How to Fix Microsoft 365 Security

Are Your AI Agents a Hidden Attack Surface? Rethinking Identity and Access in the Agent Era

Podcast: The Security Strategist Guest: Jasson Casey, CEO & Co-Founder, Beyond Identity Analyst: Richard Stiennon, Chief Research Analyst at IT-Harvest In an enterprise technology market that’s saturated with AI copilots and coding agents, most enterprise security strategies are already outdated. On the recent episode of The Security Strategist podcast, analyst Richard Stiennon, Co-Founder and Chief Research Analyst at IT-Harvests, presses Jasson Casey, CEO & Co-Founder, Ceros by Beyond Identity, on a question few vendors are answering clearly. “How do you actually control autonomous agents once they’re inside your environment?” posed Stiennon. Casey’s answer is architectural, focusing on Ceros – a new control plane from Beyond Identity built specifically for agentic workflows. WHAT IS CEROS BUILT FOR? The problem Ceros addresses is practically faced by enterprises. For instance, enterprises deploying tools like Claude, Codex, or Copilot for coding and workflow automation are effectively granting agents the same privileges as human operators, but without equivalent oversight. These agents write code, call APIs, and interact with sensitive systems, often across long-lived sessions where risk can evolve in real time. Casey points out that most enterprises fall into one of two active camps: those moving fast and accepting the risk, and those slowed by governance concerns. What both groups lack is visibility. Not logs after the fact, but live, session-level awareness of what agents are doing, what tools they’re invoking, and how their behaviour changes over time. Ceros is designed to sit directly in that gap. Rather than acting as a perimeter control or identity gateway, it operates in tandem with agent sessions, exposing granular telemetry on tool calls, device posture, and execution context. The emphasis is not on blocking upfront, but on establishing a real-time inventory of agent activity—a prerequisite for any meaningful governance model. MOVING BEYOND PASSWORDLESS TO AGENT-BOUND TRUST Beyond Identity built its reputation on eliminating passwords, but Casey makes it clear that passwordless authentication was only the first step. The deeper issue is the portability of credentials themselves. Whether it’s a password, API key, or session token, anything that can be copied can be abused—and in agentic systems, that risk multiplies. Ceros extends the company’s device-bound identity model into AI workflows. Instead of relying on bearer tokens, which Casey likens to “Willy Wonka golden tickets,” Ceros enforces cryptographic, device-bound sessions where every API request is uniquely signed. This approach draws on emerging standards like DPoP but applies them in a way that doesn’t require upstream API providers to change their architecture. The result is a subtle but important shift. Security is no longer tied to possession of a token, but to the integrity of the device and session generating each request. For agents, this means their actions are continuously attributable, and any attempt to export or replay credentials simply fails. In practical terms, it collapses the blast radius of an incident to a single device and makes lateral movement significantly harder. WHY CASEY SAYS THE TIME TO DEPLOY IS “IMMEDIATELY” Perhaps the most striking moment in the discussion comes when Stiennon asks when organisations should introduce controls like Ceros into their agent pipelines. Casey’s answer is blunt: immediately. Not after pilots, not post-deployment hardening, but at the same time, agents are introduced. That urgency reflects a broader shift in how enterprise risk is accumulating. AI agents are active participants in systems, capable of chaining actions, interacting with multiple tools, and amplifying both productivity and exposure. Retrofitting security after these patterns are established is, in Casey’s view, a losing strategy. Ceros has been intentionally designed to avoid the friction that typically delays security adoption. Developers running AI-based workflows see no change in their experience, while security teams gain visibility and policy controls through the same interface. The initial deployment phase focuses on observation rather than enforcement, allowing enterprises to understand their agent footprint before introducing restrictions. Ultimately, identity security must evolve from authenticating users to governing actions—human or otherwise—in real time. With Ceros, Beyond Identity believes