Rich Lilly

Credential Exposure Risk & Response Workbook techcommunity.microsoft.com/blog/microsoft…

@JoeTrec @0x534c I consented in my lab as a GA just for myself :) As far as I can tell you can't see the calling user if they just use their corp account (could be personal, team, etc). So you may want to build in further logic/CA policies to enforce from SSO/corp-device.

@richlilly @0x534c Did you just build the service principle and disable? Currious on implementation, next trying to see if there’s a way to determine personal vs teams/enterprise account.

🚨 M365 Connector for Claude: Who’s Accessing Your Workloads? Using the Defender XDR GraphAPIAuditEvents schema, I built a KQL query to list Entra users accessing Microsoft 365 workloads via the Claude connector and the specific workloads they touch. Once enabled, this connector allows Claude to directly access SharePoint, OneDrive, Outlook, and Teams — a powerful capability that demands governance oversight. For defenders, this query provides actionable visibility into who is using the connector and what information they are accessing, helping SecOps teams monitor adoption pressure, enforce governance policies, and ensure connector risks are managed before they escalate. KQL Code: github.com/SlimKQL/Detect… #Cybersecurity #M365ConnectorClaude #Entra #Governance

AI didn’t create new risk. It accelerated identity risk. Cowork operates with delegated user permissions—and most orgs can’t clearly see that behavior once it’s enabled. So we built a Defender XDR + Sentinel visibility layer. #MicrosoftSentinel #DefenderXDR #MXDR #ClaudeCowork

@RSeso2 @0x534c One is MCP server, other is MCP client. They are hardcoded.

@0x534c Why are there two ApplicationIds and are they constant (hardcoded)?

@ellishlomo Its not $0 vs $30, that’s the wrong comparison. Claude is AI reading M365 data externally. Copilot is AI embedded in your workflows with Microsoft Entra ID & Purview controls. Same data via Microsoft Graph, very different operating model. This is friction vs control, not price.

Interesting. Anthropic just wired Claude into Outlook, SharePoint, OneDrive, and Teams and made it available on every plan, including Free. Read that again. Anthropic is offering access to your Microsoft 365 data through Claude for $0. Microsoft is charging $30 per seat for Copilot to access the same emails, documents, and Teams threads, and they are the ones who built and approved the connector in the first place. Until now, the M365 connector was locked behind the Claude Team and Enterprise tiers. That changed today. Why? Because the math changed. There are around 400 million paid M365 seats, and the incumbent AI layer costs $30 per user per month. Now there is a free alternative tapping into the same data. Copilot adoption reflects that friction. As of early 2025, Microsoft reported around 2 million paid Copilot seats, which is well under 1 percent of eligible users. The value proposition has not been strong enough to justify the premium, especially when the AI can still hallucinate over your own calendar and documents. Anthropic saw the other 99 percent and built a front door. The company offering $0 access to your work data will onboard faster than the one charging $30 for summarization. Claude is now riding on Microsoft’s own infrastructure, and Microsoft signed off on it. What about the security part? Well, that's for the next post.

Blocking AI is easy. Governing it is where most organizations fail. The real risk isn’t the model. It’s when a user clicks Always allow and AI acts as them across M365. Most orgs haven’t thought that through. linkedin.com/pulse/blocking… #AI #Security #M365 #Entra #ZeroTrust #MXDR

Upgrade from basic MFA to phishing-resistant credentials with passkeys, so attackers can’t exploit stolen codes or credentials. Get started with Microsoft Entra ID. youtu.be/36nIaSBJ7_U Secure sign-in across all your devices without relying on passwords or extra apps using passkeys in Microsoft Entra. Register, sync, and use passkeys with just your device’s camera and biometrics, making authentication seamless, fast, and phishing-resistant. As an admin, control who uses which passkey type, streamline recovery with Verified ID, and automatically remediate risk in real time. #SyncedPasskeys #microsoftsecurity #azureactivedirectory #microsoftentraid #entra #microsoft

With the recent release of Copilot Cowork & today the Claude Cowork M365.connector, you need to think about getting your house in order before enabling your next agentic worker or tool. This isn't resistance, look at this as responsible AI foundations. linkedin.com/pulse/new-insi…

@EagleIntelMari @grok @claudeai While the plumbing is simply in theory, it does introduce enterprise risk. Many are sprinting to Claude and Copilot and Cowork #bcshinyobject without getting their foundations in order first. Don't read this as me against it, I'm for it, responsibily.

@EagleIntelMari @grok @claudeai There's a lot to consider. Overpermissive Graph permissions lead to exposure. SharePoint/Onedrive alone, you then create a route to an ungoverned solution (if not an ent app) & content can flow. Same with Excel. And we haven't even gotten to token usage/cost management.

Microsoft 365 connectors are now available on every Claude plan. Connect Outlook, OneDrive, and SharePoint to bring your email, docs, and files into the conversation. Get started here: claude.ai/customize/conn…

@lemire @kaidja Enable edit mode. Or go use Cowork 😀

I am in Microsoft Word. I press Copilot. I ask for a table. The AI can't modify the Word document so it creates a new document in the cloud. It then allows me access the document through a link. Presumably I am supposed to go there, copy the table and put it in my Word document myself. Who designed this ? This is so obviously a low-effort implementation that I am baffled. It is almost as if they wanted to fail. Why can't Microsoft see that having direct access to Microsoft Word is an incredible edge that they could leverage to embed the AI directly? It is almost comical.

This has a been a long time coming - Finally Entra ID officially supports synced passkeys, not in preview but in GA! #general-availability---synced-passkeys-in-microsoft-entra-id" target="_blank" rel="nofollow noopener">learn.microsoft.com/en-us/entra/fu…

@EagleIntelMari @grok @claudeai Any graph call will be seen at the entra layer and yes that will also be seen in either corp or byo device scenario in audit and sign in logs (if using graph)

@grok @claudeai If that is done via browser, will that be noticed still by org?

@devashishup @claudeai @AnthropicAI @Microsoft This is where having your ai governance layer will be critical. Read Agent 365.

@claudeai Curious how teams are thinking about testing this. Once Claude touches Outlook and SharePoint, every new connector = new ways for agents to behave unexpectedly at enterprise scale. The access is great - the test coverage question is harder. @AnthropicAI @Microsoft

A Microsoft security program sent an automated email saying which users will lose access. The unfortunate thing is replying to the email will result in it being forwarded to everyone. Initially i hated it, but now its escalating and im loving this.

@richlilly presenting at the user group on Microsoft security and compliance #microsoft

@chsmug in-person is back. Join @richlilly on Zero Trust and Scott Schmidt from MIcrosoft on Windows 365, NextGen Windows. eventbrite.com/e/csmug-july-2… #Chicago #Microsoft #usergroup

ICYMI- Check out the replay of yesterday's panel discussion on security, risk and investing with AI, brought to you by @IPOEdge. yhoo.it/3HXPuVF

We’re ready for #LegalSec2023! Rich Lilly (@richlilly) and I are at table 16 in the Grand Ballrom 6. Come say hello and chat with us about how we can help meet your #security needs.