In this episode we discuss why Edward continues to go down AI generated rabbit holes instead completing the homework assignment given to him by Frank
We talk about changes in how Sentinel data lake ingest XDR logs, AI rabbit holes and lots of other random security items.
Words of Wisdom:
The biggest lie we tell ourselves is, “I don’t need to write this down because I will remember it”.
Cool Tools and Links:
https://cmd.ms/ - the Microsoft Cloud command line!
TOP AI and Security Links to take a look-see:
Open AI ready made prompts: https://academy.openai.com/public/tags/prompt-packs-6849a0f98c613939acef841c
All the admin portal and API endpoints: 🖥 Home | [cmd.ms]
Microsoft Community Hub - Monthly news - February 2026 | Microsoft Community Hub
Weekly Microsoft 365 Announced Changes:
Microsoft Purview: Data Lifecycle Management- Azure PST Import
ID: 557559 | Product: Microsoft Purview | Status: In development
Azure PST Import is a migration method that enables PST files stored in Azure Blob Storage to be imported directly into Exchange Online mailboxes. It ...Microsoft 365 Copilot: xAI Grok 4.1 Fast now available in Copilot Studio for US customers (admin opt-in required)
ID: MC1235017 | Service: Microsoft Copilot (Microsoft 365) | Tags: New feature, User impact, Admin impact
Starting February 19, 2026, xAI Grok 4.1 Fast, a text-only large language model, will be available in Microsoft Copilot Studio for U.S. customers by a...Simplified Teams app bar to create a cleaner and more focused experience
ID: MC1234559 | Service: Microsoft Teams | Tags: New feature, User impact
Microsoft Teams is simplifying the app bar to reduce clutter and improve focus, rolling out from mid-March to early April 2026. The app bar will show ...Microsoft Teams: Enable customers to book appointments from a live chat widget on your website
ID: 557172 | Product: Microsoft Teams | Status: In development
The Microsoft Teams live chat widget lets customers engage in one to one conversations with your business directly from your website, and now also ena...Coming soon to organizations: Customize the Start menu with updated policies
Microsoft Copilot (Microsoft 365): Explain slide selection during PowerPoint Live
ID: 557256 | Product: PowerPoint, Microsoft Copilot (Microsoft 365) | Status: In development
This feature enhances the PowerPoint Live meeting experience by using Copilot to let attendees select slide text and get explanations for the content.Microsoft Viva: Copilot Analytics: Copilot adoption PBI version update including Power user insights.
ID: 557674 | Product: Microsoft Viva, Microsoft Copilot (Microsoft 365) | Status: In development
The updated Copilot adoption Power BI report will come with a streamlined UX and new Power user insights.Outlook: Share Word, Excel, and PowerPoint local files via the new Outlook for Windows
ID: 557675 | Product: Outlook | Status: In development
When working in an open Word, Excel, or PowerPoint file, users will now be able to send a copy of the locally stored file by email through the new Out...OneDrive: Set a custom name for the OneDrive sync folder
ID: 557562 | Product: OneDrive | Status: In development
IT admins can now customize the local OneDrive sync root folder name on users’ Windows computers. By default, the folder is named “OneDrive - {organiz...SharePoint: New SharePoint Experience
ID: 547732 | Product: SharePoint | Status: In development
We are introducing a reimagined SharePoint experience designed to be simple and intuitive, centered on the core jobs of discovering knowledge, publish...
Outlook: Prepare for meetings with Copilot in classic Outlook for Windows
ID: 542186 | Product: Outlook | Status: In development
With so many of us in back-to-back meetings, it can be a real struggle to stay on top of pre-reads, action items, and even what each meeting is about....
Microsoft Teams: Attend Microsoft webinars from Teams Rooms on Android
ID: 547824 | Product: Microsoft Teams | Status: In development
You can join a Microsoft webinar from a Teams Room on Android and interact seamlessly during the event. Available for Teams Rooms Pro.
Microsoft Teams: Streamlined Microsoft 365 Certified App Management in Teams Admin Center
ID: 485712 | Product: Microsoft Teams | Status: In development
This feature allows Microsoft 365 administrators to enable Microsoft 365 certified SaaS applications within their tenant through org-wide settings for...
