Visit the Microsoft Security Community
Please visit aka.ms/SecurityCommunity for the latest Security Community updates and call/ webinar listings. To visit the new version of this page, visit aka.ms/SecurityCommunity To stay up to date on upcoming opportunities and the latest Microsoft Security Community news, make sure to subscribe to our email list. Find the latest skilling content and on-demand videos – subscribe to the Microsoft Security Community YouTube channel. Catch the latest announcements and connect with us on LinkedIn – Microsoft Security Community and Microsoft Entra Community. Q: Why does this blog post look a bit strange? A: It's a redirect; you've landed on our previous webinars page, which looked a little something like this: Upcoming Webinars DECEMBER 2 (9:00 AM - 10:00 AM) Microsoft Sentinel and Microsoft Defender XDR | Empowering the Modern SOC Microsoft is simplifying the SecOps experience and delivering innovation that will allow your team to scale in new ways. Join us for actionable learnings to help your team modernize your operations and enhance protection of your organization. DECEMBER 3 (8:00 AM -9:00 AM) Microsoft Defender for Identity | Identity Centric Protection in the Cloud Era Microsoft Defender for Identity would like to introduce the new identity centric protection capabilities providing identity centric protection across any identity source. DECEMBER 4 (8:00 AM - 9:30 AM) Security Copilot Skilling Series | Discussion of Ignite Announcements Ignite 2025 is all about driving impact in the era of AI—and security is at the center of it. In this session, we’ll unpack the biggest Security Copilot announcements from Ignite on agents and discuss how Copilot capabilities across Intune, Entra, Purview, and Defender deliver end-to-end protection. DECEMBER 4 (8:00 AM- 9:00 AM) Microsoft Defender for Cloud | Unlocking New Capabilities in Defender for Storage Join us for an in-depth look at the latest enhancements in Microsoft Defender for Storage. In this session, we’ll explore two powerful capabilities now available in public preview: Cloud Storage Aggregated Events and Built-in Automated Malware Remediation for Malicious Blobs. We’ll showcase live demos of these features in action and share best practices for leveraging them effectively. DECEMBER 4 (9:00 AM- 10:00 AM) Microsoft Sentinel | What's New in the Past 6 Months Join us for an insightful session on “What’s New in Microsoft Sentinel.” We’ll spotlight the latest innovations and enhancements, including improvements to the Defender portal that deepen its integration with Microsoft Sentinel. We’ll also explore how data lake capabilities are evolving to support more scalable and flexible security operations. Expect demos, real-world use cases, and a discussion on why these updates matter to our customers. Don’t miss out if you want to stay ahead of what’s new and what’s next! DECEMBER 8 (9:00 AM - 10:00 AM) Microsoft Security Store | Security, Simplified: A look inside the Security Store This session is to introduce the Microsoft Security Store—a centralized destination where customers can discover, deploy, and manage trusted security solutions built to extend Microsoft’s security platforms like Defender, Sentinel, Entra, Purview, and Intune. DECEMBER 9 (8:00 AM - 9:00 AM) Microsoft Defender XDR | A Deep Dive into Automated Attack Disruption Uncover the value of automated attack disruption and how it delivers protection without the complexity. Join the Automatic Attack Disruption team for an exclusive deep dive into these powerful capabilities. You’ll get a front-row seat to a demo, explore the latest innovations, a look at future investments and have your questions answered directly by the experts. Don’t miss this chance to see effortless protection in action. DECEMBER 9 (9:00 AM - 10:00 AM) Microsoft Sentinel | Part 1: Stop Waiting, Start Onboarding: Get Sentinel Defender‑Ready Today Part 1: Stop Waiting, Start Onboarding: Get Sentinel Defender‑Ready Today The Microsoft Sentinel portal in Azure is being retired by July 2026, so now is the perfect time to explore the Microsoft Defender unified portal. In this session, we’ll walk through a day in the life of a SOC, showing how integration and simplicity make security operations smoother. You’ll learn how to navigate the portal, manage incidents with a unified queue, and enrich investigations with UEBA, Threat Intelligence, and Watchlists. Plus, see how automation, dashboards, and case management help smaller setups work smarter. DECEMBER 10 (8:00 AM - 9:00 AM) Azure Network Security | Deep Dive into Azure DDoS Protection Join us for an in-depth exploration of Azure DDoS Protection and learn how to safeguard your applications and infrastructure against distributed denial-of-service attacks. This session will walk through the end-to-end architecture and planning considerations, dive into the detection and mitigation flow, and showcase telemetry, analytics, and alerting best practices. We’ll also cover how Azure DDoS Protection integrates with first-party services to deliver seamless protection and visibility across your environment. DECEMBER 10 (9:00 AM - 10:00 AM) Microsoft Defender for Cloud | Expose Less, Protect More with Microsoft Security Exposure Management Join us for an in-depth look at how Microsoft Security Exposure Management helps organizations reduce risk by identifying and prioritizing exposures before attackers can exploit them. Learn practical strategies to minimize your attack surface, strengthen defenses, and protect what matters most. DECEMBER 11 (8:00 AM - 9:00 AM) Microsoft Defender for Cloud | Modernizing Cloud Security with Next‑Generation Microsoft Defender for Cloud Microsoft Defender for Cloud is evolving to deliver a unified, intuitive, and scalable approach to cloud security. In this session, we’ll discuss how organizations can simplify posture management and threat protection across multicloud environments (Azure, AWS, GCP, and beyond) while improving efficiency