Turn your real-world experience into part of the show.

Microsoft Security Podcast – Identity, Cloud & Enterprise Protection Episodes

Security within the Microsoft ecosystem is deeply integrated across identity, endpoints, cloud services, and data platforms. Security Talk focuses on understanding Microsoft security architecture as an interconnected system rather than isolated tools and dashboards.

In this category, we examine identity security using Entra ID, Conditional Access, and privileged access models, alongside Microsoft Defender, Purview, and security controls across Microsoft 365 and Azure. Episodes explore how attackers exploit misconfigurations, how security signals propagate across services, and why many security incidents stem from architectural assumptions rather than missing features.

Security Talk emphasizes why breaches happen, not just how to configure protection. We discuss threat models, attack paths, lateral movement, and the operational trade-offs between security, usability, and automation. Particular focus is given to identity-centric security, which has become the primary control plane for modern Microsoft environments.

This category is intended for security professionals, architects, and IT decision-makers who need to understand Microsoft security beyond checklists and best-practice documents. If you are responsible for protecting identities, data, and cloud workloads within Microsoft platforms, Security Talk provides clear, experience-based insight into building and maintaining resilient security architectures.
April 12, 2026

Why Your Governance Is Failing (Policies Are Not Code in Microsoft 365)

In this episode, we challenge a common misconception in Microsoft 365 governance: having policies in place does not mean your environment is truly governed. Many organizations rely on documented rules, guidelines, and compliance frameworks, assuming they will control user behavior and protect data. In reality, these policies often exist only on paper and fail to enforce consistent actions across dynamic, fast-changing environments.We explore the gap between intention and enforcement, highlighting why governance becomes fragile when it depends on manual processes, user compliance, or periodic reviews. As organizations scale, this approach leads to policy drift, inconsistent configurations, and increased risk exposure—especially in areas like data protection, identity management, and collaboration tools.The episode introduces a more resilient approach: treating governance as a system, not a document. By combining automated enforcement, identity-driven access controls, monitoring…
Guest: Mirko Peters
April 10, 2026

Microsoft 365 Audit Readiness: Why Governance Debt Leads to Audit Panic

Most Microsoft 365 environments don’t fail audits because of missing controls—they fail because of governance debt. Over time, quick fixes, unclear ownership, and poorly aligned operating models create hidden structural issues. These problems stay invisible until an audit exposes them, triggering last-minute panic.This episode explains why governance is not the same as configuration, how compliance gaps emerge despite having policies in place, and why many organizations rely on a false sense of control. It highlights the difference between being technically configured and truly audit-ready, and shows how governance debt builds up silently.The key takeaway: audit readiness isn’t achieved through more tools or controls, but through a clear governance model, defined accountability, and sustainable operational practices.
Guest: Mirko Peters
April 4, 2026

Your Microsoft 365 Isn’t Secure: The Hidden Risks You’re Missing

In this episode, we explore why Microsoft 365 environments are often less secure than they appear. While most organizations focus on security tools and settings, the real risk lies in what we call the “invisible tenant” — a hidden layer of misconfigurations, excessive permissions, and missing governance.We break down how collaboration tools like Teams and SharePoint create uncontrolled sprawl, why ownership is often unclear, and how external sharing and access accumulate unnoticed over time. The result is a structure that looks secure on the surface but contains significant hidden risks.The key takeaway: most Microsoft 365 security issues are not caused by attackers or platform weaknesses, but by a lack of visibility, governance, and control within the tenant itself.
Guest: Mirko Peters
March 24, 2026

The Infrastructure Illusion: How to Map What Your People Actually Do in Microsoft 365

Most organizations think they understand their infrastructure. They see tools, licenses, configurations… dashboards that suggest control. But none of that tells you what’s actually happening. In reality, your Microsoft 365 environment isn’t just infrastructure—it’s a living system of decisions, behaviors, and actions happening every second across your organization.In this episode, we break down the infrastructure illusion—the gap between what you think your systems are doing and what your people are actually doing inside them. Because turning on controls doesn’t mean those controls are shaping behavior. And if you’re not mapping real activity, you’re not governing anything—you’re just assuming you are.This is about shifting from static infrastructure thinking to understanding your environment as a dynamic decision engine—and why visibility into real human and system behavior is the only thing that actually matters.
Guest: Mirko Peters
March 22, 2026

