Welcome to the Microsoft Security Community!
Protect it all with Microsoft Security Eliminate gaps and get the simplified, comprehensive protection, expertise, and AI-powered solutions you need to innovate and grow in a changing world. The Microsoft Security Community is your gateway to connect, learn, and collaborate with peers, experts, and product teams. Gain access to technical discussions, webinars, and help shape Microsoft’s security products. Get there fast To stay up to date on upcoming opportunities and the latest Microsoft Security Community news, make sure to subscribe to our email list. Find the latest skilling content and on-demand videos – subscribe to the Microsoft Security Community YouTube channel. Catch the latest announcements and connect with us on LinkedIn – Microsoft Security Community and Microsoft Entra Community. Index Community Calls: January 2026 | February 2026 | March 2026 Upcoming Community Calls February 2026 Feb. 2 | 9:00am | Microsoft Sentinel | Accelerate your SIEM migration to Microsoft Sentinel Join us for an insightful webinar to discover how Microsoft Sentinel simplifies SIEM migration and enables true SOC transformation. Experience the new AI-powered SIEM migration tool that goes beyond syntax conversion—delivering advanced correlation, actionable insights, and accurate intent-based mapping for improved detection coverage and continuous optimization. Feb 4. | 8:00am | 425 Show | Introducing the Identity Risk Management Agent for Entra ID Protection Discover how the Identity Risk Management Agent for Microsoft Entra ID Protection simplifies identity defense. Learn how it analyzes risk signals, surfaces risky users, and enables one-click remediation to help teams stay ahead of identity-based threats. Feb. 5 | 8:00am | Security Copilot Skilling Series | Identity Risk Management Agent in Microsoft Entra Learn how the Identity Risk Management Agent in Microsoft Entra, powered by Security Copilot, detects risky users, explains risk reasons, and delivers guided remediation at scale with natural‑language investigations and adaptive learning. Feb. 10 | 8:00am | Microsoft Security Store | From Alert to Resolution: Using Security Agents to Power Real‑World SOC Workflows In this webinar, we’ll show how SOC analysts can harness security agents from Microsoft Security Store to strengthen every stage of the incident lifecycle. Through realistic SOC workflows based on everyday analyst tasks, we will follow each scenario end to end, beginning with the initial alert and moving through triage, investigation, and remediation. Along the way, we’ll demonstrate how agents in Security Store streamline signal correlation, reduce manual investigation steps, and accelerate decision‑making when dealing with three of the most common incident types: phishing attacks, credential compromise, and business email compromise (BEC), helping analysts work faster and more confidently by automating key tasks, surfacing relevant insights, and improving consistency in response actions. Feb. 11 | 8:00am | Microsoft Sentinel graph | Unlocking Graph-based Security and Analysis Join us in this session where we will dive into the Microsoft Hunting graph and blast radius experiences, going deeper into the details of the new custom graph capabilities, why they matter, and some of their use cases. We will also cover the differences between ephemeral and materialized custom graphs and how to create each through Visual Studio Code and notebooks. Feb. 12 | 8:00am | Microsoft Purview | Data Security Investigations (DSI) Introducing Microsoft Purview Data Security Investigations (DSI) Identify: Efficiently search your Microsoft 365 data estate to locate incident-relevant documents, emails, Copilot prompts and responses, and Teams messages Investigate: Use AI-powered deep content analysis enriched with activity insights to find key sensitive data and security risks within impacted data quickly. Mitigate: Collaborate with partner teams securely to mitigate identified risks and use investigation learnings to strengthen security practices. Launch DSI from its home page, Microsoft Defender XDR, Microsoft Purview Insider Risk Management, or Microsoft Purview Data Security Posture Management. Feb. 17 | 8:00am | Microsoft Sentinel | Introducing the UEBA Behaviors Layer in Microsoft Sentinel Join us as we explore the new UEBA Behaviors layer in Microsoft Sentinel. See how AI-powered behaviors turn raw telemetry into clear, human-readable security insights, and hear directly from the product team on use cases, coverage, and what’s coming next. Feb. 19 | 8:00am | Security Copilot Skilling Series | Agents That Actually Work: From an MVP Microsoft MVP Ugur Koc will share a real-world workflow for building agents in Security Copilot, showing how to move from an initial idea to a consistently performing agent. The session highlights how to iterate on objectives, tighten instructions, select the right tools, and diagnose where agents break or drift from expected behavior. Attendees will see practical testing and validation techniques, including how to review agent decisions and fine-tune based on evidence rather than intuition to help determine whether an agent is production ready. Feb. 23 | 8:00am | Microsoft Defender for Identity | Identity Control Plane Under Attack: Consent Abuse and Hybrid Sync Risks A new wave of identity attacks abuses legitimate authentication flows, allowing attackers to gain access without stealing