Avsnitt
-
In this episode, we dive into the recent wave of layoffs at Microsoft, where 6,000 employees—about 3% of the workforce—were let go. We explore the broader implications of these cuts, from the restructuring of management layers to the increasing role of AI in shaping the future of work.
Join us as we hear from industry experts, affected employees, and analysts who break down what this means for tech professionals, corporate strategy, and the evolving job market. How do these layoffs fit into the larger trend of workforce reductions across the tech sector? What lessons can be learned from past restructuring efforts? And most importantly, how can professionals adapt and thrive in an industry that’s constantly evolving?
Whether you're in tech, navigating career shifts, or simply curious about the forces shaping the modern workplace, this episode offers insights, perspectives, and strategies for moving forward.
Tune in for a thoughtful discussion on resilience, adaptation, and the future of work in the age of AI.
Show Links/Notes
* Amanda's LinkedIn Profile: https://www.linkedin.com/in/amanda-schilling-5863a551/
* Microsoft Build Books of News: aka.ms/BookofNews
* Changes to Microsoft Authenticator autofill: https://support.microsoft.com/en-us/account-billing/changes-to-microsoft-authenticator-autofill-09fd75df-dc04-4477-9619-811510805ab6
* MISA Partners: https://securitypartners.transform.microsoft.com/misa-members
Watch the live replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
Welcome to Partner month on the MSI Show. This episode we talk with Tanium to hear about the company’s latest developments for Microsoft Security Copilot and a new Agent that helps automate security operations.
Show Notes/Links
* Tanium: https://www.tanium.com/
* Microsoft Partner Spotlight - Tanium: https://www.tanium.com/partners/microsoft/spotlight/
* Michael Fiorina’s LinkedIn profile: https://www.linkedin.com/in/mikefiorina/
* Microsoft Security Copilot Agent videos: https://adoption.microsoft.com/security-copilot/video-hub/
* MDEAutomator: https://github.com/msdirtbag/MDEAutomator
* SRA’s Crowpilot: https://sra.io/blog/crowpilot-the-ai-agent-that-connects-security-copilot-with-crowdstrike-falcon/
General
Securing generative AI models on Azure AI Foundry
Microsoft's Zero Trust approach
Threat Intelligence & ESAM
Azure Security & Defender for Cloud News
Sentinel News
Microsoft Sentinel Project Deployment Tracker
Ingesting Akamai Audit Logs into Microsoft Sentinel using Azure Function Apps
Defender for IoT
Sensor Disconnection Notifications with Microsoft Defender for IoT and Microsoft Sentinel
What's new in Microsoft Defender for IoT?
Microsoft 365 Security (All Up News)
Security Update Release Summary March 2025
Microsoft Entra
Help Desk & Account Recovery - Face Check with Microsoft Entra Verified ID -V
Remote Onboarding - Face Check with Microsoft Entra Verified ID -V
Secure Access to Resources - Face Check with Microsoft Entra Verified ID -V
Device Management & Protection (Intune)
Fortify your security posture with Microsoft Intune and Windows
Stay ahead of evolving threats with the latest AI in Intune
Expand endpoint visibility across device platforms
Microsoft Intune provides key advantages for macOS management
What's New in Azure Firewall - March 2025 -V
Configure Entra Private Access and Quick Access in Microsoft Entra Global Secure Access
What's new in Microsoft Intune
M365 Defender (Defender for Office, Defender for Endpoint, Defender for Identity, Defender for Cloud Apps)
Resolving high CPU utilization in Microsoft Defender Antivirus
Mastering endpoint security settings issues with Defender for Endpoint Client Analyzer
Mastering onboarding issues with Defender for Endpoint Client Analyzer
Microsoft Defender for Endpoint Client Analyzer overview
What's new in Microsoft Defender XDR
What's new in Microsoft Defender for Endpoint
What's new in Microsoft Defender for Office 365
What's new in Microsoft Defender for Identity
What's new in Microsoft Defender for Cloud Apps
Defender Experts for XDR
Copilot for Security
Announcing Alert Triage Agents in Microsoft Purview, powered by Security Copilot
What's new in Microsoft Security Copilot?
Incident Response
Purview - Compliance & Governance
Mitigating insider risks in the age of AI with Microsoft Purview Insider Risk Management
Learning
Microsoft Defender for Cloud Apps - Ninja Training
Watch the live replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
Saknas det avsnitt?
-
JP Bourget was the founder of Syncurity, an early entrant in the SOAR market, which sold to Swimlane in 2020. He currently is President Blue Cycle, a SecOps maturity advisory, services and development firm. Blue Cycle focuses on the core technologies, architecture, integration, and customization of modern sec ops programs and meet clients where they are to help level up their capabilities. Blue Cycle is a Microsoft Partner with designations in Security, Modern Work, Infrastructure, Data and AI, and Digital and App innovation. JP has designed Sentinel architecture for F500s and XDR providers and touched his first SIEM in 2005. JP is also the Entrepreneur/CISO in Residence at Lytical Ventures based in NYC, and lives in upstate NY.
