top of page
Search

What I Learned (and Loved) at Lead with Microsoft Security by Arrow - Alicante edition

There’s something about these Microsoft Security events that stays with you. It’s not just the announcements or the insights. It’s the energy, the conversations, and the sense that you’re part of something bigger.


From Paris to Stockholm and now Alicante, I’ve had the absolute joy of attending Lead with Microsoft Security by Arrow three times. And somehow, it keeps getting better. Every time I think I know what to expect, I leave surprised, inspired, and full of new ideas. And let’s be honest, with a few new “wishlist” features too.


This blog is my personal recap of this year’s experience in Alicante. What stood out, what’s coming next, and why these events are absolutely worth showing up for.



Why I Keep Coming Back

Sure, the sessions are great. But what keeps me coming back? It’s the access, the people, and the behind-the-scenes magic. If you’re in the Microsoft Security space, here’s what you’re missing out on:


  • You get direct insights from the people actually building Microsoft Security products

  • You hear about features and tools still under NDA (and yes, some of them are very exciting)

  • You can ask real questions, share feedback, and influence product direction

  • You receive sales and go-to-market enablement that actually helps

  • You meet peers, exchange ideas, and build genuine friendships

  • And sometimes, just sometimes, you meet your next great frienemy

This is where partnerships are built, knowledge is shared, and the community grows stronger.


This is the reason I love these events!
This is the reason I love these events!


What I Can Share (Without Getting in Trouble)

There were so many incredible speakers, panels, and conversations throughout the event. I’d love to highlight every single one, but many of the most exciting insights are still under NDA. So I’ll play it safe and stick to what I can share publicly.



Security Copilot Agents Are Coming, and They’re Actually Smart

We’re moving beyond dashboards and tools. Microsoft is rolling out Security Copilot Agents, and they are not your average bots. These AI teammates understand your environment, help guide decisions, and reduce noise so your team can focus on what really matters.


They don’t just respond to incidents. They provide context, recommendations, and clarity that helps security teams move from reacting to leading.

This isn’t about replacing people. It’s about amplifying them.


Kenneth Rosenkrantz, Senior Product Manager at Microsoft
Kenneth Rosenkrantz, Senior Product Manager at Microsoft


Defender for Endpoint: Patch Like You Mean It

If one thing hit home, it’s this: don’t try to patch everything. Patch what matters.

Defender for Endpoint gives us powerful insight, but the key is prioritization. Start with:

  • Systems that are internet-facing

  • Devices used by high or medium-risk users

  • Vulnerabilities that are actively being exploited

Attackers are looking for what’s exposed right now. So patch with purpose.


Saar Cohen, Senior Product Manager at Microsoft
Saar Cohen, Senior Product Manager at Microsoft


Cloud Security: Evolving Fast, Breaking Faster

Cloud security came up a lot this year, and for good reason. As more organizations go multi-cloud, the risks grow alongside the benefits.

We’ve moved from managing on-prem perimeters to navigating decentralized, fast-moving environments. Cloud providers secure the infrastructure, but securing your apps, data, and identities? That’s on us.


Here’s where it gets tricky:

  • Misconfigurations still cause major incidents. One wrong bucket setting can mean a major leak.

  • Over-permissive access builds up fast. Most users get more rights than they need “just in case.”

  • Cloud attacks are getting creative, chaining together weak credentials, unpatched services, and excessive permissions.


And with 89 percent of organizations now embracing multi-cloud (Flexera 2024 State of the Cloud Report), your strategy needs to reflect that complexity. Cloud security isn’t just a tech problem. It’s a business conversation.


Yael Genut, Senior Product Manager at Microsoft​
Yael Genut, Senior Product Manager at Microsoft​


Microsoft Sentinel: Making Modern SOCs Actually Work

One of the stars of the show was Microsoft Sentinel. It came up in session after session, and it’s easy to see why. Sentinel has grown from a cloud-native SIEM into the operational core of a modern SOC.


Here’s what stood out:

  • It does a lot. Alerting, hunting, investigation, reporting, automation—it covers everything.

  • It connects to everything. With over 350 built-in connectors, you can pull in data from across your environment.

  • You get built-in threat intelligence. Backed by over 10,000 Microsoft researchers and tracking more than 1,500 threat actor groups.

  • It’s a proper SecOps platform. Think SIEM as code, automation, and native integrations with Microsoft 365, Defender, and Entra. And yes, Copilot is already in the mix helping analysts move faster.


