In this episode of The Collective Podcast, our host Jordy Decock sits down with MVPs Thijs Lecomte and Robbe van den Daele as they unpack the journey from traditional SIEM and XDR deployments to Microsoft’s Unified Security Operations platform.

The deprecation of the Sentinel UI by August 2026 makes this migration inevitable. Our experts share their first-hand experiences as frontrunners in this migration, and move past the fluff to discuss the actual impact on SOC analysts, from the benefits of a single-portal experience to the frustrations of missing API features.

Learn from their hard-earned insights migrating dozens of SOC customers to the new unified platform, including:

• The Evolution from Dual Platforms to Unified SecOps:  Understanding why Microsoft is consolidating Sentinel and Defender XDR, and what it means for your security operations
• Real-World Migration Challenges:   From API changes and incident correlation issues to validation rule nightmares and production impacts
• Sentinel Data Lake Deep Dive – Exploring the cost benefits of data compression, new KQL capabilities, and why long-term data retention just got more affordable
• Practical Recommendations – When to migrate, what pitfalls to avoid, and why being an early adopter isn’t always the right choice
• The Solutions: The clever workarounds our team developed to keep automated detections running smoothly during the transition.

Thijs and Robbe candidly discuss the bumps in the road, the workarounds they’ve had to implement, and the features that still need work – all while acknowledging the genuine value and strategic direction of Microsoft’s security platform.

Whether you’re a SOC analyst, security architect, or IT decision-maker evaluating Microsoft’s security stack, this episode provides the real-world perspective you need to navigate these changes successfully.