Andreas Rogge - Security Solutions Architect for Microsoft Cloud

Author: Andreas Rogge

I am a Security Solutions Architect with more than 10 years of IT experience. I love to understand customer needs and find a technical good solution for everyone. All Microsoft services are familiar to me but I want to focus on Security related Microsoft products like Microsoft 365 Defender and Microsoft Sentinel. I started early with cloud adoption and I am still convinced that cloud computing is the way to go. Now, I want to help out the community with Microsoft Security content about Microsoft Sentinel and Microsoft 365 Defender products - not just during my 9-5 work in a company, but also in my free-time.

From Events to Intent: How to Onboard and Use the UEBA Behaviors Layer in Microsoft Sentinel

Published by Andreas Rogge on 20. March 2026

The first time you enable a new feature in Sentinel, you usually get one of two outcomes: either nothing happens for hours, or you get…

Microsoft Security Weekly: Sentinel Playbook Generator, ConsentFix Alert, and AI Agent Protection

Published by Andreas Rogge on 2. March 2026

Welcome to this week’s Microsoft Security digest, covering the most significant updates across Microsoft Sentinel, Defender XDR, and the broader security ecosystem. From AI-powered automation…

Sentinel Data Lake is getting “operational”: how to choose KQL vs Async vs Jobs vs Notebooks (and why a small schema change can break big automations)

Published by Andreas Rogge on 23. February 2026

Weekly digest covering Sentinel data lake KQL execution modes, notebooks, and a Feb 25 Advanced Hunting export schema change.

When Logs Start Telling Stories: UEBA Behaviors in Microsoft Sentinel

Published by Andreas Rogge on 6. February 2026

Every SOC has that moment. If you have spent time in a SOC, you know this feeling all too well. An alert pops up. Then…

Maximizing Cybersecurity with SOAR in Microsoft Sentinel: An overview

Maximizing Cybersecurity with SOAR in Microsoft Sentinel: An overview

Published by Andreas Rogge on 3. February 2024

Discover how Security Orchestration, Automation, and Response (SOAR) in Microsoft Sentinel can streamline your cybersecurity operations. This guide unpacks the core components of SOAR, illustrating…

Microsoft Defender for Endpoint at scale

Published by Andreas Rogge on 12. April 2023

By using Microsoft Defender for Endpoint (MDE) to protect your Windows Server, you can safeguard your organization’s critical data, applications, and services from a wide…

Configure an exclusion for phishing campaign with MDO

Published by Andreas Rogge on 20. March 2023

Phishing is one of the biggest security threats facing organizations today. Phishing is an attack that involves tricking people into revealing sensitive information through fraudulent…

Defender for Office365 policies in new tenants

Published by Andreas Rogge on 12. February 2023

Recently, I was having a problem creating Defender for Office365 threat policies in new M365 tenants. Every time I tried to create an anti-spam policy,…

Microsoft Defender for Identity (Part 2): Maximizing Your Security Posture with Microsoft Defender for Identity

Published by Andreas Rogge on 9. January 2023

Microsoft Defender for Identity (short MDI, formerly Azure Advanced Threat Protection, also known as Azure ATP) is a cloud-based security solution that leverages your on-premises…

Microsoft Defender for Identity (Part 1): Why Microsoft Defender for Identity is a Must-Have for Modern Security

Published by Andreas Rogge on 13. December 2022

Microsoft Defender for Identity (short MDI, formerly Azure Advanced Threat Protection, also known as Azure ATP) is a security tool that helps protect businesses and…