Microsoft Sentinel data lake is now generally available
Security is being reengineered for the AI era, shifting from static controls to fast, platform-driven defense. Traditional tools, scattered data, and outdated systems struggle against modern threats. An AI-ready, data-first foundation is needed to unify telemetry, standardize agent access, and enable autonomous responses while ensuring humans are in command of strategy and high-impact investigations. Security teams already anchor their operations around SIEMs for comprehensive visibility. We're building on that foundation by evolving Microsoft Sentinel into both the SIEM and the platform for agentic defense—connecting analytics and context across ecosystems. Today, we’re introducing new platform capabilities that build on Sentinel data lake: Sentinel graph for deeper insight and context; an MCP server and tools to make data agent ready; new developer capabilities; and a Security Store for effortless discovery and deployment—so protection accelerates to machine speed while analysts do their best work. We’ve reached a major milestone in our journey to modernize security operations — Microsoft Sentinel data lake is now generally available. This fully managed, cloud-native data lake is redefining how security teams manage, analyze, and act on their data cost-effectively. Since its introduction, organizations across sectors are embracing Sentinel data lake for its transformative impact on security operations. Customers consistently highlight its ability to unify security data from diverse sources, enabling enhanced threat detection and investigation. Many cite cost efficiency as a key benefit, with tiered storage and flexible retention, helping reduce costs. With petabytes of data already ingested, users are gaining real-time and historical insights at scale. "With Microsoft Sentinel data lake integration, we now have a scalable and cost-efficient solution for retaining Microsoft Sentinel data for long-term retention. This empowers our security and compliance teams with seamless access to historical telemetry data right within the data lake explorer and Jupyter notebooks - enabling advanced threat hunting, forensic analysis, and AI-powered insights at scale" Farhan Nadeem, Senior Security Engineer Government of Nunavut Industry partners also commend its role in modernizing SOC workflows and accelerating AI-driven analytics. “Microsoft Sentinel data lake amplifies BlueVoyant’s ability to transform security operations into a mature, intelligence-driven discipline. It preserves institutional memory across years of telemetry, which empowers advanced threat hunting strategies that evolve with time. Security teams can validate which data sources yield actionable insights, uncover persistent attack patterns, and retain high-value indicators that support long-term strategic advantage.” Milan Patel, CRO BlueVoyant Microsoft Sentinel data lake use-cases There are many powerful ways customers are unlocking value with Sentinel data lake—here are just a few impactful examples.: Threat investigations over extended timelines: Security analysts query data older than 90 days to uncover slow-moving attacks—like brute-force and password spray campaigns—that span accounts and geographies. Behavioral baselining for deeper insights: SOC engineers build time-series models using months of sign-in logs to establish a standard of normal behavior and identify unusual patterns, such as credential abuse or lateral movement. Alert enrichment: SOC teams correlate alerts with Firewall and Netflow data, often stored only in the data lake, reducing false positives and increasing alert accuracy. Retrospective threat hunting with new indicators of compromise (IOCs): Threat intelligence teams react to emerging IOCs by running historical queries across the data lake, enabling rapid and informed response. ML-Powered insights: SOC engineers use Spark Notebooks to build and operationalize custom machine learning models for anomaly detection, alert enrichment, and predictive analytics. The Sentinel data lake is more than a storage solution—it’s the foundation for modern, AI-powered security operations. Whether you're scaling your SOC, building deeper analytics, or preparing for future threats, the Sentinel data lake is ready to support your journey. What’s new Regional expansion In light of strong customer demand in public preview, at GA we are expanding Sentinel data lake availability to additional regions. These new regions will roll out progressively over the coming weeks. For more information, see documentation. Flexible data ingestion and management With over 350 native connectors, SOC teams can seamlessly ingest both structured and semi-structured data at scale. Data is automatically mirrored from the analytics tier to the data lake tier, at no additional cost, ensuring a single, unified copy is available for diverse use cases across security operations. Since the public preview of Microsoft Sentinel data lake, we've launched 45 new connectors built on the scalable and performant Codeless Connector Framework (CCF), including connectors for: GCP: SQL, DNS, VPC Flow, Resource Manager, IAM, Apigee