Turn your real-world experience into part of the show.

Microsoft Security Podcast – Identity, Cloud & Enterprise Protection Episodes

Security within the Microsoft ecosystem is deeply integrated across identity, endpoints, cloud services, and data platforms. Security Talk focuses on understanding Microsoft security architecture as an interconnected system rather than isolated tools and dashboards.

In this category, we examine identity security using Entra ID, Conditional Access, and privileged access models, alongside Microsoft Defender, Purview, and security controls across Microsoft 365 and Azure. Episodes explore how attackers exploit misconfigurations, how security signals propagate across services, and why many security incidents stem from architectural assumptions rather than missing features.

Security Talk emphasizes why breaches happen, not just how to configure protection. We discuss threat models, attack paths, lateral movement, and the operational trade-offs between security, usability, and automation. Particular focus is given to identity-centric security, which has become the primary control plane for modern Microsoft environments.

This category is intended for security professionals, architects, and IT decision-makers who need to understand Microsoft security beyond checklists and best-practice documents. If you are responsible for protecting identities, data, and cloud workloads within Microsoft platforms, Security Talk provides clear, experience-based insight into building and maintaining resilient security architectures.
Oct. 19, 2025

Manual GRC in Microsoft 365 Is Broken – Build This Agent Instead

Manual GRC reporting burns time and budget: exporting Purview logs to Excel, reconciling pivots, and hoping nothing changed overnight. Replace that drag with an autonomous GRC agent built entirely on Microsoft 365: Purview for audit truth, Power Automate for scheduled extraction + classification, and Copilot Studio for clean, human-readable summaries. The agent is deterministic—not guessy “AI.” You define sources, filters, thresholds, tone, and distribution.Pipeline: Power Automate (on a recurrence) pulls scoped Purview activities, filters noise, normalizes JSON, persists a slim history (Dataverse/SharePoint/SQL), classifies per user/event with numeric thresholds, and logs every run (success/failure) for auditability. It then calls a Copilot Studio endpoint with a structured payload to generate (1) exec summary, (2) technical appendix, (3) recommendations, which the flow publishes to Teams and archives to SharePoint—every time, same format, same metadata.Net effect: standardiz…
Guest: Mirko Peters
Oct. 19, 2025

Your Copilot Agent Uses Your Token – Lock Down Those Permissions Now

Copilot Studio agents don’t have their own ethics—or identities. By default they borrow the caller’s token, so any SharePoint, Outlook, Dataverse, or custom API you can see, your bot can see—and say. That’s how “innocent” answers leak context: connectors combine, chat telemetry persists, and analytics stores echo fragments you never meant to share. The fix isn’t ripping out AI; it’s Power Platform DLP done correctly—plus Entra scoping and continuous monitoring.Design the fortress at the connector–environment boundary: classify connectors into Business / Non-Business / Blocked, forbid cross-group traffic, and apply a tenant-level policy that overrules everything below. Put Microsoft 365 data sources (SharePoint/Outlook/OneDrive/Dataverse) in Business; quarantine AI/HTTP/Custom in Non-Business or Blocked; and stop assuming “tenant-wide” means “every environment.” Enforce least-privilege in Entra, segregate environments by function, and test like an attacker.There’s one sealing m…
Guest: Mirko Peters
Oct. 18, 2025

Your Copilot Rollout Is Illegal Without DPA and Product Terms Check

Turning on Microsoft Copilot isn’t magic—it’s governance in motion. That toggle activates a chain of contractual, technical, and organizational controls that either align…or explode. Contracts (Microsoft Product Terms + DPA) set the legal wiring: data residency, processor role, IP ownership, no training on your tenant data. Licenses unlock features; roles and permissions decide what Copilot can actually surface via Microsoft Graph. If RBAC and group membership are sloppy, Copilot will faithfully mirror that chaos.Your exposure equals your hygiene. Copilot only shows what users already can access, which means overshared SharePoint/Teams libraries and unlabeled documents become prompt-ready. Purview’s labels, DLP, retention, eDiscovery—and Defender’s endpoint/runtime enforcement—are the real brakes. Admin Center provisions; Purview classifies and audits; Defender blocks at runtime. Governance that lives in PDFs fails; governance encoded in policies and automation wins.Practical …
Guest: Mirko Peters
Oct. 15, 2025

