MMS 2026 at MOA: Full Schedule

Please select your sessions ASAP as it helps us know which sessions to repeat.

1:00pm CDT

Mastering Entra ID Privileged Identity Management: Essential Strategies

Monday May 4, 2026 1:00pm - 2:45pm CDT

Description:
Privileged Identity Management (PIM) in Microsoft Entra ID is crucial for securing administrative access and mitigating risks. Gain insights into PIM's role, its significance, and effective implementation strategies. Topics include setup, activation workflows, governance best practices, and advanced features such as access reviews, custom roles, and privileged access groups. Discover methods for enforcing step-up authentication and reauthentication for sensitive operations to ensure organizational compliance and security.

What you will learn:

Understand the vital role of PIM in enhancing identity security within your organization.
Implement and manage PIM effectively to streamline administrative access and minimize risks.
Apply governance strategies and best practices to optimize your PIM implementation.
Learn how to enforce step-up authentication and reauthentication for critical operations to bolster security.

Speakers

Maurice Daly

Microsoft MVP, Senior Security Architect, Patch My PC

Maurice has been working in the IT industry for the past 25 years. His focus is on the areas of Windows deployment, device management, Entra ID security, and secure productivity. Maurice has been an MCSE since 2008 and received his first MVP award in Enterprise Mobility (now Security... Read More →

Jan Ketil Skanke

MVP Security, Principal Cloud Architect, COO, CloudWay

Monday May 4, 2026 1:00pm - 2:45pm CDT
Lakes A

Security, Identity Management

1:00pm CDT

Shadow AI: Spot, Stop, Secure

Monday May 4, 2026 1:00pm - 2:45pm CDT

Minnetonka A

Description:
Generative AI tools like ChatGPT and Copilot pose new data exfiltration risks within organizations. Identify common entry points and learn to detect and monitor shadow AI usage in Microsoft 365. Gain insights into how AI alters data access patterns, often bypassing traditional security controls. Implement practical guardrails for responsible AI adoption, ensuring a balance between security, compliance, and productivity.

What you will learn:

Recognize key shadow AI entry points, including ChatGPT and Copilot misuse that present data exfiltration risks in Microsoft 365 environments.
Learn to detect and monitor unsanctioned AI usage leveraging Microsoft 365 and Defender telemetry, even outside approved workflows.
Understand the impact of AI on data access and exfiltration patterns, highlighting gaps in traditional controls for AI-assisted leakage.
Gain practical guardrails for responsible AI adoption, balancing security, compliance, and productivity without hindering legitimate AI use.

Speakers

Rod Trent

Senior Product Manager, Microsoft

Rod Trent is a Senior Product Manager and Security MVP Lead for Microsoft where he focuses on the intersection between Security and AI. In his spare time, Rod writes KQL queries, authors fiction and non-fiction books, tells proud stories about his grandkids, brags about his Six Million... Read More →

Ewelina Paczkowska

Data Security & Governance Lead, Threatscape

MVP, Data Security & Governance Lead, Microsoft 355 Security & Compliance User group co-organiser, creator of welkasworld.com

Monday May 4, 2026 1:00pm - 2:45pm CDT
Minnetonka A

Security, Artificial Intelligence

8:00am CDT

The PAW Survival Guide: Deploying Secure Admin Workstations in Real Environments

Tuesday May 5, 2026 8:00am - 9:45am CDT

Nokomis BC

Description:
Design and deploy Privileged Access Workstations (PAWs) effectively within real-world settings. Focus on practical architectures, common pitfalls, and lessons from field implementations. Gain insights on integrating PAW into current identity and security frameworks while minimizing risks, especially within Zero Trust models. Real-world examples will empower attendees to scale their deployment strategies for enhanced security and usability.

What you will learn:

Understand practical PAW architecture and adapt it to real-world environments and constraints.
Integrate PAW into existing identity and security models, including Zero Trust approaches.
Gain real lessons from the field for designing, deploying, and operating Privileged Access Workstations at scale.
Identify common deployment pitfalls and learn proven strategies to avoid or mitigate them.

