Isaac Dunham

Hey folks, some personal news. I’m leaving Microsoft. It’s been a privilege to work here, and I’m incredibly grateful for the people I’ve worked with, the customers I’ve learned from, and the support so many of you have shown me along the way. I’m now starting out on my own and chasing a dream I’ve had for a long time: building software that makes security more practical, accessible, and useful for the people doing the work every day. Why now? With all the change happening around us, I feel like new possibilities are opening up. I want to spend this next chapter building things I care deeply about, solving problems that matter, and doing work that brings me joy. I’m excited. Nervous. Grateful. My newsletters, podcast, Maester and other tools will all be part of this next chapter, and I’ll share more in the coming weeks. Thank you for being part of the journey so far. I’m looking forward to building this next chapter with your support.

If you have ever attempted to perform capacity planning for 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗦𝗲𝗻𝘁𝗶𝗻𝗲𝗹 maybe 4 or 5 years ago, I am sure you remember the struggle. Archiving was harder (and often more expensive), log ingestion required far more complex technical architecture, and estimating costs with confidence was… let’s just say, not straightforward. Fast forward to today, and things have changed s̲i̲g̲n̲i̲f̲i̲c̲a̲n̲t̲l̲y̲. Microsoft has just introduced a new 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗦𝗲𝗻𝘁𝗶𝗻𝗲𝗹 𝗖𝗼𝘀𝘁 𝗖𝗮𝗹𝗰𝘂𝗹𝗮𝘁𝗼𝗿, and it is a major step forward in simplifying how we approach planning and cost estimation for SIEM deployments. With this new experience, estimating Sentinel costs becomes: 𝗠𝗼𝗿𝗲 𝘁𝗿𝗮𝗻𝘀𝗽𝗮𝗿𝗲𝗻𝘁 – clearer visibility into ingestion, retention, and archive scenarios 𝗠𝗼𝗿𝗲 𝗽𝗿𝗲𝗱𝗶𝗰𝘁𝗮���𝗹𝗲 – better alignment between expected and actual costs 𝗠𝗼𝗿𝗲 𝗮𝗰𝗰𝗲𝘀𝘀𝗶𝗯𝗹𝗲 – no need to build complex spreadsheets or reverse-engineer pricing models This is important for potential customers who consider moving to Sentinel, as well as for existing customers who need to continuously review and optimize their environment. What is even more significant is the impact on 𝗗𝗢𝗥𝗔-𝗿𝗲𝗴𝘂𝗹𝗮𝘁𝗲𝗱 𝗶𝗻𝘀𝘁𝗶𝘁𝘂𝘁𝗶𝗼𝗻𝘀. The ability to model and reassess capacity in a structured and repeatable way provides strong support for 𝗔𝗿𝘁𝗶𝗰𝗹𝗲 𝟳 (𝗜𝗖𝗧 𝘀𝘆𝘀𝘁𝗲𝗺𝘀, 𝗽𝗿𝗼𝘁𝗼𝗰𝗼𝗹𝘀 𝗮𝗻𝗱 𝘁𝗼𝗼𝗹𝘀), specifically the requirement to 𝗿𝗲𝗴𝘂𝗹𝗮𝗿𝗹𝘆 𝗮𝘀𝘀𝗲𝘀𝘀 𝗶𝗻𝗳𝗿𝗮𝘀𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲 𝗰𝗮𝗽𝗮𝗰𝗶𝘁𝘆 𝗮𝗻𝗱 𝗽𝗹𝗮𝗻 𝗳𝗼𝗿 𝗴𝗿𝗼𝘄𝘁𝗵. In other words, this is not just a pricing tool, it is becoming an enabler for both better architecture decisions and stronger regulatory alignment. Check the tool here: https://t.co/n1gut4vHz3

We’ve received quite a few messages over the past few days about Get-UAL being broken. It turns out Microsoft made an update that impacted the script, but this has now been fixed in our latest release. 𝘜𝘱𝘥𝘢𝘵𝘦-𝘔𝘰𝘥𝘶𝘭𝘦 -𝘕𝘢𝘮𝘦 𝘔𝘪𝘤𝘳𝘰𝘴𝘰𝘧𝘵-𝘌𝘹𝘵𝘳𝘢𝘤𝘵𝘰𝘳-𝘚𝘶𝘪𝘵𝘦 While we were at it, we also added some additional features and improvements. Check out the release notes for all the details. https://t.co/qYovWFuasM #stayInvictus #CloudIncidentResponse #MicrosoftExtractorSuite

