-
Securing AI Agent Identities with Microsoft Entra Suite
How organisations can detect, control, and automatically block high-risk AI agent behaviour using Microsoft Entra and Security Copilot — without static configurations. Every AI agent you deploy is also an identity — one that authenticates, holds delegated permissions, and accesses enterprise resources continuously. Copilot agents, custom orchestrators, and autonomous workflows are already operating in your…
-
How to Build Security Al Analyst agent in Defender XDR
The Security Analyst Agent helps security analysts quickly identify, assess, and prioritize risks by performing ready-to-use or custom analyses on security data. The agent provides actionable and prioritized insights, recommendations, and reports to uncover top vulnerabilities and risks. It supports data from Microsoft Defender XDR, Sentinel Log Analytics, or Sentinel Data Lake, and can perform…
-
Built‑in Sentinel Graph: Identity Attack Path Visualization in Defender XDR
We established a Sentinel Graph to support the SOC investigation of common security threats across the environment. The Sentinel Graph enables visual exploration of identities, their access paths to cloud resources, and potential attacker techniques for privilege escalation and lateral movement. The Sentinel Graph experience was introduced as part of Public Preview on September 30,…
-
From Zero to Connected: Building a Push Codeless Connector for Microsoft Sentinel
When people hear “build a connector,” they often expect custom backend code, queueing, retry logic, deployment overhead, and a long stabilization phase. For this post, I took a different path: I used the Microsoft Sentinel Codeless Connector Framework (CCF) to onboard a custom data source (Contoso Security Alerts) with a Push integration model. The result:…
-
Generate playbooks using AI in Microsoft Sentinel
The new SOAR playbook generator introduces an entirely new way of building security automation in Microsoft Sentinel and XDR. Instead of manually writing code, analysts can now co‑create Python‑based automation workflows through a natural conversation with Cline Visual Code Studio, an integrated AI coding agent. Describe what you want to automate, and the generator produces:…
-
Automating Your Microsoft Sentinel Setup with GitHub Actions
Manually deploying Microsoft Sentinel resources can take a lot of time and often leads to mistakes.Using GitHub Actions and Infrastructure‑as‑Code, you can automate everything — Sentinel solutions, analytics rules, automatic rules, hunting queries, and workbooks — so that a single push to your repo triggers the entire deployment.In this guide, I show how to set…
-
Boosting SecOps Productivity: How to Use Microsoft Sentinel Inside Visual Studio Code
In modern Security Operations Centers (SOC), teams are increasingly expected to deliver engineering‑level quality while maintaining operational speed. As organizations shift toward the Unified Security Operations Platform, combining Microsoft Sentinel with Visual Studio Code (VS Code) has become one of the most efficient ways to build detections, automate workflows, and perform threat hunting at scale.…
-
Microsoft Defender multitenant management
Multitenant management in Microsoft Defender XDR and Microsoft Sentinel brings your security operations teams a single, unified experience for all managed tenants. Instead of switching between portals, analysts gain a consolidated view that accelerates incident investigation, advanced hunting, and threat response across multiple environments. This unified approach not only improves operational efficiency but also strengthens…
-
Microsoft Entra Conditional Access optimization agent with Microsoft Security Copilot
Microsoft has introduced the Microsoft Security Copilot agents, along with new protections for AI. The six new agentic solutions empower security teams to autonomously manage high-volume security and IT tasks by seamlessly integrating with Microsoft Security solutions. Specifically designed for security purposes, these agents learn from feedback, adapt to workflows, and operate securely within Microsoft’s…
-
GitHub Advanced Security
GitHub Advanced Security (GHAS) plays a crucial role in enhancing the security posture of software development projects on GitHub. It provides a comprehensive set of tools and features designed to identify and address security vulnerabilities throughout the development lifecycle. GitHub Advanced Security (or GHAS) is an application security solution that empowers developers. Advanced Security is…
