In this episode we have the good folks from the security company - LockBase Cyber. Leonard Volling and Charlie Smith will come on and talk about their new Microsoft Sentinel pricing tool.

Also Ed talks about how this work travel kept him from doing his homework and messed up the last show, Frank is still trying to decide if he would rather teach security or AI and Rod has finished his No Pop-Tarts January. Oh, we also talked about AI security, Sentinel data lake, AI chips from Google and how we will pivot the show in 2026 to have a deep focus on all things that help secure AI, blah, blah, blah.

Words of Wisdom:

The biggest lie we tell ourselves is, “I don’t need to write this down because I will remember it”.

Cool Tools and Links:

* https://cmd.ms/ - the Microsoft Cloud command line!

TOP AI and Security Links to take a look-see:

* Link to New Microsoft Security and AI Architect Certification - Survey | Qualtrics Survey Software

* LockBase Cyber: - Sentinel Log Planner by LockBase - Plan Your Microsoft Sentinel Data Strategy

* Open AI ready made prompts: https://academy.openai.com/public/tags/prompt-packs-6849a0f98c613939acef841c

* All the admin portal and API endpoints: 🖥 Home | [cmd.ms]

* Sentinel and XDR portal: UPDATE: New timeline for transitioning Sentinel experience to Defender portal | Microsoft Community Hub

* Microsoft Community Hub - Monthly news - February 2026 | Microsoft Community Hub

Weekly Microsoft 365 Announced Changes:

* (Updated) Upcoming Conditional Access change: Improved enforcement for policies with resource exclusionsID: MC1223829 | Service: Microsoft Entra | Tags: Updated message, Feature update, User impact, Admin impactStarting March 27, 2026, Conditional Access policies targeting All resources will be enforced even if they have resource exclusions, affecting sign-in...

* Microsoft 365 Copilot: User-day export for Copilot dashboard metrics in public previewID: MC1222978 | Service: Microsoft Copilot (Microsoft 365) | Tags: Feature update, User impact, Admin impactMicrosoft 365 Copilot dashboard adds a public preview of a new user-day export option, allowing company-level users to download de-identified daily us...

* Microsoft Defender for Android: End of support for Android 10 devicesID: MC1222977 | Service: Microsoft Defender XDR | Tags: User impact, Admin impact, RetirementMicrosoft Defender for Android will end support for Android 10 devices on March 31, 2026. After this date, these devices will no longer receive update...

Microsoft General:

* Latest progress update on Microsoft’s Secure Future Initiative | Microsoft Security Blog

* ​​Whisper Leak: A novel side-channel attack on remote language models | Microsoft Security Blog

* New IDC research highlights a major cloud security shift | Microsoft Security Blog

AI Security:

* Public Preview: Entra ID support for RDP connections in portal

* DNS flow trace logs in Azure Firewall are now generally available

* General Availability of JavaScript Challenge in Azure Front Door WAF

* Using Packet Capture for troubleshooting Azure Firewall flows

* Public Preview: Custom WAF Block Status & Body for Azure Application Gateway

Azure Security & Defender for Cloud News:

* Microsoft Defender for Cloud Innovations at Ignite 2025

* Announcing Microsoft cloud security benchmark v2 (public preview)

* Fast-Start Checklist for Microsoft Defender CSPM: From Enablement to Best Practices

* Unlocking Business Value: Microsoft’s Dual Approach to AI for Security and Security for AI

* Check This Out! (CTO!) Guide (October 2025)

* Update Coverage Workbook in Microsoft Defender for Cloud to Include Defender for AI Plan status

Purview - Compliance & Governance:

* Consolidate & Conquer: Driving Business Transformation with Integrated Security (Part 1 of 2) | Microsoft Community Hub

Microsoft Entra:

* Microsoft named a Leader in the Gartner® Magic Quadrant™ for Access Management for the ninth consecutive year | Microsoft Security Blog

ICYMI: Watch replays of Microsoft Entra sessions at Microsoft Ignite 2025 | Microsoft Community Hub

Copilot for Security:

* Agents built into your workflow: Get Security Copilot with Microsoft 365 E5 | Microsoft Security Blog

Sentinel:

* The Microsoft Copilot Data Connector for Microsoft Sentinel is Now in Public Preview | Microsoft Community Hub

* Turn Complexity into Clarity: Introducing the New UEBA Behaviors Layer in Microsoft Sentinel | Microsoft Community Hub

* Strategies for Threat Awareness and Response - Not product focused. Threat Actor focused and actional-able guidance.

