<![CDATA[THE Security Insights Show]]>https://www.microsoftsecurityinsights.comhttps://substackcdn.com/image/fetch/$s_!ZngQ!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1bf84d0b-fceb-44b4-ae5f-10662ecc7e8b_500x500.pngTHE Security Insights Showhttps://www.microsoftsecurityinsights.comSubstackWed, 29 Apr 2026 11:36:24 GMT<![CDATA[The "AI" Security Insights Show Episode 289 - The RSA Recap Part 2 The Microsoft Partner Edition. ]]>https://www.microsoftsecurityinsights.com/p/the-ai-security-insights-show-episode-f4chttps://www.microsoftsecurityinsights.com/p/the-ai-security-insights-show-episode-f4cWed, 15 Apr 2026 16:03:21 GMTAI Pen Testing Power- What is the deal with Mythos?

Sentinel Cost Estimator Tool is a go. - Sentinel Cost Estimator

Words of Wisdom:

“Don’t believe everything you think you believe”

“Actual great opportunities do NOT have “Great Opportunies” in the subject line”

General

· Secure agentic AI for your Frontier Transformation [agenticainews.net]

· Secure agentic AI end-to-end [microsoft.com]

· Microsoft Pre-Day: Your first look at what’s next in Security [techcommun...rosoft.com]

· Strengthening your Security Posture with Microsoft Security Store Innovations at RSAC 2026 [techcommun...rosoft.com]

· Crawl, Walk, Run: A Practitioner’s Guide to AI Maturity in the SOC [techcommun...rosoft.com]

· From Manual Vetting to Continuous Trust: Automating Publisher Screening with AI

AI Security

· Join the Agent 365 “Ask Microsoft Anything” session on March 18 [techcommun...rosoft.com]

· Get to know these Agent 365 community all-stars [techcommun...rosoft.com]

· ICYMI: Microsoft Agent 365 AMA [techcommun...rosoft.com]

· Governing AI Agent Behavior: Aligning User, Developer, Role, and Organizational Intent

Azure Security & Defender for Cloud News

· Microsoft Defender for Cloud Customer Newsletter (March edition) [techcommun...rosoft.com]

· Malware scan results now in blob tags (ADLS Gen2 HNS | Public Preview) [techcommun...rosoft.com]

· Defending Container Runtime from Malware with Microsoft Defender for Containers [techcommun...rosoft.com]

· Defending the AI Era: New Microsoft Capabilities to Protect AI [techcommun...rosoft.com]

· New innovations in Microsoft Defender to strengthen multi-cloud, containers, and AI model security [techcommun...rosoft.com]

· Secure AI Workloads in Azure: Join Our Next Azure Decoded Session on April 8th [techcommun...rosoft.com]

· Detect, correlate, contain: New Azure Firewall IDPS detections in Microsoft Sentinel and XDR [techcommun...rosoft.com]

· Azure Bastion: Enterprise-grade secure access made simple

Threat Intelligence

When Trust Becomes the Attack Vector: Analysis of the EmEditor Supply-Chain Compromise [techcommun...rosoft.com]

Microsoft Entra

· Secure access in the age of AI: Key findings from our 2026 Report [techcommun...rosoft.com]

· Microsoft Entra innovations announced at RSAC 2026 [techcommun...rosoft.com]

· Microsoft Entra Tenant Governance: Secure and Manage Multi-Tenant Environments at Scale [techcommun...rosoft.com]

· Evolving Identity Security: How the Conditional Access Optimization Agent Helps You Adapt [techcommun...rosoft.com]

Device Management & Protection (Intune)

· Announcing three new partners for multi-tenant management with Microsoft Intune [techcommun...rosoft.com]

· Secure apps: Where people, data, and AI intersect

Defender XDR & Sentinel

· Monthly news – March 2026 (Microsoft Defender) [techcommun...rosoft.com]

· RSA 2026: What’s new in Microsoft Defender? [techcommun...rosoft.com]

· Security Copilot in Defender: empowering the SOC with assistive and autonomous AI [techcommun...rosoft.com]

· From Impersonation Calls to Transparent Reporting: Defending the New Front Door of Attacks [techcommun...rosoft.com]

· What’s New in Microsoft Sentinel: March 2026 [techcommun...rosoft.com]

· What’s new in Microsoft Sentinel: RSAC 2026 [techcommun...rosoft.com]

· How Granular Delegated Admin Privileges (GDAP) allows Sentinel customers to delegate access

Copilot for Security

· Introducing Secret Finder: Finding Real Credentials Where Traditional Tools Fail [techcommun...rosoft.com]

· From alert overload to decisive action: How Security Copilot agents are transforming security and IT

Purview - Compliance & Governance

· AI‑Powered Troubleshooting for Microsoft Purview Data Lifecycle Management [techcommun...rosoft.com]

· Priority Cleanup V2: Faster, Simpler Data Purging for Exchange Online [techcommun...rosoft.com]

· Microsoft Purview securing data and enabling apps and agents across your AI stack [techcommun...rosoft.com]

· Secure data as AI scales: New Microsoft Purview innovations at RSA 2026 [techcommun...rosoft.com]

· New Microsoft Purview innovations for Fabric to safely accelerate your AI transformation

✨ Featured Items This Week

New Roadmap Items:

Updated Roadmap Items:

New Message Center Items:

Updated Message Center Items:

(Updated) Microsoft 365 Copilot: Session persistence enhancement for Copilot chat
ID: MC1174856 | Service: Microsoft Copilot (Microsoft 365), Microsoft 365 Copilot Chat | Tags: Updated message, New feature, User impact, Admin impact
Microsoft 365 Copilot chat will preserve conversations by creating session entries in the navigation pane upon prompt submission, allowing users to re...

(Updated) Microsoft Viva Engage | Email sender domain migration from @yammer.com to @engage.mail.microsoft
ID: MC1251200 | Service: Microsoft Viva | Tags: Updated message, Feature update, User impact, Admin impact
Microsoft Viva Engage email sender domains have migrated from @yammer.com to @engage.mail.microsoft (and @eu.engage.mail.microsoft for Europe) as of M...

