The Security Insights Show

Let’s talk Sentinel, AI Security or lack thereof and we think Agent365 is pretty cool when mixed with Microsoft Purview.Words of Wisdom:“Anything you say before the word “but” does not count!“Ask anyone that you admire: Their lucky breaks happened on a detour from their main goal. So embrace detours. Life is NOT a straight line for anyone.”Security News:General* Secure agentic AI end-to-end | Microsoft Security Blog* RSA 2026: What’s new in Microsoft Defender? | Microsoft Community Hub* Monthly news – March 2026 | Microsoft Defender XDR Blog* Microsoft Entra innovations announced at RSAC 2026 | Microsoft Community HubAI Security* Secure agentic AI end-to-end | Microsoft Security Blog* RSA 2026: What’s new in Microsoft Defender? (Security Copilot & AI expansions) | Microsoft Community HubAzure Security & Defender for Cloud News* Monthly news – March 2026 | Microsoft Defender XDR Blog* What’s new in Defender for Cloud features (March/April 2026 updates) | Microsoft Learn* RSA 2026: What’s new in Microsoft Defender? | Microsoft Community HubThreat Intelligence* RSA 2026: What’s new in Microsoft Defender? | Microsoft Community HubMicrosoft Entra* Microsoft Entra innovations announced at RSAC 2026 | Microsoft Community HubDefender XDR & Sentinel* RSA 2026: What’s new in Microsoft Defender? | Microsoft Community Hub* What’s New in Microsoft Sentinel: March 2026 | Microsoft Community Hub* What’s new in Microsoft Sentinel: RSAC 2026 | Microsoft Community Hub* RSAC 2026: New Microsoft Sentinel Connectors Announcement | Microsoft Community Hub* Monthly news – March 2026 | Microsoft Defender XDR BlogCopilot for Security* RSA 2026: What’s new in Microsoft Defender? (Security Copilot expansions) | Microsoft Community HubPurview – Compliance & Governance* RSA 2026: What’s new in Microsoft Defender? (Purview AI & data innovations) | Microsoft Community Hub✨ Featured Items This Week* Notice: Security Copilot will be included as part of your Microsoft 365 E5 plan soonID: MC1261596 | Service: Microsoft Entra, Microsoft Intune | Tags: New feature, User impact, Admin impactSecurity Copilot will be included with Microsoft 365 E5 via a phased rollout from April 20 to June 30, 2026, providing 400 Security Compute Units * Microsoft Entra ID: Improved readability for Authentication Methods Policy Update audit logsID: MC1260708 | Service: Microsoft Entra | Tags: Feature update, Admin impactMicrosoft Entra ID audit logs for Authentication Methods Policy Updates will now show only changed properties with old and new values* Microsoft Purview: Credential scanning in Data Security Posture AgentID: MC1259828 | Service: Microsoft Purview | Tags: New feature, User impact, Admin impactMicrosoft Purview’s Data Security Posture Agent will add a credential scanning feature by mid-2026, using LLM-powered detection to find exposed cred’sNew Roadmap Items:* Microsoft Teams: Enhanced cross-platform join via SIP for Teams Rooms on AndroidID: 558539 | Product: Microsoft Teams | Status: In developmentEnable Teams Rooms on Android to join third-party meetings via SIP, delivering seamless cross-platform interoperability. This capability ensures users...Microsoft Viva: Copilot Analytics: “All”- licensed user page Copilot dashboardID: 559475 | Product: Microsoft Viva, Microsoft Copilot (Microsoft 365) | Status: In developmentThe Copilot Dashboard adoption landing page will be updated to show a unified view of Copilot adoption across the organization. Instead of the default...Microsoft Teams: Add Breakout Room Participants in Bulk Using CSVID: 559387 | Product: Microsoft Teams | Status: In developmentSupport for bulk breakout room participant assignment using a CSV file, helping organizers save time when setting up breakout rooms.Updated Roadmap Items:* Microsoft Teams: Simplified Teams app bar to create a cleaner and more focused experience.ID: 557169 | Product: Microsoft Teams | Status: Rolling outWe’ve simplified the app bar to help you focus on what matters. Apps are easier to scan in a cleaner View more apps list, the overflow menu is less cl...Microsoft Teams: Microsoft Teams: Secure Reliable Transport (SRT) Support for Teams town hallsID: 554931 | Product: Microsoft Teams | Status: In developmentMicrosoft Teams will soon support Secure Reliable Transport (SRT) streaming in Teams town halls. SRT is a network protocol designed to deliver high-qu...Microsoft Copilot (Microsoft 365): [Copilot Extensibility] IT Admins will be able to enable Anthropic models by specific users and groups in the tenantID: 557371 | Product: Microsoft 365, Microsoft Copilot (Microsoft 365) | Status: In developmentThis feature introduces admin controls for managing Anthropic as a model provider for specific users and groups in the tenant.Microsoft Viva: Satisfaction Rate Metric for Microsoft 365 Copilot in Copilot DashboardID: 496655 | Product: Microsoft Viva, Microsoft Copilot (Microsoft 365) | Status: LaunchedTrack user sentiment of Microsoft 365 Copilot. Understand how use

Edward does MCP. Franks says 3 is a magic number. Rod returns with tales from the other side of the pond? We will talk about the new E7 license from Microsoft and other top of mind security trends and news.Words of Wisdom:“To rapidly reveal the true character of a person you just met, move them onto an abysmally slow internet connection. Observe”Cool AI Tools and Security Links:* XDR Convertor * Tool to read the Legal Terms and conditions for you: AITermsScore – AI Legal Terms Analyzer* All the admin portal and API endpoints: 🖥 Home | [cmd.ms]Microsoft M365 Changes* Microsoft Teams: Identify external bots joining your Teams meetingsID: MC1251206 | Service: Microsoft Teams | Tags: New feature, User impact, Admin impactMicrosoft Teams will detect and label external meeting assistant bots joining meetings, giving organizers control to approve, deny, or remove them. A ...Copilot extensibility: Microsoft 365 Copilot Declarative Agents model upgrade to GPT‑5.2ID: MC1251203 | Service: Microsoft Copilot (Microsoft 365) | Tags: New feature, User impact, Admin impactMicrosoft 365 Copilot Declarative Agents will upgrade to the GPT-5.2 model by late March 2026, enhancing quality, accuracy, and multi-step workflows. ...Microsoft Teams: Live transcription in Teams Rooms on AndroidID: MC1249432 | Service: Microsoft Teams | Tags: New feature, User impact, Admin impactMicrosoft Teams Rooms on Android will gain live transcription with speaker attribution, timestamps, and optional translation, requiring a Teams Rooms ...Plan for Change: Windows Autopatch is enabling hotpatch updates by defaultID: MC1248388 | Service: Microsoft Intune, Windows Autopatch | Tags: Admin impactStarting May 2026, Windows Autopatch will enable hotpatch security updates by default for eligible Intune devices, speeding up security without restar...RSAT capabilities arrive on Arm-based Windows 11 PCsID: MC1248343 | Service: Windows | Tags: Admin impactMicrosoft Purview: Credential Scanning in Data Security Posture AgentID: 558436 | Product: Microsoft Purview | Status: In developmentWe’re expanding the Data Security Posture Agent with a new credential scanning capability. Discover exposed credentials and data security risks across...Microsoft Entra passkeys on Windows now support phishing-resistant sign-inID: MC1247893 | Service: Microsoft Entra | Tags: New feature, User impact, Admin impactMicrosoft Entra passkeys on Windows enable phishing-resistant, passwordless sign-in using Windows Hello on Entra-protected resources, including unmana...Anthropic Claude Sonnet is now available in Microsoft 365 CopilotID: MC1247880 | Service: Microsoft Copilot (Microsoft 365) | Tags: New feature, User impact, Admin impactAnthropic Claude Sonnet is now available in Microsoft 365 Copilot for licensed users, except in EU/EFTA, UK, government, and sovereign clouds. It can ...Windows Autopatch is enabling hotpatch updates by defaultID: MC1247859 | Service: Windows | Tags: Admin impact(Updated) Microsoft 365 Copilot: Draft and send Outlook email directly in Copilot ChatID: MC1247637 | Service: Microsoft Copilot (Microsoft 365) | Tags: Updated message, New feature, User impact, Admin impactMicrosoft 365 Copilot Chat will enable drafting, editing, and sending Outlook emails directly within the chat starting late March 2026. This feature, ...Microsoft Agent 365 Generally Available May 1, 2026ID: MC1247634 | Service: Microsoft 365 suite | Tags: New feature, Admin impactMicrosoft Agent 365 will be generally available on May 1, 2026, following the Frontier early-access program. Frontier participants retain access and c...New Roadmap Items Microsoft Purview: Endpoint Data Loss Prevention - Add support of hyperlinks in warn & block toast messages for Edge browserID: 558688 | Product: Microsoft Purview | Status: In developmentWith this feature, data officers can now complete their coverage story by now embedding hyperlinks within toast messages for the Edge browser. When th...Microsoft Teams: Honor Windows Do not disturb settingID: 557974 | Product: Microsoft Teams | Status: In developmentMicrosoft Teams integrates with the Do not disturb setting in Windows to help reduce interruptions. Teams notifications are paused when Do not disturb...Microsoft Purview: Data Loss Prevention – Enrich Defender alerts Graph API with DLP event dataID: 558681 | Product: Microsoft Purview | Status: In developmentEnhance current API infrastructure to provide easy and simple way for customers to export data to integrate with SIEM tools, create automated workflow...Microsoft Teams: Video recap in TeamsID: 558540 | Product: Microsoft Teams, Microsoft Copilot (Microsoft 365) | Status: In developmentIntelligent meeting recap will now include video-based recaps. Video recap creates narrated video highlights from recorded meetings, featuring key tak...SharePoint: Plan and Create Pages with AIID: 558441 | Product: SharePoint | Status: In developmentThis feature allows you to edit new and existing pages with