Microsoft 365 Governance: The #1 Mistake 73% of Deployments Make (And How to Fix It)

This episode argues that the biggest governance mistake in Microsoft 365 isn’t misconfiguration—it’s timing. Most organizations treat governance as something to “add later,” but by doing that, they unintentionally design failure into the system from day one.The core idea is that governance isn’t a layer you apply after deployment. It’s the underlying decision system that determines how identities, permissions, and data behave. When it’s missing at the start, the environment defaults to maximum permissiveness, and that becomes very hard to reverse later.The episode explains that many organizations optimize for fast adoption—rolling out Teams, SharePoint, and Copilot quickly—while postponing structure. The result is predictable: after months, tenants are full of orphaned teams, unclear ownership, overshared files, and uncontrolled external access. This isn’t seen as a failure, but as the natural outcome of the initial design choices.A key point is that tools like Copilot don…
Guest: Mirko Peters
March 13, 2026

Microsoft 365 Security: Why Accountability Is the Only Real Security Patch

This episode breaks down why Microsoft 365 governance and security are not just technical concerns but organizational responsibilities. It explains how a structured governance framework—built on security, compliance, data protection, and clear ownership—prevents chaos like permission sprawl, data leaks, and shadow IT. The key message: Microsoft 365 doesn’t fail because of missing features, but because of missing accountability. By combining policies, roles, automation, and continuous monitoring, organizations can create a secure, scalable, and adaptable environment that supports both productivity and compliance.
Guest: Mirko Peters
Jan. 23, 2026

Microsoft Teams Admin Center Is Not the Control Plane: How Entra ID Really Governs Access

In this episode, we dismantle a common Microsoft Teams governance myth: that the Teams Admin Center is the central command for controlling Teams behavior and enforcing governance.Most organizations treat the Admin Center like a control tower — but it’s actually a downstream service console, not the authority that decides who gets in, what gets blocked, or what policy is enforced. The real decisions come from upstream services such as identity and compliance tools.
Guest: Mirko Peters
Dec. 29, 2025

Power Platform Governance: Why Your Tenant Is the Real Ris

Is Power Platform actually dangerous for the enterprise—or is that fear hiding a more uncomfortable truth?In this episode, we dismantle the question executives keep asking: “Is Power Platform secure enough?” The answer is sharper than most teams expect. Yes—Microsoft’s Power Platform security is enterprise-grade. The real risk isn’t the platform. It’s what happens when governance quietly disappears inside your tenant.We explore why low-code suddenly feels out of control: explosive speed, invisible change, and citizen development without an operating model. Power Apps, Power Automate, Power BI, and Copilot didn’t create risk—they exposed it. When low-code plugs directly into your core identity, data, and collaboration stack, every missing decision in your control plane turns into architectural erosion.Through real-world audit and compliance scenarios, you’ll see how secure platforms still fail—via open default environments, unmanaged environments, weak DLP strategies, and m…
Guest: Mirko Peters
Dec. 28, 2025

How to Stop Shadow IT in Microsoft Foundry Before It Starts

This episode opens with a blunt warning: Microsoft Foundry isn’t just another AI feature you can casually approve and forget. It’s an agent factory, and if execution comes before governance, you are almost guaranteed to create the next generation of shadow IT. Most future AI incidents won’t come from models hallucinating answers. They’ll come from autonomous agents quietly accessing data no one realized they could see, combining systems that were never meant to touch, and continuing to run long after human ownership has disappeared.In this episode, we reframe Foundry from a helpful chat surface into what it really is: a platform for manufacturing non-human workloads that act, decide, and execute at cloud scale. We unpack why traditional governance models fail the moment agents are allowed to run without enforced ownership, bounded identities, and pre-execution controls. Drawing on hard lessons from SharePoint, Power Apps, and Teams, the episode shows how familiar patterns of “inno…
Guest: Mirko Peters
Dec. 19, 2025

How to Detect Impossible Travel and Token Replay in Entra ID

This episode plays out like a cybercrime thriller, exposing how today’s most dangerous breaches don’t smash doors—they’re invited inside. The investigation opens with a single click on January 12th. A polished phishing email doesn’t steal a password; it steals a session token. Within minutes, that identity reappears from impossible locations, inbox rules quietly erase executive emails, and an attacker reads everything without ever being noticed. The breach is clean, fast, and devastating—until Zero Trust guardrails snap shut mid-stride.But just when the case feels solved, the real twist lands. No phishing. No forced login. Instead, a forged badge. An OAuth consent screen convinces a user to grant access to a malicious app. The permissions are real. The trust is real. The damage is real. With legitimate keys in the wrong hands, data is sampled, skimmed, and harvested quietly enough to avoid alert thresholds. The logs don’t shout—they whisper.Across both cases, the message is bl…
Guest: Mirko Peters
Dec. 18, 2025

