Microsoft Sentinel best practices for 2026: reduce SIEM ingestion costs, tune KQL detections, avoid alert fatigue, optimize retention, and migrate to the Defender security portal.
Microsoft Sentinel is a powerful security information and event management (SIEM) system that provides real-time threat detection and response (you can read more about Sentinel in part 1 of this series). It allows security teams to collect, analyze, and act on security data from multiple sources, including Azure, Office 365,
Modern Workplace consultant and a Microsoft MVP in Windows and Devices.
Infrastructure architect with focus on Modern Workplace and Microsoft 365 security.
Cloud & security specialist with focus on Microsoft backend products and cloud technologies.
Cloud & security specialist with focus on Microsoft 365.
Cloud & Security Specialist, with a passion for all things Cybersecurity
Cloud and infrastructure security specialist with background in networking.
Infrastructure architect with focus on design, implementation, migration and consolidation.
Infrastructure consultant with focus on cloud solutions in Office365 and Azure.
Modern workplace and infrastructure architect with a focus on Microsoft 365 and security.