* Sentinel & Defender XDR Ninja Training - Product focused. What’s new, deep dives, best practices ...etc.

Defender XDR:

* Monthly news - November 2025

* Strengthening calendar security through enhanced remediation

* Microsoft Ignite 2025: Transforming Phishing Response with Agentic Innovation

* Microsoft Defender for Office 365: Fine-Tuning

* You may be right after all! Disputing Submission Responses in Microsoft Defender for Office 365

* Ensure your ICES solution works seamlessly alongside Microsoft Defender

* Using the Microsoft Defender for Endpoint Files API to Validate Malware Hashes | Microsoft Community Hub

* MDE for Non‑Persistent VDI — Implementation Guide & Best Practices.

Watch the live replay

In this episode, Ed talks about this travel adventures, Frank confesses that he is addicted to life on a cruise ship and Rod was out because of Pop Tart overdose. Oh, we also talked about AI security, Sentinel datalake, AI chips from Google and how we will pivot the show in 2026 to have a deep focus on all things that help secure AI, blah, blah, blah.

Words of Wisdom:

The best way to get a correct answer on the internet is to post an obviously wrong answer and wait for someone to correct you.

Show Links:

Learning:

Secure your data for AI with Microsoft Purview

Tuesday, January 27, 2026, 1:00 – 2:00 PM ET (GMT-05:00)

Register now

Strengthen Your Security Posture with Advanced Identity Solutions

Wednesday, January 28, 2026, 2:00 – 3:00 PM ET (GMT-05:00)

Register now

Dive into a simulation of Microsoft 365 Defender and Microsoft Sentinel

Wednesday, February 04, 2026, 11:00 AM – 6:00 PM (GMT-05:00)

Register now

General:

* Microsoft Ignite: ​​Ambient and autonomous security for the agentic era​​ | Microsoft Security Blog

* SesameOp: Novel backdoor uses OpenAI Assistants API for command and control | Microsoft Security Blog

* How to build forward-thinking cybersecurity teams for tomorrow | Microsoft Security Blog

AI Security:

* ​​Learn what generative AI can do for your security operations center | Microsoft Security Blog

* Microsoft Entra: What’s New in Secure Access on the AI Frontier

* Riding the AI Wave: How Microsoft Entra is Evolving for the Agentic Era

* Defender for AI services: Threat Protection and AI red team workshop

Azure Security & Defender for Cloud News:

* Microsoft Defender for Cloud Innovations at Ignite 2025

* Announcing Microsoft cloud security benchmark v2 (public preview)

* Fast-Start Checklist for Microsoft Defender CSPM: From Enablement to Best Practices

* Unlocking Business Value: Microsoft’s Dual Approach to AI for Security and Security for AI

* Unlocking Business Value: Microsoft’s Dual Approach to AI for Security and Security for AI

Fast-Start Checklist for Microsoft Defender CSPM: From Enablement to Best Practices

Announcing Microsoft cloud security benchmark v2 (public preview)

Microsoft Defender for Cloud Innovations at Ignite 2025

Defender for AI services: Threat protection and AI red team workshop

Purview - Compliance & Governance:

* Consolidate & Conquer: Driving Business Transformation with Integrated Security (Part 1 of 2) | Microsoft Community Hub

Device Management & Protection (Intune):

* What’s new in Microsoft Intune at Ignite

Microsoft Entra:

* Enhance protection of Microsoft Entra ID authentication by blocking external script injection

* Building defense in depth: Simplifying identity security with new partner integrations

* Driving cloud-first identity: User SOA is now Public Preview and Group SOA is Generally Available

* Platform SSO for macOS

Threat Intelligence:

* What’s New at Ignite: Powerful Enhancements in Unified Threat Intelligence

Copilot for Security:

* Agents built into your workflow: Get Security Copilot with Microsoft 365 E5 | Microsoft Security Blog

Defender XDR & Sentinel:

* Ignite 2025: What’s new in Microsoft Defender?