Edward gets someone else to do his homework. Rod returns...or does he? Franks can’t decide if he wants to live in Florida or Virginia. We will also do a run down about all the security and AI. Words of Wisdom:Speak confidently as if you are right, but listen carefully as if you are wrong.Cool Tools and Links:* XDR Convertor TOP AI and Security Links to take a look-see:* All the admin portal and API endpoints: 🖥 Home | [cmd.ms]* Microsoft Community Hub - Monthly news - February 2026 | Microsoft Community HubWeekly Microsoft 365 Announced Changes:* Microsoft Teams: Multiple phone number assignment to a single userID: 557716 | Product: Microsoft Teams | Status: In developmentAdministrators will be able to assign multiple phone numbers (up to 10) to a single user. Users will be able to make and receive phone calls using any...Microsoft Teams: Flexible layout for meetings with resizable dividerID: MC1239934 | Service: Microsoft Teams | Tags: New feature, User impact, Admin impactMicrosoft Teams will introduce a resizable divider in meetings (April 2026) allowing users to adjust and swap the space between shared content and vid...Collaborate with Copilot in Outlook while drafting emailID: MC1239932 | Service: Microsoft Copilot (Microsoft 365) | Tags: New feature, User impact, Admin impactMicrosoft 365 Copilot will be integrated into Outlook’s compose window starting March 2026, enabling real-time collaboration for email drafting. Avail...Defender for Office 365 URL click alerts now include Microsoft TeamsID: MC1239187 | Service: Microsoft Defender XDR | Tags: New feature, User impact, Admin impactMicrosoft Defender for Office 365 URL click alerts will now include Microsoft Teams, enabling detection of malicious link clicks in Teams messages. Th...Microsoft 365 Copilot: Turn Copilot Pages into SharePoint News postsID: MC1239186 | Service: Microsoft 365 apps, Microsoft Copilot (Microsoft 365) | Tags: New feature, User impactMicrosoft 365 Copilot will enable users to transfer content from Copilot Pages directly into SharePoint News posts for seamless editing and publishing...Microsoft Purview | Data Lifecycle Management - Separate Retention policies for Copilots and AI AppsID: MC1238434 | Service: Microsoft Purview | Tags: New feature, User impact, Admin impactAdmins can now set separate retention policies for Copilot and AI app interactions in Microsoft Purview, allowing faster deletion if needed. This feat...Updates to filtered message viewing in Outlook for iOS and AndroidID: MC1238433 | Service: Microsoft 365 apps | Tags: Feature update, User impact, Admin impactOutlook for iOS and Android will add an option to search all filtered messages when more exist beyond locally synced items, improving clarity without ...Windows first sign-in restore experience now availableID: MC1238409 | Service: Windows | Tags: Admin impactNew Roadmap Items Microsoft Purview: Data Loss Prevention- Security Store now available within Purview DLP to browse, purchase, and enable partner integrationsID: 557977 | Product: Microsoft Purview | Status: In developmentSecurity Store is now integrated into the Microsoft Purview DLP experience, giving admins an in-product way to discover, purchase, and enable a curate...Microsoft Purview: Data Loss Prevention- New policy configuration options available for inline network and Edge for Business policiesID: 557976 | Product: Microsoft Purview | Status: In developmentAdmins can now scope Purview collection policies for unmanaged cloud apps based on the presence of sensitivity labels, enabling more precise discovery...Microsoft Copilot (Microsoft 365): Share agents to TeamsID: 557947 | Product: Microsoft Copilot (Microsoft 365) | Status: In developmentWith this feature, users will be able to share their agent with a Microsoft Teams team. Users can search for and find teams in the agent sharing dialo...Microsoft Teams: Multiple phone number assignment to a single userID: 557716 | Product: Microsoft Teams | Status: In developmentAdministrators will be able to assign multiple phone numbers (up to 10) to a single user. Users will be able to make and receive phone calls using any...Microsoft Copilot (Microsoft 365): Create Videos in the Clipchamp Start PageID: 553215 | Product: Microsoft Clipchamp, Microsoft Copilot (Microsoft 365) | Status: In developmentUsers can use Copilot to create videos directly from the Clipchamp Start page. Turn a simple prompt or existing document into a polished video in minutesUpdated Roadmap Items Microsoft Teams: New SlimCore-based optimization for Microsoft Teams in VDI - support for Windows endpoints on Omnissa environmentsID: 518286 | Product: Microsoft Teams | Status: Rolling outThis feature allows Windows endpoints to optimize Microsoft Teams in VDI environments with the new SlimCore-based media engine, providing an expanded ...Outlook: New search folder typesID: 549286 | Product: Outlook | Status: LaunchedSearch Folders are being moved to the Settings experience in the

In this episode we discuss why Edward continues to go down AI generated rabbit holes instead completing the homework assignment given to him by FrankWe talk about changes in how Sentinel data lake ingest XDR logs, AI rabbit holes and lots of other random security items. Words of Wisdom:The biggest lie we tell ourselves is, “I don’t need to write this down because I will remember it”.Cool Tools and Links:* https://cmd.ms/ - the Microsoft Cloud command line!TOP AI and Security Links to take a look-see:* Open AI ready made prompts: https://academy.openai.com/public/tags/prompt-packs-6849a0f98c613939acef841c* All the admin portal and API endpoints: 🖥 Home | [cmd.ms]* * Microsoft Community Hub - Monthly news - February 2026 | Microsoft Community HubWeekly Microsoft 365 Announced Changes:* Microsoft Purview: Data Lifecycle Management- Azure PST ImportID: 557559 | Product: Microsoft Purview | Status: In developmentAzure PST Import is a migration method that enables PST files stored in Azure Blob Storage to be imported directly into Exchange Online mailboxes. It ...Microsoft 365 Copilot: xAI Grok 4.1 Fast now available in Copilot Studio for US customers (admin opt-in required)ID: MC1235017 | Service: Microsoft Copilot (Microsoft 365) | Tags: New feature, User impact, Admin impactStarting February 19, 2026, xAI Grok 4.1 Fast, a text-only large language model, will be available in Microsoft Copilot Studio for U.S. customers by a...Simplified Teams app bar to create a cleaner and more focused experienceID: MC1234559 | Service: Microsoft Teams | Tags: New feature, User impactMicrosoft Teams is simplifying the app bar to reduce clutter and improve focus, rolling out from mid-March to early April 2026. The app bar will show ...Microsoft Teams: Enable customers to book appointments from a live chat widget on your websiteID: 557172 | Product: Microsoft Teams | Status: In developmentThe Microsoft Teams live chat widget lets customers engage in one to one conversations with your business directly from your website, and now also ena...Coming soon to organizations: Customize the Start menu with updated policies* Microsoft Copilot (Microsoft 365): Explain slide selection during PowerPoint LiveID: 557256 | Product: PowerPoint, Microsoft Copilot (Microsoft 365) | Status: In developmentThis feature enhances the PowerPoint Live meeting experience by using Copilot to let attendees select slide text and get explanations for the content.Microsoft Viva: Copilot Analytics: Copilot adoption PBI version update including Power user insights.ID: 557674 | Product: Microsoft Viva, Microsoft Copilot (Microsoft 365) | Status: In developmentThe updated Copilot adoption Power BI report will come with a streamlined UX and new Power user insights.Outlook: Share Word, Excel, and PowerPoint local files via the new Outlook for WindowsID: 557675 | Product: Outlook | Status: In developmentWhen working in an open Word, Excel, or PowerPoint file, users will now be able to send a copy of the locally stored file by email through the new Out...OneDrive: Set a custom name for the OneDrive sync folderID: 557562 | Product: OneDrive | Status: In developmentIT admins can now customize the local OneDrive sync root folder name on users’ Windows computers. By default, the folder is named “OneDrive - {organiz...SharePoint: New SharePoint ExperienceID: 547732 | Product: SharePoint | Status: In developmentWe are introducing a reimagined SharePoint experience designed to be simple and intuitive, centered on the core jobs of discovering knowledge, publish...Outlook: Prepare for meetings with Copilot in classic Outlook for WindowsID: 542186 | Product: Outlook | Status: In developmentWith so many of us in back-to-back meetings, it can be a real struggle to stay on top of pre-reads, action items, and even what each meeting is about....Microsoft Teams: Attend Microsoft webinars from Teams Rooms on AndroidID: 547824 | Product: Microsoft Teams | Status: In developmentYou can join a Microsoft webinar from a Teams Room on Android and interact seamlessly during the event. Available for Teams Rooms Pro.Microsoft Teams: Streamlined Microsoft 365 Certified App Management in Teams Admin CenterID: 485712 | Product: Microsoft Teams | Status: In developmentThis feature allows Microsoft 365 administrators to enable Microsoft 365 certified SaaS applications within their tenant through org-wide settings for...Microsoft Teams: Branded Meeting ReactionsID: 541830 | Product: Microsoft Teams | Status: In developmentWith new branded reactions, organizations can now extend their visual identity directly into meetings. IT admins simply upload custom reaction icons r...Microsoft 365 app: Microsoft Loop - Admin usage reports for LoopID: 421611 | Product: Microsoft 365 app | Status: In developmentView and monitor Loop usage in the tenant through existing M365 admin usage dashboards.Microsoft 365 Copilot: Ground Chat in SharePoint Lists using Context IQID: MC1235746 | Service: Microsoft Copilot (Mic

In this episode we have the good folks from the security company - LockBase Cyber. Leonard Volling and Charlie Smith will come on and talk about their new Microsoft Sentinel pricing tool.Also Ed talks about how this work travel kept him from doing his homework and messed up the last show, Frank is still trying to decide if he would rather teach security or AI and Rod has finished his No Pop-Tarts January. Oh, we also talked about AI security, Sentinel data lake, AI chips from Google and how we will pivot the show in 2026 to have a deep focus on all things that help secure AI, blah, blah, blah.Words of Wisdom:The biggest lie we tell ourselves is, “I don’t need to write this down because I will remember it”.Cool Tools and Links:* https://cmd.ms/ - the Microsoft Cloud command line!TOP AI and Security Links to take a look-see:* Link to New Microsoft Security and AI Architect Certification - Survey | Qualtrics Survey Software* LockBase Cyber: - Sentinel Log Planner by LockBase - Plan Your Microsoft Sentinel Data Strategy* Open AI ready made prompts: https://academy.openai.com/public/tags/prompt-packs-6849a0f98c613939acef841c* All the admin portal and API endpoints: 🖥 Home | [cmd.ms]* Sentinel and XDR portal: UPDATE: New timeline for transitioning Sentinel experience to Defender portal | Microsoft Community Hub* Microsoft Community Hub - Monthly news - February 2026 | Microsoft Community HubWeekly Microsoft 365 Announced Changes:* (Updated) Upcoming Conditional Access change: Improved enforcement for policies with resource exclusionsID: MC1223829 | Service: Microsoft Entra | Tags: Updated message, Feature update, User impact, Admin impactStarting March 27, 2026, Conditional Access policies targeting All resources will be enforced even if they have resource exclusions, affecting sign-in...* Microsoft 365 Copilot: User-day export for Copilot dashboard metrics in public previewID: MC1222978 | Service: Microsoft Copilot (Microsoft 365) | Tags: Feature update, User impact, Admin impactMicrosoft 365 Copilot dashboard adds a public preview of a new user-day export option, allowing company-level users to download de-identified daily us...* Microsoft Defender for Android: End of support for Android 10 devicesID: MC1222977 | Service: Microsoft Defender XDR | Tags: User impact, Admin impact, RetirementMicrosoft Defender for Android will end support for Android 10 devices on March 31, 2026. After this date, these devices will no longer receive update...Microsoft General:* Latest progress update on Microsoft’s Secure Future Initiative | Microsoft Security Blog* ​​Whisper Leak: A novel side-channel attack on remote language models | Microsoft Security Blog* New IDC research highlights a major cloud security shift | Microsoft Security BlogAI Security:* Public Preview: Entra ID support for RDP connections in portal* DNS flow trace logs in Azure Firewall are now generally available* General Availability of JavaScript Challenge in Azure Front Door WAF* Using Packet Capture for troubleshooting Azure Firewall flows* Public Preview: Custom WAF Block Status & Body for Azure Application GatewayAzure Security & Defender for Cloud News:* Microsoft Defender for Cloud Innovations at Ignite 2025* Announcing Microsoft cloud security benchmark v2 (public preview)* Fast-Start Checklist for Microsoft Defender CSPM: From Enablement to Best Practices* Unlocking Business Value: Microsoft’s Dual Approach to AI for Security and Security for AI* Check This Out! (CTO!) Guide (October 2025)* Update Coverage Workbook in Microsoft Defender for Cloud to Include Defender for AI Plan statusPurview - Compliance & Governance:* Consolidate & Conquer: Driving Business Transformation with Integrated Security (Part 1 of 2) | Microsoft Community HubMicrosoft Entra:* Microsoft named a Leader in the Gartner® Magic Quadrant™ for Access Management for the ninth consecutive year | Microsoft Security BlogICYMI: Watch replays of Microsoft Entra sessions at Microsoft Ignite 2025 | Microsoft Community HubCopilot for Security:* Agents built into your workflow: Get Security Copilot with Microsoft 365 E5 | Microsoft Security BlogSentinel:* The Microsoft Copilot Data Connector for Microsoft Sentinel is Now in Public Preview | Microsoft Community Hub* Turn Complexity into Clarity: Introducing the New UEBA Behaviors Layer in Microsoft Sentinel | Microsoft Community Hub* Strategies for Threat Awareness and Response - Not product focused. Threat Actor focused and actional-able guidance.* Sentinel & Defender XDR Ninja Training - Product focused. What’s new, deep dives, best practices ...etc.Defender XDR:* Monthly news - November 2025* Strengthening calendar security through enhanced remediation* Microsoft Ignite 2025: Transforming Phishing Response with Agentic Innovation* Microsoft Defender for Office 365: Fine-Tuning* You may be right after all! Disputing Submission Responses in Microsoft Defender for Office 365* Ensure your ICES solution works seamlessly alongside Microsoft Def