Show Notes/Links
* JP’s LinkedIn Profile: JP Bourget
* BlueCycle website: https://www.bluecycle.net/
Tools, Blogs and Stuff:
* Noodle’s new blog: https://sentinel.blog
* https://aadinternals.com
General:
* AI innovation requires AI security: Hear what’s new at Microsoft Secure
* Transforming public sector security operations in the AI era
Threat Intelligence:
* Malvertising campaign leads to info stealers hosted on GitHub
* Silk Typhoon targeting IT supply chain
Azure Security:
* Implementing Multi-Layered Security with Azure DDoS Protection and Azure WAF
Defender for Cloud:
* API Security Posture with Defender for Cloud
* Secure your AI application transformation with Microsoft Defender for Cloud
Sentinel News:
* New capabilities coming to Microsoft Sentinel this Spring
* Microsoft Sentinel - Custom ASIM Parser for Solarwind Data source
Microsoft Entra:
* Securing B2B Collaboration with Microsoft Entra ID -V
* Microsoft Entra External ID: User activity insights
* Quick Setup - Microsoft Entra Verified ID
M365 Defender | XDR - (MDO, MDE, MDI, MDCA):
* Transition to the Unified SOC Platform: Deep Dive and Interactive Q&A for SOC Professionals
* Microsoft Defender for Endpoint Client Analyzer overview
* Connecting your Apps to Defender for Cloud Apps
Security Copilot:
* Automate cybersecurity at scale with Microsoft Security Copilot agents
* Take Flight with Microsoft Security Copilot Flight School
Microsoft Purview:
* Strengthen data security posture in the era of AI with Microsoft Purview
* Prevent data loss across your ever-expanding data estate with Microsoft Purview Data Loss Prevention
Microsoft Learning | Skilling:
* Microsoft Defender for Cloud Apps - Ninja Training
Webinars and Stuff:
* Microsoft Cloud Security Public Webinars
Watch the live replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
Advanced Prompt Engineering for Security Copilot. As a cybersecurity professional with over 20 years of experience, Rick specializes in cybersecurity architecture and IT risk management. He is passionate about artificial intelligence, continuous learning, exchanging ideas, and contributing to endeavors that help others achieve success.
Show Notes/Links
Rick’s LinkedIn Profile: https://www.linkedin.com/in/rick-kotlarz/
Tools, Blogs and Stuff:
Noodle’s new blog: https://sentinel.blog
https://aadinternals.com
General:
* Create | Microsoft 365 Copilot
* Microsoft Security Insider
* Exploring the Extensibility of Active Directory Migration Service (ADMS) Device Migration
* Introducing the Secure Future Initiative Tech Tips show!
* Navigating Mergers and Acquisitions: IT Consolidation Best Practices and Approach
* Blog Series: Charting Your Path to Cyber Resiliency
Threat Intelligence:
* https://www.activecountermeasures.com/malware-of-the-day-ipv6-address-aliasing/
* New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects
* New innovations to protect custom AI applications with Defender for Cloud
* Enhance AI security and governance across multi-model and multi-cloud environments
* All Key Vaults Are Critical, But Some Are More Critical Than Others: Finding the Crown Jewels
* Securing your organization from 'IngressNightmare' using Microsoft Security capabilities
Azure Security:
* Manage cloud security posture with Microsoft Defender for Cloud
* What's new in Defender for Cloud features
Defender for Cloud:
* API Security Posture with Defender for Cloud
* Secure your AI application transformation with Microsoft Defender for Cloud
Sentinel News:
Want to know how to view Sentinel incidents in Teams?
Azure Lighthouse support for MSSP use of Security Copilot Sentinel scenarios in Public Preview | Microsoft Community Hub
Monitor User Activities and System Events with Security Copilot and Microsoft Sentinel | Microsoft Community Hub -
Microsoft Entra:
* Using phishing resistant creds | Protect identities and secrets
* How do Microsoft Entra ID Protection Risk Signals Work?
* Configure API driven Provisioning in Microsoft Entra ID Governance
* Configure auto-assignment policies in Microsoft Entra ID Governance using Entitlement Management
* Microsoft Entra custom authentication extension overview
* Implementing managed identities | Protect identities and secrets
* Create Custom reports for Microsoft Entra ID Governance data using Azure Data Explorer
* What's new in Entra ID
M365 Defender | XDR - (MDO, MDE, MDI, MDCA):
* Built-in report button is available in Microsoft Outlook across platforms
* Monthly news - March 2025
* Defending Against OAuth-Based Attacks with Automatic Attack Disruption
* Level Up Your App Governance With Microsoft Defender for Cloud Apps Workshop Series
* Strengthening Email Security: Our New Approach to Non-RFC Compliant Emails
* Unveiling the Shadows: Extended Critical Asset Protection with MSEM
* Level up your defense: protect against attacks using stale user accounts
* Discover and protect Service Accounts with Microsoft Defender for Identity
* Protect SaaS apps from OAuth threats with attack path, advanced hunting and more
* General Availability for Collaboration Security for Microsoft Teams
Security Copilot:
* Protect at the scale and speed of AI with Microsoft Security Copilot
* Microsoft Security Copilot – Microsoft Adoption
* Empowering Security Copilot with NL2KQL: Transforming Natural Language into Insightful KQL queries | Microsoft Community Hub
* Advancing Security Copilot with MAGIC: Automating Self-Correction in NL2KQL and Beyond
* Take Flight with Microsoft Security Copilot Flight School
Microsoft Purview:
* 3 Tips for Comprehensive Data Security
* Advanced hunting for Microsoft Purview Data Loss Prevention (DLP) incidents | Microsoft Community Hub
* New innovations in Microsoft Purview for protected, AI-ready data
* Unlocking the Power of Microsoft Purview for ChatGPT Enterprise
* What's new in Microsoft Purview
Webinars and Stuff:
* Microsoft Cloud Security Public Webinars
Watch the live replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
This episode we welcome Linda Dögg Guðmundsdóttir. Linda works as a Cybersecurity Architect Expert & Solution Architect in Iceland. In this episode, Linda shares her expertise on security M365 Copilot. Tune in for lots of talk about Purview, Defender for Cloud Apps, and Data Security.
