Microsoft has expanded direct data ingestion into the Microsoft Sentinel data lake

Microsoft has expanded direct data ingestion into the Microsoft Sentinel data lake, making security monitoring more powerful and cost-effective. Following the Ignite 2025 announcement for Defender for Endpoint, organizations can now also ingest data from Defender for Office and Defender for Cloud Apps directly into the data lake. This update allows teams to store supported XDR tables in the data lake tier only, without moving data into the analytics tier. With easy table management in the Defender portal, organizations can enable long-term data retention while keeping costs under control. The result is improved visibility, deeper historical analysis, and reduced total cost of ownership. At Chiron IT, we help customers design and optimize Microsoft Sentinel and Defender architectures to take full advantage of these new capabilities. Contact us at www.ChironIT.com for more information. #ChironIT MicrosoftSentinel #MicrosoftDefender #CyberSecurity #SIEM #SecurityOperations