and reducing risk. Learn how this direction streamlines operations, enhances clarity for security teams, and supports smarter risk prioritization. DECEMBER 11 (9:00 AM - 10:00 AM) Microsoft Sentinel data lake | Transforming data collection for AI-ready security operations with Microsoft Sentinel Join us to explore how Microsoft Sentinel is transforming security data collection across multicloud and multiplatform environments. In this webinar, we’ll share our vision for a unified, cloud-native approach, highlight the latest capabilities for ingesting data from on-prem systems, Microsoft workloads, and multi-cloud platforms, and showcase the codeless connector framework that accelerates custom integrations. With over 350 connectors available and the App Assure program ensuring reliability, we’ll also share the roadmap for scaling data collection to power AI-driven security operations. DECEMBER 16 (8:00 AM - 9:00 AM) Microsoft Defender for Office 365 | Ask the Experts: Tips and Tricks You’ve watched the latest Microsoft Defender for Office 365 best practices videos and read the blog posts by the esteemed Microsoft Most Valuable Professionals (MVPs), now bring your toughest questions or unique situations straight to the experts. In this interactive panel discussion, Microsoft MVPs will answer your real world scenarios, clarify best practices, and highlight practical tips surfaced in the recent series. We’ll kick off with a who’s who and recent blog/video series recap, then dedicate most of the time to your questions across migration, SOC optimization, fine-tuning configuration, Teams protection, and even Microsoft community engagement. Come ready with your questions (or pre-submit here) for the expert Security MVPs on camera, or the Microsoft Defender for Office 365 product team in the chat! DECEMBER 16 (9:00 AM - 10:00 AM) Microsoft Sentinel | Part 2: Don’t Get Left Behind: Complete Your Sentinel Move to Defender Part 2: Don’t Get Left Behind: Complete Your Sentinel Move to Defender As the transition deadline approaches in July 2026, this session helps you unlock the full potential of Microsoft Defender. We’ll cover data onboarding, retention strategies, and permission models for governance at scale. Explore Content Hub, analytic rules, and summary rules to optimize detection. Learn how Multi-Tenant Organization (MTO) simplifies management and see Security Copilot in action for AI-driven insights. Ideal for teams migrating from Azure Sentinel Portal or looking to strengthen their SOC posture. JANUARY 13 (9:00 AM - 10:00 AM) Microsoft Sentinel | AI-Powered Entity Analysis in Sentinel's MCP Server Assessing the risk of entities is a core task for SOC teams—whether triaging incidents, investigating threats, or automating response workflows. Traditionally, this has required building complex playbooks or custom logic to gather and analyze fragmented security data from multiple sources. With Entity Analyzer, this complexity is eliminated. The tool leverages Sentinel’s semantic understanding of your security data to deliver comprehensive, reasoned risk assessments for any entity your agents encounter. By providing a unified, out-of-the-box solution for entity analysis, Entity Analyzer enables your AI agents to make smarter decisions and automate more tasks—without the need to manually engineer risk evaluation logic for each entity type. This not only accelerates agent development, but also ensures your agents are always working with the most relevant and up-to-date context from across your security environment. And for those building SOAR workflows, Entity Analyzer is natively integrated with Logic Apps, making it easy to enrich entities and automate verdicts within your playbooks. JANUARY 20 (8:00 AM - 9:00 AM) Microsoft Defender for Cloud | What's New in Microsoft Defender CSPM Cloud security posture management (CSPM) continues to evolve, and Microsoft Defender CSPM is leading the way with powerful enhancements introduced after Microsoft Ignite (November 2025). This session will showcase the latest innovations designed to help security teams strengthen their posture and streamline operations. JANUARY 22 (8:00 AM - 9:00 AM) Azure Network Security | Advancing web application Protection with Azure WAF: Ruleset and Security Enhancements In this session, we’ll explore the latest Azure WAF ruleset and security enhancements designed to strengthen your protection, reduce false positives, and simplify management. You’ll learn how to fine-tune WAF configurations, gain deeper visibility into threat patterns, and ensure consistent security across your web workloads. Whether you’re just getting started with Azure WAF or looking to optimize existing deployments, this webinar will help you confidently build a more resilient and adaptive web application security posture.EU Data Boundary for the Microsoft Cloud | Frequently Asked Questions
On May 6, 2021, we announced a new pledge for the European Union. If you are a commercial or public sector customer in the EU, we will go beyond our existing data residency commitments and enable you to process and store all your data in the EU. In other words, we will not need to move your data outside the EU. This commitment will apply across all of Microsoft’s main cloud services—Azure, Microsoft 365, and Dynamics 365. We are beginning work immediately on this added step, and we will complete by the end of next year the implementation of all engineering work needed to execute on it. We’re calling this plan the EU Data Boundary for the Microsoft Cloud. The new step we’re taking builds on our already strong portfolio of solutions and commitments that protect our customers’ data, and we hope today’s update is another step toward responding to customers who want even greater data residency commitments. We will continue to consult with customers and regulators about this plan in the coming months and move forward in a way that is responsive to their feedback.Welcome to the Microsoft Security Community!
