This session introduces the core concepts behind Microsoft Sentinel Data Lake and explains why it has become essential for modern SOC operations. Participants will gain an understanding of how evolving security needs, long‑term investigation requirements, and high‑volume data ingestion have shaped the need for a scalable and cost‑efficient data lake architecture.

We will provide an overview of the Sentinel Data Lake architecture, describing how data flows through the platform and how the analytics and data‑lake tiers work together. The session covers data retention models, available retention options, and practical cost‑optimization strategies that help organizations manage storage more predictably.

Attendees will also learn about the onboarding process for Sentinel Data Lake, including setup steps, regional considerations, and how data sources are enabled and connected. A dedicated section will focus on security and access control, highlighting how the Unified RBAC model within Defender XDR ensures consistent, governed permissions across the environment.

The session continues with a clear explanation of the pricing model, helping organizations understand ingestion, retention, and query‑related costs. Finally, we will explore operational scenarios such as long‑term threat hunting, advanced analytics, and real‑world Sentinel Data Lake use cases. The session concludes with an overview of cost‑management and billing capabilities that help teams maintain transparency and control over their security‑data expenses.

 .