AMA: Microsoft Security Exposure Management

What license do you need to view full attack path

Welcome! The Microsoft Security Exposure Management AMA will start soon. What questions do you have for our experts? Post them now and we’ll use them to kick off the hour!

Welcome to the Microsoft Security Exposure Management AMA and the Tech Community Live: Microsoft Security edition. Let's get started! Please post your questions here in the Comments. We will be answering questions in the live stream—and others will be answering here in the Comments.

Don't be shy! This is a great forum to ask your questions about Exposure Management, and also to share feedback and information about use cases and scenarios you need to support. Post your thoughts and questions now in the Comments.

Does the attack path look at all your policies for example if a user is compromised and all organization policies block normal users from having elevating permissions does it sense these policies.

Hope you are enjoying today's AMA. What do you like about this event? Share your feedback here in the Comments and help shape the direction of our future events on the Tech Community!

That concludes today’s Microsoft Security Exposure Management AMA. Thanks to everyone who was able to join us live - and to those catching up on demand!

Up next: AMA: Security for AI

Thanks for participating! In addition to the questions posted on this page, we also answer questions posted in reply to the event on other social channels (LinkedIn, X, etc.). Below are the questions the panelists answered, along with a timestamped link:

Question -- What are the newest features in Exposure Management?  - answered at 2:23.

Question -- I thought I heard that Secure Score is now part of Exposure Management? Is that score still available elsewhere? How does Exposure Management make it better? - answered at 7:06.

Question -- How do I make sure I have a full view of attack paths? - answered at 10:27.

Question -- Is this available for GCC? - answered at 15:06.

Question -- Should we use RBAC or Entra ID roles to manage access? Pros and cons? - answered at 16:19.

Question from LinkedIn -- Can you please explain how the licensing works for exposure management?- answered at 18:28 - For more details, go to https://aka.ms/ExposureManagement

Question from LinkedIn -- Will exposure management include recommendations, steps to address the issue, prioritization, and mediations? - answered at 23:57.

Question -- Going back to products working together -- What products/licenses do you need to view the full attack path? - answered at 28:03.

Question -- Speaking of attack paths, does Exposure Management analysis cover cloud only or does it extend to on prem? - answered at 30:28.

Question -- Can we use Exposure Management to combat social engineering tactics like email phishing? How would that work? - answered at 33:25.

Question -- Does Exposure Management replace any security products (Vulnerability Management, for example)? - answered at 37:38.

Question -- How would you balance proactive exposure management with reactive incident response? - answered at 38:26.

Question -- What key steps or best practices would you recommend for building an effective exposure management program from the ground up? - answered at 44:45.

Question -- Does the attack path look at all your policies for example if a user is compromised and all organization policies block normal users from having elevating permissions does it sense these policies. - answered at 50:03.