"I'm afraid to install software"

Microsoft Sentinel is Microsoft's cloud-native SIEM (Security Information and Event Management), merged with SOAR (Security Orchestration, Automation and Response) and UEBA (User and Entity Behavior Analytics) capabilities. Launched in 2019 as Azure Sentinel, repositioned in 2024 within the Microsoft Defender portal, Sentinel collects, analyzes and correlates cloud-scale security logs to detect threats, intrusions and anomalous behavior. The sales pitch: "unlimited SIEM, cloud elasticity, integrated AI, simple per-GB pricing". The reality on the ground: unpredictable monthly bill that doubles in 3 months if ingestion is not mastered, steep KQL (Kusto Query Language) learning curve, and a pricing trap where verbose network logs can cost €15,000/month while their detection value is virtually nil. Between Splunk at 500k€/year (rigid licensing, cumbersome installation) and Sentinel sold as "flexible and economical", the choice seems obvious. But what Microsoft doesn't say: Sentinel becomes more expensive than Splunk beyond 500 GB/day of poorly optimized ingestion. This article exposes the true cost of Sentinel, compares it objectively with Splunk/QRadar, explains how to avoid the €50k/month bill, and above all calculates whether your organization really needs a SIEM or whether a centralized EDR + logs is enough (spoiler: 60% of SMBs don't need a SIEM).

Endpoint hardening consists in reducing the attack surface of an operating system by disabling unnecessary services, reinforcing default configurations and applying strict security policies. On Windows 10/11, it's the difference between a machine compromised in 48 hours by opportunistic malware and an endpoint that resists targeted attacks for weeks, giving detection and response (EDR) time to do its job. The usual line: "Apply CIS Benchmarks Level 2 to all your endpoints, it's the norm". The reality on the ground: 847 parameters to configure manually, business applications that crash, users who scream because their printer no longer works, and an IT department that backs away from the scale of the task. Between the default Windows workstation (a security sieve) and the CIS Level 2 fortress (unusable without adaptations), there's an intelligent balance that nobody can explain to you. This article debunks the myths of hardening, exposes the real priorities (the 20% of configurations that eliminate 80% of risks), compares standards (CIS, ANSSI, Microsoft Security Baselines), presents tools that automate without breaking the bank (Intune, HardeningKitty, GPO), and above all calculates the real ROI. Because hardening 500 workstations manually costs 150 hours of system admin time, whereas an automated strategy takes 20 hours and lasts over time.

Azure Bastion is Microsoft's PaaS service that eliminates the need to expose your Azure virtual machines via public IPs for Remote Desktop (RDP) and Secure Shell (SSH) connections. Instead of leaving port 3389 or 22 open to the Internet - a favorite target of scan bots and bruteforce attacks - Bastion acts as a managed jump host that establishes TLS-encrypted sessions from the Azure portal or your native client. The marketing pitch: "Enhanced security without complexity, one-click connection". The reality: a service that costs €140/month in SKU Basic to protect VMs you use 2 hours a week, with frustrating limitations and cheaper but riskier alternatives. Between the classic self-hosted Bastion (complex, time-consuming), direct public IP (dangerous), and Azure Bastion (simple but expensive), the choice is never obvious. This article takes a look at Azure Bastion beyond the sales pitch: technical operation, real-life pricing with hidden pitfalls, objective comparison with alternatives (public IP, jump box, VPN), use cases where Bastion is a must-have vs. situations where it's a waste. Because securing access to your VMs shouldn't require a master's degree in network architecture, or drain your cloud budget.