AWS: Security Hub findings, Route53 DNS Others: Alibaba Cloud, Oracle, Salesforce, Snowflake, Cisco Sentinel’s connector ecosystem is designed to help security teams seamlessly unify signals across hybrid environments, without the need for heavy engineering effort. Explore the full list of connectors in our documentation here. App Assure Microsoft Sentinel data lake promise As part of our commitment to customer success, we are expanding the App Assure Microsoft Sentinel promise to Sentinel data lake. This means customers can confidently onboard their data, knowing that App Assure stands ready to help resolve connector issues such as replacing deprecated APIs with updated ones, and accelerating new integrations. Whether you're working with existing Independent Software Vendor (ISV) solutions or building new ones, App Assure will collaborate directly with ISVs to ensure seamless data ingestion into the lake. This promise reinforces our dedication to delivering reliable, scalable, and secure security operations, backed by engineering support and a thriving partner ecosystem. Cost management and billing We are introducing new cost management features in public preview to help customers with cost predictability, billing transparency, and operational efficiency. Customers can set usage-based alerts on specific meters to monitor and control costs. For example, you can receive alerts when query or notebook usage passes set limits, helping avoid unexpected expenses and manage budgets. In-product reports provide customers with insights into usage trends over time, enabling them to identify cost drivers and optimize data retention and processing strategies. To support the ingestion and standardization of diverse data sources, we are introducing a new Data Processing feature that applies a $0.10 per GB charge for all data as it is ingested into the data lake. This feature enables a broad array of transformations like redaction, splitting, filtering and normalizing data. This feature was not billed during public preview but will be chargeable at GA starting October 1,2025. Data lake ingestion charges of $0.05 per GB will apply to Entra asset data; starting October 1, 2025. This was previously not billed during public preview. Retaining security data to perform deep analytics and investigations is crucial for defending against threats. To help enable customers to retain all their security data for extended periods cost effectively, data lake storage, including asset data storage, is now billed with a simple and uniform data compression rate of 6:1 across all data sources. Please refer to Plan costs and understand Microsoft Sentinel pricing and billing article for more information. For detailed prerequisites and instructions on configuring and managing asset connectors, refer to the official documentation: Asset data in Microsoft Sentinel data lake. KQL and Notebook enhancements We are introducing several enhancements to our data lake analytics capabilities with an upgraded KQL and notebook experience. Security teams can now run multi-workspace KQL queries for broader threat correlation and schedule KQL jobs more frequently. Frequent KQL jobs enable SOC teams to automate historical threat intelligence matching, summarize alert trends, and aggregate signals across workspaces. For example, schedule recurring jobs to scan for matches against newly ingested IOCs, helping uncover threats that were previously undetected and strengthening threat hunting and investigation workflows. The enhanced Jobs page offers operational clarity for SOC teams with a comprehensive view into job health and activity. At the top, a summary dashboard provides instant visibility into key metrics, total jobs, completions, and failures, helping teams quickly assess job health. A filterable list view displays essential details such as job names, status, frequency, and last run information, enabling quick prioritization and triage. For more detailed diagnostics, users can view individual jobs to access job runs telemetry such as job run duration, row count, and additional historical execution trends, providing additional visibility. Notebooks are receiving a significant upgrade, offering streamlined user experience for querying the data lake. Users now benefit from IntelliSense support for syntax and table names, making query authoring faster and more intuitive. They can also configure custom compute session timeouts and warning windows to better manage resources. Scheduling notebooks as jobs is now simpler, and users can leverage GitHub Copilot for intelligent assistance throughout the process. Together, these KQL and notebook improvements deliver deeper, more customizable analytics, helping customers unlock richer insights, accelerate threat response, and scale securely across diverse environments. Powering agentic defense Data centralization powers AI agents and automation to access comprehensive, historical, and real-time data for advanced analytics, anomaly detection, and autonomous threat response. Support for tools like KQL queries, Spark notebooks, and machine learning models in the data lake, allows agentic systems to continuously learn, adapt, and