In this episode, Ed talks about this travel adventures, Frank confesses that he is addicted to life on a cruise ship and Rod was out because of Pop Tart overdose. Oh, we also talked about AI security, Sentinel datalake, AI chips from Google and how we will pivot the show in 2026 to have a deep focus on all things that help secure AI, blah, blah, blah.Words of Wisdom:The best way to get a correct answer on the internet is to post an obviously wrong answer and wait for someone to correct you.Show Links:Learning:Secure your data for AI with Microsoft PurviewTuesday, January 27, 2026, 1:00 – 2:00 PM ET (GMT-05:00)Register nowStrengthen Your Security Posture with Advanced Identity SolutionsWednesday, January 28, 2026, 2:00 – 3:00 PM ET (GMT-05:00)Register nowDive into a simulation of Microsoft 365 Defender and Microsoft SentinelWednesday, February 04, 2026, 11:00 AM – 6:00 PM (GMT-05:00)Register nowGeneral:* Microsoft Ignite: ​​Ambient and autonomous security for the agentic era​​ | Microsoft Security Blog* SesameOp: Novel backdoor uses OpenAI Assistants API for command and control | Microsoft Security Blog* How to build forward-thinking cybersecurity teams for tomorrow | Microsoft Security BlogAI Security:* ​​Learn what generative AI can do for your security operations center | Microsoft Security Blog* Microsoft Entra: What’s New in Secure Access on the AI Frontier* Riding the AI Wave: How Microsoft Entra is Evolving for the Agentic Era* Defender for AI services: Threat Protection and AI red team workshopAzure Security & Defender for Cloud News:* Microsoft Defender for Cloud Innovations at Ignite 2025* Announcing Microsoft cloud security benchmark v2 (public preview)* Fast-Start Checklist for Microsoft Defender CSPM: From Enablement to Best Practices* Unlocking Business Value: Microsoft’s Dual Approach to AI for Security and Security for AI* Unlocking Business Value: Microsoft’s Dual Approach to AI for Security and Security for AIFast-Start Checklist for Microsoft Defender CSPM: From Enablement to Best PracticesAnnouncing Microsoft cloud security benchmark v2 (public preview)Microsoft Defender for Cloud Innovations at Ignite 2025Defender for AI services: Threat protection and AI red team workshopPurview - Compliance & Governance:* Consolidate & Conquer: Driving Business Transformation with Integrated Security (Part 1 of 2) | Microsoft Community HubDevice Management & Protection (Intune):* What’s new in Microsoft Intune at IgniteMicrosoft Entra:* Enhance protection of Microsoft Entra ID authentication by blocking external script injection* Building defense in depth: Simplifying identity security with new partner integrations* Driving cloud-first identity: User SOA is now Public Preview and Group SOA is Generally Available* Platform SSO for macOSThreat Intelligence:* What’s New at Ignite: Powerful Enhancements in Unified Threat IntelligenceCopilot for Security:* Agents built into your workflow: Get Security Copilot with Microsoft 365 E5 | Microsoft Security BlogDefender XDR & Sentinel:* Ignite 2025: What’s new in Microsoft Defender?* New Compliance Solutions in Microsoft Sentinel: HIPAA & GDPR Reports | Microsoft Community Hub* Ignite 2025: New Microsoft Sentinel Connectors Announcement* Detect more, spend less: the future of threat intelligence correlation* Operationalizing the Sentinel data lake: A Practitioner’s Guide* Automating IOC hunts in Microsoft Sentinel data lake* What’s New in Microsoft Sentinel: November 2025* Security Copilot for SOC: bringing agentic AI to every defender* Enhancing visibility into your identity fabric with Microsoft Defender* Detect more, spend less: the future of threat intelligence correlationWatch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join our hosts December 18th, 2025, as they dive into the electrifying world of Microsoft Security’s latest breakthroughs. This episode unpacks real-world triumphs in thwarting sophisticated AI-driven phishing swarms, and debates the hottest zero-day exploits shaking the headlines. Packed with insider tips this is your must-listen guide to staying light-years ahead in the cyber arms race.This episode, we welcome back Alistair Pugin to talk Agent security.Show Notes/Links* Alistair Pugin on LinkedIn: https://www.linkedin.com/in/alistairpugin/* Learn about Data Security Posture Management for AI: https://learn.microsoft.com/en-us/purview/dspm-for-aiList of AI sites supported by * Microsoft Purview Data Security Posture Management (DSPM) and DSPM for AI: https://learn.microsoft.com/en-us/purview/ai-microsoft-purview-supported-sites* Permissions for Data Security Posture Management for AI: https://learn.microsoft.com/en-us/purview/ai-microsoft-purview-permissions* MITRE ATLAS: https://atlas.mitre.org/ This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

After a pre-Ignite cliffhanger, we welcome back the illustrious James Key. This episode, James is back to fill us in on the Ignite announcements around Security Copilot that he couldn’t talk about last time.Show Notes/Links* Learn about Security Copilot inclusion in Microsoft 365 E5 subscription https://learn.microsoft.com/en-us/copilot/security/security-copilot-inclusion* Microsoft 365 adds advanced Microsoft Intune solutions at scale https://techcommunity.microsoft.com/blog/microsoftintuneblog/microsoft-365-adds-advanced-microsoft-intune-solutions-at-scale/4474272* What is Microsoft Entra Agent ID? https://learn.microsoft.com/en-us/entra/agent-id/identity-professional/microsoft-entra-agent-identities-for-ai-agents* The Microsoft Security Store: https://SecurityStore.Microsoft.com This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

As the Thanksgiving turkey roasts and the family gathers, cybercriminals are lurking in the digital shadows, ready to crash your holiday feast. In Episode 280 of THE Security Insights Show, hosts serve up a timely platter of cybersecurity wisdom to keep your “gravy secrets”—those juicy credentials, financial data, and personal info—safe from opportunistic hackers.Dive into the rising tide of “Turkey-Day Trojans”: sneaky malware disguised as festive deals, phishing emails from “Aunt Edna” demanding urgent wire transfers, and smart home devices turned into spy cams by unsecured Wi-Fi. We’ll unpack real-world holiday hacks, from ransomware gobbling up your shopping carts to social engineering tricks exploiting family chit-chat. Plus, get actionable Microsoft Security tips—like leveraging Defender for endpoint protection, Entra ID for secure guest access during virtual toasts, and Copilot-powered threat hunting to spot the bad stuffing before it sours the meal.Whether you’re a CISO stress-testing your perimeter or just a home user dodging Black Friday bait, this episode arms you with the tools to feast worry-free. Tune in now on YouTube, Apple Podcasts, Spotify, or your favorite platform—because nothing ruins a holiday like a data breach on dessert. Don’t forget to subscribe for more bites of security insight!This episode of “THE Security Insights Show” covers a range of topics, starting with personal updates and discussions about cybersecurity certifications. The hosts delve into the role of Artificial Intelligence (AI) in cybersecurity, specifically debating the necessity of learning KQL (Kusto Query Language) from scratch given the advent of natural language to KQL models (16:01). They discuss the importance of understanding underlying data and language nuances even with AI assistance (18:56).The conversation then pivots to key announcements from Microsoft Ignite, including:* Work IQ: An intelligent layer that enhances productivity by connecting organizational and personal data, enabling AI-driven insights and recommendations within Microsoft 365 applications (31:31).* Proactive Attack Disruption and Predictive Shielding: Microsoft’s new capabilities to anticipate attacker moves during ongoing attacks, dynamically hardening targets in real-time (35:59).* Expanded Automatic Attack Disruption: This feature extends to work across third-party services like AWS, Okta, and Proofpoint, allowing Microsoft Defender to take decisive actions on external systems even if the threat originates from a non-Microsoft system (39:06).* Rebranding of Defender XDR to Borg XDR: Indicating a consolidation of more Defender for Cloud functionality and assimilation of Sentinel into the unified Defender portal (42:00).* Native Sysmon in Windows 11: A significant announcement for security professionals (42:35). This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

In this electrifying episode, we sit down with James Key, Principal Product Manager for Microsoft Security Copilot, to unpack the groundbreaking advancements shaping the future of AI-driven security. With over nine years of expertise in cloud architecture, technical training, and product innovation, James is at the forefront of empowering security teams worldwide through intelligent, partner-led solutions.As cyber threats evolve at breakneck speed, Microsoft Security Copilot is supercharging defenses with its latest fall updates. James breaks down the integration with the new Sentinel data lake and graph, enabling seamless data querying and real-time threat hunting like never before. We’ll explore the debut of ready-made and custom agents that automate complex workflows, from incident response to vulnerability management, freeing up pros to focus on strategy.But it’s not just tech—James shares how the newly launched Microsoft Security Store is uniting partners in a bold ecosystem for innovation, fostering collaborative AI tools tailored to enterprise needs.Links/Notes* Microsoft Security Store: https://securitystore.microsoft.com/agents* Agent YAML Builder: https://github.com/rod-trent/JunkDrawer/tree/main/AgentBuilder* Microsoft Ignite Security Copilot sessions: https://ignite.microsoft.com/en-US/sessions?filter=&search=Security+Copilot&sortBy=relevance* glueckkanja AG: https://www.linkedin.com/company/glueckkanja/* adaQuest: https://www.linkedin.com/company/adaquest-inc/ This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Picture this: It’s the witching hour of cybersecurity, where jack-o’-lanterns glow with malevolent code and candy corn conceals keyloggers. In this spine-tingling episode of The Security Insights Show, we dive headfirst into the ghoulish guts of seasonal phishing scams – those crafty creeps who lure you in with “Free Zombie Apocalypse Prep Kits” emails, only to carve up your credentials like a deranged pie maker at a harvest festival. Join our hosts as they unmask the tricks-or-treats of spear-phishing spooks, ransomware pumpkins that explode in your inbox, and why your two-factor auth is the garlic necklace against digital Dracula. We’ll roast real-world horror stories – like the exec who traded his soul (and SSO login) for a “haunted house discount” – and arm you with tricks to keep your data from doing the monster mash. This episode of “THE Security Insights Show” discusses the risks and security challenges associated with artificial intelligence (AI), particularly concerning phishing scams during the Halloween season (0:21). The hosts, Rodney and Franklin, touch on various aspects of AI, its adoption, and the evolving landscape of cybersecurity.Key discussion points include:* The hosts’ return and show changes: Rodney and Franklin discuss their return to the show after a summer break, moving to a bi-weekly Thursday schedule to allow more time for content creation and guest planning (1:02-6:54).* October as Cybersecurity Awareness Month: They emphasize the importance of cybersecurity awareness, noting a lack of guest speakers this year compared to previous years (4:17-4:33).* Artificial Intelligence (AI) and its security implications: A significant portion of the discussion revolves around AI, specifically the challenges of securing and governing it (7:47). They highlight the increasing use of AI in creating sophisticated phishing campaigns and the alarming potential for “non-human entities” or “agentic offerings” to be compromised or act as “double agents” in an environment (10:10-10:57).* Understanding AI architecture and threats: Franklin argues that securing AI is fundamentally about securing compute, identity, data, and networks, with the Large Language Model (LLM) being a new threat (11:31-12:29). They discuss the role of the MCP (Microsoft Collaboration Protocol) server in providing context between chatbots and data sources, acknowledging that generative AI can sometimes provide inaccurate responses (13:03-15:41).* Challenges in AI security and training: The hosts express concern about the lack of fundamental understanding of AI among security professionals and the trend of training courses merely adding “with AI” to existing content without real value (28:41-31:21). They also discuss the emergence of highly specialized roles in AI security, like the “Chief Artificial Intelligence Risk Officer (CAIRO),” and the potential for a “corporate fear of missing out” driving quick, potentially insecure, AI adoption (36:06-38:29).* The CISO’s role and application expectations: Franklin suggests that CISOs have the necessary tools for AI security, viewing it as another application to secure, while Rodney believes many are unprepared due to rapid adoption and an “outnumbered” feeling in defense (37:42-43:52). This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

