THE PROMPT for Microsoft Security - Issue #38
Geeky Glitches and Grand Gestures
Things from Me
Happy Friday, everyone! Welcome back!
Due to being away for my keynoting tour of Europe (Oslo and Edinburgh), the newsletter was on hiatus for a couple weeks. In this issue, I had intended to give you a full report and share some pictures.
But there’s something more pressing.
…
Support Steve Beaumont and His Family
At the Midwest Management Summit (MMS) at the Mall of America this past May, it was learned the heartbreaking news that Steve Beaumont (longtime MMS speaker, MVP, author, and cherished member of our community) has been diagnosed with cancer. Sadly, his condition has progressed significantly and is now believed to be terminal.
To make matters even more difficult, Steve’s life insurance claim was denied, leaving his family without the financial support they need during this incredibly challenging time.
A GoFundMe has been set up to help Steve support his loved ones and ease the burden they’re facing. If you’ve ever benefited from Steve’s knowledge, kindness, or contributions to the tech community, now is the time to give back.
Every contribution, no matter the size, makes a difference. Let’s rally around Steve and show him the strength of our community.
Thanks all for your attention to this!
…
I’ll share about my trip in the next issue.
Talk soon.
-Rod
Things to Attend
Ask Microsoft Anything about the new Microsoft Purview Data Security Investigations - Tuesday, Jul 15, 2025, 09:00 AM PDT - Microsoft Purview Data Security Investigations is a new solution that enables data security teams to identify incident-related data, investigate that data with generative AI-powered deep content analysis, and mitigate risk within one unified product. With its cutting-edge, generative AI-powered investigative capabilities, DSI transforms and scales how data security admins analyze incident-related data. DSI uncovers key security and sensitive data risks and facilitates secure collaboration between partner teams to mitigate those identified risks. This simplifies previously complex, time-consuming tasks – what once took months, can now be done in a fraction of the time. Join us for an AMA with the team that developed Microsoft Purview's newest solution!
Things that are Related
Building security that lasts: Microsoft’s journey towards durability at scale - In this blog you will hear directly from Microsoft’s Deputy Chief Information Security Officer (CISO) for Azure and operating systems, Mark Russinovich, about how Microsoft operationalized security durability at scale. This blog is part of an ongoing series where our Deputy CISOs share their thoughts on what is most important in their respective domains. In this series you will get practical advice and forward-looking commentary on where the industry is going, as well as tactics you should start (and stop) deploying, and more.
Drift Management: The Perfect Complement to Infrastructure as Code (IaC) - Maintaining consistency and control over system configurations is paramount. Infrastructure as Code (IaC) has revolutionized the way we manage and deploy infrastructure, allowing for automated and repeatable configurations. However, IaC alone may not be sufficient to address all the challenges associated with configuration management. This is where Drift Management comes into play, offering a perfect complement to IaC.
Things to Watch/Listen To
Security Copilot Things
What Copilot for Security (CFS) got right? - I was talking to a few colleagues earlier this month about CFS, and whilst explaining the core CFS OAuth2 flow I realized that CFS got a few things right. This post lists some of these items in my order of preference. This post is not about what CFS got wrong; I am sure that topic would be covered elsewhere.
Introducing TITAN-Powered Recommendations in Security Copilot Guided Response - Now, with the integration of Threat Intelligence Tracking via Adaptive Networks (TITAN) recommendations, Guided Response is taking a leap forward. By bringing in real-time threat intelligence (TI) to prioritize and explain suggested actions, it enables analysts to surface, prioritize, and act on the most relevant threats with clarity and efficiency.
Introducing Microsoft Purview Alert Triage Agents for Data Loss Prevention & Insider Risk Management - Boost data security and automate prioritization for data alerts with Security Copilot-powered Alert Triage Agents for Microsoft Purview Data Loss Prevention and Insider Risk Management.
Microsoft Entra Conditional Access optimization agent with Microsoft Security Copilot - Microsoft has introduced the Microsoft Security Copilot agents, along with new protections for AI. The six new agentic solutions empower security teams to autonomously manage high-volume security and IT tasks by seamlessly integrating with Microsoft Security solutions.
Microsoft Sentinel Things
SentinelCodeGuard: Revolutionising Microsoft Sentinel Rule Development - Security operations teams face increasing pressure to develop robust, accurate analytics rules that can detect threats without generating excessive false positives. Traditional rule development workflows often involve manual processes, inconsistent formatting, and time-consuming validation steps. SentinelCodeGuard addresses these challenges by providing a VS Code extension that streamlines the entire Microsoft Sentinel analytics rule development lifecycle.
Sentinel DevOps Connection - This script creates the new Azure DevOps repository with Microsoft Sentinel code content.
Nutanix parser for Microsoft Sentinel
Auxiliary Logs Transformations In Microsoft Sentinel: A Step-by-Step Guide - The new Auxiliary Logs tier, powered by Azure Data Lake Storage Gen2, offers a cost-effective solution for storing high-volume, low-fidelity data sets with flexible long-term retention. Nearly one year after the release of the Auxiliary logs, Microsoft has announced a public preview that introduces Data Collection Rule (DCR) transformations for Auxiliary Logs. This long-awaited feature enables organizations to filter, reshape, and route logs before they are stored in Auxiliary storage, thereby reducing costs.