that the future of enterprise security will be defined not by who logs in, but by what autonomous systems are allowed to do once they’re already inside. Teams can get their AI governance started on ceros.sh [http://ceros.sh/]. KEY TAKEAWAYS * AI agents are introducing major identity and visibility gaps across enterprise systems. * Traditional “authenticate then trust” models fail in dynamic, long-running agent sessions. * AI agents have no real identity. Ceros binds every agent action cryptographically to hardware, making credential theft pointless and every action attributable to a specific user and device. * Ceros gives security teams identity, visibility, and control over AI agents — enforcing policies at the proxy layer before agents can act, not after. Get started at ceros.sh [http://ceros.sh/]. CHAPTERS * 00:00 Emerging Security Gaps in AI Coding Agents * 03:03 The Role of Governance in AI Deployment * 05:58 Beyond Identity: The Passwordless Revolution * 09:00 Device-Bound Credentials and API Security * 11:59 Integrating Security Solutions for AI Agents To learn more about Ceros and how agentic workflows in cybersecurity enterprises are changing, follow: Beyond Identity LinkedIn: @Beyond Identity [https://www.linkedin.com/company/beyond-identity-inc/] Beyond Identity X: @beyondidentity [https://x.com/beyondidentity] Beyond Identity YouTube: @BeyondIdentity [https://www.youtube.com/c/BeyondIdentity] EM360Tech YouTube [https://www.youtube.com/@enterprisemanagement360]: @enterprisemanagement360 [https://www.youtube.com/@enterprisemanagement360] EM360Tech LinkedIn: @EM360Tech [https://www.linkedin.com/company/em360/?originalSubdomain=uk] EM360Tech X [https://x.com/EM360Tech]: @EM360Tech [https://x.com/EM360Tech] Follow: @EM360Tech on YouTube [https://youtube.com/channel/UCNCS0CL4v38JWbNaqnn0G4w/], LinkedIn [https://linkedin.com/company/em360/?originalSubdomain=uk] and X [https://x.com/EM360Tech] Stay connected for more expert insights, podcast episodes, and enterprise data strategy discussions.

The Cybersecurity Blind Spot Leaders Are Missing, and Why It’s About to Get Worse

Podcast: The Security Strategist [https://em360tech.com/podcasts/the-security-strategist] Guest: Garrett Hamilton, CEO [https://www.linkedin.com/in/garrettdh/], Reach Security [https://www.reach.security/], and Jay Wilson, CIO & CISO, Insurity [https://www.linkedin.com/in/jaywwilson/] Host: Shubhangi Dua, Podcast Producer and B2B Tech Journalist [https://www.linkedin.com/in/shubhangi-dua-14a825154/], EM360Tech There’s a growing disconnect at the core of enterprise cybersecurity, and most enterprise leadership teams don’t recognise it yet. With budgets increasing, tools improving more than ever, and AI quickly being integrated into both offensive and defensive strategies. On paper, this should be a golden era for cyber resilience. However, many enterprises feel more exposed, not less. The issue isn’t a lack of innovation, rather it’s something harder to see—and far more dangerous. In this episode of The Security Strategist [https://em360tech.com/podcasts/the-security-strategist] podcast [https://em360tech.com/podcasts/the-security-strategist], host Shubhangi Dua, Podcast Producer and B2B Tech Journalist [https://www.linkedin.com/in/shubhangi-dua-14a825154/] at EM360Tech, sits down with Garrett Hamilton, CEO [https://www.linkedin.com/in/garrettdh/] of Reach Security [https://www.reach.security/], and Reach customer, Jay Wilson, CIO & CISO at Insurity [https://www.linkedin.com/in/jaywwilson/]. They unpack why enterprises are still getting breached despite record security spend—and how configuration drift [https://www.reach.security/drift-research-report], AI-driven threats, and operational blind spots are quietly reshaping the future of cyber defence. They address the key issues enterprises are playing with in the industry today – whether what enterprises configured yesterday is still protecting them now. The reality is that it isn't safeguarding them. “The surface area of the problem is just continuing to increase,” says Wilson. “But security teams aren’t growing at the same rate.” This mismatch is creating a new kind of exposure—one that doesn’t show up in dashboards. Also Read: Ten Hidden Cybersecurity Misconfigurations [https://em360tech.com/whitepapers/ten-hidden-cybersecurity-misconfigurations] WHAT CYBERSECURITY ENTERPRISE STRATEGIES ARE MISSING? For years, cybersecurity strategies [https://em360tech.com/tech-articles/five-moments-changed-how-enterprises-will-approach-security-2026] have focused on accumulation – collecting tools, more