act on emerging threats. Integration with Security Copilot and MCP Server further enhances agentic defense, enabling smarter, faster, and context-rich security operations—all built on the foundation of Sentinel’s unified data lake. Microsoft Sentinel 50 GB commitment tier promotional pricing To make Microsoft Sentinel more accessible to small and mid-sized customers, we are introducing a new 50 GB commitment tier in public preview, with promotional pricing offered from October 1, 2025, to March 31, 2026. Customers who choose the 50 GB commitment tier during this period will maintain their promotional rate until March 31, 2027. This offer is available in all regions where Microsoft Sentinel is sold, with regional variations in promotional pricing. It is accessible through EA, CSP, and Direct channels. The new 50 GB commitment tier details will be available starting October 1, 2025, on the Microsoft Sentinel pricing page. Thank you to our customers and partners We’re incredibly grateful for the continued partnership and collaboration from our customers and partners throughout this journey. Your feedback and trust have been instrumental in shaping Microsoft Sentinel data lake into what it is today. Thank you for being a part of this critical milestone—we’re excited to keep building together. Get started today By centralizing data, optimizing costs, expanding coverage, and enabling deep analytics, Microsoft Sentinel empowers security teams to operate smarter, faster, and more effectively. Get started with Microsoft Sentinel data lake today in the Microsoft Defender experience. To learn more, see: Microsoft Sentinel—AI-Powered Cloud SIEM & Platform Pricing: Pricing page, Plan costs and understand Microsoft Sentinel pricing and billing Documentation: Connect Sentinel to Defender, Jupyter notebooks in Microsoft Sentinel data lake, KQL and the Microsoft Sentinel data lake, Permissions for Microsoft Sentinel data lake, Manage data tiers and retention in Microsoft Defender experience Blogs: Sentinel data lake FAQ blog, Empowering defenders in the era of AI, Microsoft Sentinel graph announcement, App Assure Microsoft Sentinel data lake promiseSupercharge Your Business. Getting Small Businesses Ready for 2025 with Microsoft 365
How Microsoft 365 is Empowering Small Businesses In the ever-changing world of productivity and collaboration tools, Microsoft 365 continues to shine as a vital tool for small businesses. With a treasure trove of applications designed to boost efficiency, security, and innovation, Microsoft 365 rolled out some game-changing features in 2024, earning high praise from industry experts. Last year was a rollercoaster for business owners and their customers. They faced rising inflation, tighter budgets, and the AI revolution. Through it all, Microsoft 365 was the trusty partner that helped businesses run smoothly and operate productively. The suite introduced exciting new features, integrated smart AI capabilities, and laid out a promising roadmap to tackle current trends and challenges. Recapping An Exciting 2024 Here are some notable new features we released in Microsoft 365 -- starting with Teams and Teams Phone: We introduced the Queues App in the fall, a Teams-native solution designed to empower organizations to manage Teams Phone engagements directly from within Teams. With it, they can manage call queues, auto attendants, get real-time metrics, and see reporting – to ensure they’re conducting customer engagement efficiently. We introduced Shared Calling, which makes a single phone number and calling plan sharable by a group, so teams can better manage calls in coordination. We enhanced survivable calling with the Survivable Branch Appliance (SBA), a backup solution designed to keep your phone services running smoothly, even during network outages. It now supports call transfer, forwarding, and incoming calls during network outages. In Microsoft Excel, we added some powerful updates: The ability to automatically sync data from Forms to Excel for the web. In real-time, responses can be synced between the two apps, ensuring data is always up-to-date. There’s seamless integration so if you go to an active Form and the Responses page, you can click “Open results in Excel” to create an Excel worksheet in OneDrive to do deeper manipulation of your data. The addition of checkboxes that can drive and be driven by existing Excel functions. With Interactive Checkboxes, they automatically check or uncheck based on the value of another cell. And finally, we integrated Python into Excel for users to have the ability to manipulate data in the familiar Excel environment but now with access to powerful Python's libraries and plots to make even deeper analysis possible. We made generally available a brand new Outlook: It has an exciting, newly redesigned interface, new productivity features, and integration with Copilot. Small and medium-sized businesses currently on Microsoft 365 are already moving to it but the choice to keep using classic Outlook will still be available. To help small businesses conserve their marketing budget, we introduced Microsoft Clipchamp in the fall of 2023 and Microsoft Designer