After the first-ever summer break, the crew is back! New crew. New format. Listen or watch to hear about what’s coming.We also welcome Alistair Pugin. Microsoft MVP for M365 + Security, Blogger, Podcaster and Speaker.Key Highlights* Return of the Show (1:38): The hosts are back after a three-month summer break, during which they experienced new jobs, roles, and duties. They thank their listeners and confirm the original cast of Edward Walton, Rod Trent, and Franklin Grimberg are back, though Brody is still on hiatus.* Focus on AI and Security (0:52, 1:02): Frank highlights the current “crazy” world of AI, particularly Microsoft’s efforts to secure and manage it. He expresses concern that many people are unaware of the tools available to them.* Guest Introduction - Alistair Pugan (5:57): Alistair Pugan, from Cape Town, South Africa, is introduced as an expert in compliance and information protection, having worked with Microsoft on shaping exams like SC400 and even co-designing a board game about deception.* Challenges with AI Adoption (7:58): Alistair discusses the “wild wild west” of AI adoption, where organizations are indiscriminately handing out AI, and users are not following guidelines. He notes the parallel to the Google search appliance debacle of 2008, where people are finding content they shouldn’t.* Microsoft’s AI Strategy and Data Training (20:08): The discussion touches on Microsoft’s stance that they do not train their AI models on customer data, emphasizing the importance of data classification for protection.* Copilot as Superized Search (24:15): Alistair explains that Copilot functions as a “superized search” within the Microsoft 365 tenant, using semantic indexing and security trimming to ensure users only access data they have permissions for.* Data Security Posture Management (DSPM) for AI (28:45): The hosts delve into DSPM for AI, a tool within Microsoft Purview (E3 or E5 licenses) that helps organizations monitor their AI usage. Key aspects include:* Components of Data Security (29:51): Frank and Alistair discuss how Microsoft defines data security, including information protection (sensitivity labels), data loss prevention (DLP), and insider risk management.* Monitoring AI Usage (31:25): DSPM allows organizations to monitor what users are doing with AI, including AI usage reports and integration with Defender for Cloud Apps.* Prompt Monitoring (32:28): It can monitor user prompts, especially for sensitive information requests (e.g., “give me the payroll for everyone”), using sensitive information types or trainable classifiers.* Shadow AI Detection (33:21): DSPM helps detect “shadow AI” by monitoring when users visit or upload sensitive information to third-party AI sites like Chat GPT, Gemini, or Perplexity.* Policy Automation (34:31): The tool can automatically spin up policies to detect sensitive information in AI prompts, visits to AI sites, and sensitive data uploads to AI sites.* Agent Sprawl and Non-Human Identities (15:50, 17:10): A significant concern raised is that anyone with a Microsoft 365 Copilot license can build an agent in Copilot Studio, which registers an application in Entra (Azure Active Directory) and creates “non-human identities.” This can lead to “agent sprawl” and uncontrolled API permissions if not properly managed by identity admins.* Mitigating Agent Sprawl (40:03): The solution involves having an application security posture management strategy and robust application onboarding and offboarding policies, as agents are essentially applications that require permissions to interact with data.* Copilot Studio Licensing (39:02): There are different licensing models for Copilot Studio: a free tenant license for building agents (for users without an M365 Copilot license) and a premium capacity license for deploying agents to users without a Copilot license. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Hello podcast listeners and supporters. Today we announced that we will start our late summer | early fall show slow down. After five years of producing the show, we are taking the months of August and September off to recharge, do some back-office updates and re-invent.We look forward to having fresh energy and lots of dad jokes upon our return. Keep an eye on the discord channel and website for tips and tidbits until we return.thanksBrodie, Edward, Frank, RodWatch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

In this episode we talk to Ali about the opportunity for customers to solve big problems and challenges using Purview. We also delve into what it means to have ownership of the scope of a Purview deployment.Show notes:Teams ChannelsPublic Webinars & TrainingWelcome GuideDigital Badge ProgramJoin the CommunityFeedback OpportunitiesCommunity CallsRecognition & BadgesDiscussion GroupsUpcoming Public WebinarsSecurity YouTube ChannelPublic ForumsNinja Training & CertificationNinja ShowWatch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

In this episode, one of the leading Microsoft security partners - Cyclotron - https://cyclotron.com/ - discusses common and “uncommon” mistakes customers encounter while deploying Microsoft Purview.Show notes:Teams ChannelsPublic Webinars & TrainingWelcome GuideDigital Badge ProgramJoin the CommunityFeedback OpportunitiesCommunity CallsRecognition & BadgesDiscussion GroupsUpcoming Public WebinarsSecurity YouTube ChannelPublic ForumsNinja Training & CertificationNinja ShowNeed Assistance? Email our TeamMicrosoft respects your privacy. Review our online Privacy Statement. ​Microsoft Corporation | One Microsoft Way | Redmond, WA, USA 98052 ​At any point you may opt-out of the program by filling out this form.Watch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join us this episode as we talk about the Customer Community Program @ Microsoft.Watch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join us this episode as we invite some of our awesome Microsoft Security MVPs to discuss their experiences with the MVP program.Show Notes/Links* Defender Experts upcoming webinar: Defender Experts: S.T.A.R. Forum - Strategies for Threat Awareness and Response, Episode 3. ClickFix: The Threat You Can’t Afford to Ignore. Are You Ready to Respond? Join Microsoft Defender Experts for an unfiltered breakdown of the ClickFix attack, and learn how to defend against it before it disrupts your operations. * Register Here: https://msit.events.teams.microsoft.com/event/4cee88e5-0a8a-4f02-9e4a-453bdda2e38d@72f988bf-86f1-41af-91ab-2d7cd011db47/registrationWhat to Expect:* No-Nonsense Tactics: Dive into actionable strategies for detecting, investigating, and mitigating ClickFix straight from the frontlines.* KQL Demystified: Get hands-on with KQL to enhance your threat detection, automate responses, and build custom playbooks.* Real Expertise: Hear from the professionals actively hunting and blocking threats like ClickFix in real-time.* Advanced Defense: Sharpen your response to ransomware, phishing, and social engineering with field-tested techniques.If you're serious about your defense posture, this isn’t just another webinar. This is essential knowledge to keep you ahead of the curve and out of harm’s way. Check out content from our previous episode(s): https://aka.ms/DefenderExpertsWebinarSeries* Secure Score over time with Power BI - Secure Score Over Time Power BI Dashboard | Microsoft Community Hub* Analyze Conditional Access Policy impact - The policy impact view for individual Microsoft Entra Conditional Access policies enables admins to evaluate the effects of enabled and report-only Conditional Access policies in their organization, without using Log Analytics. This feature surfaces a graph for each policy in the Microsoft Entra admin center, showing the policy’s impact on the tenant’s past sign-ins.* Microsoft Entra External ID: Sign in with Apple - Configure Apple as an external identity provider (IdP) to add Apple as a social provider for your user flows. Users can sign up and sign in to associated applications using their Apple ID accounts through the Sign in with Apple option.* Hands-on learning resource for Defender for AI Services hosted here:https://github.com/Azure/Microsoft-Defender-for-Cloud/blob/main/Labs/Modules/Module%2024%20-%20AI%20Workloads.md* Microsoft is now hosting xAI’s Grok 3 modelsI reported in my Notepad newsletter earlier this month that Microsoft was getting ready to host Elon Musk’s Grok AI models, and now it’s official. At Microsoft’s Build developer conference today, the company confirmed it’s expanding its Azure AI Foundry models list to include Grok 3 and Grok 3…* Microsoft introduces GitHub AI agent that can code for youMicrosoft’s GitHub unit on Monday introduced a Copilot artificial intelligence agent that can take on specific programming work and inform people once it has finished. From there, developers can check the agent’s work from GitHub, a widely used repository for code.Watch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join us as we welcome Adam Brewer. Adam is a seasoned professional with a distinguished career at Microsoft and in enterprise IT. He currently serves as an Security Sales Specialist at Microsoft, focusing on the West and Midwest region. In this role, Adam is responsible for driving security initiatives and ensuring the successful implementation of Microsoft's security solutions with enterprise clients. His work involves close collaboration with various teams across Microsoft and his clients to address their security needs and challenges.Show Notes/Links* Defender Experts upcoming webinar: Defender Experts: S.T.A.R. Forum - Strategies for Threat Awareness and Response, Episode 3. ClickFix: The Threat You Can’t Afford to Ignore. Are You Ready to Respond? Join Microsoft Defender Experts for an unfiltered breakdown of the ClickFix attack, and learn how to defend against it before it disrupts your operations. * Register Here: https://msit.events.teams.microsoft.com/event/4cee88e5-0a8a-4f02-9e4a-453bdda2e38d@72f988bf-86f1-41af-91ab-2d7cd011db47/registrationWhat to Expect:* No-Nonsense Tactics: Dive into actionable strategies for detecting, investigating, and mitigating ClickFix straight from the frontlines.* KQL Demystified: Get hands-on with KQL to enhance your threat detection, automate responses, and build custom playbooks.* Real Expertise: Hear from the professionals actively hunting and blocking threats like ClickFix in real-time.* Advanced Defense: Sharpen your response to ransomware, phishing, and social engineering with field-tested techniques.If you're serious about your defense posture, this isn’t just another webinar. This is essential knowledge to keep you ahead of the curve and out of harm’s way. Check out content from our previous episode(s): https://aka.ms/DefenderExpertsWebinarSeries* Secure Score over time with Power BI - Secure Score Over Time Power BI Dashboard | Microsoft Community Hub* Analyze Conditional Access Policy impact - The policy impact view for individual Microsoft Entra Conditional Access policies enables admins to evaluate the effects of enabled and report-only Conditional Access policies in their organization, without using Log Analytics. This feature surfaces a graph for each policy in the Microsoft Entra admin center, showing the policy’s impact on the tenant’s past sign-ins.* Microsoft Entra External ID: Sign in with Apple - Configure Apple as an external identity provider (IdP) to add Apple as a social provider for your user flows. Users can sign up and sign in to associated applications using their Apple ID accounts through the Sign in with Apple option.* Hands-on learning resource for Defender for AI Services hosted here:https://github.com/Azure/Microsoft-Defender-for-Cloud/blob/main/Labs/Modules/Module%2024%20-%20AI%20Workloads.md* Microsoft is now hosting xAI’s Grok 3 modelsI reported in my Notepad newsletter earlier this month that Microsoft was getting ready to host Elon Musk’s Grok AI models, and now it’s official. At Microsoft’s Build developer conference today, the company confirmed it’s expanding its Azure AI Foundry models list to include Grok 3 and Grok 3…* Microsoft introduces GitHub AI agent that can code for youMicrosoft’s GitHub unit on Monday introduced a Copilot artificial intelligence agent that can take on specific programming work and inform people once it has finished. From there, developers can check the agent’s work from GitHub, a widely used repository for code.Watch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join us as we welcome Micah Heaton from BlueVoyant and Michael Brown from Microsoft as we discuss a whole stack of things, including DEX, Security Copilot agents, and SIEM and XDR.Show Notes/Links* The MISA Awards - Full show: https://securitypartners.transform.microsoft.com/misa-excellence-awards-2025* BlueVoyant XDR Threat Gap Analysis: https://appsource.microsoft.com/en-cy/product/power-bi/bluevoyant1583844909747.securitydiagnosticapp?exp=kyyw&tab=Overview* Threat Actor Naming: https://www.microsoft.com/en-us/security/blog/2025/06/02/announcing-a-new-strategic-collaboration-to-bring-clarity-to-threat-actor-naming/* KQL Query for Actor Names: https://learn.microsoft.com/en-us/unified-secops-platform/microsoft-threat-actor-naming#resources* Github of Jaime: https://github.com/jguimera * Microsoft BlueHat: https://www.microsoft.com/bluehat/* Secure Score over time with Power BI - Secure Score Over Time Power BI Dashboard | Microsoft Community Hub* Analyze Conditional Access Policy impact - The policy impact view for individual Microsoft Entra Conditional Access policies enables admins to evaluate the effects of enabled and report-only Conditional Access policies in their organization, without using Log Analytics. This feature surfaces a graph for each policy in the Microsoft Entra admin center, showing the policy’s impact on the tenant’s past sign-ins.* Microsoft Entra External ID: Sign in with Apple - Configure Apple as an external identity provider (IdP) to add Apple as a social provider for your user flows. Users can sign up and sign in to associated applications using their Apple ID accounts through the Sign in with Apple option.Watch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Stop by the show as we welcome back Performanta. During the last Performanta appearance we were wowed by their Security Copilot automation. Join us to hear how the Microsoft partner is taking Security Copilot Agents to the next level.* Performanta: https://www.performanta.com/* Microsoft Security Copilot Agent videos: https://adoption.microsoft.com/security-copilot/video-hub/* MDEAutomator: https://github.com/msdirtbag/MDEAutomatorGeneralSecuring generative AI models on Azure AI FoundryMicrosoft's Zero Trust approachThreat Intelligence & ESAMAzure Security & Defender for Cloud NewsSentinel NewsMicrosoft Sentinel Project Deployment TrackerIngesting Akamai Audit Logs into Microsoft Sentinel using Azure Function AppsDefender for IoTSensor Disconnection Notifications with Microsoft Defender for IoT and Microsoft SentinelWhat's new in Microsoft Defender for IoT?Microsoft 365 Security (All Up News)Security Update Release Summary March 2025Microsoft EntraHelp Desk & Account Recovery - Face Check with Microsoft Entra Verified ID Remote Onboarding - Face Check with Microsoft Entra Verified ID Secure Access to Resources - Face Check with Microsoft Entra Verified ID Device Management & Protection (Intune)Fortify your security posture with Microsoft Intune and WindowsStay ahead of evolving threats with the latest AI in IntuneExpand endpoint visibility across device platformsMicrosoft Intune provides key advantages for macOS managementWhat's New in Azure Firewall - March 2025 Configure Entra Private Access and Quick Access in Microsoft Entra Global Secure AccessWhat's new in Microsoft IntuneM365 Defender (Defender for Office, Defender for Endpoint, Defender for Identity, Defender for Cloud Apps)Resolving high CPU utilization in Microsoft Defender AntivirusMastering endpoint security settings issues with Defender for Endpoint Client AnalyzerMastering onboarding issues with Defender for Endpoint Client AnalyzerMicrosoft Defender for Endpoint Client Analyzer overviewWhat's new in Microsoft Defender XDRWhat's new in Microsoft Defender for EndpointWhat's new in Microsoft Defender for Office 365What's new in Microsoft Defender for IdentityWhat's new in Microsoft Defender for Cloud AppsDefender Experts for XDRCopilot for SecurityAnnouncing Alert Triage Agents in Microsoft Purview, powered by Security CopilotWhat's new in Microsoft Security Copilot?Incident ResponsePurview - Compliance & GovernanceMitigating insider risks in the age of AI with Microsoft Purview Insider Risk ManagementLearningMicrosoft Defender for Cloud Apps - Ninja TrainingWatch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Welcome to Partner month on the MSI Show. This episode we talk with Tanium to hear about the company’s latest developments for Microsoft Security Copilot and a new Agent that helps automate security operations.Show Notes/Links* Tanium: https://www.tanium.com/* Microsoft Partner Spotlight - Tanium: https://www.tanium.com/partners/microsoft/spotlight/* Michael Fiorina’s LinkedIn profile: https://www.linkedin.com/in/mikefiorina/* Microsoft Security Copilot Agent videos: https://adoption.microsoft.com/security-copilot/video-hub/* MDEAutomator: https://github.com/msdirtbag/MDEAutomator* SRA’s Crowpilot: https://sra.io/blog/crowpilot-the-ai-agent-that-connects-security-copilot-with-crowdstrike-falcon/GeneralSecuring generative AI models on Azure AI FoundryMicrosoft's Zero Trust approach Threat Intelligence & ESAMAzure Security & Defender for Cloud NewsSentinel NewsMicrosoft Sentinel Project Deployment TrackerIngesting Akamai Audit Logs into Microsoft Sentinel using Azure Function AppsDefender for IoTSensor Disconnection Notifications with Microsoft Defender for IoT and Microsoft SentinelWhat's new in Microsoft Defender for IoT?Microsoft 365 Security (All Up News)Security Update Release Summary March 2025 Microsoft EntraHelp Desk & Account Recovery - Face Check with Microsoft Entra Verified ID -VRemote Onboarding - Face Check with Microsoft Entra Verified ID -VSecure Access to Resources - Face Check with Microsoft Entra Verified ID -VDevice Management & Protection (Intune)Fortify your security posture with Microsoft Intune and WindowsStay ahead of evolving threats with the latest AI in IntuneExpand endpoint visibility across device platformsMicrosoft Intune provides key advantages for macOS managementWhat's New in Azure Firewall - March 2025 -VConfigure Entra Private Access and Quick Access in Microsoft Entra Global Secure Access What's new in Microsoft IntuneM365 Defender (Defender for Office, Defender for Endpoint, Defender for Identity, Defender for Cloud Apps)Resolving high CPU utilization in Microsoft Defender Antivirus Mastering endpoint security settings issues with Defender for Endpoint Client Analyzer Mastering onboarding issues with Defender for Endpoint Client Analyzer Microsoft Defender for Endpoint Client Analyzer overview What's new in Microsoft Defender XDRWhat's new in Microsoft Defender for EndpointWhat's new in Microsoft Defender for Office 365What's new in Microsoft Defender for IdentityWhat's new in Microsoft Defender for Cloud AppsDefender Experts for XDRCopilot for SecurityAnnouncing Alert Triage Agents in Microsoft Purview, powered by Security CopilotWhat's new in Microsoft Security Copilot?Incident ResponsePurview - Compliance & GovernanceMitigating insider risks in the age of AI with Microsoft Purview Insider Risk ManagementLearningMicrosoft Defender for Cloud Apps - Ninja TrainingWatch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

