Avsnitt
-
Women In Cyber Month!!!
A warm welcome to the MSI Pod (show) Cast!!! On todays show for Women in Cyber month, we have the honor of having Lisa Perdelwitz as our guest! Lisa brings over 20 years of global leadership and cybersecurity experience. Her dual roles—working full-time in corporate cybersecurity while serving part-time in the military— have given her a unique perspective on how to integrate the strengths of both environments to achieve business and security objectives.
Please visit her site to see the professional services she provides to the C-suite security executive. https://ligilo.tech
Show Links:
Just good old plain security stuff:
* Windows Server 2025 now generally available, with advanced security, improved performance, and cloud agility
* Windows Server 2025 Security Book
* Windows security and resiliency: Protecting your business
General:
* Hear from Microsoft Security experts at these top cybersecurity events in 2025
* Join us for the end-to-end Microsoft RSAC 2025 Conference experience
Threat Intelligence:
* Code injection attacks using publicly disclosed ASP.NET machine keys
* Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network
Azure Security:
* Boost Security with API Security Posture Management
* Configuring total retention period for log analytics workspace tables at scale
Defender for Cloud:
* Microsoft Defender for Cloud Customer Newsletter
* Microsoft Defender for Cloud – Elevating Runtime Protection
Sentinel News:
* Announcing Public Preview: New STIX Objects in Microsoft Sentinel
* What’s new: Find the Sentinel content you need using AI search
* Ingesting Palo Alto Cortex XDR Logs into Microsoft Sentinel with the Updated CCP Connector
Microsoft Entra:
* Automating Active Directory Domain Join in Azure
* Microsoft Entra: Top 50 features of 2024
* Microsoft Entra PowerShell module now generally available
M365 Defender (MDO, MDE, MDI, MDCA):
* Microsoft Exchange Online: Search-MailboxAuditLog and New-MailboxAuditLogSearch will retire
* Microsoft Defender XDR unified role-based access control (RBAC) model is now generally available
Security Copilot:
* Microsoft Copilot for Security: Plugin Spotlight – Microsoft Entra Application Risk Skills
* Microsoft Copilot for Security Skilling Series: Plugin Spotlight – Defender EASM
* Microsoft Security Copilot – Microsoft Adoption
Microsoft Purview:
* Upcoming Microsoft Purview Webinars
Microsoft Security Learning:
* Showcase your skills with this new Security Certification
Tips and Notes from the field:
* From our favorite security MAD scientist - Automating Microsoft Sentinel Deployment with Azure DevOps CI/CD | by noodlemctwoodle | Mar, 2025 | Medium
* Need some quick cash? Leave a review of a Microsoft security product and you can get some loot. - Penny for your thoughts
Watch the live replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
Women In Cyber
Join us as we talk with Laura Buska. Laura is a Cloud Solution Architect Director at Microsoft. Laura's focus is on AI Solutions and security.
Laura Buska led the establishment of an AI practice at Microsoft, managing a team of architects who guide Microsoft customers in adopting Copilot AI with security top of mind. With 17 years at Microsoft and a career spanning app development, infrastructure, security, and now AI, she's seen firsthand the transformative power of technology. Her journey in cybersecurity has been pivotal, especially when she started a Microsoft security practice from scratch. Today, she blends her passion for AI and cybersecurity, fostering a culture of making powerful offers and building trust. She's excited to share insights on how we bring care and innovation to Microsoft's customers through security and AI.
