Transition from Microsoft Sentinel to Defender XDR - Practical challenges

Transition from Microsoft Sentinel to Defender XDR - Practical challenges

Microsoft announced on the 1st of July 2025 that the Microsoft Sentinel Azure Portal UI will be deprecated at the 1st of July 2026, and all requests will be redirected to the Security Portal instead. This means that all Microsoft Sentinel customers have 1 year time to transition to the Unified experience between Microsoft Sentinel and Defender XDR.
12 min read
Defender XDR Microsoft Sentinel Security Portal Migration
Device isolation and containment strategies

Device isolation and containment strategies

How can you effectively isolate a device in your network, and be sure a threat will not perform lateral movement?
14 min read
MDE Containment Defender XDR Network isolation
T1556.009 - Detect and prevent suspicious conditional access policy modifications

T1556.009 - Detect and prevent suspicious conditional access policy modifications

In April 2024, MITRE came with their new V15 version of ATT&CK. In this version a new sub-technique was introduced called 'T1556.009 - Modify Authentication Process: Conditional Access Policies'. This was, in my opinion, a great addition to the framework, since it is an important technique which can be abused by adversaries. By changing a Conditional Access policy (later referred to as 'CA policy'), an adversary can establish Credential Access, Defense Evasion, and Persistence in Entra ID. Since it is such a vital component, I thought it was time to do a bit of a deep dive into how we can detect and mitigate suspicious CA policy changes.
21 min read
Entra ID Conditional Access MITRE ATT&CK Defender XDR
Analyzing MDE Network Inspections

Analyzing MDE Network Inspections

What is Defender for Identity NNR, why is it important, and how can you resolve issues with it?
9 min read
MDI Defender XDR Kusto Health monitoring