Are Your Power Platform Apps Now “High‑Risk AI”? Fix This Before Audits

This episode is a practical walk-through of what actually goes wrong when organizations deploy copilots or chatbots without Responsible AI guardrails.It explains why:modern LLMs are non-deterministicprompt injection is not hypotheticalbad outputs can cascade across business workflows faster than any human mistakeThen it walks through the EU AI Act (which is now real, and not optional), and the implications for Power Platform / Microsoft 365 builders — especially if you’re building anything that touches employment, credit or productivity scoring.Finally, it closes with the practical shields that already exist inside Microsoft 365 / Power Platform — and the final “line of defense” — a functioning Governance Board.
Guest: Mirko Peters
Oct. 10, 2025

How Managers Can Control AI Agents So They Don’t Override Human Decisions

AI agents are about to feel like real coworkers inside Teams—fast, tireless, and dangerously literal. This episode gives you a simple framework to keep them helpful and safe: manage their memory, entitlements, and tools, and layer prompting, verification, and human-in-the-loop oversight. You’ll learn how to prevent “Agentageddon” with practical governance, risk tiers, and monitoring so agents boost throughput without blowing up compliance.
Guest: Mirko Peters
Oct. 6, 2025

Hard‑Coded SQL Logins in Azure? Replace Them Safely in One Weekend

In this episode, we break down the essential steps for securing web applications on Microsoft Azure, focusing on Azure App Service and its built-in security capabilities. You’ll learn what Azure App Service is, why it’s a powerful platform-as-a-service (PaaS) option, and how it simplifies deployment, scaling, and management of web apps, APIs, and mobile apps. We also highlight the key benefits of using Azure—including automatic updates, integrated security features, and seamless scalability.We walk through the core features of Azure Web Apps, such as authentication and authorization options, IP restrictions, TLS encryption, Azure DDoS protection, and integration with tools like Azure Front Door, Azure SQL Database, and Microsoft Entra ID. You’ll also hear how to get started with App Service, choose the right App Service Plan, manage deployments, and follow best practices with CI/CD pipelines, managed identities, and secure secret storage using Azure Key Vault.The episode also …
Guest: Mirko Peters
Oct. 2, 2025

Copilot Data Leak Scare? Use Purview DSPM to See What Really Happened

AI isn’t an edge case in your SIEM anymore—it’s a participant. This episode asks a hard question: when Copilot surfaces a confidential file your user can technically access, is that a breach, a policy gap, or “works as designed”? We walk through why AI access alerts don’t fit classic kill-chain thinking and how overshared data + weak labeling turn Copilot into an accidental exfil partner. The fix isn’t panic; it’s alignment: Purview/DSPM to map sensitivity and label history, DLP & label-based exclusions to block AI from high-risk content, Defender XDR to correlate AI access with endpoint movement, and prompt/interaction auditing so investigations have receipts.You’ll get a mental model for AI incidents (“malicious, overreach, or justifiable?”), the signal bridges your SOC needs (label change → AI access → downstream movement), and a prewired combo that turns noisy “Copilot touched a file” events into guided, evidence-backed actions. By the end, you’ll have a practical blueprint to…
Guest: Mirko Peters
Sept. 27, 2025

Autonomous Agents: Productivity Hack or Admin Nightmare?

The real shift is autonomous AI agents – systems that don’t just answer a prompt and wait for the next human nudge, but notice, decide, and act on their own. Not a “bot that replies in Teams,” but a worker that reads the situation, picks a plan, executes it, and learns from whatever broke along the way.An autonomous AI agent is basically an AI-powered loop: sense, think, act, learn. It pulls in signals from APIs, logs, documents, sensors, whatever you feed it. It builds an internal picture of “what’s going on,” runs that through models and planning logic, picks an action, executes it, and then uses the outcome as feedback to adjust its strategy. No one is there hand-holding it through each click. You set goals and constraints; it figures out the steps.They come in flavors. Some are laser-focused goal agents: “keep this metric green,” “close as many tickets as possible,” “optimize this schedule.” Some are reflexive: “if this happens, do that, instantly.” Others are true learnin…
Guest: Mirko Peters
Sept. 19, 2025