Show Notes/Links
* Join the MSI Kusto Team for the upcoming Kusto Detective Agency - Call of Cyber Duty: https://www.microsoftsecurityinsights.com/p/join-the-msi-show-team-for-the-kusto
* Just good old plain security stuff:
General:
* Everything Old Is New Again: Hardening the Trust Boundary of VBS Enclaves
* Meet the IMS team
* IMS Efficient Migration Methods
Threat Intelligence:
* Analyzing open-source bootloaders: Finding vulnerabilities faster with AI
* StilachiRAT analysis: From system reconnaissance to cryptocurrency theft
* Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malware
Azure Security:
* Secure containers software supply chain across the SDLC
* Microsoft Defender for Cloud Customer Newsletter
* Integrating Security into DevOps Workflows with Microsoft Defender CSPM
* Public Preview: Key Attestation for Azure Managed HSM
Defender for Cloud:
* Secure your AI application transformation with Microsoft Defender for Cloud-V
* Manage cloud security posture with Microsoft Defender for Cloud -V
* What's new in Defender for Cloud features
Sentinel News:
* Integrating Radware WAF Logs with Microsoft Sentinel Using Logic Apps
* Case Management is now Generally Available
* What's new in Microsoft Sentinel
Microsoft Entra:
* ADSS TSync vs Entra Cross-Tenant Sync: A Comprehensive Comparison
* Introducing Microsoft Entra Health alerts: An enhancement to tenant health monitoring
* Exploring the Extensibility of Active Directory Migration Service (ADMS)
* Tell us what you think: The Microsoft Entra blog team wants to hear from you!
* New innovations in Microsoft Entra to strengthen AI security and identity protection
* Insights from the Secure Employee Access report reveal the need for unified access security
* New user experience for consumer authentication
* Replace your legacy VPN with an identity-centric ZTNA
M365 Defender | XDR - (MDO, MDE, MDI, MDCA):
* Built-in report button is available in Microsoft Outlook across platforms
* Monthly news - March 2025
* Defending Against OAuth-Based Attacks with Automatic Attack Disruption
* Level Up Your App Governance With Microsoft Defender for Cloud Apps Workshop Series
* Strengthening Email Security: Our New Approach to Non-RFC Compliant Emails
* Unveiling the Shadows: Extended Critical Asset Protection with MSEM
* Level up your defense: protect against attacks using stale user accounts
* Discover and protect Service Accounts with Microsoft Defender for Identity
* Protect SaaS apps from OAuth threats with attack path, advanced hunting and more
Security Copilot:
* Empowering Security Copilot with NL2KQL: Transforming Natural Language into Insightful KQL queries
* Advancing Security Copilot with MAGIC: Automating Self-Correction in NL2KQL and Beyond
Microsoft Purview:
* Improve your DLP maturity with DLP Analytics
* 1000 Data Map Collections
* Microsoft Purview – Data Security Posture Management (DSPM) for AI
* Protecting sensitive information in the era of AI with Microsoft Purview Information Protection
Microsoft Security Learning:
* Azure Network Security
* Microsoft 365 Advanced eDiscovery
* Microsoft Copilot for Security
* Microsoft Defender XDR
* Microsoft Defender External Attack Surface Management
* Microsoft Defender for Cloud
* Microsoft Defender for Cloud Apps
* Microsoft Defender for Endpoint
* Microsoft Defender Experts
* Microsoft Defender for Identity
* Microsoft Defender for IoT
* Microsoft Defender for Office 365
* Microsoft Defender Threat Intelligence
* Microsoft Defender Vulnerability Management
* Microsoft Purview Insider Risk Management
* Microsoft Purview Data Lifecycle & Records Management
* Microsoft Purview Information Protection
* Microsoft Purview Data Loss Prevention
* Microsoft Purview Communication Compliance
* Microsoft Purview Compliance Manager
* Microsoft Sentinel
* Microsoft Sentinel Notebooks
* Microsoft Unified SOC Platform
Microsoft Security Github’s:
* Azure Network Security GitHub
* Microsoft Defender for Cloud GitHub
* Microsoft Sentinel GitHub
* Microsoft Defender XDR GitHub
* Microsoft Defender for Cloud Apps GitHub
* Microsoft Defender for Identity
* Microsoft Purview
Webinars and Stuff:
* APR 23 (9:00AM) Microsoft Defender XDR | SaaS Security Exposure Reduction via the Exposure Management Platform
* APR 24 (9:00AM) Microsoft Defender XDR | Secure Your Servers with Microsoft's Server Protection Solution
Notes, Tips and Tools:
* Blue Team Handbook: https://amzn.to/4ir9lfG
* dnstwist: https://github.com/elceef/dnstwist
* domain name permutation engine: https://www.mankier.com/1/dnstwist
* Crime mapper: https://mr-r3b00t.github.io/crime-mapper/experimental_mapper.html
* Website mapping: https://addons.mozilla.org/en-US/firefox/addon/lightbeam-chik
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
Join us this episode as we welcome back fan favorite, Nathan Swift. This is a demo-heavy episode, so make sure to catch the live video replay if you can. Dive into the incredible potential of tools like Microsoft Defender EASM—a budget-friendly powerhouse for countless use cases—and unravel the magic of the TwistDNS algorithm in spotting typosquatting and phishing threats. From building Microsoft Sentinel Watchlists to crafting advanced integrations with Azure Container Instances, Logic Apps, and Functions, we’re here to keep your mind buzzing and your solutions thriving.