Speakers

Mikael Nyström

Microsoft MVP, Geek, Truesec

I am veteran of the industry and I can honestly tell you that I am not your regular consultant. I change wrong into right and explain the “why” behind it to make sure that you, my client, understands, trust, and buys-in to the path that we continue on. As a long time Microsoft... Read More →

Tuesday May 5, 2026 8:00am - 9:45am CDT
Nokomis BC

Security, Endpoint Security

10:00am CDT

Every Device as a Security Boundary: Secure by Design

Tuesday May 5, 2026 10:00am - 11:45am CDT

Cedar

Description:
Take ownership of your identity control plane with Microsoft Entra ID, focusing on device security. Analyze real-world security profiles like ENT, SAW, and PAW, and implement phishing-resistant authentication using FIDO2 and Windows Hello for Business. Discover how device tagging, Intune filters, and automated conditional access policies can establish a scalable, secure, and enforceable identity model for Windows 365 Cloud PCs, virtual machines, and physical devices.

What you will learn:

Understand how devices shape trust and security boundaries.
Implement phishing-resistant authentication standards for all device types.
Leverage device tags and filters to simplify Intune management.
Automate conditional access to ensure consistent identity control.

Speakers

Kent

Security Principal | Microsoft Regional Director | twoday, MMS Staff

Love to talk about anything related to Enterprise client management, Security and digital transformation.

Morten Knudsen

Triple Microsoft MVP (Security, Azure, Security Copilot) | MCT | Security & Cloud Architect | Co-Founder Experts Live De, 2LINKIT

Morten is a Triple Microsoft MVP (Security, Azure, and Security Copilot), a Microsoft Certified Trainer, and holds over 17 active Microsoft certifications.

As a Cloud and Security Architect, he focuses on Azure infrastructure, Microsoft 365, automation, security, AI, and hybrid cl... Read More →

Tuesday May 5, 2026 10:00am - 11:45am CDT
Cedar

Security, Security Management

3:00pm CDT

From Meh to Meaningful: A Practical Guide to Microsoft Secure Score

Tuesday May 5, 2026 3:00pm - 4:45pm CDT

Cedar

Description:
Secure Score serves as a strategic tool for Security Admins to evaluate and enhance their organization's security posture. This session clarifies what Secure Score measures, its context, and the risks of pursuing a perfect score. Gain insights on effectively leveraging Microsoft capabilities for meaningful metrics, aligning security efforts with business risks, and using Secure Score as a strategic decision-making tool instead of just a compliance checkbox.

What you will learn:

Discover how Secure Score enhances visibility into your security posture and aids in risk-based decision-making.
Recognize the overlap between Intune and Security admins, emphasizing the importance of collaboration over competition.
Utilize existing resources effectively, avoiding the need for numerous additional agents.
Gain practical strategies to transform Secure Score insights into meaningful actions that align with organizational goals.

Speakers

Maurice Daly

Microsoft MVP, Senior Security Architect, Patch My PC

Carrie Cook

Security Evangelist, Patch My PC

Tuesday May 5, 2026 3:00pm - 4:45pm CDT
Cedar

Security, Security Management

8:00am CDT

Agentic Threat Hunting with Microsoft Sentinel: From MCP Server to Graph Insights

Wednesday May 6, 2026 8:00am - 9:45am CDT

Cedar

Description:
Develop a comprehensive threat-hunting strategy that integrates MCP Server for natural-language analysis with graph-driven investigations in Microsoft Sentinel. Learn to transform KQL queries into reusable MCP tools and connect them with Copilot or custom agents. Use entity mapping and User and Entity Behavior Analytics (UEBA) to uncover connections between identities, hosts, IPs, and apps while navigating through realistic incident scenarios.

What you will learn:

Operationalize agentic hunting: Transform your team's common KQL queries into reusable MCP tools, enhancing efficiency with Copilot integration.
Think in graphs, not tables: Navigate complex relationships (Account ↔ Device ↔ IP ↔ App) to speed up triage and root-cause analysis.
Fortify your ingestion pipeline: Gain insights on normalization (ASIM), enrichment, and cost control within the Sentinel data lake.
Implement a rollout checklist covering roles, permissions, change management, and metrics to ensure successful adoption of graph and MCP.