Show Links:
General:
* Applying Zero Trust principles to the cloud-native journey
* Microsoft Security in Action: Zero Trust Deployment Essentials for Digital Security
Threat Intelligence:
* Storm-2372 conducts device code phishing campaign
* The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation
Azure Security:
* General Availability: Monitoring and Logging for Azure Managed HSM in Azure Portal
* Protecting Azure AI Workloads using Threat Protection for AI in Defender for Cloud
Defender for Cloud:
* Microsoft Defender for Cloud Customer Newsletter
* The security benefits of structuring your Azure OpenAI calls – The System Role
* What's new in Defender for Cloud features
Sentinel News:
* What's new in Microsoft Sentinel
* What's new in Microsoft's unified security operations platform
Microsoft Entra:
* Microsoft Security in Action: Deploying and Maximizing Advanced Identity Protection
* New webinar series: How to secure access for your employees with the Microsoft Entra Suite
* What's new in Entra ID
Device Management:
* Your guide to Intune at Microsoft Technical Takeoff 2025
M365 Defender (MDO, MDE, MDI, MDCA):
* What's new in Microsoft Defender XDR
* What's new in Microsoft Defender for Endpoint
* What's new in Microsoft Defender for Office 365
* What's new in Microsoft Defender for Identity
* What's new in Microsoft Defender for Cloud Apps
Defender Experts for XDR:
* Why security teams rely on Microsoft Defender Experts for XDR for managed detection and response
Security Copilot:
* Exciting updates to the Copilot (AI) Bounty Program: Enhancing security and incentivizing innovation
Microsoft Purview:
* General Availability: Dynamic watermarking for sensitivity labels in Word, Excel, and PowerPoint
Microsoft Security Learning:
* https://learning-pathways.co.uk/wp-content/uploads/2025/02/Microsoft-Sentinel-Learning-Companion.pdf
Tips and Notes from the field:
Protect enterprise solutions with new Microsoft Power Platform security features - Microsoft Power Platform Blog
Watch the live replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
Saknas det avsnitt?
-
Hey! Hey! Hey! MSI Pod-Show Family
We are switching up the live show time today to broadcast the show at 10:00am EST. Today our awesome guest is Femke Cornelissen. Femke founded Dutch Women in Tech, an initiative that empowers women to pursue careers in IT, and co-organize the Women in Cyber program, promoting diversity in cybersecurity. Through her work with Experts Live Netherlands and global tech events, I help create opportunities for professionals to connect and thrive.
Tech Links:
Show Notes - Femke Cornelissen
a. https://www.linkedin.com/in/femcornelissen/
b. https://linktr.ee/Femcornelissen
c. https://teamcopilot.nl/team-copilot/
d. https://femkecornelissen.com/
Slowing down AI in your enterprise:
If you're a Microsoft Defender stack customer and you're struggling to handle Ungoverned AI Tools like Deepseek or Chatgpt, here are some things you can do about it using various technology across the Microsoft security stack:
1) Hunt using the following KQL query (https://lnkd.in/exHTT6ks), decide what is sanctioned from any hits you find. Afterwards Upload the Bulk IOC list to MDE (https://lnkd.in/ekS4JZsG ), removing any lines in the CSV for tools you sanction across the org. [Ensure Network protection + Custom indicators is on + smartscreen forced]2) Defender for Cloud Apps MDA) app discovery to unsanctioned new Gen AI (https://lnkd.in/eShZsb54 ). If you're an E5 Customer you can also enable this setting to enforce MDA Unsanctions back to MDE, automatically blocking new GenAI apps as they are discovered. (https://lnkd.in/e5BK_ME6). Blocked by default until allowed should be the norm with AI tools IMO.3) Endpoint DLP to block copy paste of Sensitivity Labels/Sensitive Info Types (SITs) into AI tools (Check out the video on: https://lnkd.in/emE2zwVq ). Also in Purview check out DPSM for AI recommendation and deploy the "Fortify Your Data Security: Data security for AI" policy which can block elevated Insider risk users from pasting or uploading sensitive info on AI sites. You may want to edit this policy after it has been deployed to tailor it to your organization (the video demonstrates just this but the policy uses an older name - we all love a good name change). Notably, it deploys in "block with override" mode. [Also note Insider Risk is another preq, I would check out Ewelina Paczkowska's Guide on Insider Risk here: https://lnkd.in/eWSF2kRJ]Also MDA Session Proxy also has abilities to block copy paste (https://lnkd.in/e9EcX4yZ) if you need protection on devices not onboarded onto Purview/MDE.4) Global Secure Access has a Web content filtering Policy for Artificial intelligence under the liability category (though annoyingly MDE Web content filtering does not have this category). A good blog comparing the Web Content Filtering for both MDE and GSA can be found here: https://lnkd.in/euNYjDpP by Kenneth van Surksum.5) Enabling "Block other LLM chatbots" in Microsoft Edge For Business (i.e. cloud based Edge Management) will add a blocklist for some LLMs under "URLBlocklist" policy, however this control is quite lackluster and only contains 11 URLs. Its also more likely you manage Edge on a Platform level. For more on Edge For Business, see: https://lnkd.in/eCrYhMaAAdditionally blocking Browser Extensions, Office Add-ins, Team Apps etc. as these can be a source of AI tool leakage also. Blocking . ai TLD in Intune Firewall is another option however legitimate businesses may use this TLD. (Arguably another could be purchasing & deploying copilot just to deter the need of a user to leverage another AI tool, it might actually make sense vs. the cost of a data leak ...)
