What does “secure by design” actually look like in a modern Microsoft environment? In this episode of Microsoft Mentors, Oli sits down with Charlie Gough, Microsoft Security MVP and Security Architect at Brightsolid, to explore why identity, not infrastructure, has become the true security perimeter. Drawing on over 20 years in IT, from early database and infrastructure roles through consultancy and into Microsoft security architecture, Charlie shares how the industry has shifted from traditional perimeter-based defence to identity-first, Zero Trust models built on Microsoft Entra. This conversation dives into the real-world challenges organisations still face: low MFA adoption, password-based authentication lingering in critical systems, resistance to change from business stakeholders, and the misconception that security is still “an IT problem.” We also explore AI governance, Copilot risk, shadow AI usage, Entra Verified ID, and how Charlie is helping evolve Brightsolid into a Microsoft-aligned, security-first hybrid cloud provider. Secure by design isn’t about buying more tools. It’s about designing identity, access, and governance correctly from day one. 👉 If you enjoy this episode, don’t forget to like, follow, and subscribe on Spotify, Apple Podcasts, or YouTube. 💡 What You’ll Learn in This Episode Why identity is now the biggest attack vector in cybersecurity The evolution from Active Directory to Microsoft Entra Why MFA adoption is still lower than most people assume How conditional access and phishing-resistant authentication reduce real-world risk Why security is no longer an IT problem — it’s a business responsibility The practical application of Zero Trust principles How AI and Copilot introduce new governance challenges The risks of blocking AI tools and creating shadow usage The role of Entra Verified ID in the future of digital identity How to build a scalable Microsoft security capability inside a hybrid cloud provider 💬 Memorable Quotes “If anything’s going to get breached, it’s not going to be a device. It’s always going to come down to the identity.” “That password based authentication is so easy now to get past and just having that second factor can make a huge, huge difference.” “It’s not anymore. It’s a business problem.” “If you block Copilot or Copilot for 365, users are going to use their phone. They’re going to find a way of doing it.” “I think we’ll see more movement in the next 12 months, 18 months, as AI becomes more and more mainstream.” 📬 Enjoyed the Episode? Subscribe to the Microsoft Mentors Newsletter for insight-led conversations on cyber security, AI, leadership, and scale inside the Microsoft Partner ecosystem: 👉 https://www.linkedin.com/build-relation/newsletter-follow?entityUrn=7175453155780915200 🔗 Links & Resources Connect with Charlie Gough on LinkedIn 👉 https://www.linkedin.com/in/charliegough/Connect with Oli Ridley on LinkedIn 👉 https://www.linkedin.com/in/oliridley/ Follow Cloud Decisions on LinkedIn 👉 https://www.linkedin.com/company/clouddecisions Explore Brightsolid 👉 http://www.brightsolid.com/🏢 About Cloud Decisions Cloud Decisions helps Microsoft Partners and Microsoft-aligned businesses build high-performing teams across Cloud, Data, Security, and AI. As a trusted Microsoft Talent Partner, we combine deep ecosystem knowledge with data-led hiring strategies to help organisations scale securely and sustainably in a rapidly evolving threat landscape.