telemetry, and more layers of defence. For instance, respondents, on average, were dealing with 35 tools at a time. But as environments grow, they become harder to manage. The issue pertains to control, not to the visibility of risk. “You had one product expert acting as five or six experts in one,” Hamilton explains. “That approach never scaled well.” Today, this issue is worse. Teams inherit complex tools they can’t fully optimise or continuously validate. Over time, small changes—like exceptions, updates, and integrations—start to add up. No single change breaks the system, but together, they alter it. Also Read: Configuration Lifecycle Management (CLM) That Reduces Complexity And Risk [https://em360tech.com/tech-articles/configuration-lifecycle-management] IS DRIFT THE QUIET FAILURE AI IS ACCELERATING? This shift is what insiders are increasingly referring to as configuration drift. It’s becoming one of the most overlooked risks in cybersecurity. It’s not dramatic or invisible, but it’s constant. “If it isn’t broken, don’t touch it—that used to work,” Isurity CISO says. “Not so much anymore.” In a pre-AI world, misconfigurations could linger for months before being exploited. Now, that time frame has shrunk. “The adversary can find it faster than that three-month or six-month window,” Hamilton warns. The new reality is that enterprises are no longer just defending against external threats. They are now racing to keep up with changes within their own environments. AI too is making the problem worse. For example, rapid “vibe coding [https://em360tech.com/tech-articles/what-vibe-coding-understanding-new-era-ai-assisted-development]” can quickly create solutions, but those solutions tend to fail without ongoing maintenance. “It worked for two or three months,” the Reach CEO notes, alluding to customer experience pertinent to vibe coding. “Then I returned to it—and it wasn’t working as expected.” Drift isn’t a bug but a byproduct of speed. WHERE AI OFFERS REAL VALUE For the past decade, cybersecurity investments have focused heavily on detection and response. However, that model is starting to show its weaknesses. There are too many alerts, too much noise, and too many problems that shouldn’t be there in the first place. “If you don’t emphasise the preventive side, you end up with a lot of unnecessary focus on detection and response,” Hamilton tells Dua. The current shift is subtle but significant, with leaders now asking not just how quickly they can respond, but how many of those incidents could have been completely avoided. This is where configuration integrity comes into play. It’s also where AI may finally offer real value—not as a substitute for analysts, but as a tool to continuously monitor, validate, and adjust security measures in real time. Still, both Hamilton and Wilson are wary of too much automation. “I would not use automated remediation in my production environment,” Wilson states. “What if it broke something?” The future shouldn’t be about fully autonomous security. Instead, it should focus on awareness, controlled automation—and that’s a much more complicated challenge to tackle. There’s a tendency in cybersecurity to chase the next big thing—AI, zero trust [https://em360tech.com/top-10/top-10-enterprise-zero-trust-security-vendors], platform consolidation. But this discussion points to a more fundamental issue. The biggest risk might not be what’s new but what’s actually changing quietly. “This is the most exciting time in 16 or 17 years of being in security,” Hamilton expresses. “But it’s also moving faster than we’ve ever seen.” For CISOs and CEOs alike, speed alters the dynamics. Building the right architecture is a part of the goal, but now cybersecurity leaders should ensure the strategies are aligned consistently at scale. This is where most enterprises are falling behind. KEY TAKEAWAYS 1. Configuration drift is the hidden cause of modern cyber risk 2. AI is accelerating both cyberattacks and security failures 3. Security teams can’t keep up with expanding attack surfaces 4. Too many cybersecurity tools are underused or misconfigured 5. Prevention is making a comeback in cybersecurity strategy 6. AI-driven automation must be controlled, not fully autonomous CHAPTERS * 00:00 Introduction to Cybersecurity Challenges * 02:52 The Role of AI in Cybersecurity * 05:54 Configuration Drift: The Overlooked Risk * 11:47 The Impact of Configuration Drift on Security * 17:49 The Need for Visibility in Security Infrastructure * 23:57 Balancing Detection and Prevention * 29:49 The Future of AI and Automated