Turn your real-world experience into part of the show.

Microsoft Security Podcast – Identity, Cloud & Enterprise Protection Episodes

Security within the Microsoft ecosystem is deeply integrated across identity, endpoints, cloud services, and data platforms. Security Talk focuses on understanding Microsoft security architecture as an interconnected system rather than isolated tools and dashboards.

In this category, we examine identity security using Entra ID, Conditional Access, and privileged access models, alongside Microsoft Defender, Purview, and security controls across Microsoft 365 and Azure. Episodes explore how attackers exploit misconfigurations, how security signals propagate across services, and why many security incidents stem from architectural assumptions rather than missing features.

Security Talk emphasizes why breaches happen, not just how to configure protection. We discuss threat models, attack paths, lateral movement, and the operational trade-offs between security, usability, and automation. Particular focus is given to identity-centric security, which has become the primary control plane for modern Microsoft environments.

This category is intended for security professionals, architects, and IT decision-makers who need to understand Microsoft security beyond checklists and best-practice documents. If you are responsible for protecting identities, data, and cloud workloads within Microsoft platforms, Security Talk provides clear, experience-based insight into building and maintaining resilient security architectures.
Aug. 18, 2025

Microsoft Purview vs Azure Information Protection: Key Differences, Features & Use Cases

Think Purview and Azure Information Protection are “enterprise-only”? Think again. If you’re already on Microsoft 365 (E3 or Business Premium), you likely have sensitivity labels, baseline DLP, and email encryption ready to use—no extra spend. This episode debunks the biggest myth about data protection and shows a simple, fast path to label → protect → prevent leaks that small teams can deploy in an afternoon and big orgs can scale later.
Guest: Mirko Peters
Aug. 16, 2025

How to Audit User Activity in Microsoft 365 with Microsoft Purview

Auditing user activity in Microsoft 365 is no longer optional — it’s essential for security, compliance, and governance. Microsoft Purview provides powerful audit capabilities, but many organizations don’t use them correctly or fail to leverage advanced logging features.In this guide, we walk through how to enable auditing in Microsoft Purview, how to search and analyze audit logs effectively, and how to use audit data for threat detection, compliance investigations, and risk mitigation.Whether you're investigating suspicious behavior, preparing for a compliance review, or strengthening your security posture, this step-by-step breakdown shows you how to turn audit data into actionable insight.
Guest: Mirko Peters
Aug. 16, 2025

Microsoft 365 Copilot Governance: How to Keep AI Secure & Compliant

Copilot can overreach if Graph permissions are too broad. One mis-scoped app permission lets AI surface files, spreadsheets, and confidential client data users couldn’t normally access. Fix it by treating Copilot like any high-privilege app: lock Graph scopes to least privilege, segment access with Entra ID role groups, and extend DLP and sensitivity labels to AI-generated content in Exchange, SharePoint, OneDrive, and Teams. Use Purview Audit to trace who asked Copilot for what, from where, and when—and pipe signals to Sentinel for proactive alerts. Governed right, Copilot stays fast and useful without leaking sensitive data.
Guest: Mirko Peters
Aug. 15, 2025

Zero Trust in Microsoft 365 & Dynamics 365: Security by Design Explained

MFA isn’t Zero Trust. If Microsoft 365 and Dynamics 365 don’t enforce the same identity, device, and session checks, attackers walk through the side door. “Zero Trust by Design” treats M365 + D365 as one system: align Conditional Access and risk signals, apply just-in-time roles, segment identities by job, and continuously re-verify sessions across clouds. Tie it together with adaptive policies that cut MFA fatigue. Result: coordinated defenses, fewer blind spots, and strong security that doesn’t slow work.
Guest: Mirko Peters
Aug. 11, 2025

Microsoft Graph Permissions & Consent Models Explained (Avoid Common Security Mistakes)