Show Notes/Links
* Nathan's GitHub repo: https://github.com/SwiftSolves-msft
* Nathan's old GitHub repo: https://github.com/SwiftSolves
* Sentinel DNSTwist Solution: https://github.com/swiftsolves-msft/Sentinel-DNSTwist-Solution
Just good old plain security stuff:
General:
* Everything Old Is New Again: Hardening the Trust Boundary of VBS Enclaves
* Meet the IMS team
* IMS Efficient Migration Methods
Threat Intelligence:
* Analyzing open-source bootloaders: Finding vulnerabilities faster with AI
* StilachiRAT analysis: From system reconnaissance to cryptocurrency theft
* Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malware
Azure Security:
* Secure containers software supply chain across the SDLC
* Microsoft Defender for Cloud Customer Newsletter
* Integrating Security into DevOps Workflows with Microsoft Defender CSPM
* Public Preview: Key Attestation for Azure Managed HSM
Defender for Cloud:
* Secure your AI application transformation with Microsoft Defender for Cloud-V
* Manage cloud security posture with Microsoft Defender for Cloud -V
* What's new in Defender for Cloud features
Sentinel News:
* Integrating Radware WAF Logs with Microsoft Sentinel Using Logic Apps
* Case Management is now Generally Available
* What's new in Microsoft Sentinel
Microsoft Entra:
* ADSS TSync vs Entra Cross-Tenant Sync: A Comprehensive Comparison
* Introducing Microsoft Entra Health alerts: An enhancement to tenant health monitoring
* Exploring the Extensibility of Active Directory Migration Service (ADMS)
* Tell us what you think: The Microsoft Entra blog team wants to hear from you!
* New innovations in Microsoft Entra to strengthen AI security and identity protection
* Insights from the Secure Employee Access report reveal the need for unified access security
* New user experience for consumer authentication
* Replace your legacy VPN with an identity-centric ZTNA
M365 Defender | XDR - (MDO, MDE, MDI, MDCA):
* Built-in report button is available in Microsoft Outlook across platforms
* Monthly news - March 2025
* Defending Against OAuth-Based Attacks with Automatic Attack Disruption
* Level Up Your App Governance With Microsoft Defender for Cloud Apps Workshop Series
* Strengthening Email Security: Our New Approach to Non-RFC Compliant Emails
* Unveiling the Shadows: Extended Critical Asset Protection with MSEM
* Level up your defense: protect against attacks using stale user accounts
* Discover and protect Service Accounts with Microsoft Defender for Identity
* Protect SaaS apps from OAuth threats with attack path, advanced hunting and more
Security Copilot:
* Empowering Security Copilot with NL2KQL: Transforming Natural Language into Insightful KQL queries
* Advancing Security Copilot with MAGIC: Automating Self-Correction in NL2KQL and Beyond
Microsoft Purview:
* APR 22 (8:00AM) Microsoft Purview | eDiscovery New User Experience and Retirement of Classic
* Inheriting Sensitivity Labels from Shared Files to Teams Meetings
* Export Search Results in eDiscovery
* Microsoft Purview AMA - Data Security, Compliance, and Governance
Microsoft Security Learning:
* Azure Network Security
* Microsoft 365 Advanced eDiscovery
* Microsoft Copilot for Security
* Microsoft Defender XDR
* Microsoft Defender External Attack Surface Management
* Microsoft Defender for Cloud
* Microsoft Defender for Cloud Apps
* Microsoft Defender for Endpoint
* Microsoft Defender Experts
* Microsoft Defender for Identity
* Microsoft Defender for IoT
* Microsoft Defender for Office 365
* Microsoft Defender Threat Intelligence
* Microsoft Defender Vulnerability Management
* Microsoft Purview Insider Risk Management
* Microsoft Purview Data Lifecycle & Records Management
* Microsoft Purview Information Protection
* Microsoft Purview Data Loss Prevention
* Microsoft Purview Communication Compliance
* Microsoft Purview Compliance Manager
* Microsoft Sentinel
* Microsoft Sentinel Notebooks
* Microsoft Unified SOC Platform
Microsoft Security Github’s:
* Azure Network Security GitHub
* Microsoft Defender for Cloud GitHub
* Microsoft Sentinel GitHub
* Microsoft Defender XDR GitHub
* Microsoft Defender for Cloud Apps GitHub
* Microsoft Defender for Identity
* Microsoft Purview
Webinars and Stuff:
* APR 23 (9:00AM) Microsoft Defender XDR | SaaS Security Exposure Reduction via the Exposure Management Platform
* APR 24 (9:00AM) Microsoft Defender XDR | Secure Your Servers with Microsoft's Server Protection Solution
Notes, Tips and Tools:
* Blue Team Handbook: https://amzn.to/4ir9lfG
* dnstwist: https://github.com/elceef/dnstwist
* domain name permutation engine: https://www.mankier.com/1/dnstwist
* Crime mapper: https://mr-r3b00t.github.io/crime-mapper/experimental_mapper.html
* Website mapping: https://addons.mozilla.org/en-US/firefox/addon/lightbeam-chik
Watch the live replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