Remediation To hear how leaders are tackling configuration drift, AI-driven threats, and the growing control gap, listen to the full conversation with Reach Security on EM360Tech.com [http://em360tech.com/]. Find Reach Security’s Configuration Drift Report here [https://www.reach.security/drift-research-report]. For more information, visit reach.security [http://reach.security/]. Reach Security LinkedIn: Reach Security [https://www.linkedin.com/company/reach-security/] Reach Security X: @ReachSecurity [https://x.com/ReachSecurity] Reach Security YouTube: @ReachSecurity [https://www.youtube.com/@ReachSecurity] EM360Tech YouTube [https://www.youtube.com/@enterprisemanagement360]: @enterprisemanagement360 [https://www.youtube.com/@enterprisemanagement360] EM360Tech LinkedIn: @EM360Tech [https://www.linkedin.com/company/em360/?originalSubdomain=uk] EM360Tech X [https://x.com/EM360Tech]: @EM360Tech [https://x.com/EM360Tech] Enterprise AI, AI Security, Cybersecurity, API Security, Autonomous Agents, Agentic AI, Shadow AI, AI Governance, Enterprise Technology, Digital Transformation, Security Leadership, AI Risk, Data Protection, AI Compliance, Cyber Risk, CISO Strategy, AI Infrastructure, Emerging Technology, Enterprise Security, Salt Security #AISecurity #EnterpriseAI #Cybersecurity #APISecurity #AgenticAI #AutonomousAI #ShadowAI #AIGovernance #EnterpriseSecurity #ArtificialIntelligence #AICompliance #DataSecurity #CyberRisk #TechPodcast #CISO #SecurityLeadership #GenerativeAI #AIInfrastructure #DigitalTransformation #CyberDefense #AIThreats #EnterpriseTech #SaltSecurity #EM360Tech #AIInnovation

Your API Security Wasn’t Built for AI Agents

Podcast: The Security Strategist podcast [https://em360tech.com/podcasts/the-security-strategist] Guest: Eric Schwake, Director of Cybersecurity Strategy, Salt Security [https://www.linkedin.com/in/ericschwake/] Host: Shubhangi Dua, Podcast Producer and B2B Tech Journalist [https://www.linkedin.com/in/shubhangi-dua-14a825154/] Adopting enterprise AI is often seen as a productivity boost. However, a subtler change is happening behind the scenes, and security leaders are still trying to understand it. Enterprises now not only optimise AI tools but are also bringing autonomous agents into their workplaces. “We would call AI agents an additional workforce that enterprises are deploying,” says Eric Schwake, Director of Cybersecurity Strategy at Salt Security [https://em360tech.com/solution-providers/salt-security]. The description is more literal than it seems. These agents can access systems, interact with data, and perform multi-step tasks with little human input. Unlike employees, they lack intuition and caution. In the recent episode of The Security Strategist podcast [https://em360tech.com/podcasts/the-security-strategist], Schwake sat down with Shubhangi Dua, Podcast Producer and B2B Tech Journalist [https://www.linkedin.com/in/shubhangi-dua-14a825154/] to discuss AI agents, shadow AI, and API security challenges are transforming enterprise cybersecurity. Schwake explains how to secure autonomous AI systems [https://em360tech.com/tech-articles/autonomous-ai-agents-enterprise-hype-vs-reality] at scale today. HAS AI SURPASSED EXPERIMENTATION ACROSS ENTERPRISES? AI is no longer in the experimental stage. Leadership teams across industries are actively promoting its use to boost innovation. Executives like Jensen Huang, Founder, President & CEO of NVIDIA [https://em360tech.com/tech-articles/nvidia-iren-ai-data-centre-deal], are highlighting a larger trend where enterprises are measuring, incentivising, and expecting AI adoption. This urgency creates a familiar tension. Speed provides a competitive edge, but it also shortens the time available for governance. “You want them to use this innovation to do their work,” Schwake tells Dua. “But you don't want sensitive data leaking and getting into the wrong hands.” Also Watch: What Happens to API Security When AI Agents Go Autonomous? [https://em360tech.com/podcasts/what-happens-api-security-when-ai-agents-go-autonomous] KEY TAKEAWAYS 1. AI agents behave like employees and need the same level of security oversight. 2. Most AI risk sits in the API layer [https://em360tech.com/tech-articles/what-is-api] where actions actually happen. 3. Faster AI systems can turn small security gaps into major threats. 