Tatu Seppälä - Upcoming Speaking Engagements

CollabDays Bremen 2026

23/01/2026, Schuppen Eins
Bremen, Germany

Taming the Wild West of Generative AI with Purview and Defender

security

governance

defender

purview

discovery

genai

IT and security teams are struggling to keep up with the explosive growth of "free" Generative AI services. The growing sprawl of new AI tools coupled with their universal attractiveness to people across industries and roles makes it difficult to build guardrails to direct business users to do their work with authorized tools and services. At the same time, ungoverned use of consumer GenAI services exposes business data (including personal data, financial information and intellectual property) to unsustainable data security and compliance risks, while limiting the adoption of authorized enterprise services like Microsoft's Copilot offering. Still, the goal of security teams is not to simply say "no." Rather, it is to sustainably enable business productivity by understanding underlying user requirements and providing secure and authorized tools to get the job done. Seems like a tough challenge to accomplish at scale! Luckily, there are now proven strategies to do just that. Intelligently combining capabilities from Microsoft Purview (Data Loss Prevention) and Defender (Defender for Cloud Apps, Defender for Endpoint) product families can help create technical guardrails that stay current with minimal ongoing manual admin effort while putting organizational policy to practice and keeping users aware of what's expected of them when it comes to utilizing AI services at work. During the session, we'll cover and demo technical topics like: - How to identify and manage ongoing use of GenAI services with Defender for Cloud Apps (MDA) and Defender for Endpoint (MDE) - How to monitor and curtail exfiltration of sensitive business data to consumer GenAI services with Purview Endpoint DLP - How to use Defender capabilities like Advanced Hunting coupled with data from Purview, MDA & MDE to build a granular understanding of the use of GenAI services across roles and departments You will take home easy and clear patterns and practices you can put to use immediately to start getting a grip on GenAI at work. This practical session is especially useful for security responsibles as well IT Pros and admins. It is valuable for anyone with a technical background in Microsoft cloud services.

Adriatics Tech Summit

30/03/2026, Congress Center Hotel Hills
Ilidža, Bosnia and Herzegovina

Supercharge your Endpoint DLP solution design with Advanced Hunting and GenAI

defender

kql

purview

advanced-hunting

genai

Designing a holistic, granular and effective Microsoft Purview Endpoint Data Loss Prevention solution to secure sensitive data exfiltration actions on Windows 10/11 and macOS devices can be a daunting task. The key difficulty - and value! - lies in adapting your solution based on the actual usage patterns from the organization you're working with. To build a truly fit-for-purpose production solution with Endpoint DLP, you'll need to accomlish things like: - Mapping various categories of cloud domains targeted by file uploads and content paste activities - Identify network and local printers that are used commonly for print jobs involving sensitive information - Understanding the often sprawling jungle of network shares used by employees and accounting for them - Discover usage patterns of removable USB media across roles.. and more. All of these tasks get exponentially more complex as the size of the organization grows. There is a way forward though: getting comfortable with KQL in Advanced Hunting and Log Analytics. I'll share and demonstrate how I routinely design and build Endpoint DLP data security solutions for organizations of all sizes using repeatable patterns and practices. We'll also get into how I've found it essential to use Generative AI (doesn't have to necessarily be Copilot!) to speed up a few of the most demanding parts of the Endpoint DLP solution design process. During the session, I'll share my favorite KQL queries and how to vary them to meet your requirements - and how to turn the information you get from them into practical solution design. This session is useful for any IT pro, security architect and data security responsible looking to create or maintain a functional Endpoint Data Loss Prevention solution.

European BizApps Summit 2026

05/05/2026, Confex - Koelncongress
Cologne, Germany

Level up your Dataverse audit logs with Fabric, Sentinel and Power BI

sentinel

power-platform

power-bi

dataverse

fabric

audit

Dataverse and Power Platform audit logs are fundamental to admins and security responsibles, enabling monitoring of unauthorized activity, supporting investigations and enabling the type of transparency and trust required by enterprise platforms. And yeah, they are also very dry and clumsy to work with. Indeed, the specific ways Dataverse auditing is set up leaves room for improvement - long term retention strategies create capacity concerns and tapping into audit logs for analytical purposes can be frustrating. The audit logs generated in Power Platform are also split in two halves - some events in Dataverse itself, others in the Microsoft 365 Unified Audit Log. Through clever use of Dataverse's integration with Fabric and Microsoft Sentinel's ability to tap into the M365 Unified Audit Log - enabled by Defender for Cloud Apps - it has become possible to bring both sides of the Dataverse audit toolkit back together, now infused with powerful analytics and visualization capabilities from Power BI. Join this session to explore novel ways to uncover and analyze trends and anomalies in your Dataverse audit logs to take your Power Platform admin game to the next level!

European BizApps Summit 2026

05/05/2026, Confex - Koelncongress
Cologne, Germany

Secure and sustainable vibe development - top risks and mitigations

security

power-platform

best-practices

risk-management

vibe-dev

Low-code/no-code platforms and AI-assisted tooling have lowered the barrier of entry to solution development for a significant number of people. While this represents a major leap forward in enabling business to create their own tooling and enhance productivity, unchecked "vibe development" also causes significant security and compliance risks, as well as new governance challenges. In this session, we highlight key risks such as authentication failures and authorization misuse, sensitive data leakage and use of vulnerable components, among others. We suggest effective mitigations and remedies for each risk from the Power Platform admin toolkit, showing how to use the latest Microsoft features and capabilities to implement guardrails against the hazards of AI-boosted development. Topics such as MCP server controls, Agent to Agent guardrails and the latest security and governance features for Copilot Studio agentic scenarios will be discussed. If you're a technical specialist, platform responsible or decision maker wondering how to grapple with the temptations and dangers of vibe dev, this session is an excellent fit for you. You will leave with clear action points to explore and implement to help manage relevant risks. The content is informed by the speakers' field experience and the freshly released OWASP Top 10 risks for Citizen Development.

European BizApps Summit 2026

05/05/2026, Confex - Koelncongress
Cologne, Germany

Streamlining Power Platform environment access and security role management with Entra ID

power-platform

best-practices

entra-id

access-management

Does the complexity and clumsiness of access and security role management in Power Platform and Dataverse leave you feeling unsure of how to keep things under control at scale? Do you find yourself wishing you could bring in the familiar and powerful access management and governance functionalities of Entra ID (formerly known as Azure AD) to Power Platform and Dataverse? If so, this is the right session for you! Through demos and insights, I will walk you through a proven, repeatable and easy-to-understand strategy for managing access to Power Platform environments and the Dataverse security roles in them - all powered by familiar Entra ID capabilities and only utilizing native Microsoft features. During the session, I will show you how to.. * Manage Dataverse security roles with Entra ID groups * Control access to Power Platform environments in Entra ID * Clean up security role assignments from stale user accounts * Enable easy an self-service access and role management for environment owners - no admin permissions required! * Implement just-in-time activation (with optional business justification requirements) for System Administrator and other roles - and monitor the use of these roles over time The end-to-end approach I share and demonstrate in this session is based on a set of solutions I've researched, developed, validated and implemented for real organizations over the last years. I will equip you with a set of patterns you can start implementing immediately in your own (or a customer's) organization.

Security & Compliance Architect

Finland

Upcoming Speaking Engagements

Meet Tatu next at

CollabDays Bremen 2026

23/01/2026

Tatu can deliver sessions in

Relevant industries

Connect with Tatu

Important links

Report speaker profile

Thank you for reporting this profile, we are going to review it as soon as possible.