THE PROMPT for Microsoft Security - Issue #49
Because Hackers Don’t Take Coffee Breaks - or do they?
Things from Me
Good day and happy Friday, everyone!
In this edition, we’re diving deep into the evolving landscape of cybersecurity and data protection. From practical guidance on building effective Data Loss Prevention (DLP) policies with Microsoft Purview to the latest innovations in Defender, Entra, and Intune, this issue is packed with insights to help you stay ahead.
We’re spotlighting upcoming webinars in the Identity and Network Security Practitioner Series, introducing the new Network Security Hub in Azure, and showcasing how Copilot in Intune is transforming Cloud PC management. Plus, don’t miss our latest deployment blueprints, automation tools, and exposure management features designed to streamline your security operations.
Whether you're a seasoned security professional or just starting your journey, there's something here for everyone. Let’s explore what’s new, what’s next, and what matters most in Microsoft Security.
…
I noted in the last issue of the newsletter that I would be participating in my first-ever Comic Con. Well, it was a success and a great time.
Read about it: A Stellar Weekend at FiveStar Comic Con: Thank You, Sci-Fi Fans!
…
Did you know? The Security Support Team at Microsoft is ready to answer your questions anytime at the following X account: https://x.com/MSFTSecSuppTeam
This may be one of the best tips for getting support for Microsoft security platform products.
…
That’s it from me for this week.
Talk soon.
-Rod
Things to Attend
Identity and Network Security Practitioner Webinar Series
Session: Building Effective Data Loss Prevention Policies with Microsoft Purview - Intl Data Security User Group - Tuesday, October 28 - In this session, we’ll explore practical strategies and best practices for building effective Data Loss Prevention (DLP) policies using Microsoft Purview. Drawing from real-world experience and lessons learned in the field, we’ll share actionable advice to help your organization design and implement DLP strategies that protect sensitive data without disrupting business workflows. You’ll also see a live demonstration of key Microsoft Purview DLP capabilities and learn how to apply them through real-life use cases. Whether you’re just starting your DLP journey or looking to optimize your current setup, this session will equip you with insights to strengthen your data protection posture.
Webinar 1 — Why Unified Identity and Network Access Should Be Your Zero Trust Priority - Date & time: October 7, 2025 – 8:30 AM - Speakers: Merill Fernando, Principal Product Manager; Kaitlin Murphy, Senior Director of Product Marketing; Christopher Rodriguez, IDC Research Director, Security & Trust
Webinar 2 — Foundations: Getting Microsoft Entra Suite Set Up Right - Date & time: October 9, 2025 – 8:30 AM - Speakers: Merill Fernando, Principal Product Manager; Jorge Lopez, Senior Product Manager; Nathan McNulty, MVP; Marilee Turscak, Senior Product Manager; Charles Lewis, Principal Tech Support Engineer; Ru Campbell, MVP
Webinar 3 — Practitioner’s Playbook for Microsoft Entra Suite in Action - Date & Time: October 21, 2025 – 8:30 AM PT - Speakers: Merrill Fernando, Principal Product Manager; Ramiro Calderon, Principal Product Manager; Martin Coetzer, Principal Product Manager; Thomas Detzner, Principal Product Manager
Things that are Related
Introducing the new Network Security Hub in Azure - We’re excited to introduce a new, unified Network Security hub experience. This updated hub brings together Azure Firewall, Web Application Firewall, and DDoS Protection—enabling you to manage, configure, and monitor all your network security services in one place. While Azure Firewall Manager offered some of this functionality, the name didn’t reflect the broader scope of protection and control that customers need.
Cybersecurity: What Every Business Leader Needs to Know Now - If you're a C-level executive in an enterprise, read on to learn how cybersecurity must be done in 2026—and why it’s no longer just the CSO’s concern.
Partner Things
How Microsoft Defender Experts and partners like Quorum Cyber are redefining cybersecurity teamwork - In today’s rapidly evolving threat landscape, cybersecurity demands more than just great technology—it requires great teamwork. That’s the story behind the collaboration between Microsoft Defender Experts and MXDR partner, Quorum Cyber, joining forces to deliver end-to-end threat protection for organizations worldwide.
News Things
Microsoft Defender delivered 242% return on investment over three years - The latest Forrester Total Economic Impact™ (TEI) study reveals a 242% return on investment (ROI) over three years for organizations that chose Microsoft Defender. It helps security leaders consolidate tools, reduce overhead, and empower their security operations (SecOps) teams with operational efficiencies powered by AI and automation. In total, the study found Microsoft Defender delivers $17.8 million in benefits and paid for itself in less than six months. The results are for a composite organization based on interviewed customers.
Security Copilot Things
Extending Copilot in Intune to manage Windows 365 Cloud PCs - Windows 365 introduced the Cloud PC four years ago, securely streaming personalized Windows desktops, apps, settings, and content from the Microsoft Cloud to any device. Windows 365 and its integration with Microsoft Intune sets the standard for simplicity in cloud endpoint management. At the same time, we are constantly looking for new ways to accelerate IT decision-making, enhance the quality of outcomes, and uncover cost-savings opportunities for our customers. The release of Copilot in Intune support for Windows 365 is one step of many on that journey, enabling IT administrators to leverage advanced AI-driven insights and automation to manage their Cloud PCs more effectively.
