Deep dives on Microsoft Sentinel, alert fatigue, human-in-the-loop security, BEC investigations and the economics of running a SOC as a UK MSP. No listicles, no fluff — the kind of post we wish had existed when we were building this.
A numbers-first breakdown of the three ways a UK MSP can deliver SOC services to SME clients — build an in-house SOC, buy an MSSP, or augment Tier 1 with agentic AI. Which wins depends on your book, your margin, and your appetite for operational risk.
Table-stakes for UK public sector contracts. The complete 2026 controls checklist, mapped to the exact Microsoft 365 settings your assessor will check.
Incident ResponseStep-by-step walkthrough of a real Business Email Compromise investigation — from Sentinel impossible-travel alert to quarantined mailbox.
Microsoft SentinelSentinel produces 10,000–50,000 alerts per tenant per month. Most are noise. How agentic triage resolves 60% before a human sees them.
Security OperationsHITL is a mandatory approval gate between AI investigation and AI action. Why it's the right pattern for agentic SOC, with real examples.
AI & AutomationAgentic AI means autonomous investigation with a human gate on destructive actions. What it actually looks like inside a SOC — and why it changes the economics.
The posts are the theory. A 14-day pilot on one of your real tenants is the proof.