The Security Insights Show Episode 292 - Sentinel Graph and data lake
Show notes
We’re excited to welcome back Gary Bushey (Security Architect at Cyclotron) for a deep technical episode covering:
* Microsoft Sentinel Data Lake – architecture, scaling, cost optimization, and real-world best practices
* Sentinel Graph – powerful new capabilities, dynamic investigations, hidden risk discovery, and how it’s changing threat hunting
Gary brings extensive hands-on experience and has contributed to official Microsoft guidance on these topics. Expect practical insights you can use immediately.
Guest link - Home - Cyclotron
Gary Bushey - linkedin.com/in/gary-bushey
Websites and blog:
github.com (Other)
garybushey.com (Blog)
Words of Wisdom:
“You can be whatever you want, so be the person who ends meetings early”
General
* Monthly news – May 2026 | Microsoft Defender XDR Blog
* Microsoft Agent 365, now generally available, expands capabilities and integrations | Microsoft Security Blog
* How Storm-2949 turned a compromised identity into a cloud-wide breach | Microsoft Security Blog
* Kazuar: Anatomy of a nation-state botnet | Microsoft Security Blog
AI Security
* When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps | Microsoft Security Blog
* Defense at AI speed: Microsoft’s new multi-model agentic security system | Microsoft Security Blog
Agent365
* Microsoft Agent 365, now generally available, expands capabilities and integrations | Microsoft Security Blog
* What’s New in Agent 365: May 2026 | Microsoft Tech Community
* Overview of Microsoft Agent 365 | Microsoft Learn
* Microsoft Agent 365 documentation hub | Microsoft Learn
Azure Security & Defender for Cloud News
* What’s new in Defender for Cloud features (May/June 2026 updates) | Microsoft Learn
Threat Intelligence
* How Storm-2949 turned a compromised identity into a cloud-wide breach | Microsoft Security Blog
* Kazuar: Anatomy of a nation-state botnet | Microsoft Security Blog
Microsoft Entra
* What’s New in Microsoft Entra: May 2026 | Microsoft Tech Community
Device Management & Protection (Intune)
* What’s new in Microsoft Intune (May/June 2026) | Microsoft Learn
Defender XDR & Sentinel
* Monthly news – May 2026 | Microsoft Defender XDR Blog
* What’s new in Microsoft Sentinel | Microsoft Learn
* Best practices for Microsoft Sentinel | Microsoft Learn
* Defender XDR + Sentinel integration guide | Microsoft Learn
* Agent 365 connector: Monitor, hunt, and investigate AI agent activity in Microsoft Sentinel | Microsoft Sentinel Blog
Copilot for Security
* Microsoft Security Copilot overview | Microsoft Learn
* Security Copilot agents overview | Microsoft Learn
Purview – Compliance & Governance
* Microsoft Purview protections for generative AI & Copilot | Microsoft Learn
* Use Microsoft Purview to manage data security for Microsoft 365 Copilot | Microsoft Learn
* Purview for AI agents & Agent 365 | Microsoft Learn
Featured Resources & Deep Dives
* Setup & deployment guide for Microsoft Defender XDR
* Advanced hunting best practices in Defender XDR
* Best practices for data collection in Sentinel
* Configure a secure foundation for Microsoft 365 Copilot
* Security for AI solutions hub
What’s New in Defender (May / June 2026)
* What’s new in Microsoft Defender XDR | Microsoft Learn (Official Reference)
* (Preview) Automatic attack disruption can now isolate compromised devices from the network
* In advanced hunting, the Take action wizard now lets you allow or block top-level domains and file attachment hashes in emails
* New identity-focused predefined scenarios in the hunting graph (Kerberoast, AS-REP roast, OAuth risks, etc.)
* Enhanced AI agent visibility and context mapping (expanding in June)
Featured Items This Week:
New Roadmap Items:
Updated Roadmap Items:
New Message Center Items:
Updated Message Center Items:
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com