Most Graph-powered apps fail at rollout not because of code, but consent. Dev tenants allow broad testing; production enforces tight policies that block risky scopes. The fix is understanding Graph’s two models—delegated (user-in-context) vs. application (app-only, org-wide)—and requesting the minimum viable scopes that match how your app actually runs. Keep user data to delegated where possible; reserve app-only for unattended or cross-tenant jobs and plan for admin approval. Map tenant consent policies early, stage permissions (pilot → broaden), and document why each scope is required. Use least-privilege alternatives (e.g., Calendars.Read vs. Calendars.ReadWrite, Team.ReadBasic.All vs. full directory). Wrap with governance: pre-approval workflow, quarterly reviews, tagging, and audit logs. Result: fewer “admin consent required” popups, faster security sign-off, and a rollout that survives contact with real users.
Guest: Mirko Peters
Aug. 11, 2025

Why Your Power App or Flow Is Blocked: DLP Policies Explained for Developers

Power Platform Data Loss Prevention (DLP) policies don’t have to be mystery roadblocks. In this episode, we explain why Flows fail with cryptic DLP errors and show exactly how to prevent them—before production. You’ll learn how connector classifications (business, non-business, blocked), custom connectors, and tenant vs. environment policies interact; how to run pre-flight checks; and how to align dev/test/prod so migrations don’t silently break. We cover practical governance tactics: policy reviews, negative testing, alerts, and using the CoE toolkit—plus a clear checklist to keep Power Automate, Power Apps, and custom connectors compliant and reliable. Build faster, avoid midnight fire drills, and turn DLP into guardrails that protect data and keep your automations running.
Guest: Mirko Peters
Aug. 10, 2025

How to Secure Microsoft Fabric Data Pipelines (Avoid Data Leaks & Access Risks)

Microsoft Fabric pipelines often feel “secure by default,” but silent data exposure usually comes from misconfigured permissions, hardcoded secrets, and overbroad workspace roles. This episode shows how to harden end-to-end pipelines with managed identities (kill passwords), Azure Key Vault (centralize and audit secrets), and precise RBAC (least privilege at workspace, pipeline, and dataset layers). You’ll learn where Fabric inherits risky defaults, how tenant/workspace access quietly widens, and the exact steps to lock down connectors, notebooks, and pipelines—without slowing your teams. Walk away with a practical security playbook, audit-ready logging, and guardrails that let admins, analysts, and engineers move faster with less risk.
Guest: Mirko Peters
Aug. 10, 2025

Why Your Dynamics 365 Deployments Fail (And How ALM Pipelines Fix It)

Dynamics 365 deployments fail less because of code and more because of packaging gaps: hidden dependencies, unmanaged/managed mix-ups, missing environment variables and connection references, and un-migrated configuration data. In this episode, we show how to ship reliably by mapping dependencies up front, using managed solutions for prod, aligning layers in a sandbox, and treating env config + reference data as first-class deployment artifacts. You’ll get an end-to-end release blueprint—import, configure, migrate, validate—plus tooling tips (Solution Checker, dependency analysis, config migration) to prevent “works in dev, breaks in prod” disasters.
Guest: Mirko Peters
Aug. 6, 2025

Data Loss Prevention Policies for Fabric and Power Platform

This episode exposes the hidden gaps in Fabric and Power Platform Data Loss Prevention (DLP)—from shadow connectors and cross-environment leaks to misclassified “business” connectors that quietly exfiltrate sensitive data. You’ll learn how DLP decisions are really made (the if-then logic behind policies), how to map actual data flows across apps, environments, and connectors, and how to classify risk without choking productivity. We share an adaptive testing playbook—pilot scopes, sandbox simulations, analytics-driven tuning, and guardrails—so you can block personal Dropbox/OneDrive/Gmail escapes, stop custom connector surprises, and keep critical workflows running. If you want DLP that protects tomorrow’s risks, not just yesterday’s email, this step-by-step guide is for you.
Aug. 6, 2025