(Updated) Microsoft 365 Copilot: Manage and deploy user-level connectors in Microsoft 365 admin center
ID: MC1188234 | Service: Microsoft Copilot (Microsoft 365) | Tags: Updated message, New feature, User impact, Admin impact
Microsoft 365 Copilot introduces federated connectors enabling real-time access to external apps like Notion and Canva within Copilot. Admins control ...

(Updated) Microsoft Defender for Office 365 quarantine content read permission update
ID: MC1234569 | Service: Microsoft Defender XDR | Tags: Updated message, Feature update, Admin impact
Microsoft Defender for Office 365 will introduce a new permission for granular access to quarantined email content via Defender XDR Unified RBAC. Roll...

Microsoft Teams | VDI for Azure Virtual Desktops/Windows 365 and Citrix: macOS support with new SlimCore optimization
ID: MC1151241 | Service: Microsoft Teams | Tags: Updated message, New feature, User impact
Microsoft Teams now supports SlimCore media engine optimization for macOS users on Azure Virtual Desktop, Windows 365, and Citrix, replacing WebRTC. T...

]]><![CDATA[The "AI" Security Insights Show Episode (Coming) - The RSA Recap Part 2 The Microsoft Partner Edition. ]]>https://www.microsoftsecurityinsights.com/p/the-ai-security-insights-show-episode-fa3https://www.microsoftsecurityinsights.com/p/the-ai-security-insights-show-episode-fa3Wed, 08 Apr 2026 14:56:12 GMT

]]><![CDATA[The "AI" Security Insights Show Episode 288 - The Recap Edition. OOOO...Anthropic made a BooBoo! We got to meet the security legends, Clive Watson and Craig Fretwell!]]>https://www.microsoftsecurityinsights.com/p/the-ai-security-insights-show-episode-e10https://www.microsoftsecurityinsights.com/p/the-ai-security-insights-show-episode-e10Thu, 02 Apr 2026 23:47:37 GMTLet’s talk Sentinel, AI Security or lack thereof and we think Agent365 is pretty cool when mixed with Microsoft Purview.

Words of Wisdom:

“Anything you say before the word “but” does not count!

“Ask anyone that you admire: Their lucky breaks happened on a detour from their main goal. So embrace detours. Life is NOT a straight line for anyone.”

Security News:

General

AI Security

Azure Security & Defender for Cloud News

Threat Intelligence

Microsoft Entra

Defender XDR & Sentinel

Copilot for Security

Purview – Compliance & Governance

New Roadmap Items:

Updated Roadmap Items:

New Message Center Items:

Updated Message Center Items:

(Updated) Copilot entry point changes in Word and handoff to Agent in chat
ID: MC1240704 | Service: Microsoft 365 apps | Tags: Updated message, Feature update, User impact, Admin impact
Copilot entry points in Word are updated to unify access and introduce Word Agent in the chat pane as the primary interface. Rollout begins early Apri...

(Updated) Microsoft 365 Copilot: Email triage with pin, flag, archive, and mark read
ID: MC1193695 | Service: Microsoft Copilot (Microsoft 365) | Tags: Updated message, New feature, User impact, Admin impact
Microsoft 365 Copilot now supports natural language commands for email triage—pinning, flagging, marking complete, archiving, and marking read/unread—...

(Updated) Microsoft 365 Copilot: Create and view Outlook rules
ID: MC1223821 | Service: Microsoft Copilot (Microsoft 365) | Tags: Updated message, New feature, User impact, Admin impact
Microsoft 365 Copilot now lets Outlook users create and view Inbox rules via natural language in chat, streamlining email management. Available from A...

(Updated) Microsoft Teams: Code block line numbers and improved keyboard accessibility
ID: MC1240703 | Service: Microsoft Teams | Tags: Updated message, Feature update, User impact, Admin impact
Microsoft Teams will enhance the code block experience by adding default line numbers, improved keyboard navigation, consistent language selection, an...

(Updated) Targeted file and folder restores in Microsoft 365 Backup
ID: MC1245216 | Service: Microsoft 365 suite, SharePoint Online | Tags: Updated message, New feature, Admin impact
Microsoft 365 Backup now supports granular restore, allowing admins to browse, search, and restore individual files or folders from SharePoint and One...

]]><![CDATA[The "AI" Security Insights Show Episode 287 - Principal Cloud Advocate April Gittens. If AI is so smart, then why aren't Robots doing our dishes!]]>https://www.microsoftsecurityinsights.com/p/the-ai-security-insights-show-episode-4c1https://www.microsoftsecurityinsights.com/p/the-ai-security-insights-show-episode-4c1Fri, 20 Mar 2026 14:39:57 GMTEdward does MCP. Franks says 3 is a magic number. Rod returns with tales from the other side of the pond? We will talk about the new E7 license from Microsoft and other top of mind security trends and news.

Words of Wisdom:

“To rapidly reveal the true character of a person you just met, move them onto an abysmally slow internet connection. Observe”

Cool AI Tools and Security Links:

Microsoft M365 Changes

Microsoft Security News and Events:

Watch the live show:

]]><![CDATA[The "AI" Security Insights Show Episode 286 - Chris Stelzer Returns! Sentinel + XDR + MCP = SoC Automation Goodness!]]>https://www.microsoftsecurityinsights.com/p/the-ai-security-insights-show-episode-45fhttps://www.microsoftsecurityinsights.com/p/the-ai-security-insights-show-episode-45fFri, 06 Mar 2026 17:10:38 GMTEdward gets someone else to do his homework. Rod returns...or does he? Franks can’t decide if he wants to live in Florida or Virginia. We will also do a run down about all the security and AI.

Words of Wisdom:

Speak confidently as if you are right, but listen carefully as if you are wrong.

Cool Tools and Links:

TOP AI and Security Links to take a look-see:

Weekly Microsoft 365 Announced Changes:

Microsoft Security News and Events:

Watch the live show:

]]><![CDATA[ The "AI" Security Insights Show Episode 285 - Edward does his homework, lessons learned via MCP. Well sort of...!]]>https://www.microsoftsecurityinsights.com/p/the-ai-security-insights-show-episode-b8ahttps://www.microsoftsecurityinsights.com/p/the-ai-security-insights-show-episode-b8aMon, 23 Feb 2026 19:20:38 GMTIn this episode we discuss why Edward continues to go down AI generated rabbit holes instead completing the homework assignment given to him by Frank

We talk about changes in how Sentinel data lake ingest XDR logs, AI rabbit holes and lots of other random security items.

