Jan 2026 updates

Author: alexverboon

docs/entraid.md

@@ -9,6 +9,7 @@
 
 ## Microsoft Tech Community Blogs
 
+- [Ignite’25 Spotlight: Announcing Microsoft Baseline security mode](https://techcommunity.microsoft.com/blog/microsoft_365blog/ignite%E2%80%9925-spotlight-announcing-microsoft-baseline-security-mode/4469709#community-4469709-authentication)
 - [Important Update: Azure AD Graph retirement](https://techcommunity.microsoft.com/blog/microsoft-entra-blog/important-update-azure-ad-graph-retirement/4364990)
 - [Important Update: AzureAD PowerShell retirement](https://techcommunity.microsoft.com/blog/microsoft-entra-blog/important-update-azuread-powershell-retirement/4364989)
 - [OAuth consent phishing explained and prevented](https://techcommunity.microsoft.com/blog/microsoft-entra-blog/oauth-consent-phishing-explained-and-prevented/4423357)
@@ -1859,6 +1860,7 @@
 - [Microsoft 365 Message Center Archive](https://mc.merill.net/)
 - [Tier 0 Table](https://github.com/SpecterOps/TierZeroTable/)
 - [https://www.entradocumentation.com/](https://www.entradocumentation.com/)
+- [Conditional Access Documenter](https://idpowertoys.merill.net/ca)
 
 ## EntraOps Classification and Automation
 

docs/mde.md

@@ -9,11 +9,11 @@
 - [What's new in Microsoft Defender for Endpoint on Mac](https://learn.microsoft.com/en-us/defender-endpoint/mac-whatsnew)
 - [What's new in Microsoft Defender for Endpoint on Linux](https://learn.microsoft.com/en-us/defender-endpoint/linux-whatsnew)
 - [Become a Microsoft Defender for Endpoint Ninja](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-for-endpoint-ninja-training-august-2021/ba-p/2611623)
+- [Defender for Endpoint - Error Codes](https://github.com/MicrosoftDocs/defender-docs/blob/public/defender-endpoint/event-error-codes.md)
 
 ## Microsoft Tech Community Blogs
 
 - [Ignite 2025: Microsoft Defender now prevents threats on endpoints during an attack](https://techcommunity.microsoft.com/blog/microsoftdefenderatpblog/ignite-2025-microsoft-defender-now-prevents-threats-on-endpoints-during-an-attac/4470805)
-
 - [End of Windows 10 Support: What Defender Customers Need to Know](https://techcommunity.microsoft.com/blog/microsoftdefenderatpblog/end-of-windows-10-support-what-defender-customers-need-to-know/4461349)
 - [Multi-tenant endpoint security policies distribution is now in Public Preview](https://techcommunity.microsoft.com/blog/microsoftdefenderatpblog/multi-tenant-endpoint-security-policies-distribution-is-now-in-public-preview/4439929)
 - [Maintain connectivity for essential services with selective network isolation](https://techcommunity.microsoft.com/blog/microsoftdefenderatpblog/maintain-connectivity-for-essential-services-with-selective-network-isolation/4422938)
@@ -265,6 +265,11 @@
 
 ## Community Blogs
 
+- [Bind Link – EDR Tampering](https://ipurple.team/2025/12/01/bind-link-edr-tampering/)
+- [Modern Security for Legacy Systems](https://medium.com/@verboonalex/modern-security-for-legacy-systems-0cb96f95a949)
+- [What is Microsoft Defender for Endpoint, for the Endpoint](https://kostaskoutrou.github.io/2025/12/17/what-is-mde.html)
+- [Microsoft Defender for Endpoint Internal 0x06 — Custom Collection](https://medium.com/falconforce/microsoft-defender-for-endpoint-internal-0x06-custom-collection-81fc1042b87c)
+- [Defender for Endpoint - Custom Data Collection Rules](https://infernux.no/blog/defenderforendpoint-customdatacollectionrules/)
 - [Guidance on how to manage products updates for Defender for Server on Linux distributions](https://vertho.tech/2025/08/27/guidance-on-how-to-manage-products-updates-for-defender-for-server-on-linux-distributions/)
 - [Tracking a device’s IP assignments with MDE’s DeviceNetworkInfo table](https://medium.com/@cybureauocracy/tracking-a-devices-ip-assignments-with-mde-s-devicenetworkinfo-table-430270ca539e)
 - [MDE’s DeviceNetworkEvents table [Part 2 — Connection* ActionTypes]](https://medium.com/@cybureauocracy/mdes-devicenetworkevents-table-part-2-connection-actiontypes-1c5ee20d2fc4)
@@ -370,6 +375,8 @@
 - [Microsoft Vulnerable Driver Block Lists](https://github.com/Cyb3r-Monk/Microsoft-Vulnerable-Driver-Block-Lists)
 - [Deploying Defender for Endpoint for macOS using Microsoft Intune](https://github.com/yujiaoMSFT/Microsoft-Defender-For-Endpoint/blob/main/macOS/Deploy-MDE-macOS-with-Intune/readme.md)
 - [MDE Monitoring App](https://github.com/chlaplan/MDE-Monitoring-App)
+- [TelemetryCollectionManager](https://github.com/FalconForceTeam/TelemetryCollectionManager)
+- [MISP2Defender](https://github.com/cudeso/misp2defender)
 