* New Compliance Solutions in Microsoft Sentinel: HIPAA & GDPR Reports | Microsoft Community Hub

* Ignite 2025: New Microsoft Sentinel Connectors Announcement

* Detect more, spend less: the future of threat intelligence correlation

* Operationalizing the Sentinel data lake: A Practitioner’s Guide

* Automating IOC hunts in Microsoft Sentinel data lake

* What’s New in Microsoft Sentinel: November 2025

* Security Copilot for SOC: bringing agentic AI to every defender

* Enhancing visibility into your identity fabric with Microsoft Defender

* Detect more, spend less: the future of threat intelligence correlation

Watch the live replay

Join our hosts December 18th, 2025, as they dive into the electrifying world of Microsoft Security’s latest breakthroughs. This episode unpacks real-world triumphs in thwarting sophisticated AI-driven phishing swarms, and debates the hottest zero-day exploits shaking the headlines. Packed with insider tips this is your must-listen guide to staying light-years ahead in the cyber arms race.

This episode, we welcome back Alistair Pugin to talk Agent security.

Show Notes/Links

* Alistair Pugin on LinkedIn: https://www.linkedin.com/in/alistairpugin/

* Learn about Data Security Posture Management for AI: https://learn.microsoft.com/en-us/purview/dspm-for-aiList of AI sites supported by

* Microsoft Purview Data Security Posture Management (DSPM) and DSPM for AI: https://learn.microsoft.com/en-us/purview/ai-microsoft-purview-supported-sites

* Permissions for Data Security Posture Management for AI: https://learn.microsoft.com/en-us/purview/ai-microsoft-purview-permissions

* MITRE ATLAS: https://atlas.mitre.org/

After a pre-Ignite cliffhanger, we welcome back the illustrious James Key. This episode, James is back to fill us in on the Ignite announcements around Security Copilot that he couldn’t talk about last time.

Show Notes/Links

* Learn about Security Copilot inclusion in Microsoft 365 E5 subscription https://learn.microsoft.com/en-us/copilot/security/security-copilot-inclusion

* Microsoft 365 adds advanced Microsoft Intune solutions at scale https://techcommunity.microsoft.com/blog/microsoftintuneblog/microsoft-365-adds-advanced-microsoft-intune-solutions-at-scale/4474272

* What is Microsoft Entra Agent ID? https://learn.microsoft.com/en-us/entra/agent-id/identity-professional/microsoft-entra-agent-identities-for-ai-agents

* The Microsoft Security Store: https://SecurityStore.Microsoft.com

As the Thanksgiving turkey roasts and the family gathers, cybercriminals are lurking in the digital shadows, ready to crash your holiday feast. In Episode 280 of THE Security Insights Show, hosts serve up a timely platter of cybersecurity wisdom to keep your “gravy secrets”—those juicy credentials, financial data, and personal info—safe from opportunistic hackers.Dive into the rising tide of “Turkey-Day Trojans”: sneaky malware disguised as festive deals, phishing emails from “Aunt Edna” demanding urgent wire transfers, and smart home devices turned into spy cams by unsecured Wi-Fi. We’ll unpack real-world holiday hacks, from ransomware gobbling up your shopping carts to social engineering tricks exploiting family chit-chat. Plus, get actionable Microsoft Security tips—like leveraging Defender for endpoint protection, Entra ID for secure guest access during virtual toasts, and Copilot-powered threat hunting to spot the bad stuffing before it sours the meal.Whether you’re a CISO stress-testing your perimeter or just a home user dodging Black Friday bait, this episode arms you with the tools to feast worry-free. Tune in now on YouTube, Apple Podcasts, Spotify, or your favorite platform—because nothing ruins a holiday like a data breach on dessert. Don’t forget to subscribe for more bites of security insight!

This episode of “THE Security Insights Show” covers a range of topics, starting with personal updates and discussions about cybersecurity certifications. The hosts delve into the role of Artificial Intelligence (AI) in cybersecurity, specifically debating the necessity of learning KQL (Kusto Query Language) from scratch given the advent of natural language to KQL models (16:01). They discuss the importance of understanding underlying data and language nuances even with AI assistance (18:56).

The conversation then pivots to key announcements from Microsoft Ignite, including:

* Work IQ: An intelligent layer that enhances productivity by connecting organizational and personal data, enabling AI-driven insights and recommendations within Microsoft 365 applications (31:31).

* Proactive Attack Disruption and Predictive Shielding: Microsoft’s new capabilities to anticipate attacker moves during ongoing attacks, dynamically hardening targets in real-time (35:59).

* Expanded Automatic Attack Disruption: This feature extends to work across third-party services like AWS, Okta, and Proofpoint, allowing Microsoft Defender to take decisive actions on external systems even if the threat originates from a non-Microsoft system (39:06).