For the start of TechHeavy month, we welcome Cyclotron. Join us with Nathan Berger (Director of Security) and Nicholas Geil (Head of Products) of Cyclotron to hear about their Compliance & Data Protection, Identity & Access Management, Endpoint Management & Virtual Desktop, and Threat Protection services.
Show Notes/Links
* Nathan’s LinkedIn profile: https://www.linkedin.com/in/nathan-berger-780846149/
* Nicholas’ LinkedIn profile: https://www.linkedin.com/in/nicholas-geil/
* Cyclotron website: https://www.cyclotron.com/
* Cyclotron Beam: https://cyclotronbeam.com/
* Kapton: https://kapton.io/
* Compliance and Data Protection: https://www.cyclotron.com/compliance-data-protection
* Cyclotron Blogs: https://www.cyclotron.com/blog
Watch the live replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
For our 3rd annual Women in Cybersecurity month, we topped-off another amazing set of episodes with our first day-long conference. Listen in as our esteemed guests discuss how their personal and professional perspectives shaped a life in Cybersecurity.
* Keynote Address by Dona Sarkar
* Second session with Heike Ritter
* Finale session with Renuka Iyer
The original event link: https://developer.microsoft.com/reactor/events/25104/
Watch all the March 2025 episodes: https://www.youtube.com/playlist?list=PLT7gsT16FK5Z40NqLf1Rl3tbQZyRuCHid
Watch the live replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
Join us as we talk with Liz Tesch. Liz is a treasured commodity at Microsoft. She is a Cybersecurity Cloud Solutions Architect with strong community and mentoring skills.
Show Notes/Links
* Liz’s LinkedIn Profile: https://www.linkedin.com/in/liz-tesch-81652121/
* Liz’s blog post: Active Directory is 25 Years Old. Do You Still Manage It Like It's 1999?
General links
* Create | Microsoft 365 Copilot
* Microsoft Security Insider
* Protect enterprise solutions with new Microsoft Power Platform security features - Microsoft Power Platform Blog
* Cool Tools:
* https://aadinternals.com
* Threat Intelligence:
* Malware of the Day – IPv6 Address Aliasinghttps://www.activecountermeasures.com/malware-of-the-day-ipv6-address-aliasing/
* Sentinel News:
* Want to know how to view Sentinel incidents in Teams?
* Azure Lighthouse support for MSSP use of Security Copilot Sentinel scenarios in Public Preview | Microsoft Community Hub
* Monitor User Activities and System Events with Security Copilot and Microsoft Sentinel | Microsoft Community Hub -
* Security Copilot:
* Protect at the scale and speed of AI with Microsoft Security Copilot
* Microsoft Security Copilot – Microsoft Adoption
* Empowering Security Copilot with NL2KQL: Transforming Natural Language into Insightful KQL queries | Microsoft Community Hub
* Microsoft Purview:
* 3 Tips for Comprehensive Data Security
* Advanced hunting for Microsoft Purview Data Loss Prevention (DLP) incidents | Microsoft Community Hub
* Microsoft Security Learning:
* Microsoft Security Immersion Experience: Shadow Hunter
* Microsoft Cloud Security Public Webinars
* Microsoft Learning Paths
* Azure-Security-Engineer-Learning-Pathway.pdf
* Security hub - Security | Microsoft Learn
* Home - Microsoft Cloud Learning Pathways
* Azure-Sentinel/Playbooks at master · Azure/Azure-Sentinel
* Azure-Security-Engineer-Learning-Pathway.pdf
* Microsoft-Security-Operations-Analyst.pdf
* Microsoft-Sentinel-Learning-Companion.pdf
* https://w365community.azurewebsites.net/category/newsletter
Watch the Live Replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
Cat Daniels is a highly accomplished cybersecurity professional currently serving as the Security Strategy lead for Microsoft's Global System Integrators, who in turn drive innovation & technology solutions at scale with some of Microsoft's largest customers. In this dynamic role, Cat plays a pivotal part in building bridges, advocating for partners, and finding creative solutions to challenges. Before joining Microsoft, Cat worked at Dell in a variety of roles, starting as a salesperson in a call center, and finishing her tenure as a people manager. During her time at Dell, she was instrumental in onboarding CDW as a commercial partner, which resulted in $90M of net-new datacenter revenue in 6 months, helped design the telemetry off-boarding system for the F-35 fighter in partnership with Lockheed Martin, and learned how to navigate the complexity of a large organization. With certifications including degrees in both Economics and Spanish from Hillsdale College, a Master of Business from Texas State University, and a whole bunch of Microsoft and Industry security certifications, Cat brings a wealth of unique expertise to the field. When not leading cybersecurity initiatives, Cat enjoys board games (Wingspan, Red Rising, Horrified, Zombicide), which fuels her passion for strategic thinking, and gardening, which keeps her inspired and balanced.