 ## Simulations
 

docs/mdti.md

@@ -7,6 +7,7 @@
 
 ## Microsoft Tech Community Blogs
 
+- [Detect more, spend less: the future of threat intelligence correlation](https://techcommunity.microsoft.com/blog/microsoftsentinelblog/detect-more-spend-less-the-future-of-threat-intelligence-correlation/4468661)
 - [New Copilot for Security Plugin Name Reflects Broader Capabilities](https://techcommunity.microsoft.com/t5/microsoft-defender-threat/new-copilot-for-security-plugin-name-reflects-broader/ba-p/4258810)
 - [MDTI for Government Now Available](https://techcommunity.microsoft.com/t5/microsoft-defender-threat/mdti-for-government-now-available/ba-p/4258823)
 - [Introducing the MDTI Article Digest](https://techcommunity.microsoft.com/t5/microsoft-defender-threat/introducing-the-mdti-article-digest/ba-p/4223917)

docs/mdxdr.md

@@ -106,6 +106,7 @@
 
 ## Community Blogs
 
+- [Migrating Microsoft Sentinel to Microsoft Defender XDR](https://infernux.no/blog/migratingsentineltodefenderxdr/)
 - [The ultimate Defender XDR RBAC visualization](https://vertho.tech/2025/09/29/the-ultimate-defender-xdr-rbac-visualization/)
 - [Remove old or orphaned Sentinels from the XDR Streaming API](https://cloudbrothers.info/remove-orphaned-sentinels-xdr-streaming-api/)
 - [Detect security policy changes](https://www.lousec.be/ad/detect-security-policy-changes/)

docs/sentinel.md

@@ -8,6 +8,19 @@
 
 ## Microsoft Tech Community Blogs
 
+- [Announcing AI Entity Analyzer in Microsoft Sentinel MCP Server - Public Preview](https://techcommunity.microsoft.com/blog/microsoft-security-blog/announcing-ai-entity-analyzer-in-microsoft-sentinel-mcp-server---public-preview/4476230)
+- [Microsoft Sentinel Platform: Audit Logs and Where to Find Them](https://techcommunity.microsoft.com/blog/microsoftsentinelblog/microsoft-sentinel-platform-audit-logs-and-where-to-find-them/4481838)
+- [Managing Microsoft Sentinel and Microsoft Defender XDR permissions in Microsoft Defender portal](https://techcommunity.microsoft.com/blog/microsoftsentinelblog/managing-microsoft-sentinel-and-microsoft-defender-xdr-permissions-in-microsoft-/4480583)
+- [Call to Action: Migrate Your Classic Alert‑trigger Automations to Automation Rules Before March 2026](https://techcommunity.microsoft.com/blog/microsoftsentinelblog/call-to-action-migrate-your-classic-alert%E2%80%91trigger-automations-to-automation-rule/4479137)
+- [Efficiently process high volume logs and optimize costs with Microsoft Sentinel data lake](https://techcommunity.microsoft.com/blog/microsoftsentinelblog/efficiently-process-high-volume-logs-and-optimize-costs-with-microsoft-sentinel-/4478110)
+- [What’s New in Microsoft Sentinel: December 2025](https://techcommunity.microsoft.com/blog/microsoftsentinelblog/what%E2%80%99s-new-in-microsoft-sentinel-december-2025/4477063)
+- [Build less, secure more: Simplify security data management with Microsoft Sentinel data lake](https://techcommunity.microsoft.com/blog/microsoftsentinelblog/build-less-secure-more-simplify-security-data-management-with-microsoft-sentinel/4474792)
+- [New Compliance Solutions in Microsoft Sentinel: HIPAA & GDPR Reports](https://techcommunity.microsoft.com/blog/microsoftsentinelblog/new-compliance-solutions-in-microsoft-sentinel-hipaa--gdpr-reports/4470452)
+- [Ignite 2025: New Microsoft Sentinel Connectors Announcement](https://techcommunity.microsoft.com/blog/microsoftsentinelblog/ignite-2025-new-microsoft-sentinel-connectors-announcement/4454613)
+- [Detect more, spend less: the future of threat intelligence correlation](https://techcommunity.microsoft.com/blog/microsoftsentinelblog/detect-more-spend-less-the-future-of-threat-intelligence-correlation/4468661)
+- [Operationalizing the Sentinel data lake: A Practitioner’s Guide](https://techcommunity.microsoft.com/blog/microsoftsentinelblog/operationalizing-the-sentinel-data-lake-a-practitioner%E2%80%99s-guide/4466042)
+- [Automating IOC hunts in Microsoft Sentinel data lake](https://techcommunity.microsoft.com/blog/microsoftsentinelblog/automating-ioc-hunts-in-microsoft-sentinel-data-lake/4467113)
+- [What’s New in Microsoft Sentinel: November 2025](https://techcommunity.microsoft.com/blog/microsoftsentinelblog/what%E2%80%99s-new-in-microsoft-sentinel-november-2025/4466061)
 - [Using Microsoft Sentinel MCP Server with GitHub Copilot for AI-Powered Threat Hunting](https://techcommunity.microsoft.com/blog/coreinfrastructureandsecurityblog/using-microsoft-sentinel-mcp-server-with-github-copilot-for-ai-powered-threat-hu/4464980)
 - [Introducing Microsoft Sentinel graph (Public Preview)](https://techcommunity.microsoft.com/blog/microsoft-security-blog/introducing-microsoft-sentinel-graph-public-preview/4456368)
 - [Microsoft Sentinel data lake is now generally available](https://techcommunity.microsoft.com/blog/microsoft-security-blog/microsoft-sentinel-data-lake-is-now-generally-available/4456342)

docs/social.md

@@ -24,6 +24,7 @@
 - [Maarten Goet](https://bsky.app/profile/maartengoet.com)
 - [Ru Campell](https://bsky.app/profile/campbell.scot)
 - [Suryendu Bhattacharyya](https://bsky.app/profile/crookedbong.bsky.social)
+- [Truls](https://bsky.app/profile/truls.infernux.no)
 
 ## Defenders on X