Microsoft Teams: Branded Meeting Reactions
ID: 541830 | Product: Microsoft Teams | Status: In development
With new branded reactions, organizations can now extend their visual identity directly into meetings. IT admins simply upload custom reaction icons r...
Microsoft 365 app: Microsoft Loop - Admin usage reports for Loop
ID: 421611 | Product: Microsoft 365 app | Status: In development
View and monitor Loop usage in the tenant through existing M365 admin usage dashboards.
Microsoft 365 Copilot: Ground Chat in SharePoint Lists using Context IQ
ID: MC1235746 | Service: Microsoft Copilot (Microsoft 365) | Tags: New feature, User impact
Microsoft 365 Copilot will allow users to search for and insert SharePoint Lists into chat prompts via Context IQ, enhancing response accuracy. This f...
Plan for Windows Server 2016 and Windows 10 2016 LTSB end of support
ID: MC1235720 | Service: Windows | Tags: Admin impact
Microsoft Teams: Upcoming changes to Microsoft Places licensing and feature access
ID: MC1235124 | Service: Microsoft Teams, Microsoft 365 for the web | Tags: Feature update, User impact, Admin impact
Starting April 1, 2026, Microsoft Places licensing will shift from user-based to space-based, making core features widely available without Teams Prem...
OneNote for iOS: Introducing automatic local backups
ID: MC1235123 | Service: Microsoft 365 apps | Tags: New feature, User impact, Admin impact
OneNote for iOS will automatically create local backups of notebooks stored in the iOS Files app, enabling self-service recovery via PC or Mac. This f...
(Updated) Microsoft Teams: Reduced automatic updates in Meet Now channel meeting threads
ID: MC1235118 | Service: Microsoft Teams | Tags: Updated message, Feature update, User impact
Microsoft Teams will reduce automatic updates in Meet Now channel meeting conversations, showing only a single “Meeting started” message in the channe...
Microsoft Security News and Events:
Defender for AI https://techcommunity.microsoft.com/blog/microsoftdefendercloudblog/defender-for-ai-services-threat-protection-and-ai-red-team-workshop/4464771
https://aka.ms/AgentID/ITPro - Entra Agent ID for IT Pros
https://aka.ms/AgentID/ITPro/CreationChannels - Creation Channels for Entra Agent IDs
https://aka.ms/AgentID/Developers - Entra Agent ID Platform for Developers
https://aka.ms/AgentID/Developers/Concepts - Key Concepts for Entra Agent ID Developers
https://aka.ms/AgentID/GraphAPI - Microsoft Graph API for Entra Agent ID, including the new permissions for Entra Agent ID
https://aka.ms/AgentID/Foundry - Agent ID Integration with Foundry
https://aka.ms/AgentID/CopilotStudio - Agent ID Integration with Copilot Studio
https://aka.ms/AgentID/CAAgent - Agent ID Integration of Conditional Access Optimization Agent
https://aka.ms/AgentID/ARAgent - Agent ID Integration with Access Review Agent
https://aka.ms/AgentID/MCSAgents - Copilot Studio Agents (old Agent IDs – SPs)
https://aka.ms/AgentID/D365Agents - Dynamics 365 Agents overview – the main source of Agent IDs in our customers’ tenant
https://aka.ms/AgentID/BRK243 - Ignite on-demand BRK243 (Microsoft Entra: What’s New in Secure Access on the AI Frontier)
https://aka.ms/AgentID/BRK265- Ignite on-demand BRK265 (Secure access for AI agents with Microsoft Entra)
Enjoyed this recent blog post from Microsoft Threat Intel team detailing a threat actors TTPs to compromise cloud-based data storage. What I found interesting is their on-prems to cloud lateral movements. Across multiple domains and across multiple Entra ID tenants within a single customer. A lot of you deal with this due to your business conducting multiple M&As over many years. Just goes to show the basics matter, hygiene matters, full visibility which mean full coverage matters. (off soap box)
Also, had a fun time watching a YouTube video of AzureHound being used to help easily identify relationships and permissions in an Azure environment. For example, to locate a user who had elevated privileges on a non-human identity (Service Principle) which had assigned global admin 🙄😐😑. This was one of the tools the threat actors used for recon.
Hope everyone has a great weekend and enjoys the read! Click Here for Blog