Words of Wisdom:

The biggest lie we tell ourselves is, “I don’t need to write this down because I will remember it”.

Cool Tools and Links:

  • https://cmd.ms/ - the Microsoft Cloud command line!

TOP AI and Security Links to take a look-see:

Weekly Microsoft 365 Announced Changes:

Outlook: Prepare for meetings with Copilot in classic Outlook for Windows
ID: 542186 | Product: Outlook | Status: In development
With so many of us in back-to-back meetings, it can be a real struggle to stay on top of pre-reads, action items, and even what each meeting is about....

Microsoft Teams: Attend Microsoft webinars from Teams Rooms on Android
ID: 547824 | Product: Microsoft Teams | Status: In development
You can join a Microsoft webinar from a Teams Room on Android and interact seamlessly during the event. Available for Teams Rooms Pro.

Microsoft Teams: Streamlined Microsoft 365 Certified App Management in Teams Admin Center
ID: 485712 | Product: Microsoft Teams | Status: In development
This feature allows Microsoft 365 administrators to enable Microsoft 365 certified SaaS applications within their tenant through org-wide settings for...

Microsoft Teams: Branded Meeting Reactions
ID: 541830 | Product: Microsoft Teams | Status: In development
With new branded reactions, organizations can now extend their visual identity directly into meetings. IT admins simply upload custom reaction icons r...

Microsoft 365 app: Microsoft Loop - Admin usage reports for Loop
ID: 421611 | Product: Microsoft 365 app | Status: In development
View and monitor Loop usage in the tenant through existing M365 admin usage dashboards.

Microsoft 365 Copilot: Ground Chat in SharePoint Lists using Context IQ
ID: MC1235746 | Service: Microsoft Copilot (Microsoft 365) | Tags: New feature, User impact
Microsoft 365 Copilot will allow users to search for and insert SharePoint Lists into chat prompts via Context IQ, enhancing response accuracy. This f...

Plan for Windows Server 2016 and Windows 10 2016 LTSB end of support
ID: MC1235720 | Service: Windows | Tags: Admin impact

Microsoft Teams: Upcoming changes to Microsoft Places licensing and feature access
ID: MC1235124 | Service: Microsoft Teams, Microsoft 365 for the web | Tags: Feature update, User impact, Admin impact
Starting April 1, 2026, Microsoft Places licensing will shift from user-based to space-based, making core features widely available without Teams Prem...

OneNote for iOS: Introducing automatic local backups
ID: MC1235123 | Service: Microsoft 365 apps | Tags: New feature, User impact, Admin impact
OneNote for iOS will automatically create local backups of notebooks stored in the iOS Files app, enabling self-service recovery via PC or Mac. This f...

(Updated) Microsoft Teams: Reduced automatic updates in Meet Now channel meeting threads
ID: MC1235118 | Service: Microsoft Teams | Tags: Updated message, Feature update, User impact
Microsoft Teams will reduce automatic updates in Meet Now channel meeting conversations, showing only a single “Meeting started” message in the channe...

Microsoft Security News and Events:

Enjoyed this recent blog post from Microsoft Threat Intel team detailing a threat actors TTPs to compromise cloud-based data storage. What I found interesting is their on-prems to cloud lateral movements. Across multiple domains and across multiple Entra ID tenants within a single customer. A lot of you deal with this due to your business conducting multiple M&As over many years. Just goes to show the basics matter, hygiene matters, full visibility which mean full coverage matters. (off soap box)

Also, had a fun time watching a YouTube video of AzureHound being used to help easily identify relationships and permissions in an Azure environment. For example, to locate a user who had elevated privileges on a non-human identity (Service Principle) which had assigned global admin 🙄😐😑. This was one of the tools the threat actors used for recon.

Hope everyone has a great weekend and enjoys the read! Click Here for Blog

Watch the live replay:

]]><![CDATA[ The "AI" Security Insights Show Episode 284 - Microsoft Sentinel Pricing....it's like MAAGIC!]]>https://www.microsoftsecurityinsights.com/p/the-ai-security-insights-show-episode-f18https://www.microsoftsecurityinsights.com/p/the-ai-security-insights-show-episode-f18Sat, 07 Feb 2026 15:12:01 GMTIn this episode we have the good folks from the security company - LockBase Cyber. Leonard Volling and Charlie Smith will come on and talk about their new Microsoft Sentinel pricing tool.

Also Ed talks about how this work travel kept him from doing his homework and messed up the last show, Frank is still trying to decide if he would rather teach security or AI and Rod has finished his No Pop-Tarts January. Oh, we also talked about AI security, Sentinel data lake, AI chips from Google and how we will pivot the show in 2026 to have a deep focus on all things that help secure AI, blah, blah, blah.

Words of Wisdom:

The biggest lie we tell ourselves is, “I don’t need to write this down because I will remember it”.

Cool Tools and Links:

  • https://cmd.ms/ - the Microsoft Cloud command line!

TOP AI and Security Links to take a look-see:

Weekly Microsoft 365 Announced Changes:

Microsoft General:

AI Security:

Azure Security & Defender for Cloud News:

Purview - Compliance & Governance:

Microsoft Entra:

Copilot for Security:

Sentinel:

Defender XDR:

Watch the live replay

]]><![CDATA[Catch Us Weekly on your TV]]>https://www.microsoftsecurityinsights.com/p/catch-us-weekly-on-your-tvhttps://www.microsoftsecurityinsights.com/p/catch-us-weekly-on-your-tvThu, 22 Jan 2026 22:51:26 GMT

Exciting news for fans of cybersecurity discussions: Substack has just rolled out a brand-new TV app in beta, making it easier than ever to enjoy video content from your favorite creators right on your big screen. Launched today, the app is available for Apple TV, Google TV, and Android TV devices. Simply search for “Substack” in your TV’s app store—whether it’s the Apple App Store for Apple TV or the Apps section for Google and Android TV—and download it to get started. This move expands Substack’s reach beyond mobile and web, allowing subscribers to stream videos and live broadcasts comfortably from their living rooms.