Microsoft Purview Data Governance: The Info Architect’s Survival Guide

Microsoft Purview has quickly become one of the most important tools for modern data governance, and in this episode we break down exactly how its architecture works, why organizations rely on it, and how to put best practices in place to protect sensitive information across Microsoft 365, Azure, multi-cloud, and on-prem environments. You’ll learn how the Purview Data Map discovers, classifies, and catalogs data, how the governance portal ties everything together, and why strong information architecture is the foundation for successful data governance. We explore how Purview integrates with Microsoft 365, SharePoint, Teams, and Defender to deliver end-to-end visibility, risk reduction, and compliance, and how features like data classification, retention labels, access controls, and DLP policies help organizations secure their data without slowing down productivity. This episode also covers deployment steps, security considerations, and strategies for building a scalable, future-ready …
Guest: Mirko Peters
Sept. 13, 2025

Why ARM Templates Are Holding You Back

This episode breaks down the differences between Bicep and ARM templates to help Azure teams choose the best Infrastructure-as-Code approach. It starts with a quick refresher on ARM templates and why they’ve long been the standard, then introduces Bicep as a cleaner, simpler, more maintainable alternative.You’ll hear real-world comparisons covering readability, modular design, parameters, maintainability, and deployment experience. The episode also touches on performance, debugging, and helpful tooling like VS Code extensions. Practical guidance is provided for migrating existing ARM templates to Bicep, including shortcuts that speed up conversion and pitfalls to watch out for. Cloud engineers debate the pros and cons of both approaches and outline when sticking with ARM makes sense — and when switching to Bicep is the smarter choice.It’s aimed at cloud architects, DevOps engineers, SREs, and developers who want fewer IaC headaches, more reliable deployments, and cleaner, easi…
Guest: Mirko Peters
Sept. 11, 2025

Passkeys vs Passwords: Why Microsoft 365 Is Going Passwordless

This episode explains how organizations are moving away from passwords by using passwordless authentication with Microsoft Entra ID. It opens with eye-opening data on credential theft, then breaks down how FIDO2 security keys, Windows Hello, and the Microsoft Authenticator app work — in simple, clear terms.You’ll hear real case studies showing lower breach risk, faster onboarding, and noticeable cost savings. The episode includes a practical playbook for piloting passwordless authentication, highlighting common pitfalls, quick wins, and how to think about new security trade-offs once passwords are gone. Experts also discuss what’s coming next for passwordless in cloud and hybrid environments.It’s aimed at identity, security, and IT operations professionals who want the confidence to propose or expand passwordless projects. Key takeaways include why passwords remain the weakest link, why pilots should start small and scale gradually, and how focusing on smooth user experience d…
Guest: Mirko Peters
Sept. 10, 2025

The Hidden Risks in Your Cloud (That Most Teams Miss)

This episode exposes the most significant — and often hidden — cloud security risks in Microsoft 365 and Azure. It cuts through marketing claims with real attack examples, misconfiguration failures, and lessons learned from actual incident response timelines. Listeners hear how a single oversight led to a multimillion-dollar data leak and how attackers commonly enumerate Microsoft 365 tenants, move laterally, and exploit weak Azure configurations.The episode covers the current threat landscape, the top five risks across Microsoft 365 and Azure, and a detailed breach case study involving conditional access mistakes and an unsecured storage account. You’ll get practical hardening guidance using Microsoft Defender for Cloud, plus a set of quick security checks you can perform in under 30 minutes. Long-term strategies include identity-first design, enforcing least privilege, improving visibility with logging and alerts, and using continuous monitoring tools.Key takeaways emphasize…
Guest: Mirko Peters
Sept. 7, 2025

Microsoft Purview vs Rogue AI: How to Control AI Data Risks in Microsoft 365

This episode dives into the escalating tension between governed AI and the chaos that unfolds when AI systems operate without oversight. We explore how Microsoft Purview has become the backbone of responsible AI adoption, bringing structure, visibility, and control to data that AI agents depend on. The conversation unpacks what Purview actually does, how it classifies and protects sensitive information, and why its data loss prevention and labeling engine are essential guardrails in an era where unsanctioned tools and shadow AI are growing fast.We contrast that with the reality of rogue AI—agents that overreach their intended purpose, access data they shouldn’t, bypass safeguards, or expose information because no governance was in place to stop them. You’ll hear examples of AI behaving unpredictably, how compliance failures emerge when AI runs without constraints, and why organizations often underestimate the risks until it’s too late. The episode highlights how Purview’s integrat…
Guest: Mirko Peters
Sept. 7, 2025

