Security Community Spotlight: Fabrício Assumpção
Meet Fabrício Assumpção, a Technical Specialist Architect for a Microsoft Security and Compliance Certified Partner, based in Brazil. Fabrício considers his involvement with the Microsoft Security Community defined by a dual approach: architectural innovation and technical enablement. As a Microsoft Certified Trainer (MCT) since 2021, he has been dedicated to bridging the gap between theory and real-world implementation for security professionals globally. What do you find most rewarding about being a member of the Microsoft Security Community? The most rewarding part of being a member of the Microsoft Security Community is the direct access to the pulse of cybersecurity innovation. As a Microsoft Certified Trainer (MCT) and a developer/engineer/architect focused on Cloud Security/M365 Security and SIEM, being in this ecosystem allows me to bridge the gap between complex architectural challenges and AI-driven solutions. Developing security agents for Microsoft Security Copilot is particularly fulfilling because I can see how the community’s collective knowledge shapes the future of automated defense. For me, it’s not just about the tools, but about being part of a global movement that empowers defenders to stay ahead of sophisticated threats through intelligence and automation. How would you describe your Microsoft Community involvement? In my role as a Security Architect and Engineer at adaQuest, I advocate for Microsoft’s vision by designing and deploying complex security infrastructures. My work spans the entire Microsoft Security stack, from high-level XDR (Microsoft Defender) strategies and SIEM (Microsoft Sentinel) deployments to the cutting edge of AI-driven defense. Currently, alongside my other activities, I'm focused on developing custom security agents for Microsoft Security Copilot, a task that allows me to push the boundaries of how automation and AI can empower modern SOCs. While my primary involvement has been focused on technical architecture and developing security Copilot agents, my ideal community experience would be centered on deep-tier technical co-creation. I envision a community space that facilitates direct architectural dialogues between Microsoft product teams and the engineers who are building on top of those platforms. For me, the most valuable community experience is one that prioritizes 'early-access' feedback loops and specialized hackathons where we can stress-test new features—like advanced XDR integrations or AI agent capabilities—before they hit the mainstream. My ideal is a community that functions as a high-octane R&D hub, where the collective expertise of architects and developers directly influences the roadmap of the security tools we use every day Editor’s note: The scenario Fabrício describes above is much like the Security Advisors program, which gives you early access to products, features, and private previews. Your feedback to engineering has the power to directly influence Microsoft Security products. If this interests you, consider joining! How long have you been working with Microsoft Security products? My Microsoft security journey is a story of evolution—from a cloud support engineer resolving complex L3/L4 infrastructure issues to a Security Architect leading global SOC operations. I have spent the last decade mastering the transition to the cloud, starting with identity and endpoint management (Entra ID and Intune) and progressing to end-to-end administration of the Microsoft 365 and Azure security stack. A turning point was joining adaQuest, where I took the lead on SOCaaS and began bridging the gap between governance and hands-on engineering and Sentinel. Today, my journey has reached its most exciting phase: pioneering the use of Generative AI in security to build scalable, automated solutions that protect clients worldwide. What features or products have provided the most impact? Please describe how it has helped you or your customers. The most impactful solution has been the integration of Microsoft Sentinel with Security Copilot through custom-developed security agents. This combination has revolutionized how our customers manage their security posture, allowing them to orchestrate and query the entire Defender XDR, Entra ID, and Purview stack through natural language automation. The most direct benefit for our clients has been a drastic reduction in Mean Time to Respond (MTTR) and a significant increase in operational efficiency, transforming complex security data into proactive defense. This unified approach ensures that our customers maximize their investment in the Microsoft ecosystem while maintaining high-speed resilience against sophisticated threats. You’ve indeed been instrumental in building with Microsoft Security. What can you share with us, and can you tell us about your journey? I am incredibly proud of being a pioneer in the Microsoft Security Copilot ecosystem. In early 2025, before official documentation was fully available or the feature had reached General Availability (GA), I conceptualized and developed six custom security agents designed to enhance automated defense and incident response. These agents were the result of a deep dive into the underlying architecture of AI-driven security, where I had to materialize complex ideas into functional, real-world tools without a predefined roadmap. My work was officially showcased and published during the historic announcement of the Microsoft Security Store in 2025, marking the debut of third-party security agents. Seeing these agents evolve from initial concepts to essential tools for the SOC of the future—enabling faster, more intelligent decision-making—is my most rewarding professional achievement. It represents my commitment to pushing the boundaries. Fabricio’s agents are available in the Microsoft Security Store. Here’s what he’s built (so far…) Admin Guard Insight An agent focused on privileged identity and access analysis. It reviews administrative roles, sensitive changes, and risk signals to identify exposure, misuse of privileges, and opportunities to strengthen security posture. Login Investigator An agent designed