* Rebranding of Defender XDR to Borg XDR: Indicating a consolidation of more Defender for Cloud functionality and assimilation of Sentinel into the unified Defender portal (42:00).

* Native Sysmon in Windows 11: A significant announcement for security professionals (42:35).

In this electrifying episode, we sit down with James Key, Principal Product Manager for Microsoft Security Copilot, to unpack the groundbreaking advancements shaping the future of AI-driven security. With over nine years of expertise in cloud architecture, technical training, and product innovation, James is at the forefront of empowering security teams worldwide through intelligent, partner-led solutions.As cyber threats evolve at breakneck speed, Microsoft Security Copilot is supercharging defenses with its latest fall updates. James breaks down the integration with the new Sentinel data lake and graph, enabling seamless data querying and real-time threat hunting like never before. We’ll explore the debut of ready-made and custom agents that automate complex workflows, from incident response to vulnerability management, freeing up pros to focus on strategy.But it’s not just tech—James shares how the newly launched Microsoft Security Store is uniting partners in a bold ecosystem for innovation, fostering collaborative AI tools tailored to enterprise needs.

Links/Notes

* Microsoft Security Store: https://securitystore.microsoft.com/agents

* Agent YAML Builder: https://github.com/rod-trent/JunkDrawer/tree/main/AgentBuilder

* Microsoft Ignite Security Copilot sessions: https://ignite.microsoft.com/en-US/sessions?filter=&search=Security+Copilot&sortBy=relevance

* glueckkanja AG: https://www.linkedin.com/company/glueckkanja/

* adaQuest: https://www.linkedin.com/company/adaquest-inc/

Picture this: It’s the witching hour of cybersecurity, where jack-o’-lanterns glow with malevolent code and candy corn conceals keyloggers. In this spine-tingling episode of The Security Insights Show, we dive headfirst into the ghoulish guts of seasonal phishing scams – those crafty creeps who lure you in with “Free Zombie Apocalypse Prep Kits” emails, only to carve up your credentials like a deranged pie maker at a harvest festival.

Join our hosts as they unmask the tricks-or-treats of spear-phishing spooks, ransomware pumpkins that explode in your inbox, and why your two-factor auth is the garlic necklace against digital Dracula. We’ll roast real-world horror stories – like the exec who traded his soul (and SSO login) for a “haunted house discount” – and arm you with tricks to keep your data from doing the monster mash.

This episode of “THE Security Insights Show” discusses the risks and security challenges associated with artificial intelligence (AI), particularly concerning phishing scams during the Halloween season (0:21). The hosts, Rodney and Franklin, touch on various aspects of AI, its adoption, and the evolving landscape of cybersecurity.

Key discussion points include:

* The hosts’ return and show changes: Rodney and Franklin discuss their return to the show after a summer break, moving to a bi-weekly Thursday schedule to allow more time for content creation and guest planning (1:02-6:54).

* October as Cybersecurity Awareness Month: They emphasize the importance of cybersecurity awareness, noting a lack of guest speakers this year compared to previous years (4:17-4:33).

* Artificial Intelligence (AI) and its security implications: A significant portion of the discussion revolves around AI, specifically the challenges of securing and governing it (7:47). They highlight the increasing use of AI in creating sophisticated phishing campaigns and the alarming potential for “non-human entities” or “agentic offerings” to be compromised or act as “double agents” in an environment (10:10-10:57).

* Understanding AI architecture and threats: Franklin argues that securing AI is fundamentally about securing compute, identity, data, and networks, with the Large Language Model (LLM) being a new threat (11:31-12:29). They discuss the role of the MCP (Microsoft Collaboration Protocol) server in providing context between chatbots and data sources, acknowledging that generative AI can sometimes provide inaccurate responses (13:03-15:41).

* Challenges in AI security and training: The hosts express concern about the lack of fundamental understanding of AI among security professionals and the trend of training courses merely adding “with AI” to existing content without real value (28:41-31:21). They also discuss the emergence of highly specialized roles in AI security, like the “Chief Artificial Intelligence Risk Officer (CAIRO),” and the potential for a “corporate fear of missing out” driving quick, potentially insecure, AI adoption (36:06-38:29).

