Join the list! or Get updates on new episodes!
Join 10,000 other listeners and get updates on new episodes.
Most orgs “do DLP” by turning on a few blanket rules—then wonder why sensitive files still leak through Teams, SharePoint, OneDrive, or email. This episode shows how to build a layered, living DLP program in Microsoft 365: discover where data actually lives, classify what truly matters, enforce sma…
Most teams “pass” audits yet miss real misconfigurations between reviews. Microsoft Defender for Cloud changes that by turning compliance into a live posture: map your estate to frameworks (ISO/NIST/PCI), tailor controls to your own standards, auto-remediate drift, and surface results in Power BI f…
Think Purview and Azure Information Protection are “enterprise-only”? Think again. If you’re already on Microsoft 365 (E3 or Business Premium), you likely have sensitivity labels, baseline DLP, and email encryption ready to use—no extra spend. This episode debunks the biggest myth about data protec…
Most Microsoft 365 “usage” charts don’t prove who did what. Microsoft Purview Audit gives you forensic, tenant-wide activity logs—across Exchange, SharePoint, OneDrive, Teams, Entra ID, and more—so you can trace actions to users, sessions, IPs, and timestamps. Turn on auditing intentionally, baseli…
Copilot can overreach if Graph permissions are too broad. One mis-scoped app permission lets AI surface files, spreadsheets, and confidential client data users couldn’t normally access. Fix it by treating Copilot like any high-privilege app: lock Graph scopes to least privilege, segment access with…
MFA isn’t Zero Trust. If Microsoft 365 and Dynamics 365 don’t enforce the same identity, device, and session checks, attackers walk through the side door. “Zero Trust by Design” treats M365 + D365 as one system: align Conditional Access and risk signals, apply just-in-time roles, segment identities…
Most Graph-powered apps fail at rollout not because of code, but consent. Dev tenants allow broad testing; production enforces tight policies that block risky scopes. The fix is understanding Graph’s two models—delegated (user-in-context) vs. application (app-only, org-wide)—and requesting the mini…
Power Platform Data Loss Prevention (DLP) policies don’t have to be mystery roadblocks. In this episode, we explain why Flows fail with cryptic DLP errors and show exactly how to prevent them—before production. You’ll learn how connector classifications (business, non-business, blocked), custom con…
Microsoft Fabric pipelines often feel “secure by default,” but silent data exposure usually comes from misconfigured permissions, hardcoded secrets, and overbroad workspace roles. This episode shows how to harden end-to-end pipelines with managed identities (kill passwords), Azure Key Vault (centra…
Dynamics 365 deployments fail less because of code and more because of packaging gaps: hidden dependencies, unmanaged/managed mix-ups, missing environment variables and connection references, and un-migrated configuration data. In this episode, we show how to ship reliably by mapping dependencies u…
This episode exposes the hidden gaps in Fabric and Power Platform Data Loss Prevention (DLP)—from shadow connectors and cross-environment leaks to misclassified “business” connectors that quietly exfiltrate sensitive data. You’ll learn how DLP decisions are really made (the if-then logic behind pol…
This episode demystifies Power Platform ALM with GitHub Actions so you can see—and control—every step from source to prod. Learn why deployments fail (connector references, environment variables, and human-led imports), how to wire service principals and scoped secrets, and how to structure GitHub …
Your phishing dashboard is lying to you. The “all good” charts hide near-miss clicks, silent investigations, and active campaigns threading your inboxes right now. We show how to tap Microsoft Defender’s buried signals and build living Power BI dashboards that expose what’s really happening—and wha…
Your SIEM isn’t blind—it’s blinking. Out-of-the-box connectors skip crucial M365 logs (mailbox forwarding, granular SharePoint sharing, Teams/Power Platform actions), so the “all good” green light is faking you out. Turn your SIEM from checkbox to chokehold: ingest the right audit streams, filter n…
Your users still click phish—even with Defender for M365 “fully enabled.” The culprit isn’t the attackers; it’s misaligned layers: Safe Links, Safe Attachments, anti-phishing ML, and mail flow rules that overlap, conflict, or leave gaps. This guide traces how a real phishing email slips through, th…
Your M365 Licenses Didn’t “Disappear”—Your Dynamic Groups Did (Here’s How to Stop the Silent Failures) If your automated license assignments randomly vanish—or premium SKUs linger on the wrong users—the culprit isn’t Microsoft. It’s brittle dynamic group rules, drifting attributes, and slow reca…
Stop blindly clicking “Grant admin consent.” This deep dive demystifies Microsoft Graph app-only permissions—who consents, which scopes you actually need, and how tokens really work in production. Learn least-privilege setups, admin consent gotchas, secret/cert rotation, managed identity, and audit…
Your best Microsoft 365 security signal isn’t the login—it’s what the identity does next. Wire Conditional Access (the gatekeeper) to listen to Defender for Identity (the watcher), and you’ll auto-raise friction when behavior turns risky—shrinking dwell time, false positives, and your midnight page…
Think your DLP rules have your Microsoft Power Platform locked down? Think again. The biggest data leak in your tenant may be hiding in plain sight—the default environment. In this episode, we expose why environment strategy—not just connector blocking—is the silent weak link behind surprising Powe…
Shipping a SharePoint Framework app to another tenant and watching auth blow up, Graph return nothing, and users not even see the web part? You’re not cursed—multi-tenant SPFx is. In this episode, I show the exact authentication traps that tank cross-tenant deployments, why Graph goes “empty,” and …
“Zero-touch” isn’t one-size-fits-all—it’s one-size-fails-fast. 🚨 The same Intune baseline that delights desk workers can break field techs, hobble engineers, and leave exec devices under- or over-secured. In this episode, I show you how to ditch blunt templates and turn Intune into a precision tool…
I use Microsoft Defender for Cloud because it gives me one place to manage security across Azure, AWS, and Google Cloud . Every week, I see thousands of threats, from ransomware to phishing and cloud misconfigurations. Ransom...
Imagine a workplace where every team operates in harmony, trust flourishes, and productivity soars. Teams governance holds the hidden power to make this vision a reality. It creates order by defining clear structures and role...
Everyone remembers that one time they broke something at work—maybe you were given a bit too much access, clicked the wrong button, and messed up that important report (guilty as charged!). The world of Microsoft’s Power Plat...