to investigate suspicious sign-in activity. It correlates authentication details, IPs, locations, devices, user risk, and related incidents to determine whether a login is legitimate or potentially malicious. Entity Guard An entity-centric investigation agent for users, devices, applications, or service principals. It consolidates signals from multiple sources to enrich entity context and identify abnormal behavior, exposure, and associated risks. Data Leak Agent An agent specialized in investigating potential data leakage and sensitive information exposure. It validates and correlates incidents across Microsoft Defender XDR and Microsoft Sentinel to produce a more reliable and contextualized investigation. L1 SOC Triage An agent built to support first-level SOC alert and incident triage. It helps classify events, enrich context, prioritize severity, and recommend next steps or escalation paths for analysts. Ransomware Kill Chain Investigator An agent focused on ransomware investigations. It correlates evidence and maps observed activity to the ransomware kill chain to help teams understand the attack, impacted assets, and priority response actions. EWS Sunset Readiness Assessor An agent that assesses an organization’s readiness for Exchange Web Services (EWS) deprecation. It identifies application and service principal dependencies and supports planning for migration to more modern and secure alternatives. What impact has integrating with Microsoft Security had on your business or your customers? Integrating with Microsoft Security has had a significant impact on both our business and our customers. For our business, it has enabled us to build higher-value security services and differentiated solutions, such as Security Copilot agents tailored to real operational challenges in identity protection, incident triage, data leakage investigations, ransomware analysis, and legacy dependency assessments. For our customers, the impact has been: improved speed, consistency, and depth in security operations. By leveraging Microsoft Security signals and platforms such as Microsoft Defender, Microsoft Sentinel, and Entra, we help teams investigate incidents faster, reduce manual effort, improve decision-making, and strengthen overall security posture. In practice, this means customers gain more actionable insights, better prioritization, and more efficient use of their security resources. What advice do you have for others who would like to get involved in the Microsoft Community? My advice is to bridge the gap between learning and building. Don’t just consume content; start creating solutions for real-world challenges, such as AI-driven automation in Security Copilot or Microsoft Sentinel. Use your practical experience to help others, and remember that teaching is one of the most powerful ways to contribute. In an era of rapid AI evolution, being a proactive 'early adopter' who shares insights is the best way to grow within the Microsoft Community and help protect the global digital landscape. Fabrício beyond Microsoft Security Beyond my technical career, I am a lifelong learner with a deep passion for understanding how the world works, from the complexities of Quantum Computing—which I studied at the University of Coimbra—to the fundamental principles of Physics, Astronomy, and Philosophy. I am currently pursuing two Master’s degrees, as I believe that diverse knowledge fuels creativity. I am also a polyglot at heart, teaching myself Italian, Spanish, Russian, and Chinese using open-source materials. My creative side is expressed through music, as I play both the violin and the piano. In my spare time, I enjoy the discipline of sports; I have a history as both a player and coach of Rugby, and I am a fan of Ice Hockey. My future plans include completing my Doctorate and embracing a nomadic lifestyle to experience different cultures and perspectives. For me, life is about the continuous pursuit of wisdom and the belief that we can always expand the boundaries of our own understanding. Connect with Fabrício on LinkedIn. ____________________________________________________________________________________________ Learn and Engage with the Microsoft Security Community Log in and follow this Microsoft Security Community Blog. Follow = Click the heart in the upper right when you're logged in 🤍. Join the Microsoft Security Community and be notified of upcoming events, product feedback surveys, and more. Get early access to Microsoft Security products and provide feedback to engineers by joining the Microsoft Security Advisors. Join the Microsoft Security Community LinkedIn Group and follow the Microsoft Entra Community on LinkedInSecurity Community Spotlight: Luca Romero Arrieche Heller
Meet Luca, Modern Workplace and Cloud Consultant at SoftwareOne Iberia, a Microsoft Partner. Luca has been working with Microsoft Security and cloud technologies for over a decade, closely following the evolution of the Microsoft Security ecosystem. Today, Luca focuses on Modern Work and security transformation projects, including large-scale Microsoft 365 migrations, enterprise messaging modernization with Exchange Online, endpoint management deployments with Microsoft Intune, and identity-driven security architectures across Microsoft environments. In addition to implementation projects, Luca also delivers technical workshops focused on threat protection and Microsoft security technologies, helping organizations better understand and implement solutions such as Microsoft Defender XDR, Microsoft Entra ID, endpoint security, and Zero Trust strategies to strengthen their overall security posture. Here’s what Luca had to say about his winding road through Microsoft Security and its Community. All responses are quotes from Luca. Microsoft Security Community How would you describe your Microsoft Security Community involvement or advocacy, globally and/or locally? When did you begin? My involvement with the Microsoft Community began early in my career through regional Microsoft community and influencer programs in Brazil. During that time, I became involved with Microsoft Virtual Academy (MVA) and started writing security-focused technical