Data Loss Prevention Diaries: Tales from the Trenches

Deploying DLP in Microsoft 365? You’re probably doing it wrong. This session walks you through the real-world lessons from dozens of DLP rollouts - what to avoid, what to monitor, and what actually works when it comes to policy tuning and user behavior. From Exchange to SharePoint to Power Platform, we’ll cover the hidden traps and the winning strategies.

AI Data Exposure Paths in Microsoft 365: What Your AI Can See (and Why)

AI agents in Microsoft 365 do not create new permissions-but they dramatically amplify existing ones. When Copilot, Copilot Studio agents, or Power Platform automations are deployed, data exposure scales instantly across SharePoint, OneDrive, Teams, and connected third-party services.
This session breaks down how AI actually accesses data inside Microsoft 365, mapping real data exposure paths that most organisations don’t realise exist. We’ll explore how permissions, sharing links, connectors, and low-code automation combine to surface sensitive information to AI agents-often unintentionally.
Special attention is given to Copilot Studio and low-code blind spots, where connectors and agent actions can bypass traditional review processes.

Solutions Covered:
• Microsoft 365 Copilot
• Copilot Studio
• SharePoint Online, OneDrive for Business, Microsoft Teams
• Power Platform (Power Apps, Power Automate connectors)
• Microsoft Defender for Cloud Apps
and many more

Bring it into your purview: hard lessons from real Microsoft Purview deployments

Most organizations already own Microsoft Purview through Microsoft 365 E5, but few are getting real value out of it. Purview is powerful. It is also not simple. And when deployments go wrong, the impact reaches far beyond IT. This session draws on repeated, hands-on experience deploying Purview across organizations of varying size and complexity. It walks through six comprehensive field-tested lessons covering both the business and technical realities of making Purview work in production. Not theory, not product overviews. Honest, practical guidance from implementations that succeeded, implementations that stalled, and a few that nearly caused significant business disruption.
We'll connect the dots across the broader Purview ecosystem and the services it depends on, including Microsoft Information Protection, DLP, Insider Risk Management, Purview Audit, DSPM for AI, and how these interact with identity controls like Privileged Identity Management for Purview RBAC. We'll also examine where Microsoft Intune fits in, because Purview depends on endpoint signals and browser extensions to enforce what you configure.
Beyond the technology, this session addresses the organizational challenges that determine whether a Purview initiative succeeds or fails. Ownership, governance models, responsibilities, and the adoption obstacles that surface long before policy configuration becomes the bottleneck.
You'll leave with a clear implementation strategy, a realistic roadmap, and the kind of perspective that only comes from doing this work in production, repeatedly.

Engineering High-Accuracy Data Classification in Microsoft Purview

Out-of-the-box classifiers in Microsoft Purview are built for general use-not for the unique data patterns found in real organisations. The result is often false positives, missed sensitive data, and a lack of trust in security controls.
This technical deep dive explores how to engineer high-accuracy classification models using custom sensitive information types, Exact Data Match (EDM), and trainable classifiers. We’ll cover design principles, testing strategies, threshold tuning, and governance practices that materially improve classification reliability.
Attendees will leave with practical techniques to make classification reflect how their organisation actually stores and uses data.

Solutions Covered:
Microsoft Purview Information Protection data classifiers and explorers

Label Me Impressed: Advanced Sensitivity Labelling Tips

Think you’ve got sensitivity labels sorted? Think again. This session unpacks 20 advanced tips, hidden settings, and real-world label strategies that actually work. You’ll learn how to prevent label collisions, build scalable policies, and avoid common mistakes that undermine your security posture. From auto-labeling to AIP integration, it’s all here.