Show Notes/Links
* Noodle’s new blog: https://sentinel.blog
* Wingspan board game: https://amzn.to/4kKMNsC
* Star Trek Away Missions board game: https://amzn.to/4hDIvQL
Just good old plain security stuff:
General:
Microsoft Security Insider
Cool Tools:
https://aadinternals.com
Threat Intelligence:
Malware of the Day – IPv6 Address Aliasinghttps://www.activecountermeasures.com/malware-of-the-day-ipv6-address-aliasing/
Sentinel News:
Want to know how to view Sentinel incidents in Teams?
Security Copilot:
Protect at the scale and speed of AI with Microsoft Security Copilot
Microsoft Purview:
3 Tips for Comprehensive Data Security
Microsoft Security Learning:
Microsoft Security Immersion Experience: Shadow Hunter
Microsoft Cloud Security Public Webinars
Microsoft Learning Paths
https://w365community.azurewebsites.net/category/newsletter
Watch the Live Replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
Women In Cyber Month!!!
A warm welcome to the MSI Pod (show) Cast!!! On todays show for Women in Cyber month, we have the honor of having Lisa Perdelwitz as our guest! Lisa brings over 20 years of global leadership and cybersecurity experience. Her dual roles—working full-time in corporate cybersecurity while serving part-time in the military— have given her a unique perspective on how to integrate the strengths of both environments to achieve business and security objectives.
Please visit her site to see the professional services she provides to the C-suite security executive. https://ligilo.tech
Show Links:
Just good old plain security stuff:
* Windows Server 2025 now generally available, with advanced security, improved performance, and cloud agility
* Windows Server 2025 Security Book
* Windows security and resiliency: Protecting your business
General:
* Hear from Microsoft Security experts at these top cybersecurity events in 2025
* Join us for the end-to-end Microsoft RSAC 2025 Conference experience
Threat Intelligence:
* Code injection attacks using publicly disclosed ASP.NET machine keys
* Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network
Azure Security:
* Boost Security with API Security Posture Management
* Configuring total retention period for log analytics workspace tables at scale
Defender for Cloud:
* Microsoft Defender for Cloud Customer Newsletter
* Microsoft Defender for Cloud – Elevating Runtime Protection
Sentinel News:
* Announcing Public Preview: New STIX Objects in Microsoft Sentinel
* What’s new: Find the Sentinel content you need using AI search
* Ingesting Palo Alto Cortex XDR Logs into Microsoft Sentinel with the Updated CCP Connector
Microsoft Entra:
* Automating Active Directory Domain Join in Azure
* Microsoft Entra: Top 50 features of 2024
* Microsoft Entra PowerShell module now generally available
M365 Defender (MDO, MDE, MDI, MDCA):
* Microsoft Exchange Online: Search-MailboxAuditLog and New-MailboxAuditLogSearch will retire
* Microsoft Defender XDR unified role-based access control (RBAC) model is now generally available
Security Copilot:
* Microsoft Copilot for Security: Plugin Spotlight – Microsoft Entra Application Risk Skills
* Microsoft Copilot for Security Skilling Series: Plugin Spotlight – Defender EASM
* Microsoft Security Copilot – Microsoft Adoption
Microsoft Purview:
* Upcoming Microsoft Purview Webinars
Microsoft Security Learning:
* Showcase your skills with this new Security Certification
Tips and Notes from the field:
* From our favorite security MAD scientist - Automating Microsoft Sentinel Deployment with Azure DevOps CI/CD | by noodlemctwoodle | Mar, 2025 | Medium
* Need some quick cash? Leave a review of a Microsoft security product and you can get some loot. - Penny for your thoughts
Watch the live replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
Women In Cyber
Join us as we talk with Laura Buska. Laura is a Cloud Solution Architect Director at Microsoft. Laura's focus is on AI Solutions and security.
Laura Buska led the establishment of an AI practice at Microsoft, managing a team of architects who guide Microsoft customers in adopting Copilot AI with security top of mind. With 17 years at Microsoft and a career spanning app development, infrastructure, security, and now AI, she's seen firsthand the transformative power of technology. Her journey in cybersecurity has been pivotal, especially when she started a Microsoft security practice from scratch. Today, she blends her passion for AI and cybersecurity, fostering a culture of making powerful offers and building trust. She's excited to share insights on how we bring care and innovation to Microsoft's customers through security and AI.