How to Stop AI Agents from Breaking Your M365 Environment

What if your AI systems aren’t rebelling — they’re simply executing the chaos you built?In this episode, we break down a hard truth about AI agents, Microsoft Copilot, Power Automate, and enterprise automation: failures don’t come from intelligence gone rogue, they come from human inconsistency scaled at machine speed. Through a narrated, system-level perspective, this episode exposes how misconfigured permissions, outdated policies, shadow automations, and neglected governance create predictable, repeatable failure patterns across the Microsoft 365 and Power Platform ecosystem.We explore real-world scenarios including agent loop cascades, Copilot data exposure caused by inherited SharePoint permissions, and silent data exfiltration through unmanaged Power Automate connectors. Each example shows how AI operates exactly within the boundaries you define — or fail to define. This is not a story about AI hallucinations or malicious intent, but about entropy introduced through poor…
Guest: Mirko Peters
Dec. 15, 2025

How AI Agents Are Creating Shadow IT in Microsoft 365

Shadow IT didn’t disappear, it evolved into AI agents quietly moving your data faster than your controls can see.In this episode, we break down how AI agents, Copilot Studio bots, and Power Automate flows are becoming the new Shadow IT inside Microsoft 365. What starts as productivity quickly turns into a governance and security nightmare when agents run with human identities, oversized Graph permissions, and no lifecycle controls. We explore how overshared SharePoint data, unmanaged browser-based AI tools, and third-party connectors expand your attack surface without triggering traditional security alarms. You’ll learn why Entra Conditional Access alone doesn’t protect agents, how delegated permissions quietly create ghost service accounts, and where Purview DLP often fails in real-world AI usage. The episode balances the real productivity wins agents can deliver with the hidden risks most organizations overlook. It closes with a practical reference architecture, a clear risk sco…
Guest: Mirko Peters
Dec. 11, 2025

How to Fix Document Chaos in Microsoft 365 With Purview

In a recent podcast, Mirko Peters discussed the critical importance of effective document management and compliance in organizations, emphasizing that lost documents can lead to organizational failure. He presented strategies for building an audit-ready Enterprise Content Management (ECM) system in the cloud, using tools like SharePoint and Purview to create a robust defense against regulatory scrutiny. The conversation highlighted the alignment with standards such as ISO 27001, GDPR, and SOC 2, which are essential for surviving inspections.Peters outlined a structured approach to document management, including defining ownership, lifecycle management, and implementing data loss prevention (DLP) measures. He stressed the need for clear policies, sensitivity labels, and regular audits to ensure compliance and mitigate insider risks. The discussion also covered the importance of collaboration between HR, legal, and security teams to maintain a culture of compliance.This podcast …
Guest: Mirko Peters
Dec. 7, 2025

How to Use Azure Automation to Clean Up Your Intune Estate

Stop patching ghosts and start running a self-healing workplace. This Podcast reveals why Microsoft Intune alone can’t scale your endpoint management – and how pairing Intune with Azure, Automation, Functions, Microsoft Graph, managed identities and Log Analytics turns chaos into a quiet, secure estate. You’ll see how configuration drift, stale devices, manual reports and “global admin for everything” culture silently open the door to attackers, then watch how event-driven automation cleans the graveyard, enforces zero trust, and fixes non-compliant devices before users even notice. Real enterprise scenarios show 40%+ fewer ghost devices, onboarding times dropping from days to minutes, and mean time to remediate falling from days to under an hour. If you manage thousands of Windows laptops, kiosks and mobile devices, this Intune and Azure architecture guide is your blueprint for scalable compliance, predictable conditional access and truly automatic security hardening.
Guest: Mirko Peters
Dec. 5, 2025