JP Bourget was the founder of Syncurity, an early entrant in the SOAR market, which sold to Swimlane in 2020. He currently is President Blue Cycle, a SecOps maturity advisory, services and development firm. Blue Cycle focuses on the core technologies, architecture, integration, and customization of modern sec ops programs and meet clients where they are to help level up their capabilities. Blue Cycle is a Microsoft Partner with designations in Security, Modern Work, Infrastructure, Data and AI, and Digital and App innovation. JP has designed Sentinel architecture for F500s and XDR providers and touched his first SIEM in 2005. JP is also the Entrepreneur/CISO in Residence at Lytical Ventures based in NYC, and lives in upstate NY.Show Notes/Links* JP’s LinkedIn Profile: JP Bourget* BlueCycle website: https://www.bluecycle.net/Tools, Blogs and Stuff:* Noodle’s new blog: https://sentinel.blog* https://aadinternals.comGeneral:* AI innovation requires AI security: Hear what’s new at Microsoft Secure* Transforming public sector security operations in the AI eraThreat Intelligence:* Malvertising campaign leads to info stealers hosted on GitHub* Silk Typhoon targeting IT supply chainAzure Security:* Implementing Multi-Layered Security with Azure DDoS Protection and Azure WAF Defender for Cloud:* API Security Posture with Defender for Cloud * Secure your AI application transformation with Microsoft Defender for CloudSentinel News:* New capabilities coming to Microsoft Sentinel this Spring* Microsoft Sentinel - Custom ASIM Parser for Solarwind Data sourceMicrosoft Entra:* Securing B2B Collaboration with Microsoft Entra ID -V* Microsoft Entra External ID: User activity insights * Quick Setup - Microsoft Entra Verified ID M365 Defender | XDR - (MDO, MDE, MDI, MDCA):* Transition to the Unified SOC Platform: Deep Dive and Interactive Q&A for SOC Professionals* Microsoft Defender for Endpoint Client Analyzer overview * Connecting your Apps to Defender for Cloud Apps Security Copilot:* Automate cybersecurity at scale with Microsoft Security Copilot agents* Take Flight with Microsoft Security Copilot Flight SchoolMicrosoft Purview:* Strengthen data security posture in the era of AI with Microsoft Purview* Prevent data loss across your ever-expanding data estate with Microsoft Purview Data Loss PreventionMicrosoft Learning | Skilling:* Microsoft Defender for Cloud Apps - Ninja TrainingWebinars and Stuff:* Microsoft Cloud Security Public WebinarsWatch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Advanced Prompt Engineering for Security Copilot. As a cybersecurity professional with over 20 years of experience, Rick specializes in cybersecurity architecture and IT risk management. He is passionate about artificial intelligence, continuous learning, exchanging ideas, and contributing to endeavors that help others achieve success.Show Notes/LinksRick’s LinkedIn Profile: https://www.linkedin.com/in/rick-kotlarz/Tools, Blogs and Stuff:Noodle’s new blog: https://sentinel.bloghttps://aadinternals.comGeneral:* Create | Microsoft 365 Copilot* Microsoft Security Insider* Exploring the Extensibility of Active Directory Migration Service (ADMS) Device Migration* Introducing the Secure Future Initiative Tech Tips show!* Navigating Mergers and Acquisitions: IT Consolidation Best Practices and Approach* Blog Series: Charting Your Path to Cyber ResiliencyThreat Intelligence:* https://www.activecountermeasures.com/malware-of-the-day-ipv6-address-aliasing/* New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects* New innovations to protect custom AI applications with Defender for Cloud* Enhance AI security and governance across multi-model and multi-cloud environments* All Key Vaults Are Critical, But Some Are More Critical Than Others: Finding the Crown Jewels* Securing your organization from 'IngressNightmare' using Microsoft Security capabilitiesAzure Security:* Manage cloud security posture with Microsoft Defender for Cloud * What's new in Defender for Cloud featuresDefender for Cloud:* API Security Posture with Defender for Cloud * Secure your AI application transformation with Microsoft Defender for CloudSentinel News:Want to know how to view Sentinel incidents in Teams?Azure Lighthouse support for MSSP use of Security Copilot Sentinel scenarios in Public Preview | Microsoft Community HubMonitor User Activities and System Events with Security Copilot and Microsoft Sentinel | Microsoft Community Hub -Microsoft Entra:* Using phishing resistant creds | Protect identities and secrets * How do Microsoft Entra ID Protection Risk Signals Work? * Configure API driven Provisioning in Microsoft Entra ID Governance * Configure auto-assignment policies in Microsoft Entra ID Governance using Entitlement Management * Microsoft Entra custom authentication extension overview * Implementing managed identities | Protect identities and secrets * Create Custom reports for Microsoft Entra ID Governance data using Azure Data Explorer * What's new in Entra IDM365 Defender | XDR - (MDO, MDE, MDI, MDCA):* ​​Built-in report button is available in Microsoft Outlook across platforms* Monthly news - March 2025* Defending Against OAuth-Based Attacks with Automatic Attack Disruption* Level Up Your App Governance With Microsoft Defender for Cloud Apps Workshop Series* Strengthening Email Security: Our New Approach to Non-RFC Compliant Emails* Unveiling the Shadows: Extended Critical Asset Protection with MSEM* Level up your defense: protect against attacks using stale user accounts* Discover and protect Service Accounts with Microsoft Defender for Identity* Protect SaaS apps from OAuth threats with attack path, advanced hunting and more* General Availability for Collaboration Security for Microsoft TeamsSecurity Copilot:* Protect at the scale and speed of AI with Microsoft Security Copilot* Microsoft Security Copilot – Microsoft Adoption* Empowering Security Copilot with NL2KQL: Transforming Natural Language into Insightful KQL queries | Microsoft Community Hub* Advancing Security Copilot with MAGIC: Automating Self-Correction in NL2KQL and Beyond* Take Flight with Microsoft Security Copilot Flight SchoolMicrosoft Purview:* 3 Tips for Comprehensive Data Security* Advanced hunting for Microsoft Purview Data Loss Prevention (DLP) incidents | Microsoft Community Hub* New innovations in Microsoft Purview for protected, AI-ready data* Unlocking the Power of Microsoft Purview for ChatGPT Enterprise * What's new in Microsoft PurviewWebinars and Stuff:* Microsoft Cloud Security Public WebinarsWatch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