For subscribers to THE Security Insights Show, hosted by Edward Walton, Frank Grimberg, and Rod Trent, this means you can now catch the weekly episodes on your TV. The show delivers in-depth conversations, the latest news, practical tips, and insights into Microsoft security solutions and broader industry trends—all in video format. Recent episodes, like Episode 283 on the AI revolution in cybersecurity, are streamed live and available on-demand, blending expert analysis with engaging dialogue. With over 6,000 subscribers already tuning in, the show’s video podcast style is perfect for TV viewing, whether you’re settling in for a full episode or catching up on highlights.

To watch, log in to the Substack TV app with your account details. Your subscriptions will sync seamlessly, giving you access to THE Security Insights Show‘s content matched to your free or paid tier. No more huddling around a phone or laptop—lean back and dive into the world of cybersecurity from the comfort of your couch. If you’re not subscribed yet, head over to the site and join the community for weekly updates that keep you ahead in the ever-evolving security landscape.

Thanks for reading THE Security Insights Show! Subscribe for free to receive new posts and support my work.

]]><![CDATA[ The "AI" Security Insights Show Episode 283 - AI Revolution in Cybersecurity]]>https://www.microsoftsecurityinsights.com/p/the-ai-security-insights-show-episodehttps://www.microsoftsecurityinsights.com/p/the-ai-security-insights-show-episodeFri, 09 Jan 2026 16:29:57 GMTIn this episode, Ed talks about this travel adventures, Frank confesses that he is addicted to life on a cruise ship and Rod was out because of Pop Tart overdose. Oh, we also talked about AI security, Sentinel datalake, AI chips from Google and how we will pivot the show in 2026 to have a deep focus on all things that help secure AI, blah, blah, blah.

Words of Wisdom:

The best way to get a correct answer on the internet is to post an obviously wrong answer and wait for someone to correct you.

Show Links:

Learning:

Secure your data for AI with Microsoft Purview

Tuesday, January 27, 2026, 1:00 – 2:00 PM ET (GMT-05:00)

Register now

Strengthen Your Security Posture with Advanced Identity Solutions

Wednesday, January 28, 2026, 2:00 – 3:00 PM ET (GMT-05:00)

Register now

Dive into a simulation of Microsoft 365 Defender and Microsoft Sentinel

Wednesday, February 04, 2026, 11:00 AM – 6:00 PM (GMT-05:00)

Register now

General:

AI Security:

Azure Security & Defender for Cloud News:

Purview - Compliance & Governance:

Device Management & Protection (Intune):

Microsoft Entra:

Threat Intelligence:

Copilot for Security:

Defender XDR & Sentinel:

Watch the live replay

]]><![CDATA[Cert till it Hurts!]]>https://www.microsoftsecurityinsights.com/p/cert-till-it-hurtshttps://www.microsoftsecurityinsights.com/p/cert-till-it-hurtsTue, 30 Dec 2025 21:05:54 GMTBecause the learning doesn’t stop! Got it out of the way before it expired on Jan 4th. It made me feel less like a lazy bum over the holidays LOL. It is the first small step for a TON of items that I want to add to my SME toolbelt in 2026.

#Sentinel #XDR #SecurityInsightPodcast #AI #AISecurity #Copilot #SecurityCopilot #MicrosoftSecurity #SentinelMCP #SentinelGraph #Sentineldatalake

e

]]><![CDATA[THE Security Insights Show Episode 282: Quantum Leaps and Zero-Day Zealots]]>https://www.microsoftsecurityinsights.com/p/the-security-insights-show-episode-a2fhttps://www.microsoftsecurityinsights.com/p/the-security-insights-show-episode-a2fFri, 19 Dec 2025 00:13:32 GMTJoin our hosts December 18th, 2025, as they dive into the electrifying world of Microsoft Security’s latest breakthroughs. This episode unpacks real-world triumphs in thwarting sophisticated AI-driven phishing swarms, and debates the hottest zero-day exploits shaking the headlines. Packed with insider tips this is your must-listen guide to staying light-years ahead in the cyber arms race.

This episode, we welcome back Alistair Pugin to talk Agent security.

Show Notes/Links

]]><![CDATA[THE Security Insights Show Episode 281: Jingle Hack '25: Elves on the Shelf (Watching Your Wi-Fi)]]>https://www.microsoftsecurityinsights.com/p/the-security-insights-show-episode-dafhttps://www.microsoftsecurityinsights.com/p/the-security-insights-show-episode-dafFri, 05 Dec 2025 00:38:40 GMTAfter a pre-Ignite cliffhanger, we welcome back the illustrious James Key. This episode, James is back to fill us in on the Ignite announcements around Security Copilot that he couldn’t talk about last time.

Show Notes/Links

]]><![CDATA[THE Security Insights Show Episode 280: Turkey-Day Trojans]]>https://www.microsoftsecurityinsights.com/p/the-security-insights-show-episode-129https://www.microsoftsecurityinsights.com/p/the-security-insights-show-episode-129Tue, 25 Nov 2025 14:44:47 GMTAs the Thanksgiving turkey roasts and the family gathers, cybercriminals are lurking in the digital shadows, ready to crash your holiday feast. In Episode 280 of THE Security Insights Show, hosts serve up a timely platter of cybersecurity wisdom to keep your “gravy secrets”—those juicy credentials, financial data, and personal info—safe from opportunistic hackers.

Dive into the rising tide of “Turkey-Day Trojans”: sneaky malware disguised as festive deals, phishing emails from “Aunt Edna” demanding urgent wire transfers, and smart home devices turned into spy cams by unsecured Wi-Fi. We’ll unpack real-world holiday hacks, from ransomware gobbling up your shopping carts to social engineering tricks exploiting family chit-chat. Plus, get actionable Microsoft Security tips—like leveraging Defender for endpoint protection, Entra ID for secure guest access during virtual toasts, and Copilot-powered threat hunting to spot the bad stuffing before it sours the meal.

