We’re excited to welcome back Gary Bushey (Security Architect at Cyclotron) for a deep technical episode covering:

• Microsoft Sentinel Data Lake – architecture, scaling, cost optimization, and real-world best practices

• Sentinel Graph – powerful new capabilities, dynamic investigations, hidden risk discovery, and how it’s changing threat hunting

Gary brings extensive hands-on experience and has contributed to official Microsoft guidance on these topics. Expect practical insights you can use immediately.

Guest link - Home - Cyclotron

Gary Bushey - linkedin.com/in/gary-bushey

Websites and blog:

github.com (Other)

garybushey.com (Blog)

Words of Wisdom:

“You can be whatever you want, so be the person who ends meetings early”

General

• Monthly news – May 2026 | Microsoft Defender XDR Blog

• Microsoft Agent 365, now generally available, expands capabilities and integrations | Microsoft Security Blog

• How Storm-2949 turned a compromised identity into a cloud-wide breach | Microsoft Security Blog

• Kazuar: Anatomy of a nation-state botnet | Microsoft Security Blog

AI Security

• When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps | Microsoft Security Blog

• Defense at AI speed: Microsoft’s new multi-model agentic security system | Microsoft Security Blog

Agent365

• Microsoft Agent 365, now generally available, expands capabilities and integrations | Microsoft Security Blog

• What’s New in Agent 365: May 2026 | Microsoft Tech Community

• Overview of Microsoft Agent 365 | Microsoft Learn

• Microsoft Agent 365 documentation hub | Microsoft Learn

Azure Security & Defender for Cloud News

• What’s new in Defender for Cloud features (May/June 2026 updates) | Microsoft Learn

Threat Intelligence

• How Storm-2949 turned a compromised identity into a cloud-wide breach | Microsoft Security Blog

• Kazuar: Anatomy of a nation-state botnet | Microsoft Security Blog

Microsoft Entra

• What’s New in Microsoft Entra: May 2026 | Microsoft Tech Community

Device Management & Protection (Intune)

• What’s new in Microsoft Intune (May/June 2026) | Microsoft Learn

Defender XDR & Sentinel

• Monthly news – May 2026 | Microsoft Defender XDR Blog

• What’s new in Microsoft Sentinel | Microsoft Learn

• Best practices for Microsoft Sentinel | Microsoft Learn

• Defender XDR + Sentinel integration guide | Microsoft Learn

• Agent 365 connector: Monitor, hunt, and investigate AI agent activity in Microsoft Sentinel | Microsoft Sentinel Blog

Copilot for Security

• Microsoft Security Copilot overview | Microsoft Learn

• Security Copilot agents overview | Microsoft Learn

Purview – Compliance & Governance

• Microsoft Purview protections for generative AI & Copilot | Microsoft Learn

• Use Microsoft Purview to manage data security for Microsoft 365 Copilot | Microsoft Learn

• Purview for AI agents & Agent 365 | Microsoft Learn

Featured Resources & Deep Dives

• Setup & deployment guide for Microsoft Defender XDR

• Advanced hunting best practices in Defender XDR

• Best practices for data collection in Sentinel

• Configure a secure foundation for Microsoft 365 Copilot

• Security for AI solutions hub

What’s New in Defender (May / June 2026)

• What’s new in Microsoft Defender XDR | Microsoft Learn (Official Reference)

• (Preview) Automatic attack disruption can now isolate compromised devices from the network

• In advanced hunting, the Take action wizard now lets you allow or block top-level domains and file attachment hashes in emails

• New identity-focused predefined scenarios in the hunting graph (Kerberoast, AS-REP roast, OAuth risks, etc.)

• Enhanced AI agent visibility and context mapping (expanding in June)

Featured Items This Week:

New Roadmap Items:

Updated Roadmap Items:

New Message Center Items:

Updated Message Center Items: