Configuring Sentinel Protected Tables
How to set protectionLevel on Azure Monitor Logs tables, grant read access, close the control-plane bypass with DataActionsOnly, and audit changes.
Practical Microsoft Sentinel, Defender XDR, and MISP guides focused on detection engineering, log strategy, and automation.
Browse field-tested walkthroughs on security monitoring architecture, cost optimization, threat intelligence pipelines, and practical detection engineering.
These are currently the most visited posts on the site.
A practical breakdown of the Microsoft Sentinel to Defender XDR migration, including architecture impact, correlation behavior, and planning considerations.
Create and manage Defender XDR custom detection rules through Microsoft Graph API with payload patterns, limits, and caveats.
Use a PowerShell module to manage Defender XDR custom detection rules via Graph API with support for impacted assets, response actions, and SPN auth.
The three most recent posts from the site.
How to set protectionLevel on Azure Monitor Logs tables, grant read access, close the control-plane bypass with DataActionsOnly, and audit changes.
Learn an artifact-based architecture pattern for verifying Microsoft Sentinel UEBA state with limited RBAC access. Use existing SPN permissions (Log Analytics Contributor + Sentinel Contributor) to validate desired state without adding new privileges.
How OpenTelemetry works end-to-end, and one concrete way to ship logs from coding agents (VS Code Copilot, Claude Code) into Application Insights / Log Analytics via a collector in Azure Container Apps.
Start here if you want a focused reading path by topic.
Cost control, retention choices, and data-tier planning for real-world Sentinel operations.
Detection design, custom rule operations, and Defender XDR execution patterns.
Threat intel ingestion, pipeline hardening, and MISP-to-Sentinel implementation patterns.
Everything on the blog, with tag filtering if you want to narrow it down.
Securing Windows Server - Chapter 3, Part 2