Whether you’re a CISO stress-testing your perimeter or just a home user dodging Black Friday bait, this episode arms you with the tools to feast worry-free. Tune in now on YouTube, Apple Podcasts, Spotify, or your favorite platform—because nothing ruins a holiday like a data breach on dessert. Don’t forget to subscribe for more bites of security insight!

This episode of “THE Security Insights Show” covers a range of topics, starting with personal updates and discussions about cybersecurity certifications. The hosts delve into the role of Artificial Intelligence (AI) in cybersecurity, specifically debating the necessity of learning KQL (Kusto Query Language) from scratch given the advent of natural language to KQL models (16:01). They discuss the importance of understanding underlying data and language nuances even with AI assistance (18:56).

The conversation then pivots to key announcements from Microsoft Ignite, including:

  • Work IQ: An intelligent layer that enhances productivity by connecting organizational and personal data, enabling AI-driven insights and recommendations within Microsoft 365 applications (31:31).

  • Proactive Attack Disruption and Predictive Shielding: Microsoft’s new capabilities to anticipate attacker moves during ongoing attacks, dynamically hardening targets in real-time (35:59).

  • Expanded Automatic Attack Disruption: This feature extends to work across third-party services like AWS, Okta, and Proofpoint, allowing Microsoft Defender to take decisive actions on external systems even if the threat originates from a non-Microsoft system (39:06).

  • Rebranding of Defender XDR to Borg XDR: Indicating a consolidation of more Defender for Cloud functionality and assimilation of Sentinel into the unified Defender portal (42:00).

  • Native Sysmon in Windows 11: A significant announcement for security professionals (42:35).

]]><![CDATA[THE Security Insights Show Episode 279: Security Copilot Updates]]>https://www.microsoftsecurityinsights.com/p/the-security-insights-show-episode-796https://www.microsoftsecurityinsights.com/p/the-security-insights-show-episode-796Fri, 07 Nov 2025 00:28:11 GMTIn this electrifying episode, we sit down with James Key, Principal Product Manager for Microsoft Security Copilot, to unpack the groundbreaking advancements shaping the future of AI-driven security. With over nine years of expertise in cloud architecture, technical training, and product innovation, James is at the forefront of empowering security teams worldwide through intelligent, partner-led solutions.

As cyber threats evolve at breakneck speed, Microsoft Security Copilot is supercharging defenses with its latest fall updates. James breaks down the integration with the new Sentinel data lake and graph, enabling seamless data querying and real-time threat hunting like never before. We’ll explore the debut of ready-made and custom agents that automate complex workflows, from incident response to vulnerability management, freeing up pros to focus on strategy.

But it’s not just tech—James shares how the newly launched Microsoft Security Store is uniting partners in a bold ecosystem for innovation, fostering collaborative AI tools tailored to enterprise needs.

Links/Notes

]]><![CDATA[THE Security Insights Show Episode 278: Pumpkin Patch Phishers: Carving Out Your Data This Halloween]]>https://www.microsoftsecurityinsights.com/p/the-security-insights-show-episode-be4https://www.microsoftsecurityinsights.com/p/the-security-insights-show-episode-be4Fri, 24 Oct 2025 10:54:56 GMTPicture this: It’s the witching hour of cybersecurity, where jack-o’-lanterns glow with malevolent code and candy corn conceals keyloggers. In this spine-tingling episode of The Security Insights Show, we dive headfirst into the ghoulish guts of seasonal phishing scams – those crafty creeps who lure you in with “Free Zombie Apocalypse Prep Kits” emails, only to carve up your credentials like a deranged pie maker at a harvest festival.

Join our hosts as they unmask the tricks-or-treats of spear-phishing spooks, ransomware pumpkins that explode in your inbox, and why your two-factor auth is the garlic necklace against digital Dracula. We’ll roast real-world horror stories – like the exec who traded his soul (and SSO login) for a “haunted house discount” – and arm you with tricks to keep your data from doing the monster mash.

This episode of “THE Security Insights Show” discusses the risks and security challenges associated with artificial intelligence (AI), particularly concerning phishing scams during the Halloween season (0:21). The hosts, Rodney and Franklin, touch on various aspects of AI, its adoption, and the evolving landscape of cybersecurity.

Key discussion points include:

  • The hosts’ return and show changes: Rodney and Franklin discuss their return to the show after a summer break, moving to a bi-weekly Thursday schedule to allow more time for content creation and guest planning (1:02-6:54).

  • October as Cybersecurity Awareness Month: They emphasize the importance of cybersecurity awareness, noting a lack of guest speakers this year compared to previous years (4:17-4:33).

  • Artificial Intelligence (AI) and its security implications: A significant portion of the discussion revolves around AI, specifically the challenges of securing and governing it (7:47). They highlight the increasing use of AI in creating sophisticated phishing campaigns and the alarming potential for “non-human entities” or “agentic offerings” to be compromised or act as “double agents” in an environment (10:10-10:57).

  • Understanding AI architecture and threats: Franklin argues that securing AI is fundamentally about securing compute, identity, data, and networks, with the Large Language Model (LLM) being a new threat (11:31-12:29). They discuss the role of the MCP (Microsoft Collaboration Protocol) server in providing context between chatbots and data sources, acknowledging that generative AI can sometimes provide inaccurate responses (13:03-15:41).

  • Challenges in AI security and training: The hosts express concern about the lack of fundamental understanding of AI among security professionals and the trend of training courses merely adding “with AI” to existing content without real value (28:41-31:21). They also discuss the emergence of highly specialized roles in AI security, like the “Chief Artificial Intelligence Risk Officer (CAIRO),” and the potential for a “corporate fear of missing out” driving quick, potentially insecure, AI adoption (36:06-38:29).

  • The CISO’s role and application expectations: Franklin suggests that CISOs have the necessary tools for AI security, viewing it as another application to secure, while Rodney believes many are unprepared due to rapid adoption and an “outnumbered” feeling in defense (37:42-43:52).

]]><![CDATA[THE Security Insights Show Episode 277: Is this thing on???]]>https://www.microsoftsecurityinsights.com/p/the-security-insights-show-episode-a40https://www.microsoftsecurityinsights.com/p/the-security-insights-show-episode-a40Sat, 18 Oct 2025 12:37:47 GMTAfter the first-ever summer break, the crew is back! New crew. New format. Listen or watch to hear about what’s coming.

We also welcome Alistair Pugin. Microsoft MVP for M365 + Security, Blogger, Podcaster and Speaker.

Key Highlights

  • Return of the Show (1:38): The hosts are back after a three-month summer break, during which they experienced new jobs, roles, and duties. They thank their listeners and confirm the original cast of Edward Walton, Rod Trent, and Franklin Grimberg are back, though Brody is still on hiatus.

  • Focus on AI and Security (0:52, 1:02): Frank highlights the current “crazy” world of AI, particularly Microsoft’s efforts to secure and manage it. He expresses concern that many people are unaware of the tools available to them.

  • Guest Introduction - Alistair Pugan (5:57): Alistair Pugan, from Cape Town, South Africa, is introduced as an expert in compliance and information protection, having worked with Microsoft on shaping exams like SC400 and even co-designing a board game about deception.

  • Challenges with AI Adoption (7:58): Alistair discusses the “wild wild west” of AI adoption, where organizations are indiscriminately handing out AI, and users are not following guidelines. He notes the parallel to the Google search appliance debacle of 2008, where people are finding content they shouldn’t.

  • Microsoft’s AI Strategy and Data Training (20:08): The discussion touches on Microsoft’s stance that they do not train their AI models on customer data, emphasizing the importance of data classification for protection.

  • Copilot as Superized Search (24:15): Alistair explains that Copilot functions as a “superized search” within the Microsoft 365 tenant, using semantic indexing and security trimming to ensure users only access data they have permissions for.

  • Data Security Posture Management (DSPM) for AI (28:45): The hosts delve into DSPM for AI, a tool within Microsoft Purview (E3 or E5 licenses) that helps organizations monitor their AI usage. Key aspects include:

    • Components of Data Security (29:51): Frank and Alistair discuss how Microsoft defines data security, including information protection (sensitivity labels), data loss prevention (DLP), and insider risk management.

    • Monitoring AI Usage (31:25): DSPM allows organizations to monitor what users are doing with AI, including AI usage reports and integration with Defender for Cloud Apps.

    • Prompt Monitoring (32:28): It can monitor user prompts, especially for sensitive information requests (e.g., “give me the payroll for everyone”), using sensitive information types or trainable classifiers.

    • Shadow AI Detection (33:21): DSPM helps detect “shadow AI” by monitoring when users visit or upload sensitive information to third-party AI sites like Chat GPT, Gemini, or Perplexity.

    • Policy Automation (34:31): The tool can automatically spin up policies to detect sensitive information in AI prompts, visits to AI sites, and sensitive data uploads to AI sites.

  • Agent Sprawl and Non-Human Identities (15:50, 17:10): A significant concern raised is that anyone with a Microsoft 365 Copilot license can build an agent in Copilot Studio, which registers an application in Entra (Azure Active Directory) and creates “non-human identities.” This can lead to “agent sprawl” and uncontrolled API permissions if not properly managed by identity admins.

  • Mitigating Agent Sprawl (40:03): The solution involves having an application security posture management strategy and robust application onboarding and offboarding policies, as agents are essentially applications that require permissions to interact with data.

  • Copilot Studio Licensing (39:02): There are different licensing models for Copilot Studio: a free tenant license for building agents (for users without an M365 Copilot license) and a premium capacity license for deploying agents to users without a Copilot license.

]]><![CDATA[The Microsoft Security Insights Show is Back: Spooky Season Starts with Cybersecurity Shenanigans!]]>https://www.microsoftsecurityinsights.com/p/the-microsoft-security-insights-show-70ahttps://www.microsoftsecurityinsights.com/p/the-microsoft-security-insights-show-70aThu, 09 Oct 2025 16:34:36 GMTHey, security squad! If you’ve been missing your weekly dose of cybersecurity wit, wisdom, and a dash of Microsoft magic, I’ve got the best news since patch Tuesday: The Microsoft Security Insights Show is roaring back to life after our first-ever summer hiatus! That’s right—after a well-deserved break to recharge (and maybe dodge a few metaphorical phishing hooks), we’re hitting the airwaves again starting next week. Mark your calendars, fortify your feeds, and get ready for episodes that’ll keep your defenses sharp and your funny bone tickled.

What’s New in the New Season?

We’re not just returning; we’re evolving. Episode 277 kicks things off with a fresh crew behind the scenes and a revamped format that’s punchier, more interactive, and laser-focused on delivering actionable insights you can apply today. Whether you’re a CISO battling enterprise threats or a home user dodging holiday hackers, we’ve got tips on Microsoft Sentinel for threat hunting, Entra ID for ironclad access, Defender for endpoint armor, Copilot for smarter security, and zero-trust principles to keep the bad guys at bay. Live streams happen every Wednesday at 5pm EST, and you can catch replays on YouTube, Spotify, Apple Podcasts, or wherever you get your pods. Pro tip: Join us live for the Q&A—it’s where the real magic (and memes) happen.

Thanks for reading THE Security Insights Show! Subscribe for free to receive new posts and support my work.

Our summer break? Let’s just say it was a plot twist even M. Night Shyamalan couldn’t dream up. We took time to reflect, collaborate, and plot world domination... er, I mean, better ways to make cybersecurity less “error 404: fun not found.” Now, we’re hungrier than ever to unpack the latest threats with humor and hustle.

Upcoming Episodes: From Phishers to Password Purgatory

The schedule is packed with timely, themed episodes that’ll have you laughing through the scares. Here’s a sneak peek at what’s dropping soon—because who says learning about ransomware can’t be festive?

And that’s just the appetizer—more episodes are cooking, with slots filling faster than a zero-day exploit. Things might shift (life in cyberland, amirite?), so check the official schedule for the latest.

Join the Crew—Literally!

Got a story that screams “guest spot”? Or tips on Microsoft Security wizardry? Hit us up at securityinsights@substack.com—spots are vanishing quicker than unpatched vulnerabilities. In the meantime, subscribe to the newsletter, smash that follow button on your fave platform, and spread the word. Let’s make this season the most secure (and entertaining) one yet.

Stay vigilant, stay funny, and we’ll see you on the 16th. What’s your biggest cyber fear this fall? Drop it in the comments—maybe it’ll inspire the next episode!