Mastering Entra ID Security: Strengthening Identity and Access Management with Microsoft Entra

Session Goals:
This session will provide attendees with a deep dive into securing identity and access management using Microsoft Entra ID. We’ll explore best practices for configuring and managing Entra Identity Protection, Conditional Access policies, Multi-Factor Authentication (MFA), and leveraging Zero Trust principles to protect your organisation’s resources. By the end of this session, attendees will gain practical knowledge on how to build a resilient identity security strategy with Microsoft Entra, from threat detection and risk-based authentication to seamless user access controls, ensuring a secure and compliant environment across hybrid and cloud-based infrastructures.
What Makes This Session Unique:
This session goes beyond basic identity management practices by focusing on advanced features and configurations in Microsoft Entra ID. Attendees will learn how to implement risk-based Conditional Access policies, automate identity protection processes, and use machine learning to identify and respond to identity-related threats in real time. The session will also demonstrate how to apply Zero Trust principles to user authentication, enhancing security without compromising user productivity. It stands out by providing real-world, actionable solutions to complex identity management challenges, with an emphasis on automation and proactive security.
Three Key Takeaways:
1. Master Identity Protection – Learn how to configure Microsoft Entra Identity Protection to detect, investigate, and respond to risky sign-ins and user behaviours, reducing exposure to identity-based threats.
2. Leverage Conditional Access for Zero Trust – Gain expertise in setting up risk-aware Conditional Access policies that enforce Zero Trust principles, ensuring only authenticated and authorized users can access sensitive resources.
3. Automate and Enhance Security with AI – Discover how to use Entra's machine learning and automation capabilities to streamline identity management, reduce manual intervention, and proactively address security risks across your organisation.
Session Abstract:
In today’s rapidly evolving digital landscape, securing identities is critical to protecting your organization from cyber threats. This advanced session will dive into the powerful capabilities of Microsoft Entra ID, covering everything from Conditional Access policies to automated identity protection. Attendees will learn how to implement risk-based authentication and integrate Zero Trust strategies to ensure secure, seamless access to resources. With a focus on practical demos and advanced configurations, this session will equip you with the knowledge to strengthen your identity security posture and mitigate risks in real-time. Whether you're securing cloud-based or hybrid infrastructures, this session will provide actionable insights to help you master identity security in Microsoft Entra.

Mastering Microsoft Purview sensitivity labels: the things you only learn the hard way

Sensitivity labels look simple in demos. In production, they're anything but. This session goes well beyond the basics of Microsoft Purview sensitivity labels into how they actually behave across cloud repositories, workstations, and on-prem file shares. We'll break down encryption models, the difference between user-defined and admin-defined permissions, permission templates, and how label policies are evaluated when multiple conditions compete for the same content. More importantly, this session is about what goes wrong and how to get ahead of it. Real-world failures where labels blocked collaboration, encryption broke business processes, and organizations lost access to their own data because the person who encrypted it left and no one planned for that. We'll look at which permissions to assign, which to hold back, and how small scoping mistakes cascade at scale.
We'll also dig into the role of custom sensitive information types and trainable classifiers in auto-labeling, why out-of-the-box classifiers fall short, and the gotchas that cause auto-labeling to either do nothing or encrypt far more than intended. Labeling and classification are the foundation for everything in data security, from DLP to Insider Risk to controlling what Microsoft 365 Copilot can access. If your labels aren't right, nothing downstream works properly. We'll cover how to keep Copilot from surfacing labeled content it shouldn't reach, and why getting this layer right is more urgent than ever. Expect detailed configuration walkthroughs, real production scenarios, and technical depth you won't find in the documentation.

Noise, Noise, Baby: Insider Risk Management Fine-Tuning

You implemented Insider Risk Management - great. But now you’ve got a mountain of noisy alerts, and your team’s ignoring them. This session is your roadmap to IRM precision. Learn how to reduce false positives, create context-aware policies, and prioritize signals that actually indicate risk.

Purview Deep Dive: 25 Proven Tips for the Real World Data Protection

This technical deep-dive session is perfect for IT pros looking to sharpen their expertise with Microsoft Information Protection and sensitivity labelling. Covering the fundamentals and diving into lesser-known aspects, this session will explore the nuances of labelling types, usage contexts, and essential integration strategies with Conditional Access and DLP. Through real-life examples and hands-on insights, we’ll reveal the top 25 facts, caveats, and expert tips for sensitivity labels that you won’t find in standard documentation. This 300-400 level session promises to provide attendees with a well-rounded, actionable understanding of MIP sensitivity labelling that they can implement immediately.

