When connecting Microsoft Sentinel to Defender XDR, there are a couple of changes happening in tables which you should be aware of. Even though they are documented in the Microsoft Learn, I it is not always clear what the exact impact is. Let's go over it together.

Microsoft announced on the 1st of July 2025 that the Microsoft Sentinel Azure Portal UI will be deprecated at the 1st of July 2026, and all requests will be redirected to the Security Portal instead. This means that all Microsoft Sentinel customers have 1 year time to transition to the Unified experience between Microsoft Sentinel and Defender XDR.

Learn how to parse CEF message to Common Security Log without AMA agent

How can you effectively isolate a device in your network, and be sure a threat will not perform lateral movement?

Learn how Microsoft Defender for Endpoint performs network inspections with Zeek

In April 2024, MITRE came with their new V15 version of ATT&CK. In this version a new sub-technique was introduced called 'T1556.009 - Modify Authentication Process: Conditional Access Policies'. This was, in my opinion, a great addition to the framework, since it is an important technique which can be abused by adversaries. By changing a Conditional Access policy (later referred to as 'CA policy'), an adversary can establish Credential Access, Defense Evasion, and Persistence in Entra ID. Since it is such a vital component, I thought it was time to do a bit of a deep dive into how we can detect and mitigate suspicious CA policy changes.

What is Defender for Identity NNR, why is it important, and how can you resolve issues with it?

Learn how to get insights in your corporate network without having to but specific network scanning tools.