Watch the live replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
Hey everyone,
In the latest episode of the MSI PodCastShow it was the "Usual Suspects" minus Rod. We had some fantastic discussions about data and identity governance between government cloud and commercial cloud environments. We also delved into Microsoft Purview and the various modules that work seamlessly with Security Copilot.
We are thrilled to share that the theme for our March 2025 shows is the upcoming Women in Cybersecurity Month. It's going to be an exciting time as we celebrate and highlight the contributions of women in the cybersecurity field. And don't forget, next week on March 3rd, we kick off Women In Cyber!
Looking ahead, we have a new theme for April 2025 called "Tech Heavy". All of our shows that month will be packed with deep tech topics and lots of demos. It's going to be a tech enthusiast's dream!
Additionally, we announced that we are moving our MSFT partner month to May 2025. And here's a little teaser - we will have a month of shows dedicated to highlighting our guests' certification journeys over the years, which we are calling "Show us your CERTS"! It's going to be an inspiring and informative and FUNNY series that you won't want to miss.
Stay tuned for more updates and exciting content. Thanks for being a part of our community!
Key Takeaways:
* Is Purview for you? Security Copilot may help you decide and turn the tide.
* It doesn’t hurt to have CERTS!
* Managing data and identity between government and commercial cloud environments isn’t easy.
* Raae likes to make espresso coffee with Red Bull instead of water.
* We are in our third year of Women In Cybersecurity month.
Watch the live replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
In this episode, Sergey explores how Azure OpenAI can improve incident response strategies by leveraging advanced AI capabilities. You will gain insights into integrating Azure OpenAI with existing XDR and SIEM to enhance analysis, and mitigation of security threats.
Key Takeaways:
* The Easy Starter: How Microsoft 365 Copilot & Security Copilot can be used in security scenarios.
* Understanding Azure OpenAI: Learn about the core features and functionalities of Azure OpenAI and how they can be applied to security.
* Incident Response Automation: Discover how AI can automate and accelerate incident response processes, reducing the time to detect and respond to threats.
* Retrieval-Augmented Generation (RAG): Understand how RAG enhances AI models by retrieving relevant information from external data sources, improving the accuracy and relevance of AI-generated responses.
* Fine-Tuning: Explore the process of fine-tuning pre-trained AI models to adapt them for specific security tasks, enhancing their performance and effectiveness
Watch the live replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
Andy has been in the information security industry for over 10 years and held various roles from security operations, analyst, engineer, and architect at companies like Trek, Exact Sciences, and most recently, Microsoft. Andy served 10 years in the Air Force and deployed to Afghanistan as a civil engineering officer and held leadership positions leading the emergency management, engineering, and operations units.
Watch the live replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
Join us today to chat with the organizers of the hottest event in Europe, Experts Live, and how the Denmark edition has sold out. Hear about how the event is planned, what is planned, what the future looks like, and why you should consider attending next time. Want to help bring an Experts Live event to your area? Find out how to do that, too!