This episode we welcome Linda Dögg Guðmundsdóttir. Linda works as a Cybersecurity Architect Expert & Solution Architect in Iceland. In this episode, Linda shares her expertise on security M365 Copilot. Tune in for lots of talk about Purview, Defender for Cloud Apps, and Data Security.Show Notes/Links* Join the MSI Kusto Team for the upcoming Kusto Detective Agency - Call of Cyber Duty: https://www.microsoftsecurityinsights.com/p/join-the-msi-show-team-for-the-kusto* Just good old plain security stuff:General:* Everything Old Is New Again: Hardening the Trust Boundary of VBS Enclaves* Meet the IMS team* IMS Efficient Migration MethodsThreat Intelligence:* Analyzing open-source bootloaders: Finding vulnerabilities faster with AI* StilachiRAT analysis: From system reconnaissance to cryptocurrency theft* Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malwareAzure Security:* Secure containers software supply chain across the SDLC* Microsoft Defender for Cloud Customer Newsletter* Integrating Security into DevOps Workflows with Microsoft Defender CSPM* Public Preview: Key Attestation for Azure Managed HSMDefender for Cloud:* Secure your AI application transformation with Microsoft Defender for Cloud-V* Manage cloud security posture with Microsoft Defender for Cloud -V* What's new in Defender for Cloud featuresSentinel News:* Integrating Radware WAF Logs with Microsoft Sentinel Using Logic Apps* Case Management is now Generally Available* What's new in Microsoft SentinelMicrosoft Entra:* ADSS TSync vs Entra Cross-Tenant Sync: A Comprehensive Comparison* Introducing Microsoft Entra Health alerts: An enhancement to tenant health monitoring* Exploring the Extensibility of Active Directory Migration Service (ADMS)* Tell us what you think: The Microsoft Entra blog team wants to hear from you!* New innovations in Microsoft Entra to strengthen AI security and identity protection* Insights from the Secure Employee Access report reveal the need for unified access security* New user experience for consumer authentication* Replace your legacy VPN with an identity-centric ZTNAM365 Defender | XDR - (MDO, MDE, MDI, MDCA):* ​​Built-in report button is available in Microsoft Outlook across platforms* Monthly news - March 2025* Defending Against OAuth-Based Attacks with Automatic Attack Disruption* Level Up Your App Governance With Microsoft Defender for Cloud Apps Workshop Series* Strengthening Email Security: Our New Approach to Non-RFC Compliant Emails* Unveiling the Shadows: Extended Critical Asset Protection with MSEM* Level up your defense: protect against attacks using stale user accounts* Discover and protect Service Accounts with Microsoft Defender for Identity* Protect SaaS apps from OAuth threats with attack path, advanced hunting and moreSecurity Copilot:* Empowering Security Copilot with NL2KQL: Transforming Natural Language into Insightful KQL queries* Advancing Security Copilot with MAGIC: Automating Self-Correction in NL2KQL and BeyondMicrosoft Purview:* Improve your DLP maturity with DLP Analytics* 1000 Data Map Collections* Microsoft Purview – Data Security Posture Management (DSPM) for AI* Protecting sensitive information in the era of AI with Microsoft Purview Information ProtectionMicrosoft Security Learning:* Azure Network Security* Microsoft 365 Advanced eDiscovery* Microsoft Copilot for Security* Microsoft Defender XDR* Microsoft Defender External Attack Surface Management* Microsoft Defender for Cloud* Microsoft Defender for Cloud Apps* Microsoft Defender for Endpoint* Microsoft Defender Experts* Microsoft Defender for Identity* Microsoft Defender for IoT* Microsoft Defender for Office 365* Microsoft Defender Threat Intelligence* Microsoft Defender Vulnerability Management* Microsoft Purview Insider Risk Management* Microsoft Purview Data Lifecycle & Records Management* Microsoft Purview Information Protection* Microsoft Purview Data Loss Prevention* Microsoft Purview Communication Compliance* Microsoft Purview Compliance Manager* Microsoft Sentinel* Microsoft Sentinel Notebooks* Microsoft Unified SOC PlatformMicrosoft Security Github’s:* Azure Network Security GitHub* Microsoft Defender for Cloud GitHub* Microsoft Sentinel GitHub* Microsoft Defender XDR GitHub* Microsoft Defender for Cloud Apps GitHub* Microsoft Defender for Identity* Microsoft PurviewWebinars and Stuff:* APR 23 (9:00AM) Microsoft Defender XDR | SaaS Security Exposure Reduction via the Exposure Management Platform* APR 24 (9:00AM) Microsoft Defender XDR | Secure Your Servers with Microsoft's Server Protection SolutionNotes, Tips and Tools:* Blue Team Handbook: https://amzn.to/4ir9lfG* dnstwist: https://github.com/elceef/dnstwist* domain name permutation engine: https://www.mankier.com/1/dnstwist* Crime mapper: https://mr-r3b00t.github.io/crime-mapper/experimental_mapper.html* Website mapping: https://addons.mozilla.org/en-US/firefox/addon/lightbeam-chik This is a public episode. If you would like to d

Join us this episode as we welcome back fan favorite, Nathan Swift. This is a demo-heavy episode, so make sure to catch the live video replay if you can. Dive into the incredible potential of tools like Microsoft Defender EASM—a budget-friendly powerhouse for countless use cases—and unravel the magic of the TwistDNS algorithm in spotting typosquatting and phishing threats. From building Microsoft Sentinel Watchlists to crafting advanced integrations with Azure Container Instances, Logic Apps, and Functions, we’re here to keep your mind buzzing and your solutions thriving.Show Notes/Links* Nathan's GitHub repo: https://github.com/SwiftSolves-msft* Nathan's old GitHub repo: https://github.com/SwiftSolves * Sentinel DNSTwist Solution: https://github.com/swiftsolves-msft/Sentinel-DNSTwist-SolutionJust good old plain security stuff:General:* Everything Old Is New Again: Hardening the Trust Boundary of VBS Enclaves* Meet the IMS team* IMS Efficient Migration MethodsThreat Intelligence:* Analyzing open-source bootloaders: Finding vulnerabilities faster with AI* StilachiRAT analysis: From system reconnaissance to cryptocurrency theft* Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malwareAzure Security:* Secure containers software supply chain across the SDLC* Microsoft Defender for Cloud Customer Newsletter* Integrating Security into DevOps Workflows with Microsoft Defender CSPM* Public Preview: Key Attestation for Azure Managed HSMDefender for Cloud:* Secure your AI application transformation with Microsoft Defender for Cloud-V* Manage cloud security posture with Microsoft Defender for Cloud -V* What's new in Defender for Cloud featuresSentinel News:* Integrating Radware WAF Logs with Microsoft Sentinel Using Logic Apps* Case Management is now Generally Available* What's new in Microsoft SentinelMicrosoft Entra:* ADSS TSync vs Entra Cross-Tenant Sync: A Comprehensive Comparison* Introducing Microsoft Entra Health alerts: An enhancement to tenant health monitoring* Exploring the Extensibility of Active Directory Migration Service (ADMS)* Tell us what you think: The Microsoft Entra blog team wants to hear from you!* New innovations in Microsoft Entra to strengthen AI security and identity protection* Insights from the Secure Employee Access report reveal the need for unified access security* New user experience for consumer authentication* Replace your legacy VPN with an identity-centric ZTNAM365 Defender | XDR - (MDO, MDE, MDI, MDCA):* ​​Built-in report button is available in Microsoft Outlook across platforms* Monthly news - March 2025* Defending Against OAuth-Based Attacks with Automatic Attack Disruption* Level Up Your App Governance With Microsoft Defender for Cloud Apps Workshop Series* Strengthening Email Security: Our New Approach to Non-RFC Compliant Emails* Unveiling the Shadows: Extended Critical Asset Protection with MSEM* Level up your defense: protect against attacks using stale user accounts* Discover and protect Service Accounts with Microsoft Defender for Identity* Protect SaaS apps from OAuth threats with attack path, advanced hunting and moreSecurity Copilot:* Empowering Security Copilot with NL2KQL: Transforming Natural Language into Insightful KQL queries* Advancing Security Copilot with MAGIC: Automating Self-Correction in NL2KQL and BeyondMicrosoft Purview:* APR 22 (8:00AM) Microsoft Purview | eDiscovery New User Experience and Retirement of Classic* Inheriting Sensitivity Labels from Shared Files to Teams Meetings * Export Search Results in eDiscovery * Microsoft Purview AMA - Data Security, Compliance, and Governance Microsoft Security Learning:* Azure Network Security* Microsoft 365 Advanced eDiscovery* Microsoft Copilot for Security* Microsoft Defender XDR* Microsoft Defender External Attack Surface Management* Microsoft Defender for Cloud* Microsoft Defender for Cloud Apps* Microsoft Defender for Endpoint* Microsoft Defender Experts* Microsoft Defender for Identity* Microsoft Defender for IoT* Microsoft Defender for Office 365* Microsoft Defender Threat Intelligence* Microsoft Defender Vulnerability Management* Microsoft Purview Insider Risk Management* Microsoft Purview Data Lifecycle & Records Management* Microsoft Purview Information Protection* Microsoft Purview Data Loss Prevention* Microsoft Purview Communication Compliance* Microsoft Purview Compliance Manager* Microsoft Sentinel* Microsoft Sentinel Notebooks* Microsoft Unified SOC PlatformMicrosoft Security Github’s:* Azure Network Security GitHub* Microsoft Defender for Cloud GitHub* Microsoft Sentinel GitHub* Microsoft Defender XDR GitHub* Microsoft Defender for Cloud Apps GitHub* Microsoft Defender for Identity* Microsoft PurviewWebinars and Stuff:* APR 23 (9:00AM) Microsoft Defender XDR | SaaS Security Exposure Reduction via the Exposure Management Platform* APR 24 (9:00AM) Microsoft Defender XDR | Secure Your Servers with Microsoft's Server Protection SolutionNotes, Tips and Tools:* Blue

For the start of TechHeavy month, we welcome Cyclotron. Join us with Nathan Berger (Director of Security) and Nicholas Geil (Head of Products) of Cyclotron to hear about their Compliance & Data Protection, Identity & Access Management, Endpoint Management & Virtual Desktop, and Threat Protection services.Show Notes/Links* Nathan’s LinkedIn profile: https://www.linkedin.com/in/nathan-berger-780846149/* Nicholas’ LinkedIn profile: https://www.linkedin.com/in/nicholas-geil/* Cyclotron website: https://www.cyclotron.com/* Cyclotron Beam: https://cyclotronbeam.com/* Kapton: https://kapton.io/* Compliance and Data Protection: https://www.cyclotron.com/compliance-data-protection* Cyclotron Blogs: https://www.cyclotron.com/blogWatch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