passwords or breaking MFA. In this session, we’ll break down how attackers trick users into approving malicious apps, how this leads to silent account takeover, and why traditional phishing defenses often miss it. Feb. 26 | 9:00am | Azure Network Security | Azure Firewall Integration with Microsoft Sentinel Learn how Azure Firewall integrates with Microsoft Sentinel to enhance threat visibility and streamline security investigations. This webinar will demonstrate how firewall logs and insights can be ingested into Sentinel to correlate network activity with broader security signals, enabling faster detection, deeper context, and more effective incident response. March 2026 Mar. 5 | 8:00am | Security Copilot Skilling Series | Conditional Access Optimization Agent: What It Is & Why It Matters Get a clear, practical look at the Conditional Access Optimization Agent—how it automates policy upkeep, simplifies operations, and uses new post‑Ignite updates like Agent Identity and dashboards to deliver smarter, standards‑aligned recommendations. Mar. 18 | 1:00pm (AEDT) | Microsoft Entra | From Lockouts to Logins: Modern Account Recovery and Passkeys Lost phone, no backup? In a passwordless world, users can face total lockouts and risky helpdesk recovery. This session shows how Entra ID Account Recovery uses strong identity verification and passkey profiles to help users safely regain access. Mar. 19 | 8:00am | Microsoft Purview | Insider Risk Data Risk Graph We’re excited to share a new capability that brings Microsoft Purview Insider Risk Management (IRM) together with Microsoft Sentinel through the data risk graph (public preview) What it is: The data risk graph gives you an interactive, visual map of user activity, data movement, and risk signals—all in one place. Why it matters: Quickly investigate insider risk alerts with clear context, understand the impact of risky activities on sensitive data, accelerate response with intuitive, graph-based insights Getting started: Requires onboarding to the Sentinel data lake & graph. Needs appropriate admin/security roles and at least one IRM policy configured This session will provide practical guidance on onboarding, setup requirements, and best practices for data risk graph. Mar. 26 | 8:00am | Azure Network Security | What's New in Azure Web Application Firewall Azure Web Application Firewall (WAF) continues to evolve to help you protect your web applications against ever-changing threats. In this session, we’ll explore the latest enhancements across Azure WAF, including improvements in ruleset accuracy, threat detection, and configuration flexibility. Whether you use Application Gateway WAF or Azure Front Door WAF, this session will help you understand what’s new, what’s improved, and how to get the most from your WAF deployments. Looking for more? Join the Security Advisors! As a Security Advisor, you’ll gain early visibility into product roadmaps, participate in focus groups, and access private preview features before public release. You’ll have a direct channel to share feedback with engineering teams, influencing the direction of Microsoft Security products. The program also offers opportunities to collaborate and network with fellow end users and Microsoft product teams. Join the Security Advisors program that best fits your interests: www.aka.ms/joincommunity. Additional resources Microsoft Security Hub on Tech Community Virtual Ninja Training Courses Microsoft Security Documentation Azure Network Security GitHub Microsoft Defender for Cloud GitHub Microsoft Sentinel GitHub Microsoft Defender XDR GitHub Microsoft Defender for Cloud Apps GitHub Microsoft Defender for Identity GitHub Microsoft Purview GitHub
External (guest) users can't access my registered application
We have a FileMaker application registered with Entra ID, using OAuth, for internal and external (guests) users in my organization. Since January 19th, external users have been encountering a different authentication process, which results in a 404 error (see images below). No changes were made to the Entra ID or the application configurations before this change in behaviour. It seems that logging in to a personal account results in an incorrect token for the redirect URL, which does not happen when logging in with organizational accounts.Increase security and productivity with AI agents
Strong access strategy isn’t about initial setup: it’s about keeping operations fast, safe, and scalable as environments constantly change. Learn how Microsoft Security Copilot agent can be used within Microsoft Entra to help you move from manual, reactive workflows to AI-driven identity operations. Dive in to real scenarios where agents assist with Conditional Access, identity risk investigation, and access troubleshooting, working alongside admins to turn signals into action. Speakers: Chad Hasbrook, Senior Product Manager; and Mamta Kumar, Senior Product Manager This event is part of the Microsoft Entra Access Priorities Series. I'm in! How do I sign up? Select “Add to calendar” to save the date, then click the “Attend” button to save your spot, receive event reminders, and participate in the Q&A. If you can’t make the live event, don’t worry. You can post your questions in advance and catch up on the answers and insights later in the week. All sessions for the Microsoft Entra Access Priorities series will be recorded and available on demand immediately after airing. This event will feature AI-generated captions during the live broadcast. Human-generated captions and a recap of the Q&A will be available by the end of the week. Where do I post my questions? Scroll to the bottom of the session pages, and select “Comment.” Don’t see Comment as an option? Don’t forget to sign in to the Tech Community.Secure access for AI agents, the new frontier of identity