Show Notes/Links
Experts Live Denmark: https://expertslive.dk/
Watch the Live Show Replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
With over two decades dedicated to safeguarding our nation's digital landscape as an FBI Supervisory Special Agent, Miguel had the privilege of leading complex cybercrime investigations alongside remarkable teams.
Show Notes/Links
Miguel’s LinkedIn profile: https://www.linkedin.com/in/miguel-a-clarke/
Lessons from red teaming 100 generative AI products (PDF): https://airedteamwhitepapers.blob.core.windows.net/lessonswhitepaper/MS_AIRT_Lessons_eBook.pdf
Microsoft Sentinel REST APIs vs MS Graph: https://garybushey.com/2025/01/13/microsoft-sentinel-rest-apis-vs-ms-graph/
Monday Minutes podcast:
How the FBI's fake cell phone company put criminals into real jail cells: https://www.npr.org/2024/05/31/1197959218/fbi-phone-company-anom
Inside the FBI’s Secret Encrypted Phone Company ‘Anom’: https://www.geeky-gadgets.com/fbi-anom-phones-criminal-network-infiltration/
Watch the live replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
Welcome back! It’s our first episode for 2025! This episode let’s drop back in on our esteemed crew to find out what’s new in security and what to expect for the 2025 show. All are welcome!
Show Notes/Links
* Best Practice to Secure Office 365: https://lazyadmin.nl/office-365/best-practice-to-secure-office-365/
* Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents: https://thehackernews.com/2024/12/chinese-apt-exploits-beyondtrust-api.html
* Security Certification Roadmap: https://pauljerimy.com/security-certification-roadmap/
Watch the live replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
“Always be on the administrative end”
Join us for our holiday episode for 2024 where we invite the "guests of episodes past" from the past year to stop by and join in the warmth and wealth of kinship around Microsoft Security.
Show Notes/Links
* THE Microsoft Security Insights Show Holiday Gear: https://www.microsoftsecurityinsights.com/p/the-microsoft-security-insights-show-12f
* Microsoft Security Incident Prediction data: https://www.kaggle.com/datasets/Microsoft/microsoft-security-incident-prediction
* Tinka og Kongespillet: https://juleweb.dk/julekalendere/tinka-og-kongespillet/
* Application discovery (Preview) for Global Secure Access: https://learn.microsoft.com/en-us/entra/global-secure-access/how-to-application-discovery
Watch the Live Replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
Come join the entire crew as we have one of our last shows of the year - leading up to the final 2024 holiday episode.
Show Notes/Links
* Microsoft Cloud for Sovereignty: https://learn.microsoft.com/industry/sovereignty/sovereignty-capabilities
* Cybersecurity Maturity Model Certification (CMMC): https://learn.microsoft.com/azure/compliance/offerings/offering-cmmc
* Festive Tech Calendar 2024: https://www.festivetechcalendar.com/
Watch the live replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
Join us this episode as we discuss an enterprising area within Microsoft that focuses on Tech for Social Impact. We’re joined by Chief Security Advisor, Jerry Carlson, to discuss how this area helps customers strategize on cybersecurity and coordinate resources to help them in their missions.
Show Notes/Links
* Jerry’s LinkedIn profile: https://www.linkedin.com/in/jerrycar/
* Any nonprofit that wants to take advantage of Microsoft offers: https://nonprofit.microsoft.com/getting-started
* A PDF of all the offers available: Non-profit Offers
Watch the live replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
It’s the “Live from Ignite” episode! Join us this episode as we welcome Jess Dodson, Senior Cloud Solution Architect at Microsoft, known as GirlGerms on X! Jess is a bonified super Sentinel expert from the land down under. Listen in as Jess shares the most interesting and horrifying stories.
Show Notes/Links
* Jess’s LinkedIn Profile: https://www.linkedin.com/in/jrdodson/
* Jess's consolidated Cyber month content: https://www.linkedin.com/posts/jrdodson_security-secops-infosec-activity-7257634732438355969-MlOw/
* When it SIEMS like you’re doing it all wrong: https://girl-germs.com/?p=2493
* Jess’s website: https://linktr.ee/girlgerms
Watch the Live Replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
Our original guest had an emergency situation, so you'll just have to sit through listening to your favorite co-hosts' banter for the first time in about a year.
