Things from Me
Happy Friday everyone!
It’s planning season - again. (imagine me saying that watching the Groundhog Day movie)
It’s that time of year again at Microsoft—planning season. The air in Redmond buzzes with a mix of anticipation and urgency as teams across the company dive into the annual ritual of setting goals, aligning strategies, and forecasting the future. From late summer to early fall, Microsoft’s sprawling campus and virtual meeting rooms hum with activity as employees at all levels—engineers, product managers, marketers, and executives—gear up to chart the course for the next fiscal year.
For employees, planning season is both exhilarating and exhausting. Brainstorming sessions spark creative ideas—new features for Teams, bold bets on mixed reality, or sustainability initiatives to reduce data center emissions. But there’s also the grind: endless spreadsheets, PowerPoint decks, and marathon meetings to justify resource requests or defend project timelines. Veteran employees know the drill, joking about “deck fatigue” as they polish slides for executive reviews.
The coffee machines are working overtime, the Teams notifications are relentless, and the future is taking shape, one slide at a time.
So, if I’m just a bit quieter than normal, this is the big reason.
…
Ah, cybersecurity—where the stakes are high, the acronyms are endless, and the only thing more persistent than ransomware is your inbox. This week, we’re diving into everything from shadow AI data leakage (spoiler: it’s not a Marvel villain) to autonomous agents that are almost as independent as your teenager. We’ve got blueprints, blog posts, and a PowerShell script that’s basically the superhero cape for your Sentinel tables.
So, grab your coffee, secure your endpoints, and let’s get into the good stuff—because in the world of Microsoft Security, the only thing we don’t protect you from is bad jokes.
…
That’s it from me for this week.
Stay safe. Talk soon.
-Rod
Things to Attend
Register for Microsoft Secure - September 30, 2025 | 9:00 AM - 10:00 AM Pacific Time (UTC-7) - AI innovation requires AI security - Explore the latest solutions that can help you protect your data, cloud, and AI investments with an AI-first, end-to-end platform at Microsoft Secure. Learn how to recruit the right Security Copilot agents to harden defenses and boost your team’s efficiency, and how intelligent tools from Microsoft Security enables you to adapt to today’s threat landscape with limited resources.
Supercharge Data Security & Compliance with Security Copilot in Microsoft Purview - Tuesday, September 09, 2025, 9:00 AM – 10:00 AM (GMT-07:00) - As organizations embrace generative AI, the stakes for data security and compliance have never been higher. Join us for an exclusive webinar to explore how Microsoft is transforming the experience of data security and compliance teams with the power of Copilot for Security—natively integrated into Microsoft Purview.
Things that are Related
Introduction to preventing data leakage to shadow AI - In this deployment blueprint, we provide a recommended approach to prevent data leak to shadow AI utilizing Microsoft Purview, Microsoft Defender for Cloud Apps, Microsoft Entra, and Microsoft Intune.
Securely store your Machine Configuration packages in Azure Storage using System Assigned Identities - Azure Machine Configuration now supports both System Assigned Identities for private access to configuration packages in Azure Storage, enhancing your cloud security and management.
Securing and governing autonomous agents with Microsoft Security - In this blog, you will hear directly from Corporate Vice President and Deputy Chief Information Security Officer (CISO) for Identity, Igor Sakhnov, about how to secure and govern autonomous agents. This blog is part of a new ongoing series where our Deputy CISOs share their thoughts on what is most important in their respective domains. In this series you will get practical advice, forward-looking commentary on where the industry is going, things you should stop doing, and more.
Things in the News
Microsoft ranked number one in modern endpoint security market share third year in a row - Amidst the backdrop of a surging number of ransomware campaigns worldwide, organizations have increasingly chosen Microsoft Defender’s endpoint security as their preferred solution. It’s engineered to disrupt cyberattacks and not business continuity. As a result, for a third year a row, Microsoft has been ranked number one for modern endpoint security market share in the IDC report, “Worldwide Modern Endpoint Security Market Shares, 2024.” Our market share grew from 25.8% in 2023 to 28.6% in 2024, at a 28.2% growth rate.
