The Security Insights Show

Join us this episode as we welcome back Microsoft MVP, Craig Fretwell. Craig has changed companies since we last talked. Working now for Rackspace does he fret well? Tune in to find out. Join us live to ask Craig your questions!Watch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join us this episode as we talk with Thomas Naunheim, Cyber Security Architect and MVP. Thomas is here to share some insights of his "EntraOps Privileged EAM" project.Show Notes/Links* Thomas Naunheim’s LinkedIn profile: https://www.linkedin.com/in/thomasnaunheim/* Upcoming Defender Experts Webinar: https://aka.ms/DefenderExpertsWebinar* Lyrics for Three's Company: https://www.lyricsondemand.com/tvthemes/threescompanylyrics.html* EntraOps Privileged EAM: https://entraops.com/Watch the live show replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join us this episode as we welcome back Red Canary to the show. But this time, we'll dig into what Red Canary is doing with Generative AI and specifically as part of the Copilot for Security partners program.Show Notes/Links* Red Canary's website: https://redcanary.com/* Cordell BaanHofman's LinkedIn profile: https://www.linkedin.com/in/cordellb/* Sam Straka's LinkedIn profile: https://www.linkedin.com/in/samstraka10/* Red Canary Copilot for Security Prompts: https://github.com/rod-trent/Copilot-for-Security/blob/main/Prompts/Plugins/Red_Canary.md* Microsoft Copilot for Security Achieves HITRUST Certification: https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/microsoft-copilot-for-security-achieves-hitrust-certification/ba-p/4262303* Microsoft Copilot for Security Now Covered by HIPAA Business Associate Agreement (BAA): https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/microsoft-copilot-for-security-now-covered-by-hipaa-business/ba-p/4220174Watch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join us this episode as we welcome Miguel Clarke, Cybersecurity and GRC Evangelist with MISA member Armor Defense. As a trusted partner to more than 1,500 firms in over 40 countries, Armor offers cybersecurity and compliance consulting, professional services, and managed services. Armor’s industry-leading experts leverage non-proprietary frameworks and a 24/7/365 SOC to help organizations tackle the complexities of cybersecurity and compliance at a cloud-scale.Show Notes/Links* Armor’s web site: https://www.armor.com/* Miguel Clarke’s LinkedIn profile: https://www.linkedin.com/in/miguel-a-clarke/* David Fatovic's LinkedIn profile: https://www.linkedin.com/in/davidfatovic/Watch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Come learn about the Microsoft Learn Student Ambassadors program! This program is aimed at students who are interested in technology and have a passion for sharing their knowledge with others. The program provides students with the opportunity to learn about new Microsoft products, engage with like-minded peers, and receive training and resources to help them become successful technology leaders on their campuses. The Microsoft Student Partner program is a similar program that is a global group of on-campus ambassadors who are eager to help fellow students, lead in their local tech community, and develop technical and career skills for the future.Show Notes/Links* Microsoft Learn Student Ambassadors: https://mvp.microsoft.com/studentambassadors* Nicklas' blog: https://www.learnintune.net/* MVP Program: https://mvp.microsoft.com/* Microsoft Student Innovator: https://developer.microsoft.com/en-us/reactor/series/S-1386/* Steve Hosking - Microsoft MMD Team: https://steven.hosking.com.au/* The Future of Cybersecurity: Leveraging AI to Secure Your Organization: https://msevents.microsoft.com/event?id=2106510487* Microsoft Sentinel pricing: https://azure.microsoft.com/en-us/pricing/details/microsoft-sentinel/* Microsoft Purview Data Loss Prevention: https://www.microsoft.com/en-us/security/business/information-protection/microsoft-purview-data-loss-preventionWatch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join is this episode as we welcome Microsoft royalty: Nishan DeSilva. Learn what's it's like leading a team of Principal Product People Manager Leads, Principal Product Managers, Developers and Senior Product Managers across globe.Show Notes/Links* Nishan’s LinkedIn profile: https://www.linkedin.com/in/nishandesilva/* Microsoft Copilot for Security: https://www.microsoft.com/en-us/security/business/ai-machine-learning/microsoft-copilot-security* Microsoft Purview: https://www.microsoft.com/en-us/security/business/microsoft-purview * Secure your data to confidently take advantage of Generative AI with Microsoft Purview: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/secure-your-data-to-confidently-take-advantage-of-generative-ai/ba-p/4127335* Afternoon Cyber Tea with Ann Johnson - The Role of Data and AI in Modern Cybersecurity: https://thecyberwire.com/podcasts/afternoon-cyber-tea/99/notes* Security above all else—expanding Microsoft’s Secure Future Initiative: https://www.microsoft.com/en-us/security/blog/2024/05/03/security-above-all-else-expanding-microsofts-secure-future-initiative/Watch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join