I'm not at hacker summer camp this year. If you are like me and waiting for many of the great talks to come out, may I suggest you spend your time digging through the #EntraID Security Operations Guide. https://learn.microsoft.com/en-us/entra/architecture/security-operations-introduction. This has real world things that you should be monitoring for and taking action on. There is really a lot in here. Where possible we've included links directly to #microsoft #sentinel templates if you use that as your SIEM or to Sigma rules so you can convert it to your SIEM.