Session Abstract

Wrong data ingestion decisions in Microsoft Sentinel can easily lead to increased costs, slow queries, and to decrease in data visibility. Yet many organisations still send everything to Sentinel, “just in case”, without understanding true impact on performance, retention, and ultimately, cost. In this session, you’ll learn how to design cost effective, high value data ingestion strategies for Microsoft Sentinel. We’ll explore how to design and optimise data ingestion in Microsoft Sentinel based on proven practice and experience. You’ll learn how to balance cost, performance, and detection quality while avoiding common pitfalls that lead to unnecessary data volume and complexity. At the end, you will understand how to reduce ingestion costs, improve search efficiency, and build a scalable logging strategy that don’t need to break the bank.

Sasha Kranjac

Sasha is a Microsoft Regional Director (RD), Microsoft MVP and CEO of multiple companies, specialised in solving complex business and security challenges for executives and organisations globally. They provide critical guidance to leadership and CEOs to transform Cybersecurity and AI into strategic business advantage, executive‑level strategy and competitive business value. He holds a wide range of certifications from leading providers such as Microsoft, ISC2, AWS, CompTIA, EC-Council and others. Furthermore, Sasha is recognised as a CISSP, MCT, and MCT Community Lead. He is a frequent speaker at international conferences, user groups and events, book author on cloud security, Microsoft Azure, Microsoft 365, and Windows Server.