this new Secure Service Edge solution - and specifically the Internet Access logs - to make our detections better.
6 min read
MDE GSA Global Secure Access Kusto
Device isolation and containment strategies

Device isolation and containment strategies

How can you effectively isolate a device in your network, and be sure a threat will not perform lateral movement?
14 min read
MDE Containment Defender XDR Network isolation
Analyzing MDE Network Inspections

Analyzing MDE Network Inspections

What is Defender for Identity NNR, why is it important, and how can you resolve issues with it?
9 min read
MDI Defender XDR Kusto Health monitoring