Hidden gems in Entra Conditional Access and design patterns that scale

Most Microsoft Entra ID Conditional Access deployments stop at enforcing MFA and requiring a compliant device. That's where the real risk begins, not where it ends.
In this session, I'll take you beyond the basics into the Conditional Access controls that actually change your security posture. We'll dig into capabilities that most teams either don't know exist or haven't configured correctly, including authentication strengths, authentication contexts, device filters, Continuous Access Evaluation, session controls, token protection, and policies for workload identities and service principals. These are areas that are often ignored but heavily targeted.
I'll also show you settings that are hiding in plain sight. Controls buried in the Conditional Access UI that give you a far higher level of granularity and stronger security than some of the more commonly used built-in options and we'll walk through how to ensure the strongest authentication methods are applied consistently, aligning every policy decision with zero trust principles across the board.
Beyond individual settings, this session tackles a problem almost every environment eventually hits: policy sprawl. Many Conditional Access deployments start strong and then collapse under their own complexity. Duplicate policies, conflicting conditions, and unclear naming turn what should be a security asset into an operational liability. I'll share scalable design patterns for structuring policies so they remain clear, maintainable, and auditable as your environment grows. You'll see real examples of sprawl and exactly how to consolidate it.
We'll also cover the tools and techniques for getting real insight into how your policies are actually behaving, not just how you think they're behaving. And we'll talk about the scenarios no one plans for, like locking out your own global admins, and how to build resilient break-glass access strategies so that never becomes a crisis.
Everything in this session comes from production. Policies that caused outages, designs that didn't scale, and lessons learned the hard way.

Laying the Right Foundation for Effective Data Protection in Microsoft Purview

Many Microsoft Purview deployments fail-not because of tooling limitations, but because organisations skip foundational steps. Teams jump straight to sensitivity labels and DLP policies without understanding what data they have, where it lives, or how sensitive it truly is.
This session focuses on building the foundational data visibility and classification layer required for effective protection across Microsoft 365, endpoints, and cloud data sources. You’ll learn why early discovery and accurate classification directly determine the success of downstream controls like DLP, Insider Risk Management, and eDiscovery.
This is a practical session for anyone planning, redesigning, or recovering a Purview implementation.

Session Level: 300 (Intermediate–Advanced)
Target Audience:
Security engineers, Purview administrators, compliance teams, M365 architects
Solutions Covered:
Microsoft Purview Information Protection, DLP, Insider Risk Management, Audit

Microsoft 365 Copilot under the hood: what it sees, what it leaks, and how to stop it

Microsoft 365 Copilot doesn't introduce new data risk. It exposes the risk you already have. Most organizations preparing for Copilot focus on licensing, adoption, and productivity gains. Very few start with the question that actually matters: what can Copilot see, and should it be able to see all of it? The answer, in almost every environment I've assessed, is no.
This session breaks down how Copilot actually works behind the scenes. How it interacts with the Microsoft Graph, how it retrieves content from SharePoint Online, OneDrive, Exchange Online, and Microsoft Teams, and why permissions, not AI, ultimately determine what it can access. Once you understand the retrieval model, the oversharing problem becomes obvious. And it's a problem that exists in your environment right now, whether you've deployed Copilot or not.
We'll walk through real scenarios where Copilot surfaces sensitive or inappropriate data. Not because the technology is broken, but because access controls were too broad, sharing defaults were never tightened, and no one audited what was actually reachable. We'll also demonstrate how prompt injection attacks can manipulate Copilot outputs and why this is a real concern in enterprise environments, not just a research curiosity. From there, we shift to what you can do about it. Using Microsoft Purview, Defender, Intune, Entra and more, we'll show how to reduce your exposure surface and prepare your environment properly before rolling Copilot out to production users. If you've already deployed it, the same controls apply, they're just more urgent. If you're planning a Copilot rollout or already in one, this session will likely change your approach.

Not secure by default: 20+ Microsoft 365 settings you must fix immediately

Microsoft 365 is not secure out of the box, and attackers know it. Most tenants ship with default configurations that leave critical gaps across identity, email, endpoints, and data protection. These gaps are not hypothetical. They are actively exploited in the wild, and many organizations don't realize they're exposed until something goes wrong.
This session draws on real-world security assessments, incident response engagements, and environments that were either breached or dangerously close to it. I'll walk through more than 20 high-impact security settings across Microsoft Entra ID, Exchange Online, Microsoft Defender for Office 365, Microsoft Intune, Power Platform, and Microsoft Purview that are consistently misconfigured, overlooked, or left at insecure defaults. This session is fast-paced and grounded in what I've seen across production environments, not compliance checklists or vendor documentation. Every misconfiguration is shown with the context of why it exists, what it exposes, and what an attacker does with it. If you're responsible for the security posture of a Microsoft 365 tenant, this is the session that shows you what's likely already wrong in yours.