us this episode as we welcome the illustrious Mark Simos, lead cybersecurity architect at Microsoft - and inventor of the super famous Microsoft Cybersecurity Reference Architecture (MCRA).Notes/Links* Mark's LinkedIn profile: https://www.linkedin.com/in/marksimos/* Mark's List of Cybersecurity Resources frequently sent to customers and colleagues: https://aka.ms/markslist* Microsoft Cybersecurity Reference Architectures: https://aka.ms/mcra* Microsoft Cybersecurity Reference Architectures videos: https://aka.ms/mcra-videos Watch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Stop by this episode and learn why Performanta has been recommended for the show for its highly innovative and sophisticated solutions. Looking for evidence of how far a partner can push the integration with Copilot for Security? This is it!Show Notes/Links* Jose’s LinkedIn Profile: https://www.linkedin.com/in/jose365/* Jose’s Blog: * Torvald’s LinkedIn Profile: https://www.linkedin.com/in/torvald-johnson/* Azure classic subscription administrators: https://learn.microsoft.com/en-us/azure/role-based-access-control/classic-administrators?tabs=azure-portal* Taking a Snapshot of Existing Tenant: https://microsoft365dsc.com/user-guide/get-started/snapshot-of-existing-tenant/Watch the live replay… This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join us this episode as we continue our Passion to Profession month as we welcome Arielle Cireseanu-Acevedo, Cybersecurity Governance, Risk and Compliance Analyst.Show Notes/Links* Arielle’s LinkedIn profile: https://www.linkedin.com/in/arielle-cireseanu-acevedo/* Accelerate your observability journey with Azure Monitor pipeline (preview): https://techcommunity.microsoft.com/t5/azure-observability-blog/accelerate-your-observability-journey-with-azure-monitor/ba-p/4124852* Download the Azure Monitor pipeline deck: https://github.com/The-Microsoft-Security-Insights-Show/ShowCode/blob/main/Docs/Arc%20Jumpstart%20deck.pdfWatch the Live Replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join us this episode as we continue our Passion to Profession month as we welcome Hatim Othman, Information Security Leader at Cisco Meraki.Show Notes/Links* Morten's blog link: https://mortenknudsen.net/?p=3200* Reddit: https://old.reddit.com/r/sysadmin/comments/1eqziiy/patch_tuesday_megathread_20240813/li5kt6n/* Bay Area Coffee Roasters: https://hdehal.github.io/coffee-maps/?fbclid=IwAR1RlnylrsBIaLhe8jPbRSAEwhIZs70MopkBMpbhF4k0REW6gJx0szedfWQWatch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join us this episode as we talk with Angela Brown. Continuing our Passion to Profession month.Show Notes/Links* Angela’s LinkedIn profile: https://www.linkedin.com/in/angsec/* Partner training on CfS: Copilot for Security (microsoft.github.io)Microsoft 365 Message Center Archive (merill.net) – M365 updates (including security updates)https://merill.net – Awesome site and blog for Entra and AD tools and newsEntra ID has announced a new User Risk detection focused on Attacker in the Middle (AiTM). Click Here to Learn More. Microsoft Research Published a blog about AiTM, describing architecture patterns that step in to block this using defense in depth strategies. Here is the blog The NIST Zero Trust Implementation Guide featuring Microsoft’s Security Capabilities. This is the first industry wide effort that provides customers with a guide on how to implement Zero Trust security from a trusted “neutral” source (NIST) that tries to showcase how to implement the user cases using the different security vendors out there. Microsoft’s Security products featured prominently and we now have this beautiful mapping that shows that our products across the division can truly cover almost all the required capabilities to satisfy NIST’s requirements. Microsoft security partnered with NIST to announce the publication on our own blogs:Smoother Zero Trust with Microsoft and NIST | Microsoft Security BlogAnd this is the full picture blessed by NIST:What is this effort?Since early 2022, I have a lead a team of Zero Trust implementation experts across CXE, DSR and PG to collaborate with NIST’s NCCoE on this publication. After initial reception to their proposed Zero Trust reference architecture was mixed, NIST sought out this lab to make the architecture real by showing how it can be implemented. The lab featured over 20 of the most impactful security vendors in the industry. The lab organized the vendors into four “enterprises” each one showcasing a mix of different vendors and trying to implement the same use cases. We were able to both showcase our own capabilities for Microsoft Security as well as show that we play well with others as our “Enterprise 3” features Lookout, Forescout, Appgate and F5, for example.Why is this important?* NIST’s Zero Trust Reference Architecture is likely to be the blueprint used by other organizations and regulatory bodies to guide enterprise customers in how to deploy Zero Trust Access and security end to end. Having Microsoft represented shows our thought leadership as well as our desire to play well with others.