For our 3rd annual Women in Cybersecurity month, we topped-off another amazing set of episodes with our first day-long conference. Listen in as our esteemed guests discuss how their personal and professional perspectives shaped a life in Cybersecurity.* Keynote Address by Dona Sarkar* Second session with Heike Ritter* Finale session with Renuka IyerThe original event link: https://developer.microsoft.com/reactor/events/25104/Watch all the March 2025 episodes: https://www.youtube.com/playlist?list=PLT7gsT16FK5Z40NqLf1Rl3tbQZyRuCHidWatch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join us as we talk with Ritu Lamba. Ritu is a General Manager Cyber Security GTM and Sales Strategy at Microsoft.Watch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join us as we talk with Liz Tesch. Liz is a treasured commodity at Microsoft. She is a Cybersecurity Cloud Solutions Architect with strong community and mentoring skills.Show Notes/Links* Liz’s LinkedIn Profile: https://www.linkedin.com/in/liz-tesch-81652121/* Liz’s blog post: Active Directory is 25 Years Old. Do You Still Manage It Like It's 1999?General links* Create | Microsoft 365 Copilot* Microsoft Security Insider* Protect enterprise solutions with new Microsoft Power Platform security features - Microsoft Power Platform Blog* Cool Tools:* https://aadinternals.com* Threat Intelligence:* Malware of the Day – IPv6 Address Aliasinghttps://www.activecountermeasures.com/malware-of-the-day-ipv6-address-aliasing/* Sentinel News:* Want to know how to view Sentinel incidents in Teams?* Azure Lighthouse support for MSSP use of Security Copilot Sentinel scenarios in Public Preview | Microsoft Community Hub* Monitor User Activities and System Events with Security Copilot and Microsoft Sentinel | Microsoft Community Hub -* Security Copilot:* Protect at the scale and speed of AI with Microsoft Security Copilot* Microsoft Security Copilot – Microsoft Adoption* Empowering Security Copilot with NL2KQL: Transforming Natural Language into Insightful KQL queries | Microsoft Community Hub* Microsoft Purview:* 3 Tips for Comprehensive Data Security* Advanced hunting for Microsoft Purview Data Loss Prevention (DLP) incidents | Microsoft Community Hub* Microsoft Security Learning:* Microsoft Security Immersion Experience: Shadow Hunter* Microsoft Cloud Security Public Webinars* Microsoft Learning Paths* Azure-Security-Engineer-Learning-Pathway.pdf* Security hub - Security | Microsoft Learn* Home - Microsoft Cloud Learning Pathways* Azure-Sentinel/Playbooks at master · Azure/Azure-Sentinel* Azure-Security-Engineer-Learning-Pathway.pdf* Microsoft-Security-Operations-Analyst.pdf* Microsoft-Sentinel-Learning-Companion.pdf* https://w365community.azurewebsites.net/category/newsletterWatch the Live Replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Cat Daniels is a highly accomplished cybersecurity professional currently serving as the Security Strategy lead for Microsoft's Global System Integrators, who in turn drive innovation & technology solutions at scale with some of Microsoft's largest customers. In this dynamic role, Cat plays a pivotal part in building bridges, advocating for partners, and finding creative solutions to challenges. Before joining Microsoft, Cat worked at Dell in a variety of roles, starting as a salesperson in a call center, and finishing her tenure as a people manager. During her time at Dell, she was instrumental in onboarding CDW as a commercial partner, which resulted in $90M of net-new datacenter revenue in 6 months, helped design the telemetry off-boarding system for the F-35 fighter in partnership with Lockheed Martin, and learned how to navigate the complexity of a large organization. With certifications including degrees in both Economics and Spanish from Hillsdale College, a Master of Business from Texas State University, and a whole bunch of Microsoft and Industry security certifications, Cat brings a wealth of unique expertise to the field. When not leading cybersecurity initiatives, Cat enjoys board games (Wingspan, Red Rising, Horrified, Zombicide), which fuels her passion for strategic thinking, and gardening, which keeps her inspired and balanced.Show Notes/Links* Noodle’s new blog: https://sentinel.blog* Wingspan board game: https://amzn.to/4kKMNsC* Star Trek Away Missions board game: https://amzn.to/4hDIvQLJust good old plain security stuff:General:Microsoft Security InsiderCool Tools:https://aadinternals.comThreat Intelligence:Malware of the Day – IPv6 Address Aliasinghttps://www.activecountermeasures.com/malware-of-the-day-ipv6-address-aliasing/Sentinel News:Want to know how to view Sentinel incidents in Teams? Security Copilot:Protect at the scale and speed of AI with Microsoft Security CopilotMicrosoft Purview:3 Tips for Comprehensive Data SecurityMicrosoft Security Learning:Microsoft Security Immersion Experience: Shadow HunterMicrosoft Cloud Security Public WebinarsMicrosoft Learning Pathshttps://w365community.azurewebsites.net/category/newsletterWatch the Live Replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Women In Cyber Month!!!A warm welcome to the MSI Pod (show) Cast!!! On todays show for Women in Cyber month, we have the honor of having Lisa Perdelwitz as our guest! Lisa brings over 20 years of global leadership and cybersecurity experience. Her dual roles—working full-time in corporate cybersecurity while serving part-time in the military— have given her a unique perspective on how to integrate the strengths of both environments to achieve business and security objectives. Please visit her site to see the professional services she provides to the C-suite security executive. https://ligilo.techShow Links: Just good old plain security stuff:* Windows Server 2025 now generally available, with advanced security, improved performance, and cloud agility* Windows Server 2025 Security Book* Windows security and resiliency: Protecting your businessGeneral:* Hear from Microsoft Security experts at these top cybersecurity events in 2025* Join us for the end-to-end Microsoft RSAC 2025 Conference experienceThreat Intelligence:* Code injection attacks using publicly disclosed ASP.NET machine keys* Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert networkAzure Security:* Boost Security with API Security Posture Management* Configuring total retention period for log analytics workspace tables at scaleDefender for Cloud: * Microsoft Defender for Cloud Customer Newsletter* Microsoft Defender for Cloud – Elevating Runtime ProtectionSentinel News:* Announcing Public Preview: New STIX Objects in Microsoft Sentinel* What’s new: Find the Sentinel content you need using AI search* Ingesting Palo Alto Cortex XDR Logs into Microsoft Sentinel with the Updated CCP ConnectorMicrosoft Entra:* Automating Active Directory Domain Join in Azure* Microsoft Entra: Top 50 features of 2024* Microsoft Entra PowerShell module now generally availableM365 Defender (MDO, MDE, MDI, MDCA):* Microsoft Exchange Online: Search-MailboxAuditLog and New-MailboxAuditLogSearch will retire* Microsoft Defender XDR unified role-based access control (RBAC) model is now generally availableSecurity Copilot:* Microsoft Copilot for Security: Plugin Spotlight – Microsoft Entra Application Risk Skills* Microsoft Copilot for Security Skilling Series: Plugin Spotlight – Defender EASM* Microsoft Security Copilot – Microsoft AdoptionMicrosoft Purview:* Upcoming Microsoft Purview WebinarsMicrosoft Security Learning:* Showcase your skills with this new Security CertificationTips and Notes from the field:* From our favorite security MAD scientist - Automating Microsoft Sentinel Deployment with Azure DevOps CI/CD | by noodlemctwoodle | Mar, 2025 | Medium* Need some quick cash? Leave a review of a Microsoft security product and you can get some loot. - Penny for your thoughtsWatch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Women In Cyber Join us as we talk with Laura Buska. Laura is a Cloud Solution Architect Director at Microsoft. Laura's focus is on AI Solutions and security.Laura Buska led the establishment of an AI practice at Microsoft, managing a team of architects who guide Microsoft customers in adopting Copilot AI with security top of mind. With 17 years at Microsoft and a career spanning app development, infrastructure, security, and now AI, she's seen firsthand the transformative power of technology. Her journey in cybersecurity has been pivotal, especially when she started a Microsoft security practice from scratch. Today, she blends her passion for AI and cybersecurity, fostering a culture of making powerful offers and building trust. She's excited to share insights on how we bring care and innovation to Microsoft's customers through security and AI.Show Links: General:* Applying Zero Trust principles to the cloud-native journey* Microsoft Security in Action: Zero Trust Deployment Essentials for Digital SecurityThreat Intelligence:* Storm-2372 conducts device code phishing campaign* The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operationAzure Security:* General Availability: Monitoring and Logging for Azure Managed HSM in Azure Portal* Protecting Azure AI Workloads using Threat Protection for AI in Defender for CloudDefender for Cloud:* Microsoft Defender for Cloud Customer Newsletter* The security benefits of structuring your Azure OpenAI calls – The System Role* What's new in Defender for Cloud featuresSentinel News:* What's new in Microsoft Sentinel* What's new in Microsoft's unified security operations platformMicrosoft Entra:* Microsoft Security in Action: Deploying and Maximizing Advanced Identity Protection* New webinar series: How to secure access for your employees with the Microsoft Entra Suite* What's new in Entra IDDevice Management:* Your guide to Intune at Microsoft Technical Takeoff 2025M365 Defender (MDO, MDE, MDI, MDCA):* What's new in Microsoft Defender XDR* What's new in Microsoft Defender for Endpoint* What's new in Microsoft Defender for Office 365* What's new in Microsoft Defender for Identity* What's new in Microsoft Defender for Cloud AppsDefender Experts for XDR:* Why security teams rely on Microsoft Defender Experts for XDR for managed detection and responseSecurity Copilot:* Exciting updates to the Copilot (AI) Bounty Program: Enhancing security and incentivizing innovationMicrosoft Purview:* General Availability: Dynamic watermarking for sensitivity labels in Word, Excel, and PowerPointMicrosoft Security Learning:* https://learning-pathways.co.uk/wp-content/uploads/2025/02/Microsoft-Sentinel-Learning-Companion.pdfTips and Notes from the field:Protect enterprise solutions with new Microsoft Power Platform security features - Microsoft Power Platform BlogWatch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Hey! Hey! Hey! MSI Pod-Show FamilyWe are switching up the live show time today to broadcast the show at 10:00am EST. Today our awesome guest is Femke Cornelissen. Femke founded Dutch Women in Tech, an initiative that empowers women to pursue careers in IT, and co-organize the Women in Cyber program, promoting diversity in cybersecurity. Through her work with Experts Live Netherlands and global tech events, I help create opportunities for professionals to connect and thrive.Tech Links: Show Notes - Femke Cornelissena. https://www.linkedin.com/in/femcornelissen/b. https://linktr.ee/Femcornelissenc. https://teamcopilot.nl/team-copilot/d. https://femkecornelissen.com/Slowing down AI in your enterprise:If you're a Microsoft Defender stack customer and you're struggling to handle Ungoverned AI Tools like Deepseek or Chatgpt, here are some things you can do about it using various technology across the Microsoft security stack:1) Hunt using the following KQL query (https://lnkd.in/exHTT6ks), decide what is sanctioned from any hits you find. Afterwards Upload the Bulk IOC list to MDE (https://lnkd.in/ekS4JZsG ), removing any lines in the CSV for tools you sanction across the org. [Ensure Network protection + Custom indicators is on + smartscreen forced]2) Defender for Cloud Apps MDA) app discovery to unsanctioned new Gen AI (https://lnkd.in/eShZsb54 ). If you're an E5 Customer you can also enable this setting to enforce MDA Unsanctions back to MDE, automatically blocking new GenAI apps as they are discovered. (https://lnkd.in/e5BK_ME6). Blocked by default until allowed should be the norm with AI tools IMO.3) Endpoint DLP to block copy paste of Sensitivity Labels/Sensitive Info Types (SITs) into AI tools (Check out the video on: https://lnkd.in/emE2zwVq ). Also in Purview check out DPSM for AI recommendation and deploy the "Fortify Your Data Security: Data security for AI" policy which can block elevated Insider risk users from pasting or uploading sensitive info on AI sites. You may want to edit this policy after it has been deployed to tailor it to your organization (the video demonstrates just this but the policy uses an older name - we all love a good name change). Notably, it deploys in "block with override" mode. [Also note Insider Risk is another preq, I would check out Ewelina Paczkowska's Guide on Insider Risk here: https://lnkd.in/eWSF2kRJ]Also MDA Session Proxy also has abilities to block copy paste (https://lnkd.in/e9EcX4yZ) if you need protection on devices not onboarded onto Purview/MDE.4) Global Secure Access has a Web content filtering Policy for Artificial intelligence under the liability category (though annoyingly MDE Web content filtering does not have this category). A good blog comparing the Web Content Filtering for both MDE and GSA can be found here: https://lnkd.in/euNYjDpP by Kenneth van Surksum.5) Enabling "Block other LLM chatbots" in Microsoft Edge For Business (i.e. cloud based Edge Management) will add a blocklist for some LLMs under "URLBlocklist" policy, however this control is quite lackluster and only contains 11 URLs. Its also more likely you manage Edge on a Platform level. For more on Edge For Business, see: https://lnkd.in/eCrYhMaAAdditionally blocking Browser Extensions, Office Add-ins, Team Apps etc. as these can be a source of AI tool leakage also. Blocking . ai TLD in Intune Firewall is another option however legitimate businesses may use this TLD. (Arguably another could be purchasing & deploying copilot just to deter the need of a user to leverage another AI tool, it might actually make sense vs. the cost of a data leak ...)Watch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Hey everyone,In the latest episode of the MSI PodCastShow it was the "Usual Suspects" minus Rod. We had some fantastic discussions about data and identity governance between government cloud and commercial cloud environments. We also delved into Microsoft Purview and the various modules that work seamlessly with Security Copilot.We are thrilled to share that the theme for our March 2025 shows is the upcoming Women in Cybersecurity Month. It's going to be an exciting time as we celebrate and highlight the contributions of women in the cybersecurity field. And don't forget, next week on March 3rd, we kick off Women In Cyber!Looking ahead, we have a new theme for April 2025 called "Tech Heavy". All of our shows that month will be packed with deep tech topics and lots of demos. It's going to be a tech enthusiast's dream!Additionally, we announced that we are moving our MSFT partner month to May 2025. And here's a little teaser - we will have a month of shows dedicated to highlighting our guests' certification journeys over the years, which we are calling "Show us your CERTS"! It's going to be an inspiring and informative and FUNNY series that you won't want to miss.Stay tuned for more updates and exciting content. Thanks for being a part of our community!Key Takeaways:* Is Purview for you? Security Copilot may help you decide and turn the tide.* It doesn’t hurt to have CERTS!* Managing data and identity between government and commercial cloud environments isn’t easy.* Raae likes to make espresso coffee with Red Bull instead of water.* We are in our third year of Women In Cybersecurity month.Watch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

