Global Secure Access: Real-World Examples and Lessons Learned

In this session, we will delve into the practical aspects of deploying global secure access. Through real-world examples, we will explore the strategies and methodologies we used to ensure secure and reliable access across diverse locations and devices. We will also discuss the challenges encountered during these deployments, giving you the possibility to learn from our troubleshooting hours. Attendees will gain valuable insights into best practices and lessons learned, equipping them with the knowledge to tackle similar challenges in their own organizations.

Assembling Azure Arc, Sentinel, Defender for Cloud, and IAM for ultimate Hybrid Cloud security

In today’s hybrid cloud landscape, security is more critical than ever, with threats emerging from anywhere at any time. That’s why it’s time to assemble your ultimate security toolkit.

In this demo-packed session, we’ll bring together the power of Azure Arc, Microsoft Sentinel, Defender for Cloud and Identity and Access Management, each bringing its own superpowers to help you take control of your environment like a true Cloud Avenger.

Discover how these powerful tools and access management can work together to provide deep visibility, unified security management, and advanced threat protection, while reducing lateral movement paths across all your hybrid workloads.

Now, get ready to assemble. It’s time to take your place on the front lines and learn to defend your environment!

Microsoft Token Theft Unveiled: Real-Life Examples and Countermeasures

In today's dynamic threat landscape, adversaries increasingly target tokens over passwords. Join me in this interactive session, where I delve into the functionality and use cases of tokens. I will explore the inner workings of different tokens, how they enable Single Sign-On (SSO) in your environment, and contain permission and authentication claims.

Throughout the session, I will provide a hands-on demonstration of real-life examples of token theft, shedding light on the evolving tactics employed by cyber adversaries.

Key Session Highlights:

Token Functionality: Gain insights into how tokens function, with a focus on access tokens and their role in facilitating SSO within your environment.

Real-Life Examples: Witness practical demonstrations of token theft scenarios, illustrating the potential risks and vulnerabilities associated with this form of attack.

Proactive Measures: Discover proactive measures and detection strategies against token-centric attacks. Learn how organizations can fortify their defenses to mitigate the risks posed by token compromise.

Don't miss this opportunity to enhance your understanding of token security, uncover potential threats, and explore effective defense strategies against evolving cyber threats.

Sentinel's Got Game: Unleashing the Power of 3rd party app integrations

In today's rapidly evolving threat landscape, cybersecurity professionals face the challenge of combating sophisticated attacks while managing complex infrastructures. Microsoft Sentinel has emerged as a leading solution in empowering organizations to detect, investigate, and respond to threats effectively. By integrating third-party applications with Microsoft Sentinel, users can harness the power of a unified security platform that brings together the best tools, insights, and automation.

Key Topics Covered:
- Introduction to Microsoft Sentinel
- The Benefits of Integration
- Extending the Capabilities
- Real-World Use Cases
- Best Practices and Implementation Strategies

Architecting a SOC on top of Microsoft Defender XDR and Microsoft Sentinel

Deploying Defender and Sentinel is easy, but how do you deploy it according to best practices, connect it to the correct products and integrate it within your environment?

This session walks through a sample architecture and showcases some of the design decisions Thijs and Robbe have made in their own Security Operations Center and what kind of issues they have run into.

They will cover multi-tenant setups, Lighthouse authentication, ITSM integration and automation using Logic Apps, Azure Functions, API Management and Azure DevOps

Enhancing Network Visibility with Microsoft Security Tools

Discover how the Microsoft security solutions you probably already rely on today, can help you in getting more visibility into your corporate networks. In this session, we’ll delve into the powerful capabilities of Defender XDR, showcasing how built-in insights can be extended to conduct deeper understanding of your corporate networks, both to identity possible security misconfigurations and detect network related threats.

Network Detection Strategies: Defender for Endpoint and Global Secure Access better together

In this session, we will explore advanced network detection strategies by leveraging the combined power of Microsoft Defender for Endpoint and Global Secure Access. Learn how these tools work together to provide comprehensive security coverage, enhancing your ability to detect and respond to threats across both cloud and on-premise environments. We’ll discuss integration techniques, share best practices, and present real-world examples to illustrate the effectiveness of this unified approach.

From a cloud-only Entra account to Domain Admin - A real-life war story

Join me for a thrilling deep dive into a real-world Purple Team exercise where a Red Team started with nothing more than a cloud-only user—and ended up with Domain Admin. This session unpacks the full attack chain, revealing the clever techniques and lateral movements that made it possible. We’ll dissect each step of the journey through Microsoft Entra ID, Azure, Defender for Cloud, Defender for Endpoint, and Defender for Identity, showing not just how the attack unfolded, but how it was detected and hunted in real time using Microsoft’s security stack. Expect war stories, technical insights, and actionable detection and prevention strategies you can take back to your own environment.

L400 session

B2B access for MSP's - The good, the bad, and the ugly

In this session you will learn how MSP's can use Guest accounts to access customer resources instead of using GDAP. We will talk about the practical challenges, and how we can make guest user access as secure as possible.

L300 session

The transition from Microsoft Sentinel to Defender XDR - War stories

With the introduction of the unified portal for Microsoft Sentinel and Defender XDR, Microsoft is clearly steering organizations toward Defender XDR—gradually shifting features away from Sentinel. But what exactly is changing? What does this mean for your security operations, and how should your organization respond?
Join me for a deep dive into this transition, where I’ll share insights from migrating over 20 tenants to the unified portal. Expect real-world lessons, unexpected challenges, and practical guidance—along with a few war stories and mistakes I’ve made so you don’t have to repeat them.

L400 session