Securing AI Apps and Agents with Microsoft Purview

As organisations adopt AI-powered applications and autonomous agents, sensitive data is being accessed, generated, and shared in entirely new ways. Traditional data protection models-designed for static users and predictable data flows-are no longer sufficient.
This session explores how Microsoft Purview can be used to secure AI applications and agents end to end. We’ll examine how data flows into and out of AI systems, where new exposure points emerge, and how to apply controls using DSPM for AI, DLP, Communication Compliance, and Insider Risk Management-without stalling innovation.
Rather than focusing on theory, this talk highlights real control patterns, visibility gaps, and governance decisions organisations must make when deploying AI at scale.
Key Takeaways:
• How AI changes data risk models
• Where Purview provides visibility-and where assumptions break
• Practical guardrails for AI-enabled environments

Session Level: 400 (Advanced / Strategic-Technical)
Target Audience:
Security architects, data security leads, compliance leads, AI governance teams, SOC leaders
Solutions Covered:
Microsoft Purview DSPM, DSPM for AI, Data Loss Prevention (DLP), Communication Compliance, Insider Risk Management, Microsoft Copilot integrations

The tenant is the new server: Are you protecting it well enough?

Think your Microsoft 365 tenant is secure? Think again. Most compromises happen because the basics weren’t nailed – identity, devices, data, and governance. This session is your 90-minute crash course on how to lock down the areas attackers love to exploit.

We’ll break down the Microsoft security stack that matters: Entra ID, Intune, Defender XDR, and Purview. No marketing fluff, no endless theory – just the hard-hitting controls and configurations that make the biggest impact.

Walk away knowing exactly where to focus your time and budget to prevent business compromise.

Women in Tech: Real Stories, Real Change

A session for everyone who wants to build a more inclusive tech industry

If you've ever assumed a Women in Tech panel wasn't for you — this one is.

Whether you're a woman navigating the realities of a male-dominated industry, or a man who wants to be a better colleague, mentor, or ally, this session was built with you in mind. It is not a conversation about women for women — it is a space for everyone who cares about creating a more equitable, supportive, and empowering tech environment.

Bringing together a group of experienced women from across the tech industry, this honest, story-driven session explores the real barriers women face in tech — from confidence gaps and stereotyping to workplace culture, trust in emerging technologies, and the painful moments that make people question whether they belong at all.

Every panellist brings a turning point — a moment where things shifted, where support arrived, or where they found their voice. And crucially, every story comes with something you can do with it — practical takeaways and a clearer picture of what real, meaningful change looks like in your team, your organisation, and your day-to-day decisions.

Each panellist tackles a distinct topic, drawing on personal experience to explore themes including:

- Navigating male-dominated environments and finding your footing
- The gender gap in AI adoption — why trust matters
- Confidence, stereotyping, and how to push through both
- The power of male allies — and why this conversation needs more of them
- How to pitch yourself in 60 seconds and truly mean it
- Security, trust, and the broader picture for women in tech

Moderated by Peter Rising, the session closes with a set of actionable takeaways — concrete things attendees, allies, and organisers can do to help build a more inclusive tech industry for everyone.

Moderator: Peter Rising
Panellists: Ewelina Paczkowska · Nikki Chapple · Effie Antoniadi · Aasne Holtklimpen · Jacqueline Stockwell

Lessons Learned from Real Microsoft Purview Implementations

Microsoft Purview is a powerful platform-but implementing it successfully in real environments is rarely straightforward. Across multiple deployments, the same challenges, mistakes, and misconceptions appear again and again.
In this session, I’ll share hard-earned lessons from real Microsoft Purview implementations: what consistently works, what often fails, and why. Topics include stakeholder alignment, user adoption, classification accuracy, policy design, and operational maturity.

