@campbell.scot
Microsoft Security MVP + Microsoft Security Practice Lead at Threatscape Mostly: Entra, Defender, Intune, Purview, and Microsoft 365 Also: dad, metal, lifting, wrestling, cars Mostly on Twitter rather than here: @rucam365
New webinar THIS WEDNESDAY. If you want to really know what really secures the (blank) out of Entra in an hour, here's how.
Big thanks to my marketing friends at @Threatscape for GenAI'ing me some hair back in this thumbnail too.
REGISTER: www.threatscape.com/...
Microsoft I need you to understand that as long as I'm breathing in and breathing out I will never want Outlook or Teams to open a SharePoint link in the browser ever just always give me the app.
Who wants to join my support group for losing sleep over token theft?
Immutable law of Entra: you donβt understand workload identities as well as you think you do, even when you know you don't understand them as well as you think you do.
Working theory. Scrolling LinkedIn, full of obvious AI slop, made me wonder if this is Dunning-Kruger for writing: bad writers and readers donβt see how obvious their slop is.
7. Defend against excessive privileges
8. Defend against hybrid identity attack paths
9. Defend against AI-driven threats
10. Defend against visibility gaps
It doesn't cover everything. But if you had to answer, "How do I understand Microsoft 365 security?", this is my attempt.
1. Defend against token theft and user compromise
2. Defend against unmanaged or risky devices
3. Defend against data exfiltration
4. Defend against business email compromise
5. Defend against app-to-app access and consent risk
6. Defend against endpoint risks
Inspired by other prioritisation and awareness frameworks such as the Australian Essential 8, this is my pragmatic collection of key considerations ("defences") organizations should prioritize to address Microsoft 365 security (that is, secure the platform, and sweat the tooling).
The latter can be used to achieve the former, as well as other platforms.
New post: focusing on the key biggest Microsoft 365 security considerations.
READ: campbell.scot/micros...
When we talk about Microsoft 365 security, we are talking about two things: (a) securing Microsoft 365 the platform, (b) using Microsoft 365 security tooling.
Catching up with the AI Ignite news is like learning a new language.
"Microsoft Badaboop is part of Microsoft Zublebeep, which you can find in Microsoft Talahoo, the Microsoft Ziggledeep for AI."
(I do love it though.)
Join me, @WillTheFrenchie, and @WelkasWorld TONIGHT, 1800-2000 UTC for the latest Microsoft security news and two awesome speakers:
β’ @RyanJohnMurphy4 β The new Microsoft eDiscovery UI and UX
β’ @sfennah β The Oversharing Solution Blueprint
REGISTER: www.meetup.com/m365s...
Actual screenshot from the Ignite Book of News.
New video: 5 common Entra ID guests mistakes (Entra B2B)
β’ excessive directory visibility
β’ ignored cross-tenant defaults
β’ untrusted MFA & device states
β’ open SharePoint sharing
β’ no guest lifecycle
There's tons more! But here's a starter
WATCH: youtu.be/AXuj-U9p3jU
ICYMI: Microsoft Authenticator for iOS + Android will detect, prevent, then wipe Entra creds on rooted devices (MC1179154).
β’ Phase 1 (warn mode) begins February '26
β’ followed by Phase 2 (block mode)
β’ then Phase 3 (wipes Entra creds)
β’ expected to be completed ~April '26
The unified Defender for Identity sensor as part of Defender for Endpoint is now generally available :-)
Docs: learn.microsoft.com/...
Next M365 S&C UG - Oct 29, 18:00 UTC
- @JoanneCKlein & Anna Bordioug: Two Sides of the Data Coin: Data Protection vs. Data Retention in Practice
- @brand_gefahr: How Much is the Phish? An End-to-End Perspective on Phishing Operation
REGISTER: www.meetup.com/m365s...
New video: new Defender detections for jailbreaks + prompt injection in Microsoft 365 Copilot
β’ recap on what jailbreaks and prompt injections are (examples)
β’ how they show up in Defender for Cloud Apps/hunting and Purview
WATCH: youtu.be/iCRYJ32fwro
New video: deep dive on building Intune security baselines that actually work with legend of the game @SkipToEndpoint
β’ why so many baselines are just plain bad
β’ balancing security / usability
β’ when to customise
β’ how OIB makes it practical
WATCH: youtu.be/Xe32TzHgueA
Still time to sign up at aka.ms/EntraZeroTrust for the rest of the Entra Zero Trust Practitioner series. On 9 October, I'm joining @merill, @nathanmcnulty, and more for a live Q+A on everything Entra identity and network access.
Among others in the Microsoft 365 stack, there is a new Defender icon!
See them all: microsoft.design/art...
New video: deep dive into Entra ID Governance with MVP @MattChatt42.
β’ why identity is the front door
β’ sources of authority (HR vs AD)
β’ joiner/mover/leaver workflows
β’ PowerShell scripts vs governance at scale
WATCH: youtu.be/VVU2UhYaGzk
Running in-person only (Edinburgh) βMastering Microsoft Entra ID Securityββ on 6 Nov.
2hr Entra security deep dive for blue teams.
Note this is exclusively for in-house security teams rather than other partners, MSSPs, etc.
REGISTER: www.eventbrite.ie/e/...
Big thanks to our sponsors @Threatscape, @appgovscore, and @PacktPublishing who help us run!
Folks, join us TONIGHT for the M365 Security & Compliance User Group
Two killer sessions and lots of prizes:
Denis Mutlu - Optimizing Log Management for Sentinel & MDXDR
@ThomasVrhydn - Proactive Exposure Hunting with Enterprise Exposure Graph
REGISTER: www.meetup.com/m365s...
One of the first things you realise when contending with Microsoft 365 security posture management (like @Threatscape Overwatch): you really need to fight hard the instinct to mark everything 'High Risk'. There are a lot of dominos/attack paths that even small gaps can open up!
New video: an honour to join @HeikeRitter's Virtual Ninja Show discussing MDE policy management and deploying at scale:
β’ personas + policy merge
β’ rings and βcritical time delayβ
β’ Live Response + RBAC
β’ Effective settings
WATCH: youtu.be/IvLNLcXRlrY
Your scientists were so preoccupied with whether or not they could, they didn't stop to think if they should.
Convenient reminder to stop what youβre doing and enforce browser extension allow listing.
With so many different ways of managing Microsoft 365 apps' updates and settings (Intune, config.office.com, third-party), what are YOU using, and what is currently the "most recommended" method?