Episode 416 – Microsoft Sentinel, Security, and Ignite with Henrik Wojcik

Dec 4, 2025

Henrik Wojcik, a Senior Cloud Specialist and Microsoft MVP in Security, dives into critical discussions about Microsoft Sentinel, emphasizing its integration with the Defender suite and Data Lake. He shares insights on EU regulations like NIST-2 and DORA that mandate long-term log retention for security purposes. They explore cost strategies for managing extensive log data in financial sectors and highlight the potential of Security Copilot in automating security tasks. Their conversations also touch on the challenges and experiences from the Ignite conference.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

13-Month EU Logging Mandate

EU regulations NIS2 and DORA force many critical businesses to retain audit and security logs for 13 months.
This drives architecture changes and pushes organizations to seek cheaper long-term storage options like data lakes.

ADVICE

Send High-Volume Logs To Data Lake

Stream noisy, high-volume logs (like network and AWS VPC flow logs) directly into Sentinel Data Lake to cut ingestion costs.
Keep costly, high-value security tables in Log Analytics for fast SOC access and tier others to the lake after a retention window.

ADVICE

Prioritize Costly Tables First

Start by identifying the most expensive Log Analytics tables and convert top cost drivers to the Data Lake first.
Preserve device and other correlation-critical tables in Log Analytics to avoid breaking analytic rules and SOC workflows.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Welcome to Episode 416 of the Microsoft Cloud IT Pro Podcast. In this week’s episode, Ben finally has a chance to sit down with Henrik Wojcik. Henrik has been a long-time listener as well as a fellow Microsoft MVP in Security and we finally had the chance to sit down and record an episode together, something we’ve talked about doing for years.

As they sit down and enjoy a sunny afternoon in at Microsoft Ignite in San Francisco they discuss security in the financial sector, EU regulations (N2 and DORA), integrating Data Lake with Sentinel, optimizing log analytics, and the latest on Security Copilot and E5 licensing. They also spend some time chatting about some of their conference highlights, assisting as proctors in the hands-on labs, and the unique experience of Ignite in San Francisco.

Your support makes this show possible! Please consider becoming a premium member for access to live shows and more. Check out our membership options.

Show Notes

Henrik F. Wojcik

Henrik has worked in the IT industry since 2003. He’s always had a passion for learning new technologies and expanding his knowledge through various means such as online courses, webinars, and reading up on the latest developments in the industry.

Throughout his career, he’s gained experience in various areas of IT, making him a true jack of all trades. However, his latest interests lie in the security space, modern workplace and management in Azure, with a particular focus on cyber security. He has experience working with products such as Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, Defender for Office 365, Conditional Access, Microsoft Sentinel, and Microsof t Entra ID.

His primary focus is on security on Azure workloads and identity (Entra ID). He prioritizes security awareness and believe that learning never stops, which is why He’s always eager to expand my knowledge and skillset.

In the past, He’s also worked with various tools and technologies such as Cisco, Citrix, Dynamics AX, Exchange, ITIL, Azure, SCCM & SCOM, Scrum & Kanban, VMware, Windows Servers, and Windows Desktops.

About the sponsors

Would you like to become the irreplaceable Microsoft 365 resource for your organization? Let us know!