* Having all our capabilities on full display helps customers who decide to with the better together Microsoft story build the comfort that our suite of products covers all if not most of their needs.* We were also able to influence many of the use cases themselves and add to them to showcase capabilities unique to the Microsoft story or better with the Microsoft story. For example, authentication context, authentication strength, access revocation and data security use cases were all added based on our feedback.Watch the Live Replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join us this episode as we talk with Thomas Marsh, Cybersecurity Analyst at Telstra. Continuing our Passion to Profession month, Thomas has an interesting story to tell about his journey and his experience as a newbie in Cybersecurity.Show Notes/Links* (GA) You can now release or move email messages from quarantine back to the user's inbox directly from Take actions in advanced hunting and in custom detections. https://learn.microsoft.com/en-us/defender-xdr/custom-detection-rules#actions-on-emailsWatch the Live Replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Robert Disney returns to the show to continue his demo of AI driven development. Code writing code to make the code better!Show Notes/Links:* Robert’s LinkedIn profile: https://www.linkedin.com/in/robertdisney/* FauxPilot: https://github.com/robdisney/fauxpilot* Copilot for Security: https://learn.microsoft.com/en-us/copilot/security/get-started-security-copilot* The Perils of AI Self-Replication: Averting a "Model Collapse" https://rodtrent.substack.com/p/the-perils-of-ai-self-replication* Jupiter Notebooks: https://jupyter.org/* Watch the live replay... This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join us this episode as we welcome the authors of The Definitive Guide to KQL from Microsoft Press, Mark Morowczynski, Matthew Zorich, and Rod Trent. Learn about the writing process. Hear how this book was put together, why it’s such an important release, and learn how this is not just a book, but a community collaboration. It takes a village. Show Notes/Links* Definitive Guide to KQL on Amazon: https://amzn.to/46ix0tX* Definitive Guide to KQL on Microsoft Press: https://www.microsoftpressstore.com/store/definitive-guide-to-kql-using-kusto-query-language-9780138293383* Definitive Guide to KQL GitHub repo: https://github.com/KQLMSPress/definitive-guide-kql* Definitive Guide to KQL Copilot for Security Plugin: https://github.com/KQLMSPress/definitive-guide-kql/tree/main/Other/CfSPluginWatch the Live Replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join us this episode as we talk with Michael Melone, Cyber Threat Hunter at Microsoft. Michael Melone is a cybersecurity professional with over 20 years of experience, specializing in determined human adversary incident response, security operations, and KQL. As a principal security researcher for Microsoft's Defender Experts for XDR, Michael works as part of a team of analysts overseeing security operations for its customers and drives product design for the software used in its delivery. Prior to this role, he spent over 7 years investigating targeted attack incidents at customers across the globe as well as 3 years helping large enterprise customers onboard and operationalize the Microsoft 365 Defender XDR suite. Michael holds an executive MBA from USF, a Master of Science in IT Management specializing information assurance and security from Capella University, as well as being a long-time holder of the CISSP certification and a variety of other IT industry certifications. Michael is also the author of the books Designing Secure Systems and Think like a Hacker.Show Notes/Links* Michael Melone's LinkedIn profile - https://www.linkedin.com/in/mjmelone/* Michael’s YouTube channel: https://www.youtube.com/channel/UCm4mtCNoTEVSPoxUhO4ssbg * Michael's blog: https://melone.co/ Watch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join us this episode as we welcome Heike Ritter, Principal Product Manager at Microsoft! Many of you already know (or have heard of) Heike, but this episode we get her all to ourselves to talk about how in her role at Microsoft she is leading knowledge building through the Virtual Ninja Training series, among other things.Show Notes/Links* Defender News: https://aka.ms/DefenderNews* Ninja Training: https://aka.ms/NinjaTraining* The Ninja Show: https://aka.ms/NinjaShow* Sword of the Shattered Kingdoms: Ancient Crystal of Eldoria: https://amzn.to/3LfKKMEWatch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join us as we have a hosts-only show leading up to Independence Day. Independence Day, known colloquially as the Fourth of July, is a federal holiday in the United States commemorating the Declaration of Independence, which was ratified by the Second Continental Congress on July 4, 1776, establishing the United States of America.EXTRA: Rod is out sick. Brodie is doing new daddy things. So, it’s up to Raae and Edward to celebrate the US holiday.Watch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