Once your workforce is secured, it’s essential to extend the same protection to their newest colleagues: AI agents. Tune in to explore the shift beyond human identities and see how Microsoft Entra Agent ID and unified access policies bring Zero Trust to non‑human identity in your environment. Get practical tips to help you register, govern, and protect AI agents with the same rigor as employees, ensuring your access strategy keeps pace with how work is truly getting done. Speakers: Nick Wryter, Principal Product Manager; and Leandro Iwase, Senior Product Marketing Manager This event is part of the Microsoft Entra Access Priorities Series. I'm in! How do I sign up? Select “Add to calendar” to save the date, then click the “Attend” button to save your spot, receive event reminders, and participate in the Q&A. If you can’t make the live event, don’t worry. You can post your questions in advance and catch up on the answers and insights later in the week. All sessions for the Microsoft Entra Access Priorities series will be recorded and available on demand immediately after airing. This event will feature AI-generated captions during the live broadcast. Human-generated captions and a recap of the Q&A will be available by the end of the week. Where do I post my questions? Scroll to the bottom of the session pages, and select “Comment.” Don’t see Comment as an option? Don’t forget to sign in to the Tech Community.Build a unified access foundation
In her 2026 identity priorities blog, Joy Chik outlines the Access Fabric as the future of access security, but how do organizations get there? Find out why establishing a strong access foundation is critical, starting with phishing‑resistant authentication, Conditional Access, and consistent, continuous and contextual identity controls that reduce risk from the outset. We will walk through the foundational steps your organization can take to prepare for an Access Fabric that extends seamlessly across users, apps, devices, and AI workloads. Leave with a clear, actionable Zero Trust checklist you can apply immediately. Speakers: Levent Besik, VP of Product Management; Melanie Maynes, Director of Product Marketing; and Rahul Prakash, Principal Product Manager This event is part of the Microsoft Entra Access Priorities Series. I'm in! How do I sign up? Select “Add to calendar” to save the date, then click the “Attend” button to save your spot, receive event reminders, and participate in the Q&A. If you can’t make the live event, don’t worry. You can post your questions in advance and catch up on the answers and insights later in the week. All sessions for the Microsoft Entra Access Priorities series will be recorded and available on demand immediately after airing. This event will feature AI-generated captions during the live broadcast. Human-generated captions and a recap of the Q&A will be available by the end of the week. Where do I post my questions? Scroll to the bottom of the session pages, and select “Comment.” Don’t see Comment as an option? Don’t forget to sign in to the Tech Community.Grant Just-in-Time Admin Access with Microsoft Entra PIM
In my lab, I worked with Microsoft Entra Privileged Identity Management (PIM) to grant Just-in-Time admin access. Instead of permanent assignments, users become eligible for roles and must activate them only when needed. Steps I tested: - Configured roles as eligible rather than permanent - Required MFA and approval for role activation - Verified access automatically expired after the time window This approach reduces standing privileges and aligns with Zero Trust by securing privileged access. Curious — does your org still keep permanent Global Admins, or have you moved to JIT with PIM?Secure access for the workforce in the AI era
AI has fundamentally changed how attackers target employees, making identity compromise faster, more convincing, and harder to detect. Explore why unifying identity and network access is critical to protecting the workforce in the era of AI. See practical demos across three real‑world scenarios: enforcing least privilege access, securing employee access to AI, and modernizing access to all resources with the Microsoft Entra Suite. Speakers: Sanjay Shah, Global Black Belt; and Josh Lanier, Global Black Belt This event is part of the Microsoft Entra Access Priorities Series. I'm in! How do I sign up? Select “Add to calendar” to save the date, then click the “Attend” button to save your spot, receive event reminders, and participate in the Q&A. If you can’t make the live event, don’t worry. You can post your questions in advance and catch up on the answers and insights later in the week. All sessions for the Microsoft Entra Access Priorities series will be recorded and available on demand immediately after airing. This event will feature AI-generated captions during the live broadcast. Human-generated captions and a recap of the Q&A will be available by the end of the week. Where do I post my questions? Scroll to the bottom of the session pages, and select “Comment.” Don’t see Comment as an option? Don’t forget to sign in to the Tech Community.