4. Unmonitored “shadow AI” tools are quietly exposing sensitive data. 5. Continuous visibility is the foundation of securing any AI ecosystem. CHAPTERS * 00:00 Introduction to AI and Cybersecurity * 02:43 Insights from RSA Conference * 06:30 The Role of AI Agents in Security * 08:30 Transitioning from Discovery to Governance * 12:03 Protecting Sensitive Data in AI Systems * 15:21 Identifying Weak Points in AI Security * 18:54 The Need for Measured Security Approaches * 20:38 CISO Strategies for API Security * 23:22 The Future of AI in Cybersecurity * 25:14 Visibility as a Key Security Measure For more information, please visit em360tech.com [https://em360tech.com/] and salt.security [https://salt.security/]. To learn more about Salt Security and AI and API security, follow: Salt Security LinkedIn: Salt Security [https://www.linkedin.com/company/saltsecurity/] Salt Security X: @SaltSecurity [https://x.com/SaltSecurity] Salt Security YouTube: @SaltSecurity [https://www.youtube.com/channel/UCh4xsM0PaDFcPiDpSbtV28w] EM360Tech YouTube [https://www.youtube.com/@enterprisemanagement360]: @enterprisemanagement360 [https://www.youtube.com/@enterprisemanagement360] EM360Tech LinkedIn: @EM360Tech [https://www.linkedin.com/company/em360/?originalSubdomain=uk] EM360Tech X [https://x.com/EM360Tech]: @EM360Tech [https://x.com/EM360Tech] Enterprise AI, AI Security, Cybersecurity, API Security, Autonomous Agents, Agentic AI, Shadow AI, AI Governance, Enterprise Technology, Digital Transformation, Security Leadership, AI Risk, Data Protection, AI Compliance, Cyber Risk, CISO Strategy, AI Infrastructure, Emerging Technology, Enterprise Security, Salt Security #AISecurity #EnterpriseAI #Cybersecurity #APISecurity #AgenticAI #AutonomousAI #ShadowAI #AIGovernance #EnterpriseSecurity #ArtificialIntelligence #AICompliance #DataSecurity #CyberRisk #TechPodcast #CISO #SecurityLeadership #GenerativeAI #AIInfrastructure #DigitalTransformation #CyberDefense #AIThreats #EnterpriseTech #SaltSecurity #EM360Tech #AIInnovation

Why Cybersecurity Policies Fail And How to Fix Them

Policy is the backbone of every effective cybersecurity framework. It defines how an organisation protects its data, governs access to critical resources, and dictates the rules that every firewall, endpoint, and identity system must enforce. Yet for most organisations, policy management is the one discipline they consistently get wrong. In this episode of The Security Strategist [https://em360tech.com/], Chief Research Analyst Richard Stiennon [https://www.linkedin.com/in/stiennon/] sits down with Jody Brazil [https://www.linkedin.com/in/jodybrazil/], CEO of FireMon [https://www.firemon.com/], and John Kindervag [https://www.linkedin.com/in/john-kindervag-40572b1/], Chief Evangelist at Illumio [https://www.illumio.com/] and the father of Zero Trust, to dissect why cybersecurity policies fail, where the rot begins, and what it genuinely takes to build a security posture that holds. POLICY AS THE FOUNDATION OF SECURITY ARCHITECTURE Every discussion of cybersecurity eventually circles back to one uncomfortable truth, which is that technical controls are only as good as the policies that drive them. Firewalls, intrusion detection systems, and endpoint agents all execute instructions someone wrote down. If those instructions are incorrect, outdated, or in conflict, the tools become liabilities rather than defences. Stiennon opened the conversation by framing this in concrete terms, as most organisations have accumulated years, sometimes decades, of firewall rules written by engineers who have long since left. Nobody knows what the rules do. Nobody wants to remove them in case something breaks. So the attack surface quietly grows, rule by rule, misconfiguration by misconfiguration. WHY CYBERSECURITY POLICIES FAIL * Policy rules accumulate over the years, with no regular auditing or ownership. * Engineers who wrote original rules leave, taking institutional knowledge with them. * Implicit trust zones create blind spots between internal network segments. * Manual management of distributed devices introduces critical human error. * Organisations lack unified visibility across multi-vendor firewall estates. * Compliance-driven policy creation prioritises documentation over real protection. ONE MISCONFIGURATION CAN COST MILLIONS OF DOLLARS Brazil's journey into policy management began not in a boardroom but at a terminal in the late 1990s, watching a misconfigured firewall bring a major financial institution to its knees. A single incorrectly written rule, one that should have been straightforward, caused a cascading failure that resulted in significant financial losses and reputational damage that took years to repair. The Firemon CEO said: "It was that moment that it hit me. We need a solution to better manage the policies that