My honest takeaway? Sentinel is powerful. But it’s also not cheap.

For smaller teams or budget-conscious organizations, the pricing model can be tough. Ingesting all your logs all the time adds up quickly. So it’s important to plan smart, focus on high-value data, and scale thoughtfully. Because modernizing doesn’t mean doing everything at once. It means doing the right things first.


Israel Aloni, GM, Product Managment Sentinel
Israel Aloni, GM, Product Managment Sentinel


Microsoft Purview: Your AI and Compliance Best Friend

If you don’t know what data you have, where it lives, who’s accessing it, or how sensitive it is, you are not ready for AI. Or compliance. Or anything close to governance maturity.

Microsoft Purview is about more than labels. It’s about clarity. It gives you the visibility and control to make confident decisions around data. And without that foundation, your security strategy is just guesswork.


Peter Oguntoye, Senior Product Manager at Microsoft
Peter Oguntoye, Senior Product Manager at Microsoft


Culture Over Tools, Every Time

Yes, I love a good dashboard. But tools don’t protect people. People protect people.

The most transformative security shifts happen when organizations build culture. When everyone understands their role, feels empowered to ask questions, and connects security to their daily work.

Security should never feel like a blocker. When done right, it becomes an enabler of safer, smarter work.


Security Partner Panel OneVinn, Truesec, It-Total, C.A.G
Security Partner Panel OneVinn, Truesec, It-Total, C.A.G


What the Forrester Report Really Told Us

One of the most insightful moments came during a session led by Regina Murray, General Manager of Global Partner Solutions for Western Europe at Microsoft. She walked us through the Forrester Total Economic Impact Partner Opportunity Analysis, commissioned by Microsoft in July 2024.


Here’s what stood out:

  • Enterprise security partner revenue is up 10 percent

  • SMB security revenue is up 19 percent

  • Managed services in the SMB space grew by 53 percent

Security services are not just growing. They’re exploding.


Regina Murray, General Manager, Global Partner Solutions Western Europe​
Regina Murray, General Manager, Global Partner Solutions Western Europe​

Copilot is Creating Urgency

Copilot is forcing organizations to look inward and fix their data, compliance, and security foundations. Modernization isn’t a nice-to-have anymore. It’s becoming essential.


Cost Consolidation is a Strategic Priority

Organizations are tired of tool sprawl. There’s a growing push to consolidate under Microsoft 365 E5 or Business Premium. Partners who can help simplify the stack and deliver value on top will win big.


Where to Focus Your Services

  • Microsoft 365 Security (Defender, SIEM, SOC)

  • Multicloud and hybrid security

  • Compliance and AI readiness with Purview, DLP, eDiscovery

  • Identity and Zero Trust with Entra

  • XDR services built on Microsoft Sentinel


What Top Partners Are Doing Right

  • Staying fully aligned with Microsoft’s vision and roadmap

  • Leveraging co-sell, ECIF, and incentives to deliver more

  • Investing in internal enablement, especially around Copilot

  • Packaging services for repeatable, scalable delivery



Wrapping It All Up: Why These Events Matter

What truly makes these events special isn’t just the content. It’s the people.

Thank you to Arrow for bringing us together once again.

You gave us access to product managers, field leaders, and decision-makers.

You created the space to ask questions, share feedback, and build real relationships.


And just as important were the hallway chats, partner dinners, and those spontaneous moments where competitors become collaborators. And sometimes, collaborators become frienemies we genuinely admire. These connections across companies, countries, and roles are what make this community so strong.


To everyone I met, reconnected with, or laughed way too hard with in Alicante, thank you. You’re what makes this work feel meaningful.


Until next time. Let’s keep learning, connecting, and showing up for each other.


Big thanks to Arrow for the gorgeous event shots. Yes, I laugh like that. No, I’m not sorry. That’s just the price of being both funny and fired up about security.

For the unfiltered, phone-captured chaos? Head to Instagram.


 
 
 

Comentários

XT524576.JPG

Hi, I'm Linda

I work in tech as a cybersecurity & solutions architect, focused on Microsoft 365, AI, and making complex things simple.

  • Facebook
  • LinkedIn
  • Instagram

Talking tech, sharing stories, loving Microsoft.

I write about working in tech, being a speaker and my love (obession) for Microsoft. To share what I learn along the way and hopefully inspire others. 

Stay in the loop.

bottom of page