Your Zero Trust Fails If Intune Devices Aren’t Truly Compliant

Microsoft Intune is a powerful endpoint management solution — but improper deployment can introduce serious security risks. Misconfigured policies, over-permissioned roles, and weak compliance settings often create hidden vulnerabilities that attackers can exploit.In this guide, we break down the most common Intune deployment security risks, configuration mistakes organizations make, and how to harden your environment using best practices. From device compliance policies to role-based access control, this walkthrough helps you secure your Intune tenant before problems arise.If you’re managing endpoints at scale, prevention starts with correct configuration.
Guest: Mirko Peters
Dec. 4, 2025

How to Turn Microsoft Threat Analytics Into Real Security

You’re letting attackers stroll through your Microsoft tenant because you treat Threat Analytics like a newsletter instead of a weapon. In this episode, we show security leaders and SOC analysts how to turn Microsoft Threat Analytics into a living playbook that actually reduces time to detect and closes real attack paths. We explain what Threat Analytics is, how Microsoft’s own security researchers map global telemetry, MITRE ATT&CK techniques and indicators of compromise into guidance written in your tenant’s language, and why skimming the overview while ignoring exposure panels silently keeps you vulnerable. You’ll hear a simple rhythm: read, test, act, verify. We walk a focused 60 minute workflow that pulls techniques into Advanced Hunting, links findings to incidents in Microsoft Defender, and converts recommendations into Secure Score actions with clear owners, SLAs and evidence. Using phishing to token theft and living off the land persistence scenarios, we expose common detecti…
Guest: Mirko Peters
Dec. 4, 2025

The M365 Audit Log Mistakes That Let Attackers Walk Right In

What if your Zero Trust stack is silently greenlighting a perfect data heist in Microsoft 365?In this episode, we dissect how one “compliant” account quietly pulled 12,000 SharePoint files in 20 minutes—no malware, no DLP alerts, and all your Entra ID and conditional access policies saying “allowed.”You’ll learn why Zero Trust without audit evidence is just policy theater, and how to turn Entra risk signals, the Unified Audit Log, Purview policy edits, and Copilot interaction logs into a single, defensible incident timeline.We break down risky sign-ins, workload identity anomalies, mass download deltas, silent policy tampering, and AI-powered data exfiltration that looks like normal collaboration.Discover the one log pivot that exposes data staging every time and the KQL detection recipes that connect identity, privilege, data movement, and egress into a kill chain you can actually interrupt.If you run Microsoft 365 security, SecOps, or compliance, this is your practical gui…
Guest: Mirko Peters
Dec. 3, 2025

Teams Phishing Inside Your Tenant: How Attackers Trick Your Users

Your Microsoft 365 tenant might already be compromised—and your MFA is effectively useless because of one misconfiguration you’ve probably left on.In this episode, the Office of Corrective Doctrine walks you through five brutal real-world attack paths inside Microsoft 365 and Entra ID: Teams phishing posing as IT support, device code vishing that launders MFA-resistant tokens, malicious OAuth consent that turns “productivity apps” into silent data siphons, SharePoint “anyone with the link” exfiltration, and adversary-in-the-middle token theft that replays your sessions at scale.You’ll hear precise failure analysis and opinionated fixes: how to shut down broad user consent, lock down Teams external federation, constrain SharePoint and OneDrive sharing, enforce phishing-resistant authentication, bind tokens to devices, and turn Conditional Access, Defender for Cloud Apps, Safe Links, and App Governance into a coherent Microsoft 365 security strategy.If you own identity, coll…
Guest: Mirko Peters
Dec. 2, 2025

Hybrid Security Is Broken: Why You Need Defender XDR Now

Stop Buying Security Tools: The Shocking ROI of One XDR TimelineDrowning in alerts across M365, endpoints, and cloud apps? This video shows why your hybrid security stack is a Rube Goldberg machine that screams and still misses real attacks. You’ll see the four blind spots in Microsoft 365, identities, endpoints, and SaaS, and how attackers live in the gaps between your tools. Then we show how Microsoft Defender XDR fuses email, identity, device, and cloud telemetry into one incident story and one timeline, slashing dwell time, false positives, and audit pain. If you’re tired of swivel-chair investigations, alert fatigue, and paying three times for the same breach, this breakdown shows how consolidation flips Defender XDR from expense to savings.
Guest: Mirko Peters
Dec. 2, 2025