articles based on real project experience. My early technical journey began working with on-premises technologies such as ISA Server, Exchange Server, and Active Directory, which provided a strong foundation in Microsoft infrastructure and security. Through community participation and my blog, I began documenting real-world implementations and lessons learned related to Microsoft Security and cloud technologies. Over the years, my professional work has remained closely connected to the Microsoft ecosystem, implementing technologies such as Advanced Threat Analytics (ATA), Advanced Threat Protection (ATP), Microsoft Defender XDR, Microsoft Entra ID, and Microsoft Intune in enterprise environments. Today, my community advocacy is strongly connected to real-world experience, focusing on Zero Trust architectures, identity protection, modern endpoint security, and large-scale Microsoft 365 transformations and migrations. I noticed you’ve also answered a number of questions and have helped provide solutions in Microsoft Tech Community forums. How did you come across this and what inspired you to help? I have always been encouraged to participate in the technical community and share knowledge. Since the early days of TechNet, I have been involved in learning from others and contributing whenever possible. The culture of collaboration within the Microsoft ecosystem played an important role in my professional development. Many of the challenges I faced early in my career were solved thanks to the knowledge shared by the community. Because of that, contributing back feels natural. In the Microsoft Security Tech Community forums, I often see questions that are very similar to challenges I face in my daily work as a consultant. Sharing my experience becomes a practical way to help others navigate similar situations. Experience is important not only for solving problems, but also for knowing where to look and how to approach a solution. When I see questions without answers or clear guidance, I try to contribute by sharing practical insights, troubleshooting approaches, and real-world solutions. What do you find most rewarding about being a member of the Microsoft Security Community? What I find most rewarding is knowing that the community played a direct role in shaping my professional journey. Early in my career, I learned extensively through forums, technical discussions, and shared knowledge. That collaborative environment enabled me to grow into increasingly complex enterprise projects. Over the years, I have followed the evolution of Microsoft Security solutions... the community has always been part of that journey. Today, being able to contribute insights gained from large-scale security architectures, identity modernization, and enterprise Microsoft 365 migrations is my way of giving back. Additionally, as a founding member of Microsoft Virtual Academy, I published security-focused technical articles and created my blog to document real-world implementations, always referencing sources and applied knowledge. Speaking of Microsoft Security solutions...which feature or product has provided the most impact? How has it helped you or your customers? The combination of Entra ID Protection with Conditional Access and the unified visibility of Defender XDR (are the Microsoft Security products that have) delivered the greatest impact by reducing compromised credential risks and accelerating incident response through identity, endpoint, and cloud workload correlation. Back to the Microsoft Community- what advice do you have for others who would like to get involved? My advice is simple: start by learning, then share what you have genuinely implemented in practice. The community values real-world experience, technical honesty, and genuine collaboration. It’s not about visibility — it’s about adding value. Be consistent, support others, and document your journey. Impact follows naturally. Linking up with Luca Do you have anything you’d like to promote or recommend? I recommend diving deeper into Intune, Defender, and Exchange Online, especially focusing on the integration between identity, endpoint protection, and email security within a well-structured Zero Trust Where can people get in touch with you or follow your content? LinkedIn: https://www.linkedin.com/in/lucarheller GitHub: https://github.com/LucaARHeller Blog: https://lucaheller.wordpress.com/ Microsoft Tech Community: LucaHeller Please share anything else essential to you. Before thinking about advanced security tools, it is essential to understand how the underlying technologies work. Whether it is something simple like DNS resolution, how authentication flows operate, or how policies are applied across enterprise environments, these foundational concepts are what allow security architectures to be built correctly. For me, combining strong technical fundamentals with modern security technologies and real-world implementation experience is what enables organizations to build secure and resilient Microsoft environments. Luca’s story is a strong reminder of what makes the Microsoft Security Community thrive: practical contributions grounded in real-world experience. Through training, documenting, and showing up to help others, Luca demonstrates how continuous learning and compassion can benefit everyone. The community is better for his continued involvement, and his journey is an invitation for others to participate, share what they’ve learned, and keep strengthening security together. __________________________________________________________________________________________________________________________________________________________________ Learn and Engage with the Microsoft Security Community Log in and follow this Microsoft Security Community Blog. Follow = Click the heart in the upper right when you're logged in 🤍. Join the Microsoft Security Community and be notified of upcoming events, product feedback surveys, and more. Get early access to Microsoft Security products and provide feedback to engineers by joining the Microsoft Security Advisors. Join the Microsoft Security Community LinkedIn Group and follow the Microsoft Entra Community on LinkedIn.
