March 12, 2026
Managing SIEM costs is critical to the sustainability of security operations. This article provides a deep dive into Microsoft Sentinel’s pricing model, including ingestion tiers, Continue […]
- Filter by
- Categories
- Tags
- Authors
- Show all
- All
- Azure App Service
- Azure Architecture
- Azure Updates
- Command Line
- Community
- Microsoft Security
- Tech Community
- All
- .AI agent orchestration
- .NET
- .NET Core
- A2A
- actions/checkout
- Active Directory
- adaptive cloud
- Add tools to copilot instructions in copilot studio
- Add tools to instructions copilot studio
- Adversary-in-the-middle (AiTM)
- agc
- Agent ID
- Agentic
- Agentic AI
- Agentic Workflows
- Agents
- agentskills
- AI
- AI + Machine Learning
- ai adoption
- AI agents
- ai foundry
- ai gateway
- ai guidance
- ai search
- ai services
- AI-assisted coding
- AI-assisted development
- AI-powered automation
- AI-Powered Code Review
- AI-Powered Development
- AI-powered DevOps
- AIOps
- AKS
- ALZ
- analytics
- api
- API Management
- API Management (APIM)
- API security
- apim
- APIs
- app service
- Application Gateway
- application gateway for containers
- architecture
- architecture diagrams
- Architecture Review
- Archive Storage
- arm
- Article
- Artificial Intelligence
- ASP.NET Core
- aspnetcore
- Assesement
- Astro
- Audio Notes
- auth0
- Automated Plan Validation
- automation
- Autonomous agent
- Availability
- AVD
- avnm
- aws
- AWS Cloud
- AZ-900
- AzAPI
- Azure
- Azure Active Directory
- Azure Adaptive Cloud
- azure advisor
- Azure AI
- azure ai content security
- Azure AI Custom Vision
- Azure AI Foundry
- Azure AI Landing Zones
- Azure AI Language
- Azure AI Search
- Azure API Management
- Azure APIM
- Azure APIM policy configuration
- Azure Application Gateway
- azure application gateway for containers
- azure architecture
- Azure Backup
- Azure Bastion
- Azure Bicep
- Azure Bicep Snapshots
- Azure Blob Storage
- Azure Cache for Redis
- Azure Cloud
- Azure Cloud Adoption Framework
- Azure confidential ledger
- Azure Container Apps
- Azure Container Instances
- Azure Container Registry
- Azure Container Storage
- azure copilot
- Azure Cosmos DB
- Azure Data Explorer
- Azure Data Factory
- Azure Data Lake Storage
- Azure Database for MySQL
- Azure Database for PostgreSQL
- Azure Database Migration service
- Azure Databricks
- Azure DDos Protection
- azure deployment stacks
- Azure DevOps
- Azure Disk Storage
- Azure DNS
- Azure Essentials Show
- Azure ExpressRoute
- Azure Files
- Azure Firewall
- Azure Firewall Manager
- Azure Front Door
- Azure Functions
- Azure fundamentals
- Azure Health
- Azure Hybrid Benefit
- Azure Kubernetes Fleet Manager
- Azure Kubernetes Service
- Azure Kubernetes Service (AKS)
- Azure Landing Zone
- Azure Load Testing
- Azure Local
- Azure Local LENS
- Azure Log Analytics
- Azure Logic Apps
- Azure Machine Learning
- Azure Managed Lustre
- Azure Managed Redis
- Azure Migrate
- Azure Migration
- Azure Modular Datacenter
- Azure Monitor
- Azure NAT Gateway
- Azure NetApp Files
- Azure Network
- Azure Networking
- Azure Policy
- Azure PowerShell
- Azure Pricing
- Azure Private Link
- Azure Red Hat OpenShift
- Azure Resource Manager
- azure route server
- Azure Security
- Azure Sentinel
- Azure Site Recovery
- Azure Sphere
- Azure SQL Database
- Azure SQL Managed Instance
- Azure Storage
- Azure Storage Essential Training
- Azure Storage Mover
- azure traffic flows
- Azure Update Manager
- Azure Virtual
- Azure Virtual Desktop
- azure virtual network manager
- Azure Virtual Network Routing Appliance
- Azure Virtual WAN
- Azure VM
- Azure VM Image Builder
- Azure VMware Solution
- azure-ad-b2c
- azure-arc
- azure-b2c
- azure-communication
- azure-signalr
- azuredevops
- azureopenai
- backend-development
- backups vs DR vs HA
- Baseline Security Mode
- Batch
- bgp
- Bicep
- bicep resources
- bicep-local-deploy
- biceplang
- Book
- Branch checkout
- branding
- build an autonomous agent in Copilot Studio step by step