If you have worked with the make-graph operator, you know the struggle for building a well-defined query for bringing together nodes and edges. Well, that's history. Lift_To_Graph() and Graph_Render_View() can do the heavy work now. The era of shifting to relationships instead of tables is already here. #kql #kustoquery

COMMANDER: We’re fighting for freedom. And part of that freedom… is the freedom to retire with dignity. So we’re going to start accounts called 401(k)s. SOLDIER 1: What’s a 401(k)? COMMANDER: It’s a retirement account. You put money in, it grows tax-free, you take it out when you’re old. SOLDIER 2: So I don’t pay taxes on it? COMMANDER: Well, you pay taxes later. When you withdraw. SOLDIER 2: So it’s not tax-free. COMMANDER: It’s…tax-deferred. SOLDIER 2: What’s the difference? COMMANDER: You pay taxes later instead of now. SOLDIER 1: What if I want to pay taxes now? COMMANDER: Then you do a Roth 401(k). SOLDIER 3: What’s a Roth? COMMANDER: You pay taxes now, and it grows tax-free. SOLDIER 2: That’s what I thought the first one was. COMMANDER: No, the first one you pay taxes later. SOLDIER 1: Which one’s better? COMMANDER: Depends on your tax bracket in retirement. SOLDIER 1: …How would I…know that? COMMANDER: You don’t. You just guess. ⸻ SOLDIER 4: What if I don’t have a 401(k) through my employer? COMMANDER: Then you open an IRA. SOLDIER 4: What’s the difference? COMMANDER: One’s through your job, one’s on your own. SOLDIER 4: Can I have both? COMMANDER: Yes. SOLDIER 4: Should I? COMMANDER: Maybe. SOLDIER 3: Can I do a Roth IRA? COMMANDER: Only if you make under a certain amount. SOLDIER 3: What’s the limit? COMMANDER: Changes every year. SOLDIER 2: What if I make too much? COMMANDER: Then you do a backdoor Roth by putting it in a Traditonal first. SOLDIER 2: …Is that legal? COMMANDER: Surprisingly, yes. SOLDIER 1: What’s a backdoor Roth? COMMANDER: You contribute to a traditional IRA, then convert it to a Roth…but watch out for “pro rata”. SOLDIER 1: Why wouldn’t I just contribute to the Roth directly? COMMANDER: Because you make too much money. SOLDIER 1: But this way I can? COMMANDER: Yes. SOLDIER 1: That feels like a loophole. COMMANDER: It is. But the IRS is cool with it. ⸻ SOLDIER 5: I just changed battalions. What do I do with my old 401(k)? COMMANDER: You roll it over. SOLDIER 5: Into what? COMMANDER: An IRA. Or your new 401(k). Depends. SOLDIER 5: On what? COMMANDER: The funds. The fees. Whether your new plan accepts rollovers. SOLDIER 5: What if I just take the money out? COMMANDER: You’ll pay taxes plus a 10% penalty. SOLDIER 5: What if I’m 59? COMMANDER: Penalty. SOLDIER 5: 59 and a half? COMMANDER: No penalty. SOLDIER 5: …The half matters? COMMANDER: The half matters. ⸻ SOLDIER 3: What’s a mega backdoor Roth? COMMANDER: Okay. So. Your 401(k) has a limit of how much you can contribute. SOLDIER 3: Right. COMMANDER: But the total limit including employer contributions is higher. SOLDIER 3: Okay… COMMANDER: So if your plan allows ~after-tax~ contributions, you can put in more, then convert that to Roth. SOLDIER 3: Does my plan allow that? COMMANDER: I don’t know. You have to ask Betsy. SOLDIER 3: Will Betsy know? COMMANDER: Probably not. ⸻ SOLDIER 2: Can I deduct my IRA contribution on my taxes? COMMANDER: Are you covered by a retirement plan at work? SOLDIER 2: Yes. COMMANDER: Then only if you make under a certain amount per year. SOLDIER 2: What’s the amount? COMMANDER: Depends if you’re married. SOLDIER 2: What if my wife has a plan but I don’t? COMMANDER: Different limit. SOLDIER 2: What if neither of us has a plan? COMMANDER: Full deduction. SOLDIER 2: So it’s better to not have a 401(k)? COMMANDER: No… ⸻ SOLDIER 1: Can I just keep my money in a sock? COMMANDER: You could. But inflation will slowly destroy it. SOLDIER 1: What’s inflation? COMMANDER: (sighs)…