are enforced on these devices. And that was the genesis of FireMon." ZERO TRUST WAS BORN FROM BAD POLICY Kindervag's origin story is equally revealing, and it directly challenges a comfortable myth. Zero Trust is often described as a bold new philosophy, a paradigm shift invented in the halls of Forrester Research around 2010. Kindervag's account is more earthbound as the framework emerged from watching bad policy fail, over and over, in environments that assumed internal network traffic was inherently safe. The Illumio Chief Evangelist shared his thoughts: "It said that you didn't have to have a policy statement or rule when you went from a high-trust zone to a low-trust zone. I thought that was silly — and I started putting out firewall rules on all interfaces. All of these systems should have the same trust level. And it should be zero. That's where Zero Trust comes from. It comes from bad policy." FIREWALL ADVANCED TOOLING Brazil and Kindervag converge on a shared conclusion that tools exist to solve this problem. The barriers are organisational inertia, institutional fear of breaking existing connectivity, and a lack of executive mandate to treat policy governance as a first-class security discipline. FireMon's platform approaches the problem from the management layer, giving security teams unified visibility across multi-vendor firewall estates, automated rule analysis, change workflow management, and compliance reporting. Illumio's micro-segmentation platform approaches it from the enforcement layer, applying granular policy controls workload-to-workload, whether on-premises or in the cloud, without requiring network reconfiguration. Together, they represent a maturity arc that Stiennon describes as increasingly urgent. As organisations migrate workloads to cloud environments, adopt containerisation, and expand their attack surface through remote work and third-party integrations, the traditional approach to policy management has been reactive, manual, and siloed by device, which is simply incompatible with operational reality. Want to learn more about cybersecurity strategies? Visit firemon.com [https://firemon.com] TAKEAWAYS * The evolution of cybersecurity policy and its impact on security architecture. * The origins and importance of policy management in firewalls. * Challenges of managing complex policies in large enterprises. * The concept of zero trust and its relation to policy flaws. * The role of micro-segmentation and graph databases in modern security. CHAPTERS 00:00 The Foundation of Cybersecurity Policy 03:21 The Evolution of Network Security 10:10 Challenges of Firewall Policies 14:28 The Complexity of Network Segmentation 19:12 Understanding the Security Graph 23:24 AI and Vulnerability Management 29:45 Conclusion and Key Takeaways

How to Fix Microsoft 365 Security

In the digital age, securing sensitive business information has never been more critical. Microsoft 365 has become the backbone of operations for organisations worldwide, and with that centrality comes an expanding attack surface that many security teams are only beginning to fully understand.  In a recent episode of the Security Strategist [https://em360tech.com/podcasts/the-security-strategist] podcast, host Richard Stiennon [https://www.linkedin.com/in/stiennon/] sat down with Rob Edmondson [https://www.linkedin.com/in/rob-edmondson/], Senior Director of Product Marketing at CoreView [https://www.coreview.com/], to unpack the practical realities of Microsoft 365 security. The conversation covered configuration drift, excessive privilege, tenant hardening, and the emerging security challenges posed by AI agents offering actionable guidance for security professionals at every level. MICROSOFT 365 ENVIRONMENT Microsoft 365 has changed significantly from a simple productivity platform into a comprehensive security concern in its own right. As Edmondson points out, the transition from Office 365 to Microsoft 365 marked a pivotal shift in how organisations utilise these tools. What began as a suite of familiar applications, such as Word, Excel, and Outlook, has grown into an interconnected ecosystem of over 60 apps and services, from Teams and SharePoint to Power Automate, Defender, and Purview. That expansion has delivered enormous productivity gains, but it has also multiplied the potential vectors for security vulnerabilities exponentially. Every additional service is a new configuration surface, a new set of permissions to govern, and a new integration that must be secured. Understanding this evolution is the essential starting point