This session covers both strategic/ business and technical lessons from implementations

Intune and Purview – Better Together

Purview protects data - but only if your devices play by the rules. Enter Intune.
This session shows how Intune enables successful Purview deployment, from onboarding devices into Defender and Purview, to deploying the Purview Browser Extension, to enforcing DLP and Insider Risk policies at the endpoint.
I’ll also cover how Intune can help control Shadow AI tools before they leak sensitive data.
If you want to make Purview actually effective across your environment, Intune is the missing piece - and this session shows exactly how to use it.
Technologies Covered
• Microsoft Intune
• Purview Data Loss Prevention (DLP)
• Purview Insider Risk Management

Shadow AI Is the New Shadow IT: Spot It, Stop It, Secure It

AI is in your org - whether you like it or not. This session explores how generative AI tools like ChatGPT, Copilot, and third-party browser extensions are creating new data exfiltration risks. Learn how to detect shadow AI use, secure data access, and create guardrails for responsible AI adoption across Microsoft 365.

Secure Your M365 Tenant Like a Boss (Admin Tips You’ll Thank Me For)

Think your Microsoft 365 tenant is secure? Think again. This session delivers 20+ hard-earned lessons from the field to help you truly lock down your M365 environment. We’ll go deep into the hidden settings across Microsoft 365 admin centers - Entra, Intune, SharePoint, Teams, and beyond - and reveal the real-world misconfigurations, permission pitfalls, and policy blind spots you didn’t know you had. Skip the fluff and leave with actionable steps you can apply immediately.

Zero to Hero: Adaptive Protection with Insider Risk Management and Conditional Access

In today’s threat landscape, insider risks - from data theft to inadvertent leaks - pose significant security challenges. This advanced session dives into Microsoft’s latest adaptive protection capabilities, using Insider Risk Management and Conditional Access to dynamically mitigate these risks. Through demonstrations, attendees will see firsthand how to configure context-aware policies that respond to specific user behaviours, applying appropriate access restrictions while maintaining productivity. We’ll also cover best practices for leveraging machine learning to identify critical risks, enabling you to automate responses that protect sensitive information. This 300-400 level technical session promises actionable insights for securing against insider threats with innovative Microsoft tools.

Zero to Hero: Adaptive Protection with Insider Risk Management and Conditional Access

In today’s threat landscape, insider risks - from data theft to inadvertent leaks - pose significant security challenges. This advanced session dives into Microsoft’s latest adaptive protection capabilities, using Insider Risk Management and Conditional Access to dynamically mitigate these risks. Through demonstrations, attendees will see firsthand how to configure context-aware policies that respond to specific user behaviours, applying appropriate access restrictions while maintaining productivity. We’ll also cover best practices for leveraging machine learning to identify critical risks, enabling you to automate responses that protect sensitive information. This 300-400 level technical session promises actionable insights for securing against insider threats with innovative Microsoft tools.

Zero to Hero: Adaptive Protection with Insider Risk Management and Conditional Access

Whether you’re new to insider risk management or an experienced IT pro, this session will empower you to protect your organisation from internal threats with Microsoft’s adaptive protection solutions. Insider risks can lead to data leakage, IP theft, and compliance violations, but traditional security measures often miss these threats. We’ll explore how to use Microsoft Purview’s machine learning-powered insights and Entra Conditional Access to identify high-risk user activities in real-time, dynamically adjusting policies based on insider risk signals. This “zero to hero” journey will give you the skills to configure effective, context-aware security controls that maintain productivity while proactively mitigating insider risks.

Zero to Hero: Adaptive Protection with Insider Risk Management and Conditional Access

In today’s threat landscape, insider risks - from data theft to inadvertent leaks - pose significant security challenges. This advanced session dives into Microsoft’s latest adaptive protection capabilities, using Insider Risk Management and Conditional Access to dynamically mitigate these risks. Through demonstrations, attendees will see firsthand how to configure context-aware policies that respond to specific user behaviours, applying appropriate access restrictions while maintaining productivity. We’ll also cover best practices for leveraging machine learning to identify critical risks, enabling you to automate responses that protect sensitive information. This 300-400 level technical session promises actionable insights for securing against insider threats with innovative Microsoft tools.