THE PROMPT for Microsoft Security - Issue #42

Cyber Drama and Data Lakes

Jul 25, 2025

Things from Me

Happy Friday everyone!

I hope you had a great week and are prepare for a grand weekend.

This week marks some major Microsoft Sentinel improvements, so make sure to check out the Microsoft Sentinel section of this newsletter to learn about data lake and MDTI integration.

…

This past week it was discovered that Microsoft DoD services were being managed by China-based engineering teams. Considering the current landscape that was met with concern from all over.

Frank Shaw noted on X this week that changes have been made.

Want more content like this? I’ve kicked off a new Saturday newsletter called Saturday Funnies. It’s like a geek’s version of Saturday morning cartoons.

The first issue is up here: https://rodtrent.substack.com/s/rods-saturday-funnies

…

The other thing to highlight this week is that the first-ever and so far, only book on Microsoft Security Copilot released!

This is a book that has been a long time coming. I’d like to thank my colleague, Bi Yue Xu for the heavy lift. She weaved together an amazing story to bring a thorough perspective to using Microsoft Security Copilot. She made it worthwhile to join this endeavor and to lend my name to the effort. Drop some kudos to her LinkedIn profile when you get a chance.

The book is available now: https://amzn.to/3J0bPVZ

…

That’s it from me for this week. Thanks so much for your continued support!

Talk soon.

-Rod

Things that are Related

Customer guidance for SharePoint vulnerability CVE-2025-53770 | MSRC Blog - Microsoft is aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update.

Disrupting active exploitation of on-premises SharePoint vulnerabilities - On July 19, 2025, Microsoft Security Response Center (MSRC) published a blog addressing active attacks against on-premises SharePoint servers that exploit CVE-2025-49706, a spoofing vulnerability, and CVE-2025-49704, a remote code execution vulnerability. These vulnerabilities affect on-premises SharePoint servers only and do not affect SharePoint Online in Microsoft 365. Microsoft has released new comprehensive security updates for all supported versions of SharePoint Server (Subscription Edition, 2019, and 2016) that protect customers against these new vulnerabilities. Customers should apply these updates immediately to ensure they are protected.

Security for AI Assessment - Business leaders are eager to adopt AI to drive innovation, while security teams work to defend against new and evolving risks. Security and risk leaders want to support innovation, but only if it's done safely. Complete the Security for AI Assessment to receive a detailed report of your current security state and actionable recommendations.

Things to Watch/Listen To

THE Security Insights Show

The Security Insights Show Episode 269 - Ali Segovia - Microsoft Sr. Consultant - Data Security and Compliance

In this episode we talk to Ali about the opportunity for customers to solve big problems and challenges using Purview. We also delve into what it means to have ownership of the scope of a Purview deployment…

Listen now

a month ago · 1 like · Edward Walton, Rod Trent, Brodie Cassell, and Frank Grimberg

Things in the News

Microsoft Sentinel is expanding to tackle all your company's biggest security fears - Microsoft has launched Sentinel Data Lake as looks to break down silos, lower costs and improve large-scale threat detection with an updated, AI-optimized security data lake.

Security Copilot Things

Microsoft Sentinel Things

Microsoft Sentinel data lake: Transforming SIEM with AI and unified security data - Microsoft Sentinel data lake is the next step in that journey—built to help security leaders break through the limitations of traditional SIEMs by putting security data at the center of the security operations center (SOC), at scale, and without compromise. Now, you can continue your own journey and onboard Microsoft Sentinel data lake.

Introducing Microsoft Sentinel data lake Hub - Sentinel data lake, rolling out in Public Preview, giving security teams a powerful, cost-effective way to unify, retain, and analyze all security data. Built to eliminate data silos, simplify security data management, and deliver AI-ready data & analytics without having to manage complex infrastructure.

Microsoft Sentinel data lake pricing (preview) - Pricing for the new Microsoft Sentinel data lake preview.

Microsoft Sentinel Data Lake: Revolutionizing Security Analytics with Cost-Effective Long-Term Storage - Microsoft has unveiled an exciting development in cloud security: the Microsoft Sentinel Data Lake, currently in preview. This innovative solution promises to transform how organizations handle high-volume security data whilst significantly reducing operational costs. By decoupling storage from compute, Sentinel Data Lake offers unprecedented flexibility and economic efficiency for security operations.