- Business
- Bypass Microsoft Account
- C#
- career
- career-growth
- careerdevelopment
- careers
- CCF
- Certification
- Chaos Engineering
- Charbel Nemnom MCT
- CI/CD
- CI/CD automation
- CI/CD Pipeline
- claude-ai
- Cloud
- Cloud & AI Platforms
- Cloud Accelerate Factory
- Cloud Adoption Framework
- Cloud Architecture
- Cloud automation
- Cloud Computing Explained
- Cloud development platforms
- Cloud Fundamentals
- Cloud Infrastructure
- Cloud Migration
- cloud networking
- cloud ngfw
- Cloud PC
- cloud routing
- cloud security
- Cloud Services
- Cloud Storage
- cloud-computing
- CloudFamily
- CloudPC
- CNCF
- Code review automation
- code-as-documentation
- Codeless Connector Framework
- codereview
- codex
- Cognitive Services
- Command Line
- community
- Commvault
- Commvault Shift
- Compliance
- Compliance Automation
- compute
- Conference
- conferences-and-events
- Confidential Compute
- confidential computing
- Configuration Management
- connection monitor
- container os
- containers
- content-creation
- Continuous deployment
- Continuous integration
- copilot
- Copilot CLI
- Copilot studio autonomous agent step by step
- copilot studio topics
- copilot-studio
- Cost Management
- Cost Optimisation
- Create a Microsoft form
- Create a trigger in Copilot Studio
- create an agent trigger copilot studio
- Create an autonomous agent in Copilot studio
- Create copilot agent in copilot studio
- Create Copilot autonomous agent
- credential theft
- Cross-tenant authentication
- cshapr
- csharp
- Custom Copilot agents
- Custom Logs
- Custom logs via AMA
- custom-auth-extension
- Cyber Recovery
- Cybersecurity
- Daily Tracker
- data factory
- Data Guardian
- data lake
- Databases
- DataStream
- DDoS Protection
- Dedicated
- Default Outbound Access
- Defender
- Defender for Cloud
- Defender For Endpoint
- Developer Life
- Developer productivity
- Developer Tools
- developers
- devops
- DevOps automation
- DevOps workflows
- DevSecOps
- diagram automation
- difference between backup and DR?
- digital sovereignty
- Digital Sovereignty Specialization
- Direct URL
- disaster recovery
- dotnet
- DotNetCore
- ECMA2
- ECMA2Host
- EF Core
- email OTP
- EMEA
- emergency-preparedness
- Endpoint security
- enterprise-architecture
- entra
- Entra Account Recovery
- Entra ID
- entra-external-id
- Environments in Power Platform Production Sandbox Trial
- ENvironments sandbox
- Envoy
- Envoy Gateway
- ephemeral
- Ephemeral Disk
- error-message
- Error: You are not authorized to use this connection. Please consider using a different connection
- Europe
- Event Grid
- Events
- Exam Prep
- Exchange Online
- export
- ExpressRoute
- Extensions
- external-id
- fabric
- fabric capacity
- fault tolerance vs high availability
- feature-flags
- Features
- federated credentials
- FIDO2
- FIM
- FIM2010R2
- fingerprint SIT Purview
- finops
- flow logs
- fluent
- foundry
- Front Door
- Frontline
- FSLogix
- Future of coding
- Gallery
- gateway api
- GBB
- gcp
- gen ai gateway
- genai
- Generative AI
- generative ai gateway
- geometry
- Git
- GitHub
- GitHub Actions
- GitHub Advanced Security for Azure DevOps
- GitHub Agentic Workflows
- GitHub CLI
- github copilot
- GitHub Copilot CLI
- GitHub Copilot SDK
- GitHub Enterprise
- GitHub Pages
- GitHub repository management
- GitHub Universe
- github-repo
- githubcopilot
- Global Black Belt
- Google Cloud Platform
- governance
- gpt5
- granfeldt
- gtihubcopilot
- guid
- hashiconf
- HashiCorp
- HashiCorp Ambassador
- HashiCorp MCP Server
- hashtable
- homelab
- How to create an environment in Power Platform
- How to link work email account to Microsoft personal account
- how to link work email to microsoft learn profile step by step
- How to link your work or school account to your personal Microsoft Learn account (Step‑by‑Step)
- How-to
- HTTP
- hub-and-spoke
- Hybrid
- Hybrid + Multicloud
- Hybrid Cloud
- hybrid networking
- Hyper-V
- I book Microsoft exam using my work account