We have a treat this week! You've heard about it. Many of you have used it and swear by it. Now hear directly from ...drum roll, please... Cribl!Show Notes/Links* Cribl’s website: https://cribl.io/* Aldo Dossola’s LinkedIn profile: https://www.linkedin.com/in/aldo-dossola/* Kam Amir’s LinkedIn profile: https://www.linkedin.com/in/kamiloamir/Watch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

In this episode, our good friends from Difenda will drop by to talk about stories from the MSSP trenches, how they help customers accelerate cyber maturity via Microsoft Security technologies (including Copilot for Security), who they think will take home the Stanley Cup, and any other topics we throw at them. Joining us from the Difenda team will be Andrew Hodges and Kyle Link, two guys with plenty of infosec scar tissue, and as a result, an equal number of pragmatic solutions.Show Notes/Links* Difenda website: https://www.difenda.com/ * Difenda Microsoft Marketplace: https://appsource.microsoft.com/marketplace/partner-dir/987a6d16-1c37-4bcc-b5f5-1a6091c3d7c9/overview* Microsoft Copilot for Security Adoption ‘Difend’ Accelerator Services: https://appsource.microsoft.com/marketplace/consulting-services/difenda.difenda_copilot_for_security * Microsoft Copilot for Security Adoption ‘Difend’ Accelerator Brief: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW1l1h1* Partner Learning for CfS: https://securitypartners.transform.microsoft.com/partner-ecosystem* https://Microsoft365dsc.com - Microsoft365DSC is the most comprehensive and complete solution to have your Microsoft 365 tenant configuration simple and stable. It's an Open-Source initiative hosted on GitHub, led by Microsoft engineers and maintained by the community.* New Show News section of the site: https://www.microsoftsecurityinsights.com/t/show-newsWatch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join us this episode as we invite and talk with Robert Disney. Robert is doing some amazing things with ChatGPT and security.NOTE: This is a demo-heavy episode! If you can, watch the live replay below…NOTE PART 2: As mentioned HERE on the site, we will stop streaming the live show to Twitch. Please instead use YouTube, LinkedIn, or X/Twitter.Show Notes/Links* Robert’s LinkedIn profile: https://www.linkedin.com/in/robertdisney/* FauxPilot: https://github.com/robdisney/fauxpilotWatch the Live Replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join us this episode as we welcome, Michael Zambotti, Client CIO at Miles Technologies. This show was originally scheduled for guest, Akto. Akto is the only Open-Source API Security platform and focuses on GenAI security. Watch for the reschedule.Show Notes/Links:* Mike Zambotti LinkedIn profile: https://www.linkedin.com/in/mjzambotti/* Women in Cybersecurity: https://www.wicys.org/* Episode 200 - Tuesday, March 26th, 5pm EST - Leticia Gammill, Director, Security Sales Programs @Microsoft | Founder & President at WOMCY, Latam Women in Cybersecurity: https://www.microsoftsecurityinsights.com/p/the-microsoft-security-insights-show* The Microsoft Security Insights Show - Women in Cybersecurity Month - March 2024: https://www.microsoftsecurityinsights.com/p/the-microsoft-security-insights-showWatch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Join us this episode as we talk with Cognni to learn about their solution for data security and how this plays a huge part in securing AI.Show Notes/Links* Cognni’s website: https://cognni.ai/* Connect with Clifford Corney on LinkedIn: https://www.linkedin.com/in/cliffcorney/* Connect with Oliver Samuel on LinkedIn: https://www.linkedin.com/in/oliver-samuel-227b6a1b6/Live Show Replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

This episode we welcome Drew Nicholas and Mary Lieb to talk all about Extended Security Posture Management (XSPM).Show Notes/Links* Mary Lieb LinkedIn profile: https://www.linkedin.com/in/mary-lieb-profile/* Drew Nicholas LinkedIn profile: https://www.linkedin.com/in/drewnicholas1/* Review and classify critical assets: https://learn.microsoft.com/en-us/security-exposure-management/classify-critical-assets* Review security initiatives: https://learn.microsoft.com/en-us/security-exposure-management/initiatives* Introducing Microsoft Security Exposure Management: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/introducing-microsoft-security-exposure-management/ba-p/4080907Watch the Live Replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

