<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>Microsoft Security Exposure Management topics</title>
    <link>https://techcommunity.microsoft.com/t5/microsoft-security-exposure/bd-p/security-exposure-management</link>
    <description>Microsoft Security Exposure Management topics</description>
    <pubDate>Thu, 09 Jul 2026 18:07:52 GMT</pubDate>
    <dc:creator>security-exposure-management</dc:creator>
    <dc:date>2026-07-09T18:07:52Z</dc:date>
    <item>
      <title>Remediation Workflow Automation — Biggest Gap vs. Competing Exposure Management Platforms?</title>
      <link>https://techcommunity.microsoft.com/t5/microsoft-security-exposure/remediation-workflow-automation-biggest-gap-vs-competing/m-p/4531077#M2</link>
      <description>&lt;P&gt;Exposure graph and attack path correlation in MSEM are genuinely strong — the cross-domain visibility (endpoints, identities, cloud, external surface) is one of the better implementations I've worked with, especially for shops already standardized on the Microsoft stack.&lt;/P&gt;&lt;P&gt;The gap I keep running into is &lt;STRONG&gt;closed-loop remediation orchestration&lt;/STRONG&gt;. Right now, when an attack path or critical exposure is identified, there's no native way to auto-generate a ticket, assign ownership, and track an SLA against it — that handoff still has to be built externally (Logic Apps, Sentinel playbooks, or a 3rd-party ITSM integration). This isn't just my experience; it's echoed in published Gartner Peer Insights reviews of the product, where users specifically flag the absence of in-platform workflows to raise tickets automatically and route them to the owning team.&lt;/P&gt;&lt;P&gt;For comparison, Qualys built this natively into their Enterprise TruRisk Platform (QFlow) — automatic ticket creation in ServiceNow/Jira, ownership assignment, and SLA tracking, all without manual handoffs. Tenable One markets "workflow automation" as a core differentiator of its unified platform for the same reason: it's what turns continuous &lt;EM&gt;detection&lt;/EM&gt; into continuous &lt;EM&gt;risk reduction&lt;/EM&gt;, not just a better dashboard.&lt;/P&gt;&lt;P&gt;Questions for the team / community:&lt;/P&gt;&lt;UL&gt;&lt;LI&gt;Is closed-loop ticketing/SLA tracking on the roadmap natively, or is the expectation that this stays external (Logic Apps/Sentinel)?&lt;/LI&gt;&lt;LI&gt;For those running MSEM at scale — how are you currently bridging this gap operationally? Custom playbooks, or a 3rd-party orchestration layer on top?&lt;/LI&gt;&lt;/UL&gt;</description>
      <pubDate>Thu, 25 Jun 2026 20:05:56 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/microsoft-security-exposure/remediation-workflow-automation-biggest-gap-vs-competing/m-p/4531077#M2</guid>
      <dc:creator>gokhantatar</dc:creator>
      <dc:date>2026-06-25T20:05:56Z</dc:date>
    </item>
    <item>
      <title>Exposure-Driven Security in the Modern Enterprise</title>
      <link>https://techcommunity.microsoft.com/t5/microsoft-security-exposure/exposure-driven-security-in-the-modern-enterprise/m-p/4493243#M1</link>
      <description>&lt;P&gt;The idea is simple — but powerful:&lt;BR /&gt;It’s not just about detecting threats. It’s about identifying and prioritizing the exposures that make those threats possible.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Attack path analysis, identity risk correlation, misconfiguration visibility, privilege exposure… all connected in a single risk context.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;So I’d like to ask the community:&lt;/P&gt;&lt;P&gt;How are you currently measuring exposure in your environment?&lt;/P&gt;&lt;P&gt;– Are you mapping attack paths across identities, endpoints, and cloud workloads?&lt;BR /&gt;– Are privileged identities part of your exposure prioritization model?&lt;BR /&gt;– Are remediation efforts aligned with actual exploitability or just severity level?&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;In your view, what is the biggest challenge when moving from reactive detection to proactive exposure reduction?&lt;/P&gt;&lt;P&gt;Curious to hear how others are integrating Exposure Management into their Zero Trust architecture.&lt;/P&gt;</description>
      <pubDate>Fri, 06 Feb 2026 21:52:18 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/microsoft-security-exposure/exposure-driven-security-in-the-modern-enterprise/m-p/4493243#M1</guid>
      <dc:creator>Lucaraheller</dc:creator>
      <dc:date>2026-02-06T21:52:18Z</dc:date>
    </item>
  </channel>
</rss>