In this episode, Sergey explores how Azure OpenAI can improve incident response strategies by leveraging advanced AI capabilities. You will gain insights into integrating Azure OpenAI with existing XDR and SIEM to enhance analysis, and mitigation of security threats.Key Takeaways:* The Easy Starter: How Microsoft 365 Copilot & Security Copilot can be used in security scenarios.* Understanding Azure OpenAI: Learn about the core features and functionalities of Azure OpenAI and how they can be applied to security.* Incident Response Automation: Discover how AI can automate and accelerate incident response processes, reducing the time to detect and respond to threats.* Retrieval-Augmented Generation (RAG): Understand how RAG enhances AI models by retrieving relevant information from external data sources, improving the accuracy and relevance of AI-generated responses.* Fine-Tuning: Explore the process of fine-tuning pre-trained AI models to adapt them for specific security tasks, enhancing their performance and effectivenessWatch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Andy has been in the information security industry for over 10 years and held various roles from security operations, analyst, engineer, and architect at companies like Trek, Exact Sciences, and most recently, Microsoft. Andy served 10 years in the Air Force and deployed to Afghanistan as a civil engineering officer and held leadership positions leading the emergency management, engineering, and operations units.Watch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join us today to chat with the organizers of the hottest event in Europe, Experts Live, and how the Denmark edition has sold out. Hear about how the event is planned, what is planned, what the future looks like, and why you should consider attending next time. Want to help bring an Experts Live event to your area? Find out how to do that, too!Show Notes/LinksExperts Live Denmark: https://expertslive.dk/Watch the Live Show Replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

With over two decades dedicated to safeguarding our nation's digital landscape as an FBI Supervisory Special Agent, Miguel had the privilege of leading complex cybercrime investigations alongside remarkable teams.Show Notes/LinksMiguel’s LinkedIn profile: https://www.linkedin.com/in/miguel-a-clarke/Lessons from red teaming 100 generative AI products (PDF): https://airedteamwhitepapers.blob.core.windows.net/lessonswhitepaper/MS_AIRT_Lessons_eBook.pdfMicrosoft Sentinel REST APIs vs MS Graph: https://garybushey.com/2025/01/13/microsoft-sentinel-rest-apis-vs-ms-graph/Monday Minutes podcast:How the FBI's fake cell phone company put criminals into real jail cells: https://www.npr.org/2024/05/31/1197959218/fbi-phone-company-anomInside the FBI’s Secret Encrypted Phone Company ‘Anom’: https://www.geeky-gadgets.com/fbi-anom-phones-criminal-network-infiltration/Watch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Welcome back! It’s our first episode for 2025! This episode let’s drop back in on our esteemed crew to find out what’s new in security and what to expect for the 2025 show. All are welcome!Show Notes/Links* Best Practice to Secure Office 365: https://lazyadmin.nl/office-365/best-practice-to-secure-office-365/* Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents: https://thehackernews.com/2024/12/chinese-apt-exploits-beyondtrust-api.html* Security Certification Roadmap: https://pauljerimy.com/security-certification-roadmap/Watch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

“Always be on the administrative end”Join us for our holiday episode for 2024 where we invite the "guests of episodes past" from the past year to stop by and join in the warmth and wealth of kinship around Microsoft Security.Show Notes/Links* THE Microsoft Security Insights Show Holiday Gear: https://www.microsoftsecurityinsights.com/p/the-microsoft-security-insights-show-12f* Microsoft Security Incident Prediction data: https://www.kaggle.com/datasets/Microsoft/microsoft-security-incident-prediction* Tinka og Kongespillet: https://juleweb.dk/julekalendere/tinka-og-kongespillet/* Application discovery (Preview) for Global Secure Access: https://learn.microsoft.com/en-us/entra/global-secure-access/how-to-application-discoveryWatch the Live Replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Come join the entire crew as we have one of our last shows of the year - leading up to the final 2024 holiday episode.Show Notes/Links* Microsoft Cloud for Sovereignty: https://learn.microsoft.com/industry/sovereignty/sovereignty-capabilities* Cybersecurity Maturity Model Certification (CMMC): https://learn.microsoft.com/azure/compliance/offerings/offering-cmmc* Festive Tech Calendar 2024: https://www.festivetechcalendar.com/Watch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join us this episode as we discuss an enterprising area within Microsoft that focuses on Tech for Social Impact. We’re joined by Chief Security Advisor, Jerry Carlson, to discuss how this area helps customers strategize on cybersecurity and coordinate resources to help them in their missions.Show Notes/Links* Jerry’s LinkedIn profile: https://www.linkedin.com/in/jerrycar/* Any nonprofit that wants to take advantage of Microsoft offers: https://nonprofit.microsoft.com/getting-started* A PDF of all the offers available: Non-profit OffersWatch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Our guest for today had to reschedule. So, we'll be having a Microsoft Ignite 2024 debriefing.Images from the live episodeWatch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

It’s the “Live from Ignite” episode! Join us this episode as we welcome Jess Dodson, Senior Cloud Solution Architect at Microsoft, known as GirlGerms on X! Jess is a bonified super Sentinel expert from the land down under. Listen in as Jess shares the most interesting and horrifying stories.Show Notes/Links* Jess’s LinkedIn Profile: https://www.linkedin.com/in/jrdodson/* Jess's consolidated Cyber month content: https://www.linkedin.com/posts/jrdodson_security-secops-infosec-activity-7257634732438355969-MlOw/* When it SIEMS like you’re doing it all wrong: https://girl-germs.com/?p=2493* Jess’s website: https://linktr.ee/girlgermsWatch the Live Replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Our original guest had an emergency situation, so you'll just have to sit through listening to your favorite co-hosts' banter for the first time in about a year.Watch the Live Replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join us this episode as we introduce Nina Alli. Nina Alli has over 16 years of experience in biotechnology, biomedical, and security with a focus of healthcare. Her work in healthcare has seen her deal with the complexities of modernization of complex legacy systems within the healthcare industry, this included but are not limited to infrastructure, legacy system integration, and EHR (electronic healthcare records). Her passion and work on various advisory boards has seen her work on the Department of Defense (DoD) Technology Transfer Advisory Board in New York City, and Digital Medical (DiMe) Society Strategic Advisory Board in which she weighs in on various elements where technology intersects healthcare. Alli is Executive Director of Biohacking Village at DEFCON.Show Notes/Links* Nina’s LinkedIn Profile: https://www.linkedin.com/in/janineamedina/* Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files: https://www.microsoft.com/en-us/security/blog/2024/10/29/midnight-blizzard-conducts-large-scale-spear-phishing-campaign-using-rdp-files/?msockid=17ac8e193f12624606ec9abc3ea8636fWatch the Live Replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join us for this spine-tingling Halloween special, as the Precision Hunt Team from Microsoft Defender Experts takes you on a thrilling tour through the creepiest corners of the threat landscape. Discover how to battle the cyber beasts and creepy crawlies that are terrorizing networks everywhere—before they come knocking on your door.Show Notes/Links:* Plan costs and understand pricing and billing - Microsoft Sentinel | Microsoft Learn* Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files | Microsoft Security Blog* Introducing the new Microsoft Sentinel simplified pricing.* Detecting browser anomalies to disrupt attacks early - Microsoft Community Hub* Integrating Defender EASM With Microsoft Sentinel Guide - CHARBEL NEMNOM - MVP | MCT | CCSP | CISM - Cloud & CyberSecurity* Save money on your Sentinel ingestion costs with Data Collection Rules - Microsoft Community Hub* Deploy Microsoft Sentinel using Bicep - Microsoft Community Hub* Microsoft Defender for Identity: the critical role of identities in automatic attack disruption - Microsoft Community HubWatch the Live Replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join us this episode as we welcome Samantha Gardener, Principal Threat Hunt Lead at Microsoft.Show Notes/Links* Mini workshop from MMS: https://aka.ms/MMSKQL* Coming in December: SC-5004: Defend against cyberthreats with Microsoft Defender XDR: https://techcommunity.microsoft.com/t5/ilt-communications-blog/coming-in-december-sc-5004-defend-against-cyberthreats-with/ba-p/4281365* Cybersecurity Summit 2024 (Richard Diver): https://www.youtube.com/live/ix4V-xjqEls* Webinar - Defender Experts: S.T.A.R. Forum - Strategies for Threat Awareness and Response, Episode 1: https://aka.ms/DefenderExpertsWebinarWatch the Live Replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com