This episode we welcome back Chris Stelzer to dig deep into how to develop your own plug-ins for Copilot for Security!Show Notes/Links* Chris Stelzer’s LinkedIn profile: https://www.linkedin.com/in/scstelz/* Official GitHub Repo for Copilot for Security: https://github.com/Azure/Copilot-For-Security/tree/main* Microsoft Sentinel Triage AssistanT (STAT): https://github.com/briandelmsft/SentinelAutomationModules/tree/main/DeployWatch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

It's Partner month on the MSI Show! This year we're focused solely on our Copilot for Security partners. Stop by to learn more about Copilot for Security and how Microsoft's partners are building solutions around this new AI service for security.Show Notes/Links* Joe Cicero’s LinkedIn profile: https://www.linkedin.com/in/josephcicero/* SRA’s website: https://sra.io/* Latest Copilot for Security Custom Plugins: https://github.com/rod-trent/Copilot-for-Security/tree/main/PluginsWatch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

It's Partner month on the MSI Show! This year we're focused solely on our Copilot for Security partners. Stop by to learn more about Copilot for Security and how Microsoft's partners are building solutions around this new AI service for security.Show Notes/Links* Forsyte IT’s website: https://forsyteit.com/* Shihan Wijeyeratne's LinkedIn profile: https://www.linkedin.com/in/shihan-wijeyeratne-55804b8b/* Copilot for Security plugins: https://github.com/rod-trent/Copilot-for-Security/tree/main/Plugins* Copilot for Security Prompting workshop: https://github.com/rod-trent/Copilot-for-Security/tree/main/Prompts/WorkshopWatch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

It's Partner month on the MSI Show! This year we're focused solely on our Copilot for Security partners. Stop by to learn more about Copilot for Security and how Microsoft's partners are building solutions around this new AI service for security.Notes/Links:* Critical Start website: https://www.criticalstart.com/* Randy Watkins LinkedIn profile: https://www.linkedin.com/in/randy-watkins-19368513/ * Rod Trent on MS National Office Hours: https://forms.office.com/pages/responsepage.aspx?id=v4j5cvGGr0GRqy180BHbR1Yrd34zLbtMspVmu5kxHXhUM0lLSEQ4TUYzTzRPQ0U1VFNOREJWTFNQVy4uWatch the live replay: This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

It's Partner month on the MSI Show! This year we're focused solely on our Copilot for Security partners. Stop by to learn more about Copilot for Security and how Microsoft's partners are building solutions around this new AI service for security.Notes/Links:* Bulletproof website - https://bulletproofsi.com/* Bulletproof CfS Webinar (May 2nd, 2024 | 11:00 AM - 12:00 PM ET ) - https://content.bulletproofsi.com/webinar-copilot-security* Christopher Simm LinkedIn Profile: https://www.linkedin.com/in/csimm/* Jon Stewart On The False Promises of AI:* How to Become a Microsoft Copilot for Security Ninja: The Complete Level 400 Training - https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/how-to-become-a-microsoft-copilot-for-security-ninja-the/ba-p/4106928* Unleash the Power of Microsoft Copilot for Security: Introducing the Copilot for Security GitHub - https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/unleash-the-power-of-microsoft-copilot-for-security-introducing/ba-p/4109184Watch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

It's Partner month on the MSI Show! This year we're focused solely on our Copilot for Security partners. Stop by to learn more about Copilot for Security and how Microsoft's partners are building solutions around this new AI service for security. Notes/Links: * Quorum Cyber website: https://www.quorumcyber.com/* Graham Hosking LinkedIn profile: https://www.linkedin.com/in/grahamhosking/Watch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

It's Partner month on the MSI Show! This year we're focused solely on our Copilot for Security partners. Stop by to learn more about Copilot for Security and how Microsoft's partners are building solutions around this new AI service for security. Notes/Links:* Sentinel Watchlist Plugin template: https://github.com/rod-trent/Copilot-for-Security/blob/main/Plugins/KQL_Plugin_TrustedUsersWatchlist.yaml* Copilot Labs: https://copilot.cloud.microsoft/prompts* Tanium Prompts for Copilot for Security: https://github.com/rod-trent/Copilot-for-Security/blob/main/Prompts/Plugins/Tanium.md* New Tanium-Microsoft partnership provides endpoint data to Copilot for Security: https://siliconangle.com/2024/04/01/new-tanium-microsoft-partnership-provides-endpoint-data-copilot-security/* Tanium Integrates with Microsoft Copilot for Security - Changing the Game for Cybersecurity Teams: https://www.tanium.com/blog/microsoft-copilot-for-security-integration/Watch the Live Show Replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