Speakers

Sergey Chubarov

Ethical Hacker

Sergey Chubarov is a Security and Cloud Expert, Instructor with 15+ years' experience on Microsoft technologies.

His day-to-day job is to help companies securely embrace cloud technologies.

He has certifications and recognitions such as Microsoft MVP: Security, OSCP, OSEP, eCPPT, e... Read More →

Rod Trent

Senior Product Manager, Microsoft

Wednesday May 6, 2026 8:00am - 9:45am CDT
Cedar

Security, Threat Hunting

8:00am CDT

Zero Trust Fundamentals: From Concept to Action

Wednesday May 6, 2026 8:00am - 9:45am CDT

Lakes B

Description:
Zero Trust represents a strategic mindset, not merely a product. Gain clarity on the Zero Trust concept and translate Microsoft's Zero Trust Framework into actionable steps. Learn to conduct an As-Is analysis, define a To-Be state, and prioritize security actions that yield tangible improvements. Discover practical methods to secure identities, devices, and resources using tools like Entra, Intune, Defender, Azure, and M365 for a robust security posture.

What you will learn:

Understand the fundamental principles of Zero Trust and their critical importance.
Execute an As-Is analysis to design your future (To-Be) security architecture.
Establish a prioritized roadmap for your Zero Trust implementation journey.
Apply risk-based access strategies backed by real-world case studies and examples.

Speakers

Andreas Sobczyk

Partner & Principal Consultant, twoday A/S

Andreas is a Principal Consultant at twoday, focusing Azure adoption, platform engineering and DevOps helping global customers accelerating there cloud journey and maximize the potential of the platform. Also being co-founder of Cloud and Datacenter User Group Denmark, Andreas has... Read More →

Kent

Security Principal | Microsoft Regional Director | twoday, MMS Staff

Love to talk about anything related to Enterprise client management, Security and digital transformation.

Wednesday May 6, 2026 8:00am - 9:45am CDT
Lakes B

Security, Security Strategy

10:00am CDT

Real-World Insights from Microsoft Purview Implementations

Wednesday May 6, 2026 10:00am - 11:45am CDT

Cedar

Description:
Implementing Microsoft Purview effectively can be complex, with common challenges often arising during deployments. Discover hard-earned lessons that highlight what consistently works, common pitfalls, and critical factors like stakeholder alignment and user adoption that drive success. Topics include achieving classification accuracy, designing effective policies, and enhancing operational maturity, providing actionable insights for successful Purview implementations in your own environments.

What you will learn:

Identify critical pitfalls in Microsoft Purview implementations, focusing on mistakes in scoping, sequencing, and stakeholder alignment that derail projects early.
Understand how user adoption and classification accuracy are vital for long-term success, and how poor foundations can undermine DLP and Insider Risk controls.
Learn effective strategies from real-world Purview deployments based on practical experiences rather than theoretical models or marketing guidance.
Gain actionable recommendations to accelerate Purview maturity, covering everything from policy design to operational processes to implement immediately.

Speakers

Rod Trent

Senior Product Manager, Microsoft

Ewelina Paczkowska

Data Security & Governance Lead, Threatscape

MVP, Data Security & Governance Lead, Microsoft 355 Security & Compliance User group co-organiser, creator of welkasworld.com

Wednesday May 6, 2026 10:00am - 11:45am CDT
Cedar

Security, Implementation Strategies

10:00am CDT

Rethinking Security Prioritization in Defender: A Tiered Risk Score Approach

Wednesday May 6, 2026 10:00am - 11:45am CDT

Nokomis BC

Description:
Facing an overwhelming volume of high and critical recommendations in Defender can hinder effective security management. This session presents a tier-based risk analysis model that integrates security impact with real-world consequences to generate a custom risk score, mapped into actionable priority tiers (Tier 0–3). Learn how relying solely on severity fails prioritization and how to align remediation efforts with business-critical assets for streamlined decision-making.

What you will learn:

Understand why relying solely on high and critical severity is insufficient for effective prioritization.
Learn to calculate risk using impact assessments and real-world consequences for more informed decisions.
Utilize Tier 0–3 to effectively rank and prioritize actionable security recommendations.
Align security actions strategically with business-critical assets to ensure focused remediation efforts.