Security Copilot Agent Development Overview - Microsoft Security Copilot agents are AI-powered systems designed to act on behalf of an individual, team, or business or operational domain such as Security Operations, Compliance, IT Administration, or Identity Governance to execute and orchestrate security related tasks. Agents interact with their environment to fulfill user-defined objectives by combining reasoning, planning, and executing actions to achieve specific goals.
Microsoft Sentinel Things
How to use Microsoft Sentinel workbooks in the Defender portal - This book is something I have been wanting to write forever and I finally just sat down and started to write it. Of course, when I was just getting into it, Microsoft announced that Microsoft Sentinel will only be available in the Defender portal starting in 2026 so I figured I would go ahead and write about how to use Microsoft Sentinel workbooks in the Defender portal!
Automate Security Workflows in Microsoft Sentinel with BlinkOps - Security teams are under increasing pressure to respond faster to threats while managing growing complexity across their environments. Microsoft Sentinel’s elevated integration with BlinkOps helps address this challenge by enabling AI-powered, no-code automation that simplifies and accelerates security operations.
Defender for Cloud Things
Automated Remediation for Malware Detection - Defender for Storage - Today, Defender for Storage released, in public preview for Commercial Cloud, the feature Automated Remediation for Malware Detection. This is for both On-upload and On-demand malware scanning. The full documentation can be found in this link.
Trusted Exposure - Organizations can now define known safe IP ranges as part of the new Trusted IPs configuration via Azure DINE policy. When configure, internet-facing resources (Azure VM/VMSS, AWS EC2, GCP Compute Instances) exposed only to these trusted IPs are treated as trusted and no attack paths are generated. This reduces false positives and enhances the quality of attack path analysis and exposure findings in recommendations. Current support includes multi-cloud compute resources across Azure VM/VMSS, AWS EC2, and GCP Compute Instances.
Exposure Width - Defender for Cloud now includes Exposure Width (GA) that calculates how broadly or narrowly a resource is exposed to the public internet based on its networking rules. It helps security teams prioritize and remediate the most critical findings in attack paths and recommendations by factoring in the extent of exposure. Current support includes multi-cloud compute resources across Azure VM/VMSS, AWS EC2, and GCP Compute Instances.
Microsoft Purview Things
Microsoft Purview: The Rising Star in Data Security for the AI Era - Where generative AI tools like Copilot and custom AI agents are transforming how organizations operate, securing sensitive data has never been more critical. Enter Microsoft Purview—a comprehensive, unified platform that's quickly becoming a must-have for data security and governance. Launched as part of Microsoft's broader security ecosystem, Purview isn't just another compliance tool; it's a proactive powerhouse designed to discover, protect, and govern data across hybrid, multi-cloud, and SaaS environments. As organizations race to leverage AI for innovation, Purview stands out by addressing the unique risks of AI, such as data exposure in training models, prompt injections, and unauthorized AI interactions. By 2025, it's hailed as the "ultimate AI data security solution," helping enterprises mitigate risks while fueling AI productivity without compromising compliance.
New Microsoft Purview Deployment Blueprint | Lightweight guide to mitigate data leakage - We’re excited to share our latest Data Security deployment blueprint: “Lightweight guide to mitigate data leakage”—a practical resource designed to help organizations quickly enable core data security features across their Microsoft 365 estate with minimal setup.
Safeguard & protect your custom Copilot Agents (Cyber Dial Agent) - Security Operations Centers (SOCs) and InfoOps teams are constantly challenged to reduce Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR). Analysts often spend valuable time navigating multiple blades in Microsoft Defender, Purview, and Defender for Cloud portals to investigate entities like IP addresses, devices, incidents, and AI risk criteria. Sometimes, investigations require pivoting to other vendors’ portals, adding complexity and slowing response. Cyber Dial Agent is a lightweight agent and browser add-on designed to streamline investigations, minimize context switching, and accelerate SecOps and InfoOps workflows.
Retention Policies for SharePoint Online and OneDrive in Purview - This series builds a complete Purview compliance toolkit, and this article fortifies your document storage against audit pressures. Through Apex’s GDPR-inspired scenario, we’ll unpack retention strategies with step-by-step setups to streamline audits and protect data. Let’s fortify that document fortress!
Unifying Data Security & Governance for the AI Era: Microsoft Purview Innovations for Your Fabric Data - The Microsoft Fabric and Purview teams are thrilled to participate in the European Microsoft Fabric Community Conference September 15-18, 2025, in Vienna, Austria. This event is Microsoft’s largest tech conference in Europe, where data professionals gather to connect and share insights on data, security, governance, and AI transformation. With more than 130 breakout sessions, 10 workshops, and two keynotes, the conference is a hub for exploring the future of data and AI.