Setting Up ALM for Power Platform with GitHub Actions

This episode demystifies Power Platform ALM with GitHub Actions so you can see—and control—every step from source to prod. Learn why deployments fail (connector references, environment variables, and human-led imports), how to wire service principals and scoped secrets, and how to structure GitHub workflows (triggers, jobs, env-specific vaults) that validate, remap, and deploy solutions predictably. We cover source management with unpacked solutions, build-time checks, connector/variable remapping at deploy, and guardrails that stop silent breakages. If your Power Apps and flows “work in dev” but die in test or prod, this is your step-by-step playbook to ship reliable, auditable releases—without guesswork.
Aug. 3, 2025

Your Phishing Reports Aren’t Showing the Whole Story

Your phishing dashboard is lying to you. The “all good” charts hide near-miss clicks, silent investigations, and active campaigns threading your inboxes right now. We show how to tap Microsoft Defender’s buried signals and build living Power BI dashboards that expose what’s really happening—and what you’ll miss next unless you fix it.
Aug. 2, 2025

Your SIEM Is Missing Critical M365 Logs

Your SIEM isn’t blind—it’s blinking. Out-of-the-box connectors skip crucial M365 logs (mailbox forwarding, granular SharePoint sharing, Teams/Power Platform actions), so the “all good” green light is faking you out. Turn your SIEM from checkbox to chokehold: ingest the right audit streams, filter noise before it hits storage, normalize fields, and add detections that catch real attacker tradecraft.
Aug. 1, 2025

Defender for M365 Isn't What You Think

Your users still click phish—even with Defender for M365 “fully enabled.” The culprit isn’t the attackers; it’s misaligned layers: Safe Links, Safe Attachments, anti-phishing ML, and mail flow rules that overlap, conflict, or leave gaps. This guide traces how a real phishing email slips through, the config traps that make it worse, and the exact blueprint to tune Defender as a living system—so security stops breaking business, and business stops breaking security.
July 31, 2025

Automated Licensing: Fix The Invisible Failures

Your M365 Licenses Didn’t “Disappear”—Your Dynamic Groups Did (Here’s How to Stop the Silent Failures)If your automated license assignments randomly vanish—or premium SKUs linger on the wrong users—the culprit isn’t Microsoft. It’s brittle dynamic group rules, drifting attributes, and slow recalculations that quietly boot people in or out. In this episode, we expose the hidden traps: renamed departments, empty/dirty attributes, exact-match logic, and laggy group processing that break licensing without warnings. You’ll learn a resilient rules blueprint (contains > equals, guardrails for blanks, nested inclusions/exclusions), a “ghost license” hunt to claw back budget, and a lightweight audit/alert routine to catch failures before users or Finance do.
July 30, 2025

Nobody Explains Microsoft Graph Consent—Here’s What’s Missing

Stop blindly clicking “Grant admin consent.” This deep dive demystifies Microsoft Graph app-only permissions—who consents, which scopes you actually need, and how tokens really work in production. Learn least-privilege setups, admin consent gotchas, secret/cert rotation, managed identity, and audit-ready monitoring so your background jobs don’t break at 2 a.m. or expose tenant-wide data. Ship secure, stable automations—without drowning in consent dialogs.
July 30, 2025

Conditional Access vs Identity: Who Actually Decides?

Your best Microsoft 365 security signal isn’t the login—it’s what the identity does next. Wire Conditional Access (the gatekeeper) to listen to Defender for Identity (the watcher), and you’ll auto-raise friction when behavior turns risky—shrinking dwell time, false positives, and your midnight pager duty.
July 30, 2025

Unlocking the REAL Power of DLP: 3 Insider Moves

Think your DLP rules have your Microsoft Power Platform locked down? Think again. The biggest data leak in your tenant may be hiding in plain sight—the default environment. In this episode, we expose why environment strategy—not just connector blocking—is the silent weak link behind surprising Power Apps and Power Automate data spills. You’ll learn how proof-of-concept apps quietly turn into “production,” how over-blocking connectors pushes users into risky shadow IT, and why “trust internal, block external” sharing policies fail in hybrid work. We unpack real-world failure patterns (hello, permissive HTTP connector) and show how leaks happen between business units when environments aren’t mapped to data sensitivity or ownership. Then we flip the script with three practical moves: define business-aligned environments, apply targeted connector governance based on actual data flows, and enforce risk-based, time-boxed sharing with reviews and expiries. If you’ve ever asked, “Why do issue…
July 30, 2025