It's Partner month on the MSI Show! This year we're focused solely on our Copilot for Security partners. Stop by to learn more about Copilot for Security and how Microsoft's partners are building solutions around this new AI service for security. Notes/Links:* Learn Lives: https://learn.microsoft.com/en-us/shows/learn-live/microsoft-copilot-for-security/* Midwest Management Summit MOA: https://mmsmoa.com/registration/mms-2024-at-moa* Microsoft Build: https://build.microsoft.com/* Copilot for Security Community Group: https://www.linkedin.com/groups/14345161/* Copilot for Security pricing table: https://azure.microsoft.com/pricing/details/microsoft-copilot-for-security/#pricing* Copilot for Security pricing calculator: https://azure.microsoft.com/pricing/calculator/* Public Plugin List: https://learn.microsoft.com/en-us/security-copilot/plugin-overview* Grant partners access to Microsoft Copilot for Security: https://learn.microsoft.com/en-us/security-copilot/grant-access-external-users* Prompt Library: https://github.com/rod-trent/Copilot-for-Security/tree/main/Prompts Watch the Live Replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Our final 2024 episode for Women in Cybersecurity Month 2024!Show Notes/Links:* Experts Live Kenya: https://www.expertslive.ke/* Cybergirls: https://cybergirls.cybersafefoundation.org/* ADPList: https://adplist.org/* Microsoft Build: https://build.microsoft.com/Watch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Hey! It's our 200th episode! What better way to celebrate than highlighting and celebrating Women in Cybersecurity Month 2024!Show Notes/Links* Leticia Gammill’s LinkedIn profile: https://www.linkedin.com/in/letigammill/* LATAM Women in Cybersecurity - https://womcy.org/* Donate - https://womcy.org/product/donate-to-womcy/* Smartless podcast - https://www.smartless.com/* Starting to work with Microsoft Security Service Edge - including Entra Private Access and Internet Access - you need to check out this deployment guide: https://lnkd.in/gPfZKcvgKQL Code:ExposureGraphNodes| where NodeProperties.rawData.criticalityLevel contains "Domain Admin Workstations"| where isnotnull(NodeProperties.rawData.highRiskVulnerabilityInsights)| extend MaxCvssScore = toreal(NodeProperties.rawData.highRiskVulnerabilityInsights.maxCvssScore)| sort by MaxCvssScore descDevelopers, Developers, Developers…Watch the Live Replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Stop by as we highlight and celebrate Women in Cybersecurity Month 2024!Show Notes/Links:* Women in Cloud: https://womeninCloud.com* MDE common deployment mistakes: https://lnkd.in/dEtk7rCB* Connect ServiceNow to Defender for Cloud https://lnkd.in/eGKrPHQ9 * Create a ticket in Defender for Cloud https://lnkd.in/ePqUdNH5* Create automatic tickets with governance rules https://lnkd.in/exAcrQeF* Protect your resources with Defender CSPM https://lnkd.in/eBaeyH9y* Register now for the Microsoft Windows Server Summit 2024: https://www.microsoft.com/windows-server/blog/2024/03/11/register-now-for-the-microsoft-windows-server-summit-2024/Watch the live replay This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Stop by as we highlight and celebrate Women in Cybersecurity Month 2024 and learn a bit about Star Trek!Show Notes/Links:Watch the live replay… This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Stop by as we highlight and celebrate Women in Cybersecurity Month 2024!Show Notes/Links:Watch the live replay… This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

