Recently Microsoft Security released in public preview Unified Role-Based Access Control for Microsoft Sentinel, together with row-level access. Microsoft announced this capability in March 2026 and said it becomes available in April, extending the Microsoft Defender unified RBAC model into Sentinel. At a glance, this might sound like a permissions update. In practice, it is much more important than that. Access control has always been one of the more difficult design problem

One of the more meaningful recent Microsoft Security developments is the expansion of Microsoft Defender for Cloud into the Microsoft Defender portal in public preview. Microsoft describes this as part of a move toward a more unified security experience across cloud and code environments, with additional capabilities planned over time. At a surface level, this might look like a portal change. In practice, it is more significant than that. For years, one of the recurring opera

Since I first began working with Defender, formerly known as Advanced Threat Protection (ATP), the platform has undergone significant evolution. Much of that change has been driven by Microsoft’s broader effort to consolidate individual security solutions into more unified product families. Microsoft 365 Defender brings together several core security capabilities, including Microsoft Defender for Endpoint (MDE), Microsoft Defender for Office 365 (MDO), Microsoft Defender for

In Azure, the challenge is rarely whether logging should be enabled. The real challenge is how to enable diagnostic settings consistently, across the right resource types, with the right destinations, and in a way that can actually scale. That is the problem that Azure Policy approach is meant to solve. To create a repeatable way to generate custom Azure Policy artifacts for Azure resources that support diagnostic logs and metrics, and to use those artifacts to standardize t

Microsoft Entra is Microsoft’s identity and access management portfolio, designed to support modern enterprise security requirements across users, applications, workloads, and cloud environments. Rather than functioning as a single product, Entra represents a broader identity platform that brings together core identity services, permissions management, decentralized identity capabilities, workload protection, and governance controls under a unified strategy. At the center of

Microsoft Defender for Endpoint has continued to mature significantly, and one of the more notable developments has been the evolution of MDE management capabilities. While much of the recent attention has gone toward the continued growth of Microsoft Graph APIs and the ability to query and automate at scale, MDE management represents an equally important advancement from an operational and policy administration standpoint. https://learn.microsoft.com/en-us/mem/intune/protect

One of the most common questions in cloud security and platform operations is how to keep pace with the constant volume of change coming from cloud service providers. In Microsoft environments, that challenge is especially relevant because both Azure and Microsoft 365 evolve continuously, with new features, enhancements, and service changes being introduced on an ongoing basis. A reactive approach is rarely sufficient. To stay prepared, teams need a structured way to track wh