Authentication Nightmares: How SPFx Really Handles Multi-Tenancy

Shipping a SharePoint Framework app to another tenant and watching auth blow up, Graph return nothing, and users not even see the web part? You’re not cursed—multi-tenant SPFx is. In this episode, I show the exact authentication traps that tank cross-tenant deployments, why Graph goes “empty,” and the deployment patterns that stop Friday-night fire drills. Convert your app to true multi-tenant, fix consent the right way, make config tenant-aware (no secrets in code!), and ship one package you can support everywhere—without losing your weekend.
July 29, 2025

Intune: Zero-Touch Deployments Aren’t One-Size-Fits-All

“Zero-touch” isn’t one-size-fits-all—it’s one-size-fails-fast. 🚨 The same Intune baseline that delights desk workers can break field techs, hobble engineers, and leave exec devices under- or over-secured. In this episode, I show you how to ditch blunt templates and turn Intune into a precision tool: segment by role and hardware, layer conditional access, pilot safely, and measure what matters so you stop firefighting weird tickets and start shipping rollouts that actually work.
June 18, 2025

Microsoft Defender for Cloud

I use Microsoft Defender for Cloud because it gives me one place to manage security across Azure, AWS, and Google Cloud . Every week, I see thousands of threats, from ransomware to phishing and cloud misconfigurations. Ransomware attacks now disrupt 86% of businesses , and AI makes phishing even harder to spot . I rely on Microsoft Defender to replace old tools, improve compliance, and protect my growing cloud workloads as threats keep getting more complex. Key Takeaways * Microsoft Defender for...
May 19, 2025

How Teams Governance Drives Collaboration and Success

Imagine a workplace where every team operates in harmony, trust flourishes, and productivity soars. Teams governance holds the hidden power to make this vision a reality. It creates order by defining clear structures and roles, ensuring that collaboration thrives without chaos. Without it, organizations often struggle to gather meaningful metrics or maintain data quality. A well-implemented governance strategy enhances trust and safety while aligning teams with organizational goals. By focusing ...
May 9, 2025

Power Without Paranoia: Unraveling Security and Innovation on Microsoft’s Power Platform

Everyone remembers that one time they broke something at work—maybe you were given a bit too much access, clicked the wrong button, and messed up that important report (guilty as charged!). The world of Microsoft’s Power Platform is basically a grown-up version of that story, but with bigger consequences. In this first episode, I team up with Marcel to navigate what happens when incredible innovation tools crash into the real need for practical security. This isn’t a dry how-to; it’s a mix of ha...
May 8, 2025

SC-900 Exam Prep Part 3/8: Microsoft Entra Roles EXPLAINED

I once let my cousin borrow my car, only to realize I’d left the keys to my house on the keychain. Spoiler: Nothing bad happened, but it kept me up that night thinking, "Did I just give away too much trust by accident?" If you’ve ever been in charge of who-gets-access-to-what in your organization, you know that uneasy feeling. Today, let’s explore how Microsoft Entra roles act as that critical barrier (or, if you’re careless, as a wide-open front door), and why wrestling with the principle of le...
May 7, 2025

SC-900 Exam Prep Part 2/8: Unlock Microsoft Entra ID’s Secrets

When I first stepped into the world of IT, my role as an admin managing Active Directory dealt mostly with on-premise systems. As the industry evolved and Microsoft introduced its cloud solutions, I felt like I was back in school, grappling with the complexities of entirely new identity systems and preparing for the SC900 exam. My challenges mirrored those of many in the IT landscape, transforming my understanding from basic AD features to the rich capabilities of Microsoft EntraID. In this blog...