—The MSI Team

Thanks for reading THE Security Insights Show! Subscribe for free to receive new posts and support my work.

]]><![CDATA[ THE Security Insights Show Summer Break continues....]]>https://www.microsoftsecurityinsights.com/p/the-security-insights-show-summer-ac5https://www.microsoftsecurityinsights.com/p/the-security-insights-show-summer-ac5Tue, 02 Sep 2025 19:16:21 GMTHappy Tuesday All,

Monday was a holiday to do NO LABOR! Wait that’s not what that holiday means…oh well. We are back on a Tuesday!

We enjoyed this recent blog post from Microsoft Threat Intel team detailing a threat actors TTPs to compromise cloud-based data storage. What I found interesting is their on-prems to cloud lateral movements. Across multiple domains and across multiple Entra ID tenants within a single customer. A lot of you deal with this due to your business conducting multiple M&As over many years. Just goes to show the basics matter, hygiene matters, full visibility which mean full coverage matters. (off soap box)

Also, had a fun time watching a YouTube video of AzureHound being used to help easily identify relationships and permissions in an Azure environment. For example, to locate a user who had elevated privileges on a non-human identity (Service Principle) which had assigned global admin 🙄😐😑. This was one of the tools the threat actors used for recon.

Hope everyone has a great short work week and enjoys the read! Click Here for Blog

Thanks for reading THE Security Insights Show! Subscribe for free to receive new posts and support my work.

In the meantime, we will occasionally (randomly) post tips, tricks, news and some of our favorite words of wisdom aka “Ed’s Edibles”, Rod Rant’s, Frank’s Fumble’s and Brodie’s Babble’s until our return.

Ed’s Edibles:

  • Aim to be effective, but unpredictable. That is, you want to act in a way that AIs have trouble modeling or imitating. That makes you irreplaceable.

Rod Rants:

  • If you think someone is normal, you don’t know them very well. Normalcy is a fiction. Your job is to discover their weird genius.

    Brodie Babbles:

  • When someone texts you they are running late, double the time they give you. If they say they’ll be there in 5, make that 10; if 10, it’ll be 20; if 20, count on 40.

Frank’s Fumbles:

  • You can become the world’s best in something primarily by caring more about it than anyone else.

Other Security Notes and News:

⁠Hundreds of Swedish municipalities impacted by suspected ransomware attack on IT supplier⁠ (The Record)

⁠Google issues emergency warning for all Gmail users⁠ (Geekspin)

⁠TransUnion Data Breach Impacts 4.4 Million⁠ (Security Week)

⁠Npm Package Hijacked to Steal Data and Crypto via AI-Powered Malware⁠ (Infosecurity Magazine)

⁠US Senators Call for Details of Aflac Data Breach⁠ (Bank Infosecurity)

⁠Ransomware gang takedowns causing explosion of new, smaller groups⁠ (The Record)

⁠FBI, Dutch cops seize fake ID marketplace, servers ⁠ (The Register)

⁠Florida Considers Rule to Improve Healthcare Data Breach Transparency⁠ (The HIPPA Journal)

⁠Affiliates Flock to ‘Soulless’ Scam Gambling Machine⁠ (Krebs on Security)


Thanks for reading THE Security Insights Show! Subscribe for free to receive new posts and support my work.

]]><![CDATA[THE Security Insights Show Summer Break!]]>https://www.microsoftsecurityinsights.com/p/the-security-insights-show-summer-60ehttps://www.microsoftsecurityinsights.com/p/the-security-insights-show-summer-60eTue, 26 Aug 2025 19:55:02 GMT

Howdy, Howdy, Podcast family. Yet another week has BLOWN by. We were like WOW, September is almost upon us! Never the one to sit idle, we will start show planning next month so we can reappear like magic in October. The ideas are starting to flow and before you know it will be time for the show. You see what we did there. LOL. Everyone please continue to enjoy not having to hear our annoying voices because we shall return to re-issue out ear worms.

Thanks for reading THE Security Insights Show! Subscribe for free to receive new posts and support my work.

In the meantime, we will occasionally (randomly) post tips, tricks, news and some of our favorite words of wisdom aka “Ed’s Edibles”, Rod Rant’s, Frank’s Fumble’s and Brodie’s Babble’s until our return.

Ed’s Edibles:

  • Admitting that “I don’t know” at least once a day will make you a better person.

Rod Rants:

  • Try to define yourself by what you love and embrace, rather than what you hate and refuse.

    Brodie Babbles:

  • The best gardening advice: find what you can grow well and grow lots and lots of it.

Frank’s Fumbles:

  • Never hesitate to invest in yourself—to pay for a class, a course, a new skill. These modest expenditures pay outsized dividends.

Microsoft Security Nibbles:

Other Security Notes and News:

⁠Intel data breach: employee data could be accessed via API ⁠(Techzine Global)

⁠North Korean Kimsuky Hackers Use GitHub to Target Foreign Embassies with XenoRAT Malware⁠ (GB Hackers)

⁠Internet-wide Vulnerability Enables Giant DDoS Attacks⁠ (Dark Reading)

⁠Drug development company Inotiv reports ransomware attack to SEC⁠ (The Record)

⁠UK ‘agrees to drop’ demand over Apple iCloud encryption, US intelligence head claims⁠ (The Record)

⁠Ransomware gang masking PipeMagic backdoor as ChatGPT desktop app: Microsoft⁠ (The Record)

⁠ERMAC Android malware source code leak exposes banking trojan infrastructure⁠ (Bleeping Computer)

⁠Nebraska man gets 1 year in prison for $3.5M cryptojacking scheme⁠ (Bleeping Computer)

⁠South Yorkshire Police Deletes 96,000 Pieces of Digital Evidence ⁠ (Infosecurity Magazine)

MSFT Security Happenings:

Join us for this webinar to learn how Azure Web Application Firewall (WAF) is advancing to address the dynamic threat landscape facing modern web applications. We’ll walk through recent updates that enhance protection, improve manageability, and support evolving application architectures. This session is ideal for anyone looking to stay informed on the latest developments and best practices for securing web applications with Azure WAF.

