Jump to navigation Jump to content

Session

Rethinking Security Prioritization in Defender: Ranking Security Risk with Tier-Based Risk Score

What you see on your Defender dashboard isn't what attackers see on their target list. One is sorted by severity; the other is sorted by opportunity. Microsoft Defender surfaces every vulnerability, misconfiguration, and exposure in your environment — but deciding which one to address first is where most teams get stuck. Closing that gap is the difference between staying busy and actually reducing risk.

This session introduces SecurityInsight, a free, community-built add-on to Microsoft Defender — created by a Microsoft MVP — that helps you see risk the way a hacker would, and act on it the way a defender must — protecting what matters most to the business.

Every recommendation across Endpoint, Azure, and Identity is scored on four dimensions: consequence, Tier 0–3 asset criticality, risk factors (Internet Exposure, Verified Secret, Lateral Movement, ExploitSignals, and more), and a customizable Risk Index.

ExposureGraph correlates assets, relationships, and attack paths across endpoints and Azure. SecurityInsight uses that data to classify assets and expose risks. Hundreds of ready-made queries and a built-in classification framework get you tagging servers, clients, and Azure resources from day one. For users, service principals, and managed identities, tiers are derived from actual assigned permissions — no static tags — and AI categorizes new Entra, Graph, and Azure roles automatically.

After this session you will Think like the hacker - Act like the defender and Fix what matters — first.

Takeaways:
• Why severity ratings alone fail to prioritize real risk
• How consequence, criticality, risk factors, and a customizable Risk Index combine into one score
• How Tier 0–3 prioritization works across Endpoint, Azure, and Identity
• How ExposureGraph powers automated role and resource detection
• How the built-in classification framework and ready-made tagging queries get you started fast
• How permission-based identity tiering replaces static tagging
• How AI keeps tier definitions current as Microsoft adds new roles and permissions

Morten Knudsen

Triple Microsoft MVP (Security, Azure, Security Copilot) | MCT | Security & Cloud Architect | Co-Founder Experts Live Denmark | Speaker | Blogger aka.ms/morten

Kolding, Denmark

Links

Actions

View Speaker Profile

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top