Microsoft is a Leader in the The Forrester Wave™: Security Analytics Platforms, 2025 - Microsoft is proud to be named a Leader in The Forrester Wave™: Security Analytics Platforms, Q2 2025—which we believe reflects our deep investment in innovation and commitment to support security operations centers (SOCs)’s critical mission. This strong result underscores Microsoft’s strategic vision, innovation, robust capabilities, and growing market momentum. Our strategic investments are guided by the real-world challenges faced by SOCs and the outcomes they strive for. This recognition is strong validation for us that we’re continuing to deliver robust solutions that empower security teams to adapt quickly and operate with confidence against emerging cyberthreats.
Defender for Cloud Things
Unlocking API visibility: Defender for Cloud Expands API security to Function Apps and Logic Apps - We’re excited to announce that Microsoft Defender for Cloud now supports API discovery and security posture management for APIs hosted in Azure App Services, including Function Apps and Logic Apps. In addition to securing APIs published behind Azure API Management (APIM), Defender for Cloud can now automatically discover and provide posture insights for APIs running within serverless functions and Logic App workflows.
Why Microsoft Leads the IDC CNAPP MarketScape: Key Insights for Security Decision-Makers - The cloud-native application protection platform (CNAPP) market continues to evolve rapidly as organizations look to secure increasingly complex cloud environments. In the recently published IDC MarketScape: Worldwide CNAPP 2025 Vendor Assessment, Microsoft has been recognized as a Leader. We believe this recognition reaffirms Microsoft’s commitment to delivering comprehensive, AI-powered, and integrated security solutions for multicloud environments.
Defender for Endpoint Things
Maintain connectivity for essential services with selective network isolation - Defender for Endpoint has launched selective isolation exclusions, which allow you to exclude specific devices, processes, IP addresses, or services from unilateral network isolation actions. This allows essential functions (e.g., remote remediation or monitoring) to continue in the event of a breach, while limiting broader network exposure.
Defender XDR Things
Case management now supports multiple tenants in Microsoft Defender experience - If you're responsible for securing a large enterprise or operating as a Managed Security Service Provider (MSSP), you know how complex it can be to track and manage cases across multiple tenants. Visibility gaps and fragmented workflows often slow down response times and increase operational overhead.
Microsoft Security Exposure Management Things
Navigating cyber risks with Microsoft Security Exposure Management eBook - The eBook invites security teams to explore six real-world scenarios. Each represents a unique challenge security teams face today, including ransomware mitigation and cloud misconfiguration. Through this guide, security team members can step into decision-making roles and learn how Microsoft Security Exposure Management can provide clarity in complex situations.
Microsoft Purview Things
Data Breach Reporting for regulatory requirements with Microsoft Data Security Investigations - Organizations face demanding data breach reporting requirements under regulations like GDPR and SEC rules. Use Microsoft Purview DSI to efficiently scope breaches with AI.
People of Purview: Karen Lopez - Karen is a seasoned data architect and passionate advocate for the Microsoft community. With decades of experience and a longstanding commitment to data management excellence, Karen has shaped the way organizations approach data governance and collaboration. Join us as she shares insights from her remarkable journey, her experiences with Microsoft technologies—from the days of MS-DOS to the cutting edge of Purview—and what continues to inspire her as a leader and mentor in the data world.
Modern, unified data security in the AI era: New capabilities in Microsoft Purview - AI is transforming how organizations work—but it’s also changing how data moves, who can access it, and how easily it can be exposed. Sensitive data now appears in AI prompts, Copilot responses, and across a growing ecosystem of SaaS and GenAI tools. To keep up, organizations need data security that’s built for how people work with AI today.
Defender for Office Things
Best Practices for Investigating Phishing Incidents in Microsoft Defender for Office 365 - Phishing attacks continue to be a top threat vector, exploiting both technological gaps and human behavior. When a suspicious email slips through, rapid and precise investigation is key to minimizing damage. Microsoft Defender for Office 365 (MDO) equips security teams with powerful investigation tools - especially within the Incidents tab - to help turn alerts into actionable intelligence. In this post, we’ll guide you through a step-by-step investigation workflow using MDO’s Incidents tab. You’ll learn how to efficiently trace the attack chain, assess user impact, and leverage AI assistance with Security Copilot to stay ahead of evolving threats.
Making the Most of Attack Simulation Training: Dynamic Groups, Automation, and User Education - Attack Simulation Training in Microsoft Defender for Office 365 is a powerful tool for strengthening your organization’s defenses against phishing and social engineering attacks. But to truly drive meaningful behavior change, you need more than just sending out test emails. In this guide, we’ll explore how to set up dynamic groups, automate simulations, localize training, and track results so your security awareness program is as resilient and effective as possible.