Skip to Content

A new era for security data management – Introducing Microsoft Sentinel Data Lake

Mona Ghadiri
Aug 8, 2025

Microsoft has taken a bold step forward with the public preview of Microsoft Sentinel Data Lake, a new way to process and store SIEM data. This marks a significant milestone in the journey toward intelligent, scalable, and most importantly, cost-effective security operations with agentic AI.

What is Microsoft Sentinel Data Lake?

Built on Microsoft Fabric OneLake, Sentinel Data Lake offers a centralized repository for structured and unstructured security data. It’s designed to break down silos, enabling security teams to ingest, store, and analyze massive volumes of data from diverse sources – all in one place. This unified approach not only simplifies data management but also enhances the effectiveness of AI-driven threat detection and response.

The platform supports open data formats, making it easier to integrate with third-party tools and analytics engines. It also introduces tiered storage options, allowing organizations to optimize costs while maintaining access to critical data.

Why this matters for security teams?

Traditional SIEM solutions often struggle with scalability and cost-efficiency. Sentinel Data Lake addresses these challenges head-on by offering:

  • Elastic scalability for growing data volumes
  • Cost-effective storage tiers including hot, warm, and cold options
  • AI-readiness for advanced analytics and automation.

This empowers security teams to move beyond reactive defense and embrace proactive, intelligence-driven operations.


Capgemini’s MXDR services: Amplifying the power of Sentinel and Unified SecOps

Capgemini has long been a strategic partner in Microsoft’s security ecosystem. As a member of the Microsoft Intelligent Security Association (MISA), Capgemini brings deep expertise in deploying and managing Microsoft Sentinel through its Cyber Defense Centers (CDCs).

Capgemini’s MXDR services are built on Microsoft Sentinel and the Unified SecOps Platform from Microsoft, and Capgemini and clients can take advantage of enhanced capabilities of the new Data Lake. These services include:

  • Longer storage and retention choices
  • Advanced threat hunting using machine learning and behavioral analysis on data beyond 90 days
  • Integration with Microsoft Defender and other third-party security tools for a holistic defense strategy.

By leveraging Sentinel Data Lake, Capgemini’s MXDR services will be able to deliver even greater visibility, faster detection, and more efficient response – all while optimizing costs.

Looking ahead

The public preview of Microsoft Sentinel Data Lake is more than a product launch – it’s a paradigm shift. It sets the stage for a future where security operations are unified, intelligent, and scalable. With partners like Capgemini leading the charge, organizations can confidently navigate this transformation and build resilient, AI-powered defenses.



About the author

Mona Ghadiri

Vice President – Cybersecurity Portfolio, Cloud Infrastructure Services
Mona is a three-time Microsoft Security MVP, recognized for her expertise in SIEM, XDR, and most recently, Security Copilot—where she was one of only 26 global awardees and the first woman to receive the honor. She brings deep product leadership experience from roles at Raytheon/Forcepoint, Trustwave, and BlueVoyant, where she led the development of Microsoft-based cyber services. Before entering cybersecurity, Mona worked as a process engineer in the automotive and food & beverage industries. A passionate advocate for SOC transformation, pragmatic AI in security operations, and talent development, Mona speaks globally at conferences and webinars. Her recent focus includes advancing women in AI and cybersecurity and sharing insights on securing AI systems. She serves on the boards of several Microsoft learning communities, including Zero to Hero, Team Copilot, and MSFarsi. Mona holds a BA from Grinnell College and an MBA from the University of Illinois Urbana-Champaign, along with a certification in Lean Tools Implementation.