in the summer of 2024. Clipchamp is a user-friendly video editor for creating professional-quality videos without needing technical skills. In Clipchamp, we rolled out over 100 pre-built templates, transitions, noise-suppression, background removal, auto-compose, and text-to-speech – saving users tons of time in making videos that may have taken many hours to do before. Designer is a powerful, AI image-generating and graphic design tool that can help any small business create professional-quality visuals with ease – without needing technical skills. Key updates were: We integrated Designer into Word and PowerPoint so users can generate images and use those images within these apps. In addition, Designer will suggest design templates for your slides. A Microsoft 365 Copilot subscription is needed and unlocks the use of Copilot in Microsoft 365 apps. And lastly, in 2024, we empowered SMBs to see how AI could make them more productive by expanding Microsoft Copilot into our popular apps like Outlook, Word, Excel, and Teams. Users can now summarize emails, generate insights in Word and Excel, and unlock powerful meeting insights in Teams. Among many new AI-powered features, we introduced Intelligent Call Recap in Teams which serves up AI-powered insights and recaps for your VoIP and PSTN calls in Teams, helping you stay on top of important details. Microsoft’s Continued Recognitions With Analysts and Customers As a testament to our excellence, Microsoft was once again crowned a Leader in the 2024 Gartner Magic Quadrant for Unified Communications for the sixth year in a row! Here’s what Gartner called out: Microsoft Teams is the top pick for businesses, especially when using it for internal collaboration. With a super reliable 99.999% uptime, it has solid telephony services to keep you connected. Teams is perfect for global cloud telephony, offering flexible PSTN options. Plus, Gartner called out our Operator Connect feature, which allows businesses to connect their existing telephony services directly to Teams, is now available in over 96 countries, including India. Copilot in Teams and Teams Premium brings cutting-edge AI features to meetings, chats, and calls. Gartner said that for those seeking the latest in AI, Microsoft is rapidly innovating. Teams now has over 350 million monthly active users. This growth highlights the platform’s continued popularity and widespread adoption among businesses worldwide. If you haven’t tried running your meetings on Teams, there’s no better time to. And over on G2 Reviews, Microsoft 365 currently has 4.6 out of 5 stars. Users like its ease of use, seamless integrations, and the extensive suite of tools it offers. Small businesses have praised the platform’s ability to streamline workflows and supercharge productivity. TechRadar also recognized Microsoft 365 as “the original and best office productivity suite” in December 2024, giving it 4.5 out of 5 stars. We’re thrilled that they said: “What ensured that MS Office became a market leader is the comprehensive way data can be covered by different applications and moved between them, making working more efficient and hassle-free.” Transforming Operations: How ICG Build Scaled with Microsoft 365 ICG, a startup construction firm, has successfully leveraged Microsoft 365 to establish and streamline its entire operations from day one. By utilizing Excel for budgeting, Word and PowerPoint for creating branded templates, Outlook for managing emails, Power BI for data visualization, and Teams for communication and collaboration, ICG has been able to scale its business efficiently. Here are some insights from their experience: Nick Masci, Principal & Co-Founder at ICG, shares: “Having everything in Microsoft 365 makes finding information fast and easy. Microsoft 365 has been instrumental in setting up our entire operations, from budgeting in Excel to managing emails in Outlook.” Melissa McEwen, Principal & Co-founder at ICG, adds, “Using Microsoft 365, we’ve been able to create branded templates in Word and PowerPoint, which has streamlined our client presentations and enhanced our professional image.” These testimonials highlight the transformative impact of Microsoft 365 on ICG’s operational efficiency and client engagement. Navigating 2025 Together Small businesses are in for another exciting ride in 2025 as they face trends like the continued integration of AI into our lives, a shift to returning to the office, and the continued need to be as efficient as possible. Microsoft 365 is here to support you with tools that boost productivity like Copilot; Teams and Teams Phone to support all work models, and powerful features that come included in our core apps like Design Ideas in PowerPoint that gives you multiple layout and design options to help you get your new slide started. Curious to learn more? You can read more about how to choose the right plan here. Are you a small or medium business owner/decision maker currently using Microsoft 365? We'd like to hear from you! We invite you to apply to join the Microsoft 365 SMB Customer Advisory Board. Applications accepted until February 28th, 2025. See aka.ms/SMBCAB for more details.