Show Links:
General:
* Applying Zero Trust principles to the cloud-native journey
* Microsoft Security in Action: Zero Trust Deployment Essentials for Digital Security
Threat Intelligence:
* Storm-2372 conducts device code phishing campaign
* The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation
Azure Security:
* General Availability: Monitoring and Logging for Azure Managed HSM in Azure Portal
* Protecting Azure AI Workloads using Threat Protection for AI in Defender for Cloud
Defender for Cloud:
* Microsoft Defender for Cloud Customer Newsletter
* The security benefits of structuring your Azure OpenAI calls – The System Role
* What's new in Defender for Cloud features
Sentinel News:
* What's new in Microsoft Sentinel
* What's new in Microsoft's unified security operations platform
Microsoft Entra:
* Microsoft Security in Action: Deploying and Maximizing Advanced Identity Protection
* New webinar series: How to secure access for your employees with the Microsoft Entra Suite
* What's new in Entra ID
Device Management:
* Your guide to Intune at Microsoft Technical Takeoff 2025
M365 Defender (MDO, MDE, MDI, MDCA):
* What's new in Microsoft Defender XDR
* What's new in Microsoft Defender for Endpoint
* What's new in Microsoft Defender for Office 365
* What's new in Microsoft Defender for Identity
* What's new in Microsoft Defender for Cloud Apps
Defender Experts for XDR:
* Why security teams rely on Microsoft Defender Experts for XDR for managed detection and response
Security Copilot:
* Exciting updates to the Copilot (AI) Bounty Program: Enhancing security and incentivizing innovation
Microsoft Purview:
* General Availability: Dynamic watermarking for sensitivity labels in Word, Excel, and PowerPoint
Microsoft Security Learning:
* https://learning-pathways.co.uk/wp-content/uploads/2025/02/Microsoft-Sentinel-Learning-Companion.pdf
Tips and Notes from the field:
Protect enterprise solutions with new Microsoft Power Platform security features - Microsoft Power Platform Blog
Watch the live replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
Hey! Hey! Hey! MSI Pod-Show Family
We are switching up the live show time today to broadcast the show at 10:00am EST. Today our awesome guest is Femke Cornelissen. Femke founded Dutch Women in Tech, an initiative that empowers women to pursue careers in IT, and co-organize the Women in Cyber program, promoting diversity in cybersecurity. Through her work with Experts Live Netherlands and global tech events, I help create opportunities for professionals to connect and thrive.
Tech Links:
Show Notes - Femke Cornelissen
a. https://www.linkedin.com/in/femcornelissen/
b. https://linktr.ee/Femcornelissen
c. https://teamcopilot.nl/team-copilot/
d. https://femkecornelissen.com/
Slowing down AI in your enterprise:
If you're a Microsoft Defender stack customer and you're struggling to handle Ungoverned AI Tools like Deepseek or Chatgpt, here are some things you can do about it using various technology across the Microsoft security stack:
1) Hunt using the following KQL query (https://lnkd.in/exHTT6ks), decide what is sanctioned from any hits you find. Afterwards Upload the Bulk IOC list to MDE (https://lnkd.in/ekS4JZsG ), removing any lines in the CSV for tools you sanction across the org. [Ensure Network protection + Custom indicators is on + smartscreen forced]2) Defender for Cloud Apps MDA) app discovery to unsanctioned new Gen AI (https://lnkd.in/eShZsb54 ). If you're an E5 Customer you can also enable this setting to enforce MDA Unsanctions back to MDE, automatically blocking new GenAI apps as they are discovered. (https://lnkd.in/e5BK_ME6). Blocked by default until allowed should be the norm with AI tools IMO.3) Endpoint DLP to block copy paste of Sensitivity Labels/Sensitive Info Types (SITs) into AI tools (Check out the video on: https://lnkd.in/emE2zwVq ). Also in Purview check out DPSM for AI recommendation and deploy the "Fortify Your Data Security: Data security for AI" policy which can block elevated Insider risk users from pasting or uploading sensitive info on AI sites. You may want to edit this policy after it has been deployed to tailor it to your organization (the video demonstrates just this but the policy uses an older name - we all love a good name change). Notably, it deploys in "block with override" mode. [Also note Insider Risk is another preq, I would check out Ewelina Paczkowska's Guide on Insider Risk here: https://lnkd.in/eWSF2kRJ]Also MDA Session Proxy also has abilities to block copy paste (https://lnkd.in/e9EcX4yZ) if you need protection on devices not onboarded onto Purview/MDE.4) Global Secure Access has a Web content filtering Policy for Artificial intelligence under the liability category (though annoyingly MDE Web content filtering does not have this category). A good blog comparing the Web Content Filtering for both MDE and GSA can be found here: https://lnkd.in/euNYjDpP by Kenneth van Surksum.5) Enabling "Block other LLM chatbots" in Microsoft Edge For Business (i.e. cloud based Edge Management) will add a blocklist for some LLMs under "URLBlocklist" policy, however this control is quite lackluster and only contains 11 URLs. Its also more likely you manage Edge on a Platform level. For more on Edge For Business, see: https://lnkd.in/eCrYhMaAAdditionally blocking Browser Extensions, Office Add-ins, Team Apps etc. as these can be a source of AI tool leakage also. Blocking . ai TLD in Intune Firewall is another option however legitimate businesses may use this TLD. (Arguably another could be purchasing & deploying copilot just to deter the need of a user to leverage another AI tool, it might actually make sense vs. the cost of a data leak ...)