Your Microsoft MIP Rollout Is Broken: Why Data Protection Fails in Microsoft 365

This episode takes you deep into the world of Microsoft Purview Information Protection and explains why it has become one of the most important pillars of modern data security. We walk through what information protection really means, why sensitive data is getting harder to control, and how Purview steps in with the structure, automation, and intelligence organizations desperately need. You’ll hear how Purview discovers and classifies data across Microsoft 365, on-premises servers, and cloud apps, how sensitivity labels drive encryption and access control, and why its integration with Microsoft Defender for Cloud Apps and Azure Information Protection creates a unified safety net around your entire data estate.We explore what it actually looks like to deploy information protection in the real world, from scanning legacy file shares to enforcing DLP policies that stop data from leaking through email, Teams messages, or cloud uploads. The episode also digs into advanced tools like th…
Guest: Mirko Peters
Sept. 5, 2025

Microsoft Defender Alone vs Sentinel: Why Your Security Strategy Is Failing in Microsoft 365

This episode breaks down the confusion many organizations face when trying to understand the difference between Microsoft Defender and Microsoft Sentinel, two tools that sound similar but play very different roles in the Azure security landscape. We walk through how Defender focuses on real-time protection at the endpoint, in Microsoft 365, and across cloud workloads, acting like an automated guard that detects threats the moment they appear. Sentinel, on the other hand, steps back and looks at the entire enterprise, pulling in signals from Azure, on-prem systems, and third-party tools to create a unified picture of what’s happening across the environment. While Defender reacts, Sentinel investigates. While Defender stops attacks at the source, Sentinel connects the dots and helps security teams understand the bigger story behind alerts.The conversation highlights why teams often struggle to choose between them—and how the choice isn’t really either-or. Defender excels in scenario…
Guest: Mirko Peters
Sept. 4, 2025

M365 Is Not Ready for KRITIS… Or Is It?

This episode takes a critical look at whether Microsoft 365 is truly ready for KRITIS environments, the highly regulated sectors where security, reliability, and compliance aren’t just important but mandatory. We explore why so many organizations in critical infrastructure struggle with adopting M365, even though the platform promises modern collaboration, flexibility, and cloud-driven productivity. The discussion highlights that the biggest challenge isn’t the technology itself but the gap between Microsoft’s default configurations and the strict requirements set by German KRITIS regulations and the BSI.Throughout the episode, we talk through the recurring concerns raised by auditors and IT leaders. Security limitations in standard M365 deployments remain a major sticking point, especially where identity management, conditional access, and privileged roles aren’t configured with maximum rigor. Licensing complexity adds another layer of frustration, as many of the security feature…
Guest: Mirko Peters
Sept. 2, 2025

This AI Sees Everything: The Hidden Data Risk Behind Microsoft 365 Copilot

This episode dives into the growing role of Fabric Data Agents inside Microsoft Copilot Studio and how they’re reshaping the way organizations interact with their data. The hosts start by breaking down what a Fabric Data Agent actually is—an AI-driven intermediary that gives users controlled access to selected data stored in Microsoft Fabric. Instead of digging through semantic models or navigating complex databases, users can query their data conversationally through an agent that understands both the structure of the data and the rules that govern it. It’s a major step toward making enterprise data more accessible without compromising security or governance.The conversation then expands into how Microsoft Fabric and Copilot Studio complement each other. Fabric serves as the unified analytics backbone, while Copilot Studio becomes the interface where custom agents are built, trained, and deployed. When these two worlds meet, organizations get a powerful, AI-enhanced layer that le…
Guest: Mirko Peters
Aug. 30, 2025

Microsoft 365 Security Best Practices: Protect Your Tenant Without User Friction

This episode dives deep into the foundations of Microsoft 365 security and why locking down your M365 tenant has never mattered more. The conversation opens with a look at what “Microsoft 365 security” truly means today: a constantly evolving mix of policies, controls, and intelligent protection layers designed to defend identity, data, devices, and collaboration spaces across the cloud. As the hosts point out, M365 may come packed with powerful tools, but those tools only work when organizations configure them intentionally. Without strong baselines, attackers exploit weak MFA, lax external access, and poorly monitored environments long before anyone notices.The episode highlights how Microsoft Defender for Office 365 plays a starring role in stopping modern threats, with anti-phishing policies, safe links, safe attachments, real-time alerts, and analytics that reveal attacks before users even fall for them. They stress that pairing Defender for Office 365 with Defender for Endpo…
Guest: Mirko Peters
Aug. 28, 2025