Microsoft Security Community Hub | Protect it all with Microsoft Security Eliminate gaps and get the simplified, comprehensive protection, expertise, and AI-powered solutions you need to innovate and grow in a changing world. The Microsoft Security Community is your gateway to connect, learn, and collaborate with peers, experts, and product teams. Gain access to technical discussions, webinars, and help shape Microsoft’s security products. Get there fast To stay up to date on upcoming opportunities and the latest Microsoft Security Community news, make sure to subscribe to our email list. Find the latest skilling content and on-demand videos – subscribe to the Microsoft Security Community YouTube channel. Catch the latest announcements and connect with us on LinkedIn – Microsoft Security Community and Microsoft Entra Community. Read the latest in the the Microsoft Security Community blog. Upcoming Community Calls April 2026 Apr. 23 | 8:00am | Security Copilot Skilling Series | Getting started with Security Copilot New to Security Copilot? This session walks through what you actually need to get started, including E5 inclusion requirements and a practical overview of the core experiences and agents you will use on day one. RESCHEDULED Apr. 28 | 8:00am | Security Copilot Skilling Series | Security Copilot Agents, DSPM AI Observability, and IRM for Agents This session covers an overview of how Microsoft Purview supports AI risk visibility and investigation through Data Security Posture Management (DSPM) and Insider Risk Management (IRM), alongside Security Copilot–powered agents. This session will go over what is AI Observability in DSPM as well as IRM for Agents in Copilot Studio and Azure AI Foundry. Attendees will learn about the IRM Triage Agent and DSPM Posture Agent and their deployment. Attendees will gain an understanding of how DSPM and IRM capabilities could be leveraged to improve visibility, context, and response for AI-related data risks in Microsoft Purview. Apr. 30 | 8:00am | Microsoft Security Community Presents | Purview Lightning Talks Join the Microsoft Security Community for Purview Lightning Talks; quick technical sessions delivered by the community, for the community. You’ll pick up practical Purview gems: must-know Compliance Manager tips, smart data security tricks, real-world scenarios, and actionable governance recommendations all in one energizing event. Hear directly from Purview customers, partners, and community members and walk away with ideas you can put to work right immediately. Register now; full agenda coming soon! May 2026 May 12 | 9:00am | Microsoft Sentinel | Hyper scale your SOC: Manage delegated access and role-based scoping in Microsoft Defender In this session we'll discuss Unified role based access control (RBAC) and granular delegated admin privileges (GDAP) expansions including: How to use RBAC to -Allow multiple SOC teams to operate securely within a shared Sentinel environment-Support granular, row-level access without requiring workspace separation-Get consistent and reusable scope definitions across tables and experiences How to use GDAP to -Manage MSSPs and hyper-scaler organizations with delegated- access to governed tenants within the Defender portal-Manage delegated access for Sentinel. Looking for more? Join the Security Advisors! As a Security Advisor, you’ll gain early visibility into product roadmaps, participate in focus groups, and access private preview features before public release. You’ll have a direct channel to share feedback with engineering teams, influencing the direction of Microsoft Security products. The program also offers opportunities to collaborate and network with fellow end users and Microsoft product teams. Join the Security Advisors program that best fits your interests: www.aka.ms/joincommunity. Additional resources Microsoft Security Hub on Tech Community Virtual Ninja Training Courses Microsoft Security Documentation Azure Network Security GitHub Microsoft Defender for Cloud GitHub Microsoft Sentinel GitHub Microsoft Defender XDR GitHub Microsoft Defender for Cloud Apps GitHub Microsoft Defender for Identity GitHub Microsoft Purview GitHub
Introducing the Azure Threat Research Matrix
When performing a security assessment, it’s common to find the assessment team attribute their actions to the MITRE ATT&CK knowledge base so that high-level stakeholders can visually see what techniques were successful and defenders can understand the techniques that were performed. However, the commonly utilized MITRE knowledge base lacks formal documentation of Azure or AzureAD-related tactics, techniques, or procedures (TTPs) that assessment teams can attribute to. Over the past year, Microsoft has worked with some of the top Azure security researchers to create the Azure Threat Research Matrix (ATRM), a matrix that provides details around the tactics & techniques a potential adversary may use to compromise an Azure Resource or Azure Active Directory.
