Abstract

Most DevOps and SRE teams are now “accidental security teams”: they own CI/CD, cloud infrastructure, and on-call, but they also inherit security alert storms from tools like Microsoft Defender XDR. In this talk, Nikolay shows how to collapse MTTR by turning thousands of noisy alerts across endpoint, identity, email, and SaaS into a small number of clear, repeatable workflows.

Nikolay will walk through a practical pipeline built on Microsoft-native capabilities:

• Correlation: stitching scattered alerts into incidents that map to real on-call runbooks
• Automation: safe first-mile patterns with Logic Apps that enrich, route, deduplicate, and contain without waking people up at 3am for nothing
• Copilot: using Security Copilot to compress analysis and reporting time with guided summaries, hypothesis-driven questions, and draft KQL you can validate and run
• Measurement: simple metrics and scorecards to prove “we reduced MTTR and noise” to both engineers and leadership

Bio

Nikolay Milyaev is a Senior Microsoft Consultant specializing in security and endpoint management, with expertise in Microsoft Defender XDR, Intune, Windows 365, and Azure environments. With over 19 years of experience at Microsoft Consulting Services (ISD), he has led the delivery of more than 50 large scale enterprise cybersecurity and endpoint management projects for global organizations. He is also a Microsoft Certified Trainer and an active AI enthusiast focused on modern security and device management strategies.