We take a short break in the Women in Cybersecurity month festivities to celebrate something else. You don't want to miss this!Directly on the heels of the Copilot for Security GA announcement at Microsoft Secure, in this episode we highlight our co-host (or, co-pilot) and Copilot for Security expert, Andrea Fisher, and talk about what Copilot for security is, what it isn’t, and what it costs.Show Notes/Links:* Copilot for Security announcement: https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/microsoft-copilot-for-security-general-availability-details/ba-p/4079970* Prompt Library: https://github.com/rod-trent/Security-Copilot/tree/main/Prompts* Wallpaper: https://github.com/rod-trent/Security-Copilot/tree/main/Images/WindowsBackgroundsWatch the live replay… This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Stop by as we highlight and celebrate Women in Cybersecurity Month 2024!"Don't have to be a turd to flush the toilet" - Kate ProctorShow Notes/Links:Catch us live on the next show: The Microsoft Security Insights Show - Women in Cybersecurity Month - March 2024Watch the live replay… This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Stop by as we highlight and celebrate Women in Cybersecurity Month 2024!Show Notes/Links: * Maria Young on LinkedIn: https://www.linkedin.com/in/maria-verardi/* Microsoft Pegasus: https://www.microsoft.com/startups/pegasus and https://foundershub.startups.microsoft.com/signup* Copilot for Security: https://www.microsoft.com/security/business/ai-machine-learning/microsoft-security-copilot* Must Learn KQL: https://aka.ms/MustLearnKQL* The Definitive Guide to KQL from Microsoft Press: https://amzn.to/3TlGKil* Microsoft Cybersecurity for Beginners – a curriculum: https://github.com/microsoft/Security-101* CompTIA Security + Exam Guide (SYO-601): https://amzn.to/3Pb3jDMWatch the live replay… This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Stop by as we highlight and celebrate Women in Cybersecurity Month 2024!Show Notes/Links:* Intern Program: https://www.microsoft.com/en-IE/earlycareers/internsapprenticeships* What went Generally Available (GA) since February 2024?* Granular filtering of Conditional Access (CA) policy list – CA policies can now be filtered on actor, target resources, conditions, grant control and session control. The granular filtering experience can help admins quickly discover policies containing specific configurations.* Microsoft Entra ID Protection: Suspicious API traffic detection for users – This new detection is reported when abnormal Microsoft Graph traffic or directory enumeration is observed by a user. Suspicious API traffic might suggest that a user is compromised and conducting reconnaissance in their environment.* Microsoft Entra ID Protection: Risk remediation on the Azure mobile app – Adds remediation capabilities of Microsoft Entra ID Protection which were previously only available in the Microsoft Entra portal to the Azure mobile app. This capability includes comprehensive reporting, offering insights into risky behaviors such as compromised user accounts and suspicious sign-ins, and includes the Risky users and Risky sign-ins report.New public previews* Authentication Flows for Conditional Access – Supports the ability to configure CA policies to restrict or block the usage of certain authentication flows. The first iteration of this feature is limited to device code flow and authentication transfer.* Conditional Access: Require reauthentication every time - Lets you require users to interactively provide credentials again before accessing critical applications and taking sensitive actions on any resource protected by CA.* Workbook for impact analysis of risk-based Conditional Access policies - The Microsoft ID Protection risk analysis workbook helps admins understand what would happen if you create and enable Microsoft Entra ID Protection risk based CA policies in your environment. Workbooks are a collection of information, including queries, tables, and visualizations over a period of time to help you make sense of underlying data from an existing Log Analytics workspace.Watch the live replay… This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Stop by to listen to the crew chat with Dan Chemistruck about what XDR means in the industry today.Show Notes/Links:* Microsoft Build - May 21-23, 2024 PT (Save the date) in Seattle - https://build.microsoft.com/* Microsoft Ignite - November 18–22, 2024 (Save the date) in Chicago - https://ignite.microsoft.com/* Introducing our new 7-lesson open-source course, “Security for Beginners”. Small lessons that should take around 30-60 mins to complete and will teach you fundamental cybersecurity concepts. https://aka.ms/sec101-beginners* Announcing: Microsoft Security Service Edge Solution Deployment Guide for Microsoft Entra Internet Access POC - We are excited to announce this guidance that helps IT Administrators configure and validate Microsoft Entra Internet Access, joining existing guidance for Microsoft Entra Private Access and Microsoft Entra Internet Access for M365. As with the other POC guides, this guidance is configured in a lab format to expedite customer testing. All three guides are accessible via shortlink: https://aka.ms/ssedeploy* The Ultimate Azure Inventory Dashboard - Using Azure Resource Graph (cloudsma.com) - https://campbell.scot/feb-2024-ultimate-comparison-of-defender-for-endpoint-features-by-os/#download* Welcome to multi-tenant management in Microsoft Defender: https://mto.security.microsoft.com/* Women in Cyber Month - March - https://securityinsights.substack.com/p/the-microsoft-security-insights-show* Coming…Copilot for Security Partner Month - AprilWatch the live replay… This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Josh is a Senior Technical Specialist at Microsoft focused on Security in Healthcare and Life Sciences. That's a mouthful, but not at all boring. Stop by live as this discussion could go off the rails.Show Notes/Links:* HIMSS - https://hde.himss.org/global-conference* March is Women in Cybersecurity month. We have a stacked deck. 2 shows per week: https://securityinsights.substack.com/p/the-microsoft-security-insights-show* And then Partner month in April - leading up to RSA in San Francisco - but focused on Copilot for Security.* Upcoming Learn Lives with the MSI crew: https://learn.microsoft.com/en-us/shows/learn-live/microsoft-copilot-for-security/Watch the live replay… This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Stop by and catch up with New Zealander Andre Camillo, Technology Specialist - Security and Compliance at Microsoft.Show Notes/Links:* Ninja Training: https://aka.ms/NinjaTraining* Microsoft Defender for Cloud Apps webinars: https://learn.microsoft.com/en-us/defender-cloud-apps/webinars* Microsoft Defender for Cloud Apps e-books: https://learn.microsoft.com/en-us/defender-cloud-apps/e-books* Learn Path - Secure cloud apps using Microsoft Defender for Cloud Apps: https://learn.microsoft.com/en-us/training/paths/m365-cloud-app-security-fundamentals/* Extended Detection and Response (XDR) | Microsoft Security: https://www.microsoft.com/en-us/security/business/solutions/extended-detection-response-xdr* Detect and respond to modern attacks with unified SIEM and XDR capabilities: https://mslearn.cloudguides.com/en-us/guides/Investigate%20security%20incidents%20in%20a%20hybrid%20environment%20with%20Azure%20Sentinel* William 'Bill' Post, inventor of Pop-Tarts, dies at 96: https://www.nbcnews.com/news/us-news/william-bill-post-inventor-pop-tarts-dies-96-rcna138784 Change the way we do security and the way security gets done.Watch the live replay… This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