Microsoft Sentinel Things
Bulk update the total retention of all the Sentinel table: From tedious manual steps to seamless bulk updates - When compliance and security policies demand multi-year log retention, the task of updating hundreds of Sentinel tables individually can drag skilled analysts into hours of repetitive, error-prone work. This blog introduces a PowerShell script designed to automate this process, freeing up valuable time and resources.
Ingesting .CSV log files from Azure Blob Storage into Microsoft Sentinel - Organizations generate vast amounts of log data from various applications, services, and systems. These logs are often stored in .CSV (Comma-Separated Values) format in Azure Blob Storage, a scalable cloud-based storage solution. To enhance security monitoring, compliance, and threat detection, it is important to bring this log data into a centralized security tool like Microsoft Sentinel.
Sentinel data lake: Old and New Table Tiers - Rather than providing step-by-step instructions and how-to’s, this post will break down what the new data lake means at table level: how data is structured, how the different components interact, and what you should consider if you want to enable the data lake for your existing Sentinel environment. If you’re looking for information on where to find specific data after enabling data lake and how the architecture is evolving, you’re in the right place.
Defender for Cloud Things
Exposing hidden threats across the AI development lifecycle in the cloud - This blog will examine the risks associated with each phase of the AI development lifecycle in the cloud – whether it’s models, applications, or agents. We’ll explore how attackers can abuse them, and how Microsoft Defender for Cloud helps organizations reduce AI posture risks with AI Posture management across their multi cloud environment.
Defender Experts Things
Post-breach browser abuse: a new frontier for threat actors - Modern browsers are among the most complex and trusted applications on any endpoint. While they are often discussed in the context of initial access (through phishing, drive-by downloads, or zero-day exploits) this post focuses on a less explored but increasingly relevant threat vector: post-breach browser abuse.
Microsoft Purview Things
Microsoft deployment blueprint - Address oversharing concerns for your M365 Copilot deployment - Optimized deployment leverages advanced compliance and automation capabilities available in Microsoft 365 E5. This episode outlines how E5 customers can proactively secure data and enhance Copilot performance.
Updates to Data Security specialization (formerly Information Protection and Governance) - To better align with customer needs, skilling and performance requirements for the Data Security (formerly Information Protection and Governance) specialization now focuses more on AI integration. Explore the new requirements and take action to attain or renew this specialization.
Secure Sensitive Data with Microsoft Purview Ninja Training Scenarios - Welcome to the Microsoft Purview Information Protection and Data Loss Prevention Ninja Scenario guide: a comprehensive resource designed to unify the core principles of information protection with advanced data loss prevention strategies. This guide builds on established best practices by presenting five carefully selected real-world scenarios that matter most to our customers and users. Our objective is to simplify the resolution of common information security challenges, offering a structured path with clear, actionable guidance and references to deepen your understanding. Upon completion of this training, you won't only gain valuable insights but also earn a badge recognizing your expertise and commitment to safeguarding organizational data.
Defender Threat Intelligence Things
Storm-0501’s evolving techniques lead to cloud-based ransomware - Microsoft Threat Intelligence has observed financially motivated threat actor Storm-0501 continuously evolving their campaigns to achieve sharpened focus on cloud-based tactics, techniques, and procedures (TTPs). While the threat actor has been known for targeting hybrid cloud environments, their primary objective has shifted from deploying on-premises endpoint ransomware to using cloud-based ransomware tactics.
Microsoft Entra Things
Recommended Read: Securing and governing autonomous agents - When you've got a few minutes, I recommend reading (or listening to) the Microsoft Security blog post Securing and governing the rise of autonomous agents. My colleague Igor Sakhnov, CVP of Engineering and Deputy Chief Information Security Officer (CISO) for Identity, shares his thoughts on the new risks and responsibilities we're all facing with agents.
What’s New in AI for Security from Microsoft Entra? - Discover the latest AI for Security innovations in Microsoft Entra—investigate faster, manage identities smarter, and automate protection with ease.