Watch the Live Replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
Join us this episode as we introduce Nina Alli. Nina Alli has over 16 years of experience in biotechnology, biomedical, and security with a focus of healthcare. Her work in healthcare has seen her deal with the complexities of modernization of complex legacy systems within the healthcare industry, this included but are not limited to infrastructure, legacy system integration, and EHR (electronic healthcare records). Her passion and work on various advisory boards has seen her work on the Department of Defense (DoD) Technology Transfer Advisory Board in New York City, and Digital Medical (DiMe) Society Strategic Advisory Board in which she weighs in on various elements where technology intersects healthcare. Alli is Executive Director of Biohacking Village at DEFCON.
Show Notes/Links
* Nina’s LinkedIn Profile: https://www.linkedin.com/in/janineamedina/
* Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files: https://www.microsoft.com/en-us/security/blog/2024/10/29/midnight-blizzard-conducts-large-scale-spear-phishing-campaign-using-rdp-files/?msockid=17ac8e193f12624606ec9abc3ea8636f
Watch the Live Replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
Join us for this spine-tingling Halloween special, as the Precision Hunt Team from Microsoft Defender Experts takes you on a thrilling tour through the creepiest corners of the threat landscape. Discover how to battle the cyber beasts and creepy crawlies that are terrorizing networks everywhere—before they come knocking on your door.
Show Notes/Links:
* Plan costs and understand pricing and billing - Microsoft Sentinel | Microsoft Learn
* Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files | Microsoft Security Blog
* Introducing the new Microsoft Sentinel simplified pricing.
* Detecting browser anomalies to disrupt attacks early - Microsoft Community Hub
* Integrating Defender EASM With Microsoft Sentinel Guide - CHARBEL NEMNOM - MVP | MCT | CCSP | CISM - Cloud & CyberSecurity
* Save money on your Sentinel ingestion costs with Data Collection Rules - Microsoft Community Hub
* Deploy Microsoft Sentinel using Bicep - Microsoft Community Hub
* Microsoft Defender for Identity: the critical role of identities in automatic attack disruption - Microsoft Community Hub
Watch the Live Replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
Join us this episode as we welcome Samantha Gardener, Principal Threat Hunt Lead at Microsoft.
Show Notes/Links
* Mini workshop from MMS: https://aka.ms/MMSKQL
* Coming in December: SC-5004: Defend against cyberthreats with Microsoft Defender XDR: https://techcommunity.microsoft.com/t5/ilt-communications-blog/coming-in-december-sc-5004-defend-against-cyberthreats-with/ba-p/4281365
* Cybersecurity Summit 2024 (Richard Diver): https://www.youtube.com/live/ix4V-xjqEls
* Webinar - Defender Experts: S.T.A.R. Forum - Strategies for Threat Awareness and Response, Episode 1: https://aka.ms/DefenderExpertsWebinar
Watch the Live Replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
Join us this episode as we welcome back Microsoft MVP, Craig Fretwell. Craig has changed companies since we last talked. Working now for Rackspace does he fret well? Tune in to find out. Join us live to ask Craig your questions!
Watch the live replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com -
Join us this episode as we talk with Thomas Naunheim, Cyber Security Architect and MVP. Thomas is here to share some insights of his "EntraOps Privileged EAM" project.
Show Notes/Links
* Thomas Naunheim’s LinkedIn profile: https://www.linkedin.com/in/thomasnaunheim/
* Upcoming Defender Experts Webinar: https://aka.ms/DefenderExpertsWebinar
* Lyrics for Three's Company: https://www.lyricsondemand.com/tvthemes/threescompanylyrics.html
* EntraOps Privileged EAM: https://entraops.com/
Watch the live show replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com - Visa fler
