On June 3, 2025, our colleague and Microsoft Expert Stefan attended ExpertsLive in Utrecht — the largest community-driven Microsoft event in the Netherlands. At spotit, we’re always eager to broaden our perspective and tap into the latest insights from the field. That’s why we’re happy to share Stefan’s key takeaways from this vibrant event.
One of his first observations? While several breakout sessions were dedicated to AI and Microsoft Copilot, it was refreshing to see that AI didn’t dominate the entire agenda. True to its community-driven character, ExpertsLive offered a well-balanced mix of topics, grounded in real-world experiences and practical innovation.
Opening keynote by Sarah Young, (Principal Security Advocate at Microsoft).
On a cheerful note Sarah made a comparison between major train, plane & industry accidents and the trend with security incidents.
As mentioned in the latest Digital Defense report the threat landscape keeps on evolving. The numbers presented by Microsoft are dizzying, with a growth of over 1000% in one year:
Unfortunately, the number of incidents has risen accordingly. This is because lessons are not consistently learned from these incidents. A lot of organizations are still trying to cover up the incidents or take insufficient measures to prevent them from happening again.
Equal to the train & plane industries, we as IT organizations should be transparent about cybersecurity incidents. Only by doing so will result in less victims.
Identity is the new current security perimeter
As phishing attacks are still the top choice for malicious threat actors to get initial access into an organization, many topics are focused around securing identity.
MFA as such is no longer enough to protect your identities against phishing. That’s why Passkeys are now GA in Windows & Entra ID. When implemented correctly, passkeys can replace passwords resulting in a better and safer user experience. There are, as with every new technology, some pitfalls and gotcha’s you need to be aware of before deployment.
Besides protecting the authentication part of the account, the authorization part is the next important thing. Microsoft’s Privileged Identity Management (or PIM) module makes sure the administrative roles are only assigned when required. A couple of new features were introduced, along with some best practices.
Microsoft as magic quadrant Security vendor
I followed 2 more sessions on Microsoft Security technologies which prove Microsoft’s presence as a major security player.
Vulnerability management is out: Exposure Management (or CTEM: Continuously Threat & Exposure Management) is the new big thing. This new type of security management combines threat intel from different vulnerability management sources with a graph approach where all assets are continuously mapped. These maps make attack vector paths visible, focusing on exploitable assets.
As such you’re no longer chasing endless lists of vulnerabilities in which exploitability of a vulnerability is hard to determine.
Especially the feature called choke points in Microsoft’s Security Exposure Management is a differentiator. The asset seen in most attack paths is seen as a choke point, requiring your highest attention.
Community First: Maester.dev !
Eighteen months after its first release, the community framework Maester was showcased to be a very mature and customizable framework to automate your security tests on Microsoft 365 Security.
The framework, which is open source, can be run once or recurringly in a github pipeline.It has built-in templates to test your environment’s security level towards CIS or CISA standards.
Quote:
“It was magnificent to attend this event again and learn from the growing Microsoft Experts community to strengthen our knowledge and refining best practices through shared experiences.” Stefan – Security Engineering at spotit
You want to book a Microsoft Security sparring session?
If you want to learn more about the Microsoft Security portfolio, simply contact Stefan and ask for a deepdive session. He will be happy to share several best practices.