We told you so! Data lake is here! - Hey everyone! It’s your old pals – the SOCAutomators – back to talk about one of our favorite subjects: the data lake. You might remember the blog series we did last year about this very topic. If not, check it out here. But we’re starting a new series today which will cover some of the same topics but offer some new ideas as well.

Docs: Microsoft Sentinel data lake overview (preview) - Microsoft Security - Microsoft Sentinel data lake is a purpose-built, cloud-native security data lake that transforms how organizations manage and analyze security data. Architected as a true data lake, it is designed to ingest, store, and analyze large volumes of diverse security data at scale. By centralizing all your security data into a single, open, and extensible platform, it delivers deep visibility, long-term retention, and advanced analytics.

Configure table settings in Microsoft Sentinel (preview) - The Microsoft Defender portal provides a centralized experience for configuring table-level data retention and tier settings across Microsoft Sentinel and Microsoft Defender XDR. You can view and manage retention settings, switch between analytics and data lake tiers, and optimize data storage based on operational and cost requirements.

Defender for Cloud Things

Defender for Storage: Malware Scan Error Message Update - Starting August 2025, Defender for Storage will update the format of error messages returned by malware scanning. The new messages will retain the SAM2592XX: codes, but use clearer, standardized wording and will no longer appear in quotes. If your automation relies on the previous message text, please review and update your workflows accordingly.

Microsoft AI Security Story: Protection Across the Platform - As generative AI rapidly transforms the workplace, security risks are evolving just as quickly. This blog highlights how Microsoft’s end-to-end platform approach empowers leaders to confidently adopt AI—by discovering shadow AI, protecting sensitive data, and defending against emerging threats—so your organization can innovate securely and at scale.

Defender for Endpoint Things

Microsoft Defender for Endpoint (MDE) Live Response and Performance Script - Overview of the MDE Live Response Console and PowerShell Script Microsoft Defender for Endpoint (MDE) Live Response console provides security analysts with remote access to devices for investigation and remediation.

Defender XDR Things

Critical SharePoint Exploits Exposed: MDVM Response and Protection Strategy - MDVM is aware of active attacks targeting on-premises SharePoint Server customers. In this blog post, we will show you how to effectively manage these CVEs if your organization is affected by it.

Microsoft Purview Things

Microsoft Purview Products by Category - Here’s an updated and comprehensive list of Microsoft Purview products, now including DSPM, Purview for AI, and the Purview SDK, alongside the core product families.

SC-401 Evolves: Secure AI with Microsoft Purview - A major update is coming to SC-401T00: Information Security Administrator on August 8. We’re refreshing the content to better match how people actually work with AI security—focusing more on real-world tasks than just product features.

Always-On Diagnostics for Endpoint DLP - Introducing Always-on Diagnostics for Endpoint DLP - because your data security shouldn't feel like detective work. If you've ever managed endpoint data security, you know this story by heart. A critical Endpoint Data Loss Prevention policy fails. You open a support ticket. The response? "Can you reproduce the issue on that endpoint?" Three emails later, you're still collecting logs while your team loses precious time, and the underlying problem remains a mystery. Today, that changes.

Automate bulk metadata updates in Microsoft Purview Data Map using Azure Functions and AI - Automate and streamline bulk metadata updates in Microsoft Purview Data Map using serverless Azure Functions. Enhance accuracy and efficiency by integrating AI for intelligent metadata extraction and mapping.

Defender Threat Intelligence Things

MDTI is Converging into Microsoft Sentinel and Defender XDR - The convergence of MDTI value will provide unified, real-time threat insights at no additional cost.

Microsoft Entra Things

Strengthen identity threat detection and response with linkable token identifiers - We’re announcing the general availability of linkable token identifiers, which let you trace a user’s session across workloads from a specific authentication event. This feature improves incident response and anomaly detection, helping mitigate threats like remote phishing and malware attacks. Linkable token identifiers are now available for:

Microsoft Entra sign-in logs
Microsoft Exchange Online audit logs
Microsoft Graph activity logs
Microsoft Teams audit logs
Microsoft SharePoint Online audit logs