This week, Alan and Sam talk about new features and services that have gone into Public Preview or General Available status in the last month. We dive into a couple of these updates that peaked our interest.

Some of the Microsoft product features and update we covered:

• Key Microsoft Entra, Intune and Defender features and updates
• Lots of Azure changes and new features

What did you think of this episode? Give us some feedback via our contact form, Or leave us a voice message in the bottom right corner of our site.

Read transcript

In this episode, we dive deep into ScubaGear, an open-source tool developed by the Cybersecurity and Infrastructure Security Agency (CISA) as part of the Secure Cloud Business Applications (SCuBA) project. Designed to assess Microsoft 365 (M365) tenant configurations, ScubaGear helps organizations align with CISA’s Secure Configuration Baselines (SCBs) to prevent costly misconfigurations. From setup to real-world applications, we unpack how ScubaGear strengthens M365 security and share practical tips for IT admins and security teams. What You’ll Learn:

• Why ScubaGear Matters: Learn how ScubaGear addresses the growing threat of cloud misconfigurations, which accounted for 30% of cloud attacks in early 2024. We discuss its origins in CISA’s SCuBA project, and its value for US federal agencies, private organizations, and critical infrastructure.
• How ScubaGear Works: A technical breakdown of ScubaGear’s PowerShell-based workflow, using Microsoft Graph APIs and Open Policy Agent (OPA) to compare tenant settings against SCBs. We cover setup requirements.
• Common Misconfigurations: Examples like disabled MFA or weak DLP policies, and how ScubaGear’s HTML, JSON, and CSV reports provide actionable remediation steps.
• Best Practices: Tips for integrating ScubaGear into security workflows, including regular scans, policy customization, and combining with tools like Microsoft Secure Score.
• Real-World Insights: Sam shares experiences from consulting.

What did you think of this episode? Give us some feedback via our contact form, Or leave us a voice message in the bottom right corner of our site.

Read transcript

Alan and Sam discuss the benefits and use cases of Security Copilot. Alan Dives into how Security Pilot works and what some of the capabilities are. Here are a few things we covered:

• What is Generative AI
• What is Security Copilot
• What are Agents
• How much does it cost?

What did you think of this episode? Give us some feedback via our contact form, Or leave us a voice message in the bottom right corner of our site.

Read transcript