Microsoft Security Podcast – Identity, Cloud & Enterprise Protection Episodes

This episode explains how organizations are moving away from passwords by using passwordless authentication with Microsoft Entra ID. It opens with eye-opening data on credential theft, then breaks down how FIDO2 security keys, Windows Hello, and the Microsoft Authenticator app work — in simple, cle…

This episode exposes the most significant — and often hidden — cloud security risks in Microsoft 365 and Azure. It cuts through marketing claims with real attack examples, misconfiguration failures, and lessons learned from actual incident response timelines. Listeners hear how a single oversight l…

This episode dives into the escalating tension between governed AI and the chaos that unfolds when AI systems operate without oversight. We explore how Microsoft Purview has become the backbone of responsible AI adoption, bringing structure, visibility, and control to data that AI agents depend on.…

This episode takes you deep into the world of Microsoft Purview Information Protection and explains why it has become one of the most important pillars of modern data security. We walk through what information protection really means, why sensitive data is getting harder to control, and how Purview…

This episode breaks down the confusion many organizations face when trying to understand the difference between Microsoft Defender and Microsoft Sentinel, two tools that sound similar but play very different roles in the Azure security landscape. We walk through how Defender focuses on real-time pr…

This episode takes a critical look at whether Microsoft 365 is truly ready for KRITIS environments, the highly regulated sectors where security, reliability, and compliance aren’t just important but mandatory. We explore why so many organizations in critical infrastructure struggle with adopting M3…

This episode dives into the growing role of Fabric Data Agents inside Microsoft Copilot Studio and how they’re reshaping the way organizations interact with their data. The hosts start by breaking down what a Fabric Data Agent actually is—an AI-driven intermediary that gives users controlled access…

This episode dives deep into the foundations of Microsoft 365 security and why locking down your M365 tenant has never mattered more. The conversation opens with a look at what “Microsoft 365 security” truly means today: a constantly evolving mix of policies, controls, and intelligent protection la…

Your Microsoft 365 tenant is probably full of “guests who never left.” Contractors, vendors, and partners get invited for short projects—and their accounts quietly live on for years. That sprawl creates hidden risk: lingering access to SharePoint and Teams, easy entry for attackers via compromised …

“Zero Trust everywhere” and “freedom for everyone” both fail in production. One grinds work to a halt; the other invites disaster. In this workshop we show how top M365 orgs hit the operating sweet spot—where CISO, GDPR officer, and everyday users all win. You’ll learn how small portal changes casc…

Active Directory was built for office networks that barely exist anymore. Today, identities — not networks — are the real perimeter. Microsoft Entra isn’t “AD in the cloud”; it’s a suite designed for a hybrid, perimeter-less world: Entra ID for auth and conditional access, Permissions Management fo…

Compliance fails when it’s static. Checklists freeze rules in time, but regulations keep moving. In this episode, you’ll learn how to turn compliance from a brittle, manual checklist into a self-updating, feedback-driven system using Power Automate + SharePoint/Dataverse + Power BI.We cover recur…

This episode examines the real return on Copilot by focusing on outcomes rather than features. It argues that the biggest cost in modern organizations isn’t failed projects or bad strategy, but the quiet drain of routine work—emails, meetings, drafts, reports, and administrative tasks that create t…

Most teams “pass” audits yet miss real misconfigurations between reviews. Microsoft Defender for Cloud changes that by turning compliance into a live posture: map your estate to frameworks (ISO/NIST/PCI), tailor controls to your own standards, auto-remediate drift, and surface results in Power BI f…

Think Purview and Azure Information Protection are “enterprise-only”? Think again. If you’re already on Microsoft 365 (E3 or Business Premium), you likely have sensitivity labels, baseline DLP, and email encryption ready to use—no extra spend. This episode debunks the biggest myth about data protec…

Auditing user activity in Microsoft 365 is no longer optional — it’s essential for security, compliance, and governance. Microsoft Purview provides powerful audit capabilities, but many organizations don’t use them correctly or fail to leverage advanced logging features.In this guide, we walk t…

Copilot can overreach if Graph permissions are too broad. One mis-scoped app permission lets AI surface files, spreadsheets, and confidential client data users couldn’t normally access. Fix it by treating Copilot like any high-privilege app: lock Graph scopes to least privilege, segment access with…

MFA isn’t Zero Trust. If Microsoft 365 and Dynamics 365 don’t enforce the same identity, device, and session checks, attackers walk through the side door. “Zero Trust by Design” treats M365 + D365 as one system: align Conditional Access and risk signals, apply just-in-time roles, segment identities…

Most Graph-powered apps fail at rollout not because of code, but consent. Dev tenants allow broad testing; production enforces tight policies that block risky scopes. The fix is understanding Graph’s two models—delegated (user-in-context) vs. application (app-only, org-wide)—and requesting the mini…

Power Platform Data Loss Prevention (DLP) policies don’t have to be mystery roadblocks. In this episode, we explain why Flows fail with cryptic DLP errors and show exactly how to prevent them—before production. You’ll learn how connector classifications (business, non-business, blocked), custom con…

Microsoft Fabric pipelines often feel “secure by default,” but silent data exposure usually comes from misconfigured permissions, hardcoded secrets, and overbroad workspace roles. This episode shows how to harden end-to-end pipelines with managed identities (kill passwords), Azure Key Vault (centra…

Dynamics 365 deployments fail less because of code and more because of packaging gaps: hidden dependencies, unmanaged/managed mix-ups, missing environment variables and connection references, and un-migrated configuration data. In this episode, we show how to ship reliably by mapping dependencies u…

This episode exposes the hidden gaps in Fabric and Power Platform Data Loss Prevention (DLP)—from shadow connectors and cross-environment leaks to misclassified “business” connectors that quietly exfiltrate sensitive data. You’ll learn how DLP decisions are really made (the if-then logic behind pol…

This episode demystifies Power Platform ALM with GitHub Actions so you can see—and control—every step from source to prod. Learn why deployments fail (connector references, environment variables, and human-led imports), how to wire service principals and scoped secrets, and how to structure GitHub …