for any organisation serious about Microsoft 365 security. CONFIGURATION DRIFT AND WHY IT PUTS MICROSOFT AT RISK Configuration drift is one of the most pervasive and underappreciated threats in Microsoft 365 environments. It refers to the gradual, often unnoticed divergence of system configurations from their original, secure baseline, which is a slow accumulation of small changes that individually seem harmless but collectively create significant vulnerabilities. Edmondson highlighted that most organisations lack adequate visibility into how their Microsoft 365 tenant is actually configured at any given moment. Many still rely on manual methods like spreadsheets, periodic snapshots, and ad hoc reviews to track configuration state. This approach is fundamentally inadequate in environments where settings can change daily, sometimes through automated processes or third-party integrations that bypass normal change management controls. The consequences of undetected configuration drift can be severe. Breaches have been traced directly to unauthorised or unintended configuration changes, a permissions setting quietly altered, an authentication policy weakened, or a data loss prevention rule inadvertently disabled.  MICROSOFT 365 SECURITY POSTURE Excessive privilege is consistently ranked among the leading contributors to security incidents in cloud environments, and Microsoft 365 is no exception. When users, service accounts, and applications hold more permissions than their role requires, the potential blast radius of any compromise — whether through phishing, credential theft, or insider threat — expands dramatically. Edmondson walked through the practical challenge: in large organisations, permissions accumulate over time. A user gets temporary admin access to complete a project, and that access is never revoked. AI AGENTS IN MICROSOFT 365 As organisations adopt AI-driven tools and agents within their Microsoft 365 environments, a new and largely uncharted security frontier is emerging. AI agents — automated systems capable of acting on behalf of users, reading emails, accessing files, and executing workflows — introduce permissions challenges that most security frameworks were not designed to handle. Edmondson was candid about the challenge: many organisations deploying AI agents do not have clear visibility into what those agents can access, what data they are interacting with, or whether the permissions they hold are appropriate. In an environment where an AI agent might have access to the entire Microsoft 365 data estate of a user or a team, the consequences of a misconfigured or compromised agent are significant. The same principles that govern human access with least privilege, continuous monitoring, and regular review must be extended to AI agents. This requires both the technical capability to enumerate agent permissions and the governance processes to enforce appropriate boundaries. Organisations that deploy AI capabilities without first establishing this control layer are trading short-term productivity gains for long-term security debt. MICROSOFT 365 SECURITY In the fast-moving threat landscape, understanding and proactively strengthening your Microsoft 365 security posture is no longer optional; it is a business imperative. Configuration drift, excessive privilege, and AI agent governance are not edge cases; they are mainstream risks affecting organisations of every size and sector. The insights shared by Edmondson on the Security Strategist podcast provide a practical foundation for addressing each of these challenges with clarity and urgency. By implementing continuous monitoring, enforcing least-privilege access, hardening your tenant configuration, and extending security governance to AI agents, organisations can significantly reduce their exposure and build a Microsoft 365 environment that is resilient by design. For further insights and tools to support your Microsoft 365 security journey, visit CoreView [https://coreview.com/]. TAKEAWAYS * Configuration drift and its impact on security. * Excessive privileges and how to mitigate them. * Tenant hardening best practices. * Managing AI agents and permissions in Microsoft 365. * Strategies for continuous security monitoring. CHAPTERS 00:00 Introduction to Microsoft 365 Security 02:25 The Shift to Security Priority in Microsoft 365 04:30 Understanding Configuration Drift 09:09 Excessive Privilege and Its Risks 12:48 AI Agents and Identity Security 16:20 Tenant Hardening and Common Misconfigurations 18:36 Recommendations for Strengthening Security Posture