Watch the live replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
Hey everyone,
In the latest episode of the MSI PodCastShow it was the "Usual Suspects" minus Rod. We had some fantastic discussions about data and identity governance between government cloud and commercial cloud environments. We also delved into Microsoft Purview and the various modules that work seamlessly with Security Copilot.
We are thrilled to share that the theme for our March 2025 shows is the upcoming Women in Cybersecurity Month. It's going to be an exciting time as we celebrate and highlight the contributions of women in the cybersecurity field. And don't forget, next week on March 3rd, we kick off Women In Cyber!
Looking ahead, we have a new theme for April 2025 called "Tech Heavy". All of our shows that month will be packed with deep tech topics and lots of demos. It's going to be a tech enthusiast's dream!
Additionally, we announced that we are moving our MSFT partner month to May 2025. And here's a little teaser - we will have a month of shows dedicated to highlighting our guests' certification journeys over the years, which we are calling "Show us your CERTS"! It's going to be an inspiring and informative and FUNNY series that you won't want to miss.
Stay tuned for more updates and exciting content. Thanks for being a part of our community!
Key Takeaways:
* Is Purview for you? Security Copilot may help you decide and turn the tide.
* It doesn’t hurt to have CERTS!
* Managing data and identity between government and commercial cloud environments isn’t easy.
* Raae likes to make espresso coffee with Red Bull instead of water.
* We are in our third year of Women In Cybersecurity month.
Watch the live replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
In this episode, Sergey explores how Azure OpenAI can improve incident response strategies by leveraging advanced AI capabilities. You will gain insights into integrating Azure OpenAI with existing XDR and SIEM to enhance analysis, and mitigation of security threats.
Key Takeaways:
* The Easy Starter: How Microsoft 365 Copilot & Security Copilot can be used in security scenarios.
* Understanding Azure OpenAI: Learn about the core features and functionalities of Azure OpenAI and how they can be applied to security.
* Incident Response Automation: Discover how AI can automate and accelerate incident response processes, reducing the time to detect and respond to threats.
* Retrieval-Augmented Generation (RAG): Understand how RAG enhances AI models by retrieving relevant information from external data sources, improving the accuracy and relevance of AI-generated responses.
* Fine-Tuning: Explore the process of fine-tuning pre-trained AI models to adapt them for specific security tasks, enhancing their performance and effectiveness
Watch the live replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
Andy has been in the information security industry for over 10 years and held various roles from security operations, analyst, engineer, and architect at companies like Trek, Exact Sciences, and most recently, Microsoft. Andy served 10 years in the Air Force and deployed to Afghanistan as a civil engineering officer and held leadership positions leading the emergency management, engineering, and operations units.
Watch the live replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
Join us today to chat with the organizers of the hottest event in Europe, Experts Live, and how the Denmark edition has sold out. Hear about how the event is planned, what is planned, what the future looks like, and why you should consider attending next time. Want to help bring an Experts Live event to your area? Find out how to do that, too!
Show Notes/Links
Experts Live Denmark: https://expertslive.dk/
Watch the Live Show Replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
With over two decades dedicated to safeguarding our nation's digital landscape as an FBI Supervisory Special Agent, Miguel had the privilege of leading complex cybercrime investigations alongside remarkable teams.
Show Notes/Links
Miguel’s LinkedIn profile: https://www.linkedin.com/in/miguel-a-clarke/
Lessons from red teaming 100 generative AI products (PDF): https://airedteamwhitepapers.blob.core.windows.net/lessonswhitepaper/MS_AIRT_Lessons_eBook.pdf
Microsoft Sentinel REST APIs vs MS Graph: https://garybushey.com/2025/01/13/microsoft-sentinel-rest-apis-vs-ms-graph/
Monday Minutes podcast:
How the FBI's fake cell phone company put criminals into real jail cells: https://www.npr.org/2024/05/31/1197959218/fbi-phone-company-anom
Inside the FBI’s Secret Encrypted Phone Company ‘Anom’: https://www.geeky-gadgets.com/fbi-anom-phones-criminal-network-infiltration/
Watch the live replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
Welcome back! It’s our first episode for 2025! This episode let’s drop back in on our esteemed crew to find out what’s new in security and what to expect for the 2025 show. All are welcome!
Show Notes/Links
* Best Practice to Secure Office 365: https://lazyadmin.nl/office-365/best-practice-to-secure-office-365/
* Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents: https://thehackernews.com/2024/12/chinese-apt-exploits-beyondtrust-api.html
* Security Certification Roadmap: https://pauljerimy.com/security-certification-roadmap/
Watch the live replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com - Visa fler
