M365.FM - Modern work, security, and productivity with Microsoft 365
Traditional cybersecurity focuses on vulnerabilities, alerts, and dashboards. Attackers don't. They look for opportunities, weak identities, exposed cloud resources, excessive permissions, forgotten endpoints, and misconfigurations they can chain together into a successful attack. In this episode of the M365 FM Podcast, host Mirko Peters takes a unique approach by stepping into the role of the attacker while Microsoft Security MVP and Microsoft Certified Trainer Uros Babic defends a modern Microsoft environment using Microsoft Security Exposure Management, Microsoft Defender XDR, Microsoft Sentinel, Security Copilot, and Zero Trust principles. Instead of discussing security theory, this episode follows a realistic attack scenario from reconnaissance and phishing to privilege escalation, lateral movement, ransomware, and data exfiltration. Along the way, Uros explains how organizations can stop attackers before they reach critical assets by focusing on exposure rather than simply fixing vulnerabilities. The discussion demonstrates why modern security operations are shifting from reactive incident response to proactive risk reduction powered by Microsoft's latest security technologies. THINKING LIKE AN ATTACKER The episode begins with one fundamental mindset shift: attackers don't see security dashboards or compliance reports—they see attack paths. Uros explains why organizations should stop asking "How many vulnerabilities do we have?" and instead ask "Which attack path would an attacker exploit first?" Topics include: * Social engineering * Phishing attacks * Credential theft * Privilege escalation * Lateral movement * Ransomware * Data exfiltration * Insider threats * Supply chain attacks * Cloud misconfigurations Understanding how attackers think is becoming one of the most valuable skills for every modern security team. MICROSOFT SECURITY EXPOSURE MANAGEMENT One of the central topics is Microsoft's Security Exposure Management platform. Unlike traditional vulnerability management, Exposure Management connects identities, endpoints, cloud resources, permissions, applications, and attack paths into a single security graph that helps organizations prioritize what actually matters. Rather than fixing thousands of isolated vulnerabilities, security teams can identify the fastest route an attacker could take to reach Tier-0 assets and eliminate those paths before they are exploited. The discussion covers: * Exposure Graph * Attack Path Analysis * Attack Surface Management * Risk Prioritization * Critical Asset Protection * Continuous Threat Exposure Management (CTEM) * Microsoft Defender Portal * Multi-cloud visibility AI, SECURITY COPILOT & AGENTIC SECURITY Artificial Intelligence is transforming cybersecurity for both defenders and attackers. Uros explains how Microsoft Security Copilot helps security analysts investigate incidents faster, summarize complex alerts, analyze malicious scripts, recommend remediation steps, and automate repetitive SOC workflows. The conversation also explores how AI agents introduce entirely new security challenges. Organizations must now secure AI agents just like human identities by applying Conditional Access, Microsoft Entra ID, Identity Protection, Microsoft Purview, and governance policies. As enterprises deploy more AI-powered assistants, securing Agentic AI becomes a critical part of every Zero Trust strategy. ZERO TRUST IN THE AGE OF AI Zero Trust remains one of Microsoft's core security principles—but AI changes how organizations must apply it. The discussion explores how Zero Trust combines with Exposure Management to answer an even more important question: "Even if nothing is trusted, what can an attacker still exploit?" Topics include: * Identity Protection * Conditional Access * Passwordless Authentication * Managed Devices * Microsoft Entra ID * Defender for Cloud Apps * Microsoft Purview * AI Governance * Security Policies The result is a proactive security model that continuously reduces exposure instead of simply responding to incidents. BUILDING A MODERN SECURITY OPERATIONS CENTER Many organizations still measure security success by counting alerts or tracking ticket volumes. Uros explains why these metrics often create a false sense of security. Modern SOC teams should instead focus on: * Exposure reduction * Attack path elimination * Tier-0 asset protection * Critical exposure remediation * MITRE ATT&CK coverage * Identity risk reduction * Security posture improvements By measuring business risk instead of operational activity, security teams become far more effective against today's sophisticated attackers. CYBERSECURITY CAREERS AND COMMUNITY Beyond technology, Uros shares valuable career advice for professionals interested in cybersecurity. He recommends building strong networking and infrastructure fundamentals before specializing in cloud security and emphasizes that practical hands-on experience is often more valuable than collecting certifications alone. The conversation also covers learning platforms, Microsoft certifications, community engagement, and the importance of continuously adapting as cybersecurity evolves alongside AI. WHO SHOULD LISTEN? This episode is ideal for: * Security Architects * SOC Analysts * Microsoft 365 Administrators * Azure Engineers * Cloud Architects * IT Decision Makers * Microsoft MVPs * Security Consultants * CISOs * DevSecOps Engineers * Anyone responsible for securing Microsoft environments Whether you're deploying Microsoft Defender XDR, Microsoft Sentinel, Microsoft Security Copilot, Microsoft Entra, Microsoft Purview, or simply looking to better understand how modern attackers operate, this episode provides practical insights into building a proactive security strategy. If you want to stop reacting to security incidents and start thinking like an attacker, this conversation offers a comprehensive look at why Microsoft Security Exposure Management is becoming one of the most important innovations in enterprise cybersecurity. Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support [https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support?utm_source=rss&utm_medium=rss&utm_campaign=rss].
688 jaksot
Kommentit
0Ole ensimmäinen kommentoija
Rekisteröidy nyt ja liity M365.FM - Modern work, security, and productivity with Microsoft 365-yhteisöön!