Session Abstract

What you see on your Defender dashboard isn't what attackers see on their target list. One is sorted by severity; the other is sorted by opportunity. Microsoft Defender surfaces every vulnerability, misconfiguration, and exposure in your environment — but deciding which one to address first is where most teams get stuck. Closing that gap is the difference between staying busy and actually reducing risk. This session introduces SecurityInsight, a free, community-built add-on to Microsoft Defender — created by a Microsoft MVP — that helps you see risk the way a hacker would, and act on it the way a defender must — protecting what matters most to the business. Every recommendation across Endpoint, Azure, and Identity is scored on four dimensions: consequence, Tier 0–3 asset criticality, risk factors (Internet Exposure, Verified Secret, Lateral Movement, ExploitSignals, and more), and a customizable Risk Index. ExposureGraph correlates assets, relationships, and attack paths across endpoints and Azure. SecurityInsight uses that data to classify assets and expose risks. Hundreds of ready-made queries and a built-in classification framework get you tagging servers, clients, and Azure resources from day one. For users, service principals, and managed identities, tiers are derived from actual assigned permissions — no static tags — and AI categorizes new Entra, Graph, and Azure roles automatically. After this session you will Think like the hacker - Act like the defender and Fix what matters — first.

Morten Knudsen

Morten is Microsoft Dual MVP (Security & Azure), MCT and holds +20 active certifications. As a Cloud & Security Architect, he is very passionate about Azure Infrastructure, M365, Automation, Security, Hybrid Cloud - and blogs about these topics on mortenknudsen.net. He loves to travel with his family and is a PADI Dive Master & PADI Master Scuba Diver.