- IaaS
- IaC
- IaC Best Practices
- identity
- Identity and access management
- Ignite
- image
- immutable
- import
- In development
- In preview
- influencers
- Infrastructure as a service
- Infrastructure As Code
- Infrastructure as Code (IaC)
- infrastructureascode
- ingress
- Instructor
- Integration
- Intelligent automation
- Intenet
- Internet of Things
- Intune
- iperf
- istio
- Jack Tracy
- java
- Jumpstart
- KAITO
- kubernetes
- landing zone
- Landing Zones
- Launched
- Leaflet
- Learn Azure
- learning
- LENS
- lessons learned
- Lighthouse
- Link
- LinkedIn Learning
- LINUX
- List Keys
- LLM
- Load Balancer
- Local
- Local AI Deployment
- local-deploy
- LocalBox
- Log Alerts
- Log Alerts Dyanmic threshold
- Log Analytics
- Log Analytics Workspace
- Logic Apps
- Logs Ingestion
- M365
- Main
- managed private endpoint
- Management
- management agent
- Management and Governance
- mathematics
- MCP
- MCP integration
- MCP Servers
- mcp-server
- MCT
- mfa
- micro deployments
- MicroHack
- Microsoft
- Microsoft 365
- Microsoft 365 Local
- Microsoft Agent Framework
- microsoft ai
- Microsoft Azure
- Microsoft Certification
- Microsoft Certified
- Microsoft Certified Trainer
- Microsoft Defender
- Microsoft Defender for Cloud
- Microsoft Defender XDR
- Microsoft Entra
- Microsoft Entra ID (formerly Azure AD)
- Microsoft Fabric
- Microsoft Foundry
- Microsoft Graph
- Microsoft Ignite
- Microsoft Ignite 2025
- Microsoft Intune
- Microsoft Partner
- Microsoft Purview
- Microsoft Security
- Microsoft Sentinel
- Microsoft Sentinel Data Lake
- Microsoft Sovereign Cloud
- Microsoft Sovereign Private Cloud
- Microsoft Sovereign Public Cloud
- Microsoft SQL Server
- Microsoft Teams
- microsoftfoundry
- Migration
- MIM
- Minecraft
- MirtualMachine
- Mobile
- Model Context Protocol
- MongoDB
- MSEvents
- MSIgnite2025
- Multi-tenant architecture
- Musings
- mvp
- National Partner Cloud
- native-authentication
- Natural language programming
- network
- network architecture
- network encryption
- network performance
- Network security
- network security perimeters
- network virtual appliance
- Network Watcher
- networking
- new
- News
- nginx ingress
- NSP
- nsps
- nva
- Okta
- onelake
- OOBE bypass
- open source
- open webui
- open-api
- openai
- Operating System
- Opinion
- otp-sms
- otp-verification
- owasp
- PaaS
- Packet Capture
- palo alto
- Parameter
- parameters
- Partner Program
- Passwordless authentication
- pattern
- patterns
- Performance
- Phishing
- platform as a service
- Platform Engineering
- Platform Landing Zone
- pls
- plsdc
- Pluralsight
- policy
- Power Platform environments explained
- power-platform
- powershell
- PowerShell basics
- PowerShell for Beginners
- PowerShell Tutorial
- PowerShell Variable
- powertoys
- Pricing
- Pricing & Offerings
- Pricing Calculator
- Private Endpoint
- private link
- private link service direct connect
- Process Improvement
- product-strategy
- production
- Productivity
- programming
- prompt injection
- Prototyping
- Proximity project
- Pull request management
- pullrequest
- pyspark
- python
- qperf
- Queue Storage
- rag
- rate limit
- RDP
- Recovery point Objective vs Recovery Time Objective (RTO)
- redis
- Regions & Datacenters
- register
- remote access
- Repository management
- resource-owner-password
- REST API
- Retirements
- retrieval augmented generation
- ropc
- routeserver
- routing
- RPO vs RTO
- SaaS
- SC-200
- Scripting
- sd-wan
- SDK and Tools
- sdn
- sdn appliance
- search
- Secure code checkout
- security
- Sentinel
- Sentinel data lake
- serverless
- service bus
- service mesh
- Services
- Shared
- Shift Virtual
- sidecar mode
- SIEM
- sign-in
- sign-up
- signalr
- Simple Log Search Alerts
- sirius appiance
- SLZ
- smoke testing
- SOAR
- Software as a Service
- Software development workflow
- software-architecture
- Software-Defined Networking
- software-design
- software-development
- software-engineering
- software-testing
- Sovereign Clod