Microsoft 365 Guest Access Governance and User Management

Your Microsoft 365 tenant is probably full of “guests who never left.” Contractors, vendors, and partners get invited for short projects—and their accounts quietly live on for years. That sprawl creates hidden risk: lingering access to SharePoint and Teams, easy entry for attackers via compromised external identities, and avoidable compliance findings (ISO 27001, SOC 2, GDPR) for missing offboarding controls. This episode exposes the scope of the “silent guest pile-up,” why it’s dangerous, how audits uncover it, and the practical blueprint to move from chaos to lifecycle control: discover, triage, expire by default, and recertify only what’s still needed.
Guest: Mirko Peters
Aug. 22, 2025

Microsoft 365 Security vs Usability: Why Zero Trust Alone Doesn’t Work

“Zero Trust everywhere” and “freedom for everyone” both fail in production. One grinds work to a halt; the other invites disaster. In this workshop we show how top M365 orgs hit the operating sweet spot—where CISO, GDPR officer, and everyday users all win. You’ll learn how small portal changes cascade into big workflow pain, how to write Conditional Access that protects without breakage, and how to use PIM for just-in-time admin without bottlenecks. We’ll leave you with battle-tested guardrails, policy templates, and a 30/60/90 rollout plan so your tenant runs quiet, audits pass, and users stop noticing security—because it just works.
Guest: Mirko Peters
Aug. 21, 2025

Microsoft Entra Explained: Why It’s a Complete Identity & Access Management Platform

Active Directory was built for office networks that barely exist anymore. Today, identities — not networks — are the real perimeter. Microsoft Entra isn’t “AD in the cloud”; it’s a suite designed for a hybrid, perimeter-less world: Entra ID for auth and conditional access, Permissions Management for multi-cloud least-privilege, Verified ID for portable credentials, and Identity Governance to kill access creep.This episode explains how Entra bridges legacy AD with cloud-first needs without breaking what already works, and how to move from static, network-based trust to adaptive, identity-first security aligned to Zero Trust.
Guest: Mirko Peters
Aug. 21, 2025

How to Automate Compliance Tasks in Microsoft 365 with Power Automate

Compliance fails when it’s static. Checklists freeze rules in time, but regulations keep moving. In this episode, you’ll learn how to turn compliance from a brittle, manual checklist into a self-updating, feedback-driven system using Power Automate + SharePoint/Dataverse + Power BI.We cover recurrence triggers, adaptive workflows, centralized logging, escalation, governance at scale, and future-proofing via metadata and modular flow design — so your compliance process learns and updates itself instead of breaking every time a rule changes.Primary keywords: Power Automate compliance, automated compliance workflows, compliance governance, feedback loops, adaptive automation, SharePoint compliance library, Dataverse audit log, Power BI compliance dashboard, recurring flows, escalation policies, metadata-driven automation.
Guest: Mirko Peters
Aug. 20, 2025

Microsoft 365 DLP Setup Guide: Create and Configure Policies in Purview

This episode examines the real return on Copilot by focusing on outcomes rather than features. It argues that the biggest cost in modern organizations isn’t failed projects or bad strategy, but the quiet drain of routine work—emails, meetings, drafts, reports, and administrative tasks that create the appearance of progress without delivering meaningful impact. Copilot’s value comes from collapsing this everyday friction and returning time to people who rarely realize how much they’re losing.The episode explains how small time savings, while unimpressive in isolation, compound dramatically at scale. A few hours reclaimed per person each month becomes significant capacity across large teams. Whether that capacity produces value depends on intent: reclaimed time must be deliberately reinvested into higher-impact work instead of dissolving back into busyness.It also explores where these gains show up most clearly. In sales and marketing, reduced preparation and cleaner focus impro…
Guest: Mirko Peters
Aug. 20, 2025

Microsoft Defender for Cloud Compliance Monitoring: Dashboards, Scores & Insights

Most teams “pass” audits yet miss real misconfigurations between reviews. Microsoft Defender for Cloud changes that by turning compliance into a live posture: map your estate to frameworks (ISO/NIST/PCI), tailor controls to your own standards, auto-remediate drift, and surface results in Power BI for leadership. This episode shows how to build continuous, system-wide assurance—assessment → automation → evidence—across Azure, AWS, GCP and on-prem (Arc) without drowning in tickets.Keywords: Microsoft Defender for Cloud compliance, continuous compliance, Azure Policy, auto-remediation, regulatory compliance dashboard, Power BI security reporting, multi-cloud compliance, Azure Arc, NIST 800-53, ISO 27001, PCI DSS, governance at scale.
Guest: Mirko Peters