* The CISO’s role and application expectations: Franklin suggests that CISOs have the necessary tools for AI security, viewing it as another application to secure, while Rodney believes many are unprepared due to rapid adoption and an “outnumbered” feeling in defense (37:42-43:52).

After the first-ever summer break, the crew is back! New crew. New format. Listen or watch to hear about what’s coming.

We also welcome Alistair Pugin. Microsoft MVP for M365 + Security, Blogger, Podcaster and Speaker.

Key Highlights

* Return of the Show (1:38): The hosts are back after a three-month summer break, during which they experienced new jobs, roles, and duties. They thank their listeners and confirm the original cast of Edward Walton, Rod Trent, and Franklin Grimberg are back, though Brody is still on hiatus.

* Focus on AI and Security (0:52, 1:02): Frank highlights the current “crazy” world of AI, particularly Microsoft’s efforts to secure and manage it. He expresses concern that many people are unaware of the tools available to them.

* Guest Introduction - Alistair Pugan (5:57): Alistair Pugan, from Cape Town, South Africa, is introduced as an expert in compliance and information protection, having worked with Microsoft on shaping exams like SC400 and even co-designing a board game about deception.

* Challenges with AI Adoption (7:58): Alistair discusses the “wild wild west” of AI adoption, where organizations are indiscriminately handing out AI, and users are not following guidelines. He notes the parallel to the Google search appliance debacle of 2008, where people are finding content they shouldn’t.

* Microsoft’s AI Strategy and Data Training (20:08): The discussion touches on Microsoft’s stance that they do not train their AI models on customer data, emphasizing the importance of data classification for protection.

* Copilot as Superized Search (24:15): Alistair explains that Copilot functions as a “superized search” within the Microsoft 365 tenant, using semantic indexing and security trimming to ensure users only access data they have permissions for.

* Data Security Posture Management (DSPM) for AI (28:45): The hosts delve into DSPM for AI, a tool within Microsoft Purview (E3 or E5 licenses) that helps organizations monitor their AI usage. Key aspects include:

* Components of Data Security (29:51): Frank and Alistair discuss how Microsoft defines data security, including information protection (sensitivity labels), data loss prevention (DLP), and insider risk management.

* Monitoring AI Usage (31:25): DSPM allows organizations to monitor what users are doing with AI, including AI usage reports and integration with Defender for Cloud Apps.

* Prompt Monitoring (32:28): It can monitor user prompts, especially for sensitive information requests (e.g., “give me the payroll for everyone”), using sensitive information types or trainable classifiers.

* Shadow AI Detection (33:21): DSPM helps detect “shadow AI” by monitoring when users visit or upload sensitive information to third-party AI sites like Chat GPT, Gemini, or Perplexity.

* Policy Automation (34:31): The tool can automatically spin up policies to detect sensitive information in AI prompts, visits to AI sites, and sensitive data uploads to AI sites.

* Agent Sprawl and Non-Human Identities (15:50, 17:10): A significant concern raised is that anyone with a Microsoft 365 Copilot license can build an agent in Copilot Studio, which registers an application in Entra (Azure Active Directory) and creates “non-human identities.” This can lead to “agent sprawl” and uncontrolled API permissions if not properly managed by identity admins.

* Mitigating Agent Sprawl (40:03): The solution involves having an application security posture management strategy and robust application onboarding and offboarding policies, as agents are essentially applications that require permissions to interact with data.

* Copilot Studio Licensing (39:02): There are different licensing models for Copilot Studio: a free tenant license for building agents (for users without an M365 Copilot license) and a premium capacity license for deploying agents to users without a Copilot license.

Hello podcast listeners and supporters. Today we announced that we will start our late summer | early fall show slow down. After five years of producing the show, we are taking the months of August and September off to recharge, do some back-office updates and re-invent.

We look forward to having fresh energy and lots of dad jokes upon our return. Keep an eye on the discord channel and website for tips and tidbits until we return.

thanks

Brodie, Edward, Frank, Rod

Watch the live replay

In this episode we talk to Ali about the opportunity for customers to solve big problems and challenges using Purview. We also delve into what it means to have ownership of the scope of a Purview deployment.

Show notes:

Teams Channels

Public Webinars & Training

Welcome Guide

Digital Badge Program

Join the Community

Feedback Opportunities

Community Calls

Recognition & Badges

Discussion Groups

Upcoming Public Webinars

Security YouTube Channel

Public Forums

Ninja Training & Certification

Ninja Show

Watch the live replay