Microsoft Announces GA of Data Lake Tier Ingestion for Advanced Hunting Tables
Microsoft has announced the general availability of data lake tier ingestion for Microsoft Advanced Hunting Tables in the Microsoft Sentinel data lake. The update allows organizations to route select Defender data directly into Sentinel’s data lake tier, enabling lower-cost storage and extended retention while preserving query capabilities for investigation and threat hunting. The feature is designed to help customers manage growing security data volumes more efficiently without sacrificing visibility. With the release of Advanced Hunting, data can be ingested from Microsoft Defender for Endpoint, Office 365 and Cloud Apps directly into Sentinel data lake. This offers users high-volume storage, extended security analytics, query and integrated data and visual threat landscapes.
Security operations centers continue to face escalating telemetry growth as endpoint, identity, and cloud signals multiply. By leveraging the data lake tier, organizations can store large volumes of Defender telemetry at reduced cost compared to analytics-tier storage. For SOC and platform teams, the GA release provides greater flexibility in balancing cost, performance and retention needs. The capability reflects Microsoft’s broader strategy of separating hot analytics data from long-term storage, enabling enterprises to scale threat hunting and investigation workloads without unsustainable ingestion expenses. The release also offers scale and cost efficiency, a foundation for advanced analytics, flexible architecture for security teams and the ability to work with existing Sentinel and XDR experiences.
Posted by Redmondmag.com Editors on 02/11/2026