Friends don't let friends click to deploy - unless you work in security. Detection is rarely one-size-fits all and are often created per tenant or workspace to fit with the usage patterns and environment. Of course, this also applies to security automation, orchestration and response (SOAR) components used as part of detection. So how do you handle hundreds of detection queries across multiple environments, while allowing local adoptions and let the security team focus on managing incidents?

In this session we will explore some ways to deploy and manage detection content as code, both natively in Microsoft Sentinel and using infrastructure as code and CI/CD pipelines. No matter if you are managing 1 or 10 tenants, there will be something to consider for everyone.