The show may have been short this week, but Edward stops by today to talk about what’s coming in the next couple months on the show. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Edward and Andrea are in Seattle. Brodie is back from the ski slopes. And Rod - well -- Rod is here, too. No telling what this episode might bring.Heads-up: Unfortunately, someone hit the big red button that stops the live stream, so this episode is quite a bit shorter than normal. However, we covered a LOT of ground in a short period of time. Show Notes/Links:* Experts Live Denmark - https://events.justattend.com/events/conference-hub/584b32f5* Microsoft AI Tour - https://envision.microsoft.com* Tip from Andrea: WDAT Conditional Access Policy - disable to allow Sentinel to connect to Defender XDR connector over API* Microsoft AI Tour deck: Securing Generative AI applications* Microsoft Entra Verified ID introduces Face Check in preview - https://www.microsoft.com/en-us/security/blog/2024/02/06/microsoft-entra-verified-id-introduces-face-check-in-preview/* Secure your resources with Microsoft-managed Conditional Access policies - Microsoft Entra ID | Microsoft Learn - https://learn.microsoft.com/en-us/entra/identity/conditional-access/managed-policiesWatch the live replay… This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Sarahzin Shane and Andrew McMurray join us this week to talk about all things Microsoft Purview.Show Notes/Links:* What is Microsoft Purview: https://learn.microsoft.com/en-us/purview/purview* Just in Time for Purview: https://learn.microsoft.com/en-us/purview/endpoint-dlp-using-jit-protection* Purview, turn on OCR capabilities: https://learn.microsoft.com/en-us/purview/ocr-learn-about* Join the preview for the Cold Data Crawl: https://aka.ms/JoinCCPWatch the live replay… This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

Come meet Purav Desai! Purav talks about M365 Forensics and is the author of the DecipheringUAL Github series. This show, we'll talk about Microsoft Security across Defender, Sentinel and Purview Compliance.Show Notes/Links:* DecipheringUAL GitHub Repo: https://github.com/PuravsPoint/DecipheringUAL* Purav on LinkedIn: https://www.linkedin.com/in/purav-da346393/Watch the live replay… This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

After a last second cancellation (guests will be rescheduled), join us as we gather together to talk about current events.Show Notes/Links:* Microsoft Copilot Pro: https://support.microsoft.com/en-us/copilot-pro* Discover, monitor and protect the use of Generative AI apps: https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/discover-monitor-and-protect-the-use-of-generative-ai-apps/ba-p/3999228* Microsoft AI Tour: https://envision.microsoft.com* Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms: https://www.microsoft.com/en-us/security/blog/2024/01/12/microsoft-is-named-a-leader-in-the-2023-gartner-magic-quadrant-for-endpoint-protection-platforms/Watch the live replay… This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com

This episode we invite Steven Hosking, Senior Product Manager at Microsoft, to discuss using Intune to deliver the secure network configuration to client devices.Show Links/Notes:Watch the live replay… This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com