This event will take place on Thursday, August 28, 2025 at 08:00 PT. At that time, click here to join: https://aka.ms/JOIN-WEBINAR-18-MICROSOFT-AZURE-NETWORK-SECURITY
To stay informed about future webinars and other events, join our Security Community at https://aka.ms/SecurityCommunity.

Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. Join us for this webinar to explore the evolving landscape of cloud network security and how Azure Firewall continues to adapt to meet emerging challenges. This session will highlight the latest enhancements and capabilities designed to strengthen your security posture and provide greater visibility into your network environment. Whether you're new to Azure Firewall or looking to stay current, this session will equip you with the insights needed to protect your cloud workloads effectively.

This event will take place on Wednesday, September 10, 2025 at 8:00AM PT. At that time, click here to join:
https://aka.ms/JOIN-WEBINAR-19-MICROSOFT-AZURE-NETWORK-SECURITY

Thanks for reading THE Security Insights Show! Subscribe for free to receive new posts and support my work.

]]><![CDATA[The Security Insights Show Summer Break!]]>https://www.microsoftsecurityinsights.com/p/the-security-insights-show-summerhttps://www.microsoftsecurityinsights.com/p/the-security-insights-show-summerMon, 18 Aug 2025 16:53:07 GMT

Hello Podcast Family. We won’t lie, we are having withdrawal symptoms from not producing the show, but I can tell you for sure, that having the time off is allowing us to come with some good ideas when we return. We also get time to listen to some of our favorite podcasts. Being on the other side of the MIC is a good thing.

Thanks for reading THE Security Insights Show! Subscribe for free to receive new posts and support my work.

In the meantime, we will occasionally (randomly) post tips, tricks, news and some of our favorite words of wisdom aka “Ed’s Edibles”, Rod Rant’s, Frank’s Fumble’s and Brodie’s Babble’s until our return.

Ed’s Edibles:

If you loan someone $20 and you never see them again because they are avoiding paying you back, that makes it worth $20.

Rod Rants:

Your group can achieve great things way beyond your means simply by showing people that they are appreciated.

Brodie Babbles:

If you repeated what you did today 365 more times, will you be where you want to be next year?

Frank’s Fumbles:

Don’t bother fighting the old; just build the new.

Microsoft Security Nibbles:

Azure Network Security: Exploring Azure Firewall for comprehensive threat protection

In this episode, host Andrew Mathu welcomes Shabaz Shaik to explore how Azure Firewall secures modern cloud networks through real-world use cases. From protecting traffic in VNET hub-and-spoke deployments and Virtual WAN (Secure Hub) architectures to enabling Forced Tunnel mode for secure internet breakout, learn how Azure Firewall’s intelligent filtering, scalable design, and advanced threat protection help organizations safeguard their workloads across hybrid and cloud environments.

Advanced Threat Detection with Defender XDR Community Queries

Join our conversation with Product Managers Daniel Mozes and Ajaj Shaikh as they walk through Defender XDR GitHub community queries, specifically tailored to detecting and investigating email and collaboration threats. We explore examples of Advanced Hunting queries you can use to enrich your own repository, demonstrate how to apply them effectively, and highlight how you can contribute your own queries to help grow the community.

The Unified SecOps Experience using Microsoft Sentinel’s latest features

In this episode, Principal Product Manager Tiander Turpijn shares the latest updates within the Microsoft Defender XDR portal, highlighting key efficiency improvements for triage and incident investigation. We also learn more about the role of workspaces, examine activity logs and tasks, and highlight the value of using flyouts to streamline your workflow. Whether you’re new to the portal or looking to optimize your efficiency, this session will help you operationalize the XDR portal for maximum impact.

Shadow IT 2.0: Managing the risk of OAuth apps Explosion in the Enterprise

Join us as we unpack the growing risk of OAuth apps as the new Shadow IT – with users authorizing these apps to act on their behalf, often without oversight. Learn why enterprises must expand their security focus beyond devices to protect interactions with applications, see who is using which apps with what permissions, and how Microsoft Defender for Cloud Apps helps to manage and maintain the safety of these powerful integrations.

Other Security Notes and News:

⁠Plex warns users to patch security vulnerability immediately⁠ (Bleeping Computer)

⁠Cisco Discloses Critical RCE Flaw in Firewall Management Software ⁠(Infosecurity Magazine)

⁠Critical Flaws Patched in Rockwell FactoryTalk, Micro800, ControlLogix Products ⁠(SecurityWeek)

⁠CISA Releases Thirty-Two Industrial Control Systems Advisories⁠ (CISA.gov)

⁠Hackers Breach Canadian Government Via Microsoft Exploit⁠ (Bank Infosecurity)

⁠Compromised Government and Police Email Accounts on the Dark Web⁠ (Abnormal.AI)

⁠Telco giant Colt suffers attack, takes systems offline ⁠(The Register)

⁠Taiwan announces measures to protect hospitals from hackers⁠ (Focus Taiwan)

⁠New NIST Concept Paper Outlines AI-Specific Cybersecurity Framework⁠ (Hack Read)

⁠A flirty Meta AI bot invited a retiree to meet. He never made it home.⁠ (Reuters)

⁠Dutch prosecution service attack keeps speed cameras offline ⁠(The Register)

MSFT Security Happenings:

  • https://www.microsoft.com/en-us/security/security-insider/threat-landscape/microsoft-digital-defense-report-2024?rtc=1?rtc=1

  • https://techcommunity.microsoft.com/category/microsoftintune/blog/intunecustomersuccess

  • https://techcommunity.microsoft.com/category/microsoft-defender-for-endpoint/blog/microsoftdefenderatpblog

  • https://techcommunity.microsoft.com/category/microsoft-defender-for-cloud/blog/microsoftdefendercloudblog

  • https://techcommunity.microsoft.com/category/microsoft-sentinel/blog/microsoftsentinelb

  • https://techcommunity.microsoft.com/category/microsoft-defender-for-office-365/blog/microsoftdefenderforoffice365blog

  • https://techcommunity.microsoft.com/category/cis/blog/coreinfrastructureandsecurityblog

Thanks for reading THE Security Insights Show! Subscribe for free to receive new posts and support my work.

]]>