How to Use Entra and Sentinel to Catch M365 Attackers in Real Time

MFA is not your shield – it’s already broken. In this episode, we walk the bridge of a real M365 tenant breach, step-by-step, from the attacker’s cockpit to your shattered inbox. You’ll hear how one phishing click plus an AitM proxy and a “benign” OAuth app stole live cookies, hijacked mailboxes, and quietly vacuumed SharePoint at 2 a.m. No brute force, just borrowed badges, stolen tokens, and app consent abuse. Then we flip the script: the exact Entra logs, Sentinel KQL, UEBA analytics, and one killer policy combo that makes stolen tokens useless off-device. If you run M365 and still trust MFA alone, this briefing might be the most important hour of your year.
Guest: Mirko Peters
Nov. 30, 2025

Fix Conditional Access Loopholes Hackers Use in Microsoft 365

This episode explains how to “calm down” a messy Conditional Access setup by removing blind spots and setting clear boundaries. It walks through three main trust problems—overbroad exclusions, unclear device compliance, and token theft—and shows how to replace permanent exceptions with time-bound authentication contexts, stronger MFA, and clear device tiers (compliant, hybrid joined, Azure AD joined, registered). The host outlines a simple baseline of five inclusive policies (all-users MFA, unmanaged device step-up, strong auth for admins, emergency bypass via auth context, and token hygiene/CAE) plus a safe rollout plan using report-only mode, waves, and rollback. Finally, it stresses ongoing monitoring with a few KPIs and alerts (coverage, strength, exclusion changes, high-risk sign-ins without CA) so Conditional Access stays consistent, visible, and predictable instead of chaotic.
Guest: Mirko Peters
Nov. 10, 2025

Too Many False Positives in Defender? Fix It With Synthetic Analysts

Your “intern” just became your scariest, smartest coworker—and it’s made of code.In this episode, we unpack how Microsoft Security Copilot is quietly turning traditional Security Operations Centers into AI-driven defense factories. Forget drowning in alerts, phishing noise, and endless Patch Tuesday chaos. These synthetic analysts—autonomous agents baked into Defender, Entra, Intune, and Purview—are triaging phishing emails, tightening conditional access, and pre-planning vulnerability remediation before most humans finish their first coffee.You’ll meet three “interns” that:Read thousands of emails a day and never get alert fatigueConstantly patrol identities and access policies for silent privilege creepAct as a 24/7 digital medic for vulnerabilities across your endpointsThen we go a step further: you can build your own agents with plain English prompts, effectively staffing a synthetic workforce tailored to your environment.Is this the end of SOC analysts—or …
Guest: Mirko Peters
Nov. 2, 2025

our Copilot Setup Is Breaking GDPR: Fix These 5 Settings Now

Copilot Notebooks feel magical — a conversational workspace that pulls context from SharePoint, OneDrive, Teams, decks, sheets, emails — and synthesizes answers instantly.But the moment users trust that illusion, they generate data that has no parents.Every Copilot output — a summary, paragraph, bullet list — is derived content that contains fragments of sensitive sources… but inherits none of the original sensitivity label, retention policy, audit trace, or Purview detection scope.Result: enterprises are silently creating a Shadow Data Lake — an ocean of unlabeled, untraceable derivative insight.The core problem isn’t Microsoft’s security model — it’s that governance frameworks assume lineage, and AI isn’t generating lineage.Solution: treat AI output as first-class content. Label by default. Apply Derived Data policies. Time-box Notebook containers. Limit sharing. Make AI summaries review-gated.AI productivity accelerates — and so does compliance debt — unless…
Guest: Mirko Peters
Oct. 20, 2025

Dataverse Role Mistakes That Let Partners Download Your Customer List

Your Power App didn’t get “hacked”—it was over-permitted. Treating Dataverse like SharePoint (big buckets, broad roles) turns guest access into a data breach waiting to happen. Dataverse is a relational fortress built on granular privileges (Create/Read/Write/Delete/Append/Append To/Assign/Share), scoped access (User, Business Unit, Parent:Child, Organization), and Business Unit boundaries. One accidental Organization-level privilege on a guest or team role overwhelms every careful filter and exposes records across the environment.This episode shows the failure pattern (cloned roles, Parent:Child scope, team inheritance) and then the fix: isolate external users in their own Business Unit, build minimal guest roles from scratch, prefer Team ownership + Access Teams for precise sharing, apply Field-Level Security to sensitive columns, and automate join/leave via Entra ID. Close with governance: audit ownership and roles, enforce DLP with Purview, monitor high-scope changes, and run …
Guest: Mirko Peters