Speakers

Morten Knudsen

Triple Microsoft MVP (Security, Azure, Security Copilot) | MCT | Security & Cloud Architect | Co-Founder Experts Live De, 2LINKIT

Blake Cherry

Principal in Cybersecurity & Enterprise Technology, West Monroe

Blake is a Principal in West Monroe's Technology practice, operating out of Chicago, IL. Known for accelerating the delivery of best practice infrastructure by leveraging infrastructure as code, his expertise lies in Azure, Microsoft 365, and Infrastructure Automation, with a specialized... Read More →

Wednesday May 6, 2026 10:00am - 11:45am CDT
Nokomis BC

Security, Risk Assessment

1:00pm CDT

Governing GenAI: Monitoring and Securing Copilot with Microsoft Purview

Wednesday May 6, 2026 1:00pm - 2:45pm CDT

Cedar

Description:
GenAI enhances productivity but introduces new data security and compliance challenges. Utilize Microsoft Purview as the control plane to address these risks. Explore strategies for mapping issues like sensitive prompts, data exfiltration, and insider misuse to Purview controls, including sensitivity labels, DLP policies, and insider risk signals. Develop a comprehensive approach to safeguarding sensitive data while maximizing the benefits of GenAI and Copilot.

What you will learn:

A practical blueprint to align GenAI and Copilot risks with Purview controls such as Labels, DLP, Insider Risk, Audit, and eDiscovery.
Create a lightweight monitoring view using Purview Audit to track Copilot activity, policy hits, and identify false positives.
Implement policy patterns to prevent sensitive data exposure in prompts and outputs while stopping exfiltration avenues.
Develop a phased rollout plan incorporating cohorts, simulation modes, and metrics to ensure a balance between productivity and security.

Speakers

Sergey Chubarov

Ethical Hacker

Rod Trent

Senior Product Manager, Microsoft

Wednesday May 6, 2026 1:00pm - 2:45pm CDT
Cedar

Security, Artificial Intelligence

1:00pm CDT

Transitioning to Zero Trust: Entra Private Access for Always On VPN Admins

Wednesday May 6, 2026 1:00pm - 2:45pm CDT

Nokomis BC

Description:
Microsoft Entra Private Access represents a robust identity-based Zero Trust Network Access (ZTNA) solution, enhancing security for both on-premises and cloud resources. Discuss the key similarities and differences between Always On VPN and Entra Private Access, alongside coexistence strategies and migration pathways for administrators aiming to implement this advanced service.

What you will learn:

Explore key use cases for Always On VPN and Entra Private Access to enhance your security strategy.
Identify practical coexistence scenarios and potential technology conflicts that may arise during the transition.
Acquire a clear migration roadmap that guides the transition to full Zero Trust Network Access, serving as a legacy VPN replacement.
Learn best practices for integrating Entra Private Access while leveraging existing VPN infrastructure for seamless adaptation.

Speakers

Richard Hicks

President, Richard M. Hicks Consulting, Inc.

Richard Hicks is the founder and principal consultant at Richard M. Hicks Consulting, Inc. A Microsoft Most Valuable Professional (MVP) with more than 30 years of experience implementing secure remote access and public key infrastructure (PKI) solutions, he is a widely recognized... Read More →

Wednesday May 6, 2026 1:00pm - 2:45pm CDT
Nokomis BC

Security, Network Security

8:00am CDT

Endpoint Data Loss Prevention: Safeguarding Sensitive Information

Thursday May 7, 2026 8:00am - 9:45am CDT

Lakes A

Description:
Effective information protection hinges on a comprehensive strategy, with endpoint Data Loss Prevention (DLP) as a cornerstone in securing sensitive data. Examine essential security aspects, including common pitfalls, data classification techniques, and varying DLP rules' effectiveness. Delve into endpoint DLP, recognizing endpoints as the first touchpoint for sensitive information, while exploring retention strategies and integrating with third-party solutions, notably Defender for Cloud Apps.

What you will learn:

Identify endpoint DLP as a vital layer of defense against data breaches.
Learn how data classification strengthens overall information security.
Understand retention strategies for ensuring long-term data protection.
Explore effective integration of DLP with third-party solutions like Defender for Cloud Apps.

Speakers