Force user to reset password in hybrid
Hi, we work in a hybrid environment at the moment, and it has been discovered that if you are using classic AD and reset a user's password and leave the tick-box saying user must change password at next logon, the password reset works! But, if you were to select the tick-box with the intention to make the user change their password, the password does not get reset and the user never gets asked to reset their password? Also, if you try and reset the user's password on AAD, you get the following error message: Because we cannot force the user to reset their password by AD or AAD, we have to tell the user to do it themselves by the classic Ctrl-Alt-Del method or set their personal password for them over the phone. So, what my question is, is why can I not force the user to change their password from either AD or AAD?Reachability of a domain across multiple tenants
I have a general question about an Entra scenario that we currently need to implement. Our company consists of 3 companies (companyA.com, companyB.com, companyC.com), each with their own MS Tenant. Here, A is the parent company and B and C are subsidiaries. Is it somehow possible, perhaps with Cross Tenant Synchronization from B, C -> A, that users from the subsidiaries can log in with the parent company's domain name in Entra, Teams & Co., and that Teams invitations can also be sent via an email address of the parent company? So I have mailto:email address removed for privacy reasons and I would like this user to also be known as mailto:email address removed for privacy reasons in the Microsoft ecosystem. From a marketing perspective, it is important that all employees log in and are reachable with the same domain. A migration into one tenant is probably not easily possible for legal reasons. Thank you in advance for your assistance. ChristianAccelerate Your Security Copilot Readiness with Our Global Technical Workshop Series
The Security Copilot team is delivering virtual hands-on technical workshops designed for technical practitioners who want to deepen their AI for Security expertise with Microsoft Entra, Intune, Microsoft Purview, and Microsoft Threat Protection. These workshops will help you onboard and configure Security Copilot and deepen your knowledge on agents. These free workshops are delivered year-round and available in multiple time zones. What You’ll Learn Our workshop series combines scenario-based instruction, live demos, hands-on exercises, and expert Q&A to help you operationalize Security Copilot across your security stack. These sessions are all moderated by experts from Microsoft’s engineering teams and are aligned with the latest Security Copilot capabilities. Every session delivers 100% technical content, designed to accelerate real-world Security Copilot adoption. Who Should Attend These workshops are ideal for: Security Architects & Engineers SOC Analysts Identity & Access Management Engineers Endpoint & Device Admins Compliance & Risk Practitioners Partner Technical Consultants Customer technical teams adopting AI powered defense Register now for these upcoming Security Copilot Virtual Workshops Start building Security Copilot skills—choose the product area and time zone that works best for you. Please take note of pre-requisites for each workshop in the registration page Security Copilot Virtual Workshop: Copilot in Defender February 4, 2026 at 8:00-9:00 AM (PST) - register here March 4, 2026 at 8:00-9:00 AM (PST) - register here Asia Pacific optimized delivery schedules Time conversion: 4:00-5:30 PM NZDT; 11:00-12:30 AM GMT +8; 8:30-10:00 AM IST; 7:00-8:30 PM PST February 5, 2026 at 2:00-3:30 PM (PST) - register here March 5, 2026 at 2:00-3:30 PM (AEDT) - register here Security Copilot Virtual Workshop: Copilot in Entra January 28, 2026 at 8:00-9:00 AM (PST) - register here Asia Pacific optimized delivery schedules Time conversion: 4:00-5:30 PM NZDT; 11:00-12:30 AM GMT +8; 8:30-10:00 AM IST; 7:00-8:30 PM PST January 28, 2026 at 2:00-3:30 PM (AEDT) - register here February 26, 2026 at 2:00-3:30 PM (AEDT) - register here March 26, 2026 at 2:00-3:30 PM (AEDT) - register here Security Copilot Virtual Workshop: Copilot in Intune February 11, 2026 at 8:00-9:30 AM (PST) - register here March 11, 2026 at 8:00-9:30 AM (PST) - register here Asia Pacific optimized delivery schedules Time conversion: 4:00-5:30 PM NZDT; 11:00-12:30 AM GMT +8; 8:30-10:00 AM IST; 7:00-8:30 PM PST February 12, 2026 at 2:00-3:30 PM (AEDT) - register here March 12, 2026 at 2:00-3:30 PM (AEDT) - register here Security Copilot Virtual Workshop: Copilot in Purview January 21, 2026 8:00 – 9:30 AM (PST) - register here Asia Pacific optimized delivery schedules Time conversion: 4:00-5:30 PM NZDT; 11:00-12:30 AM GMT +8; 8:30-10:00 AM IST; 7:00-8:30 PM PST January 22, 2026 at 2:00-3:30 PM (AEDT) - register here Learn and Engage with the Microsoft Security Community Log in and follow this Microsoft Security Community Blog and post/ interact in the Microsoft Security Community discussion spaces. Follow = Click the heart in the upper right when you're logged in 🤍 Join the Microsoft Security Community and be notified of upcoming events, product feedback surveys, and more. Get early access to Microsoft Security products and provide feedback to engineers by joining the Microsoft Customer Connection Community. Learn about the Microsoft MVP Program. Join the Microsoft Security Community LinkedIn and the Microsoft Entra Community LinkedIn