- Sovereign Cloud
- Sovereign Landing Zone
- Sovereign Landing Zones
- Spark
- speaking
- splatting
- spoke-to-spoke
- sql
- SQL Server
- sqlcmd
- SSO
- static code analysis
- static web apps
- storage
- Storage Accounts
- Storm
- strata cloud manager
- subnet peering
- swagger
- Switzerland
- synapse
- Sysprep
- Table Storage
- Tags
- tech
- Technology
- Terminal
- Terraform
- Terraform Cloud
- Terraform Modules
- Terraform Registry
- terraform-stacks
- terragrunt
- the benefits of linking work email to microsoft learn personal profile
- themes
- Thomas Maurer
- tls encryption
- token-issuance
- Tooling
- topics
- topics in copilot studio explained
- Traffic Manager
- Trainer
- troubleshooting
- tutorial
- udr
- unattend xml
- Uncategorized
- updated
- Updates
- URL
- user-defined route
- username
- validation
- VDI
- Video
- virtual desktop
- Virtual Event
- virtual hub
- virtual machine
- Virtual Machine Scale Sets
- Virtual Machines
- virtual network
- virtual network appliance
- virtual network flow logs
- Virtual Network Gateway
- virtual network gateways
- virtual network routing appliance
- Virtual Networks
- Virtual WAN
- virtual wan routing
- Virtualization
- VirtualMetric
- VirtualMetric DataStream
- Visual Studio
- Visual Studio Code
- VNet
- VNet Peering
- vpn
- VPN Gateway
- vrna
- vscode
- vue
- vwan
- W365
- WAF
- Web
- web application firewall
- Webinar
- websocket
- WEC
- WEF
- Well-Architected
- Well-Architected Framework
- what are copilot studio topics
- What is a backup?
- what is a fingerprint based SIT in Purview
- What is a trigger in Copilot Studio?
- What is Cloud Computing
- what is disaster recovery?
- what is fault tolerance?
- what is high availability?
- What is replication?
- what is the difference between DR and HA?
- Windows
- Windows 10
- Windows 11
- Windows 365
- Windows 365 Frontline
- Windows 365 Link
- Windows App
- Windows Console
- Windows deployment
- Windows imaging
- Windows Package Manager
- windows powershell
- Windows Recovery Environment
- Windows Server
- Windows Store
- Windows Subsystem for Linux (WSL)
- Windows Terminal
- windows11
- Windows365
- winget
- WinRE
- winui
- wordpress
- Workflow orchestration
- Workflow YAML configuration
- Workload Identity Federation
- WSL
- XDR
- XML Graph Model
- yaml
- YAML workflow automation
- Year In Review
- Yubikey
- Zero Trust
- All
- Adrian Hills
- Aidan Finn
- Alan Kinane
- Az Advertizer
- Azure Community Enthusiasts
- azurefeeds
- Carlos Mendible
- Charbel Nemnom
- Dan Rios
- Daniel Bradley
- Darren Robinson
- Dieter Gobeyn
- Freek Berson
- George Ollis
- Gijs Reijn
- Gregor Suttie
- Imran Rashid
- Jake Walsh
- Jaliya Udagedara
- Jamie Maguire
- Jesse (JSON) Loudon
- Joe Carlyle
- John Kilmister
- John Lokerse
- John Savill
- Jose Moreno
- Josh King
- Leo Visser
- Luke Murray
- Maik van der Gaag
- Mark Tinderholt
- Matt Felton
- Nicholas Chang
- Nicola Delfino
- Olivier Miossec
- Peter De Tender
- Pixel Roberts
- Rory Braybrook
- Roy Kim
- Sam Cogan
- Sarah Lean
- Scott Hanselman
- Simon Waight
- Stanislav Zhelyazkov
- Sucheta Gawade
- Tao Yang
- Thomas Maurer
- Thomas Thornton
- Tobias Zimmergren
- Travis Roberts
- Vukašin Terzić
- Will Velida
December 3, 2025
Published by Charbel Nemnom on December 3, 2025
Categories
Microsoft Sentinel has become a leading cloud SIEM/XDR/SOAR platform, but organizations often struggle to get full value from it. High-volume security telemetry can drive up Continue […]
October 18, 2025
Published by Charbel Nemnom on October 18, 2025
Categories
Modern SIEM and platform solutions like Microsoft Sentinel can ingest logs from virtually any source, including custom text and JSON logs from network appliances and Continue […]
October 6, 2025
Published by Charbel Nemnom on October 6, 2025
Categories
Microsoft Sentinel’s integration with Microsoft Defender XDR has unlocked unified data management capabilities for SOC teams. In a previous post, we discussed and explored log Continue […]