Year in Review - Cloud Security in 2025
The year’s winding down and I wanted to take a bit of time to reflect on what 2025 has been. Personally and professionally, it’s been one of the busiest years I can remember — and I mean that in the best way. So grab a cuppa and I’ll talk through where we’ve been and where I think we’re heading.
The Security Trends That Defined 2025
AI Everywhere — Including in Security
I don’t think anyone quite predicted how fast AI would go from “interesting experiment” to “embedded in everything.” Security Copilot went from early adoption to something I’m now seeing in production environments regularly. The autonomous agents announced at Ignite feel like the next logical step — having AI handle the repetitive triage work so analysts can focus on the stuff that actually needs a human brain.
It cuts both ways though. Attackers are using AI too, and the sophistication of phishing campaigns has noticeably stepped up. Personalised, contextually aware phishing emails that would fool experienced security professionals — that’s where we are now. The barrier to entry for creating convincing social engineering attacks has dropped off a cliff.
Identity-First Security Became the Default
I’ve been banging on about identity being the new perimeter for years now, and 2025 felt like the year the industry finally caught up. The conversations I’m having with customers have fundamentally shifted. Five years ago, I’d spend meetings trying to convince people that identity security mattered. Now the conversation starts with identity and works outward from there. That’s proper progress.
Entra ID keeps maturing as a platform, and the Entra Suite expansion into network security with Private Access and Internet Access has been one of the more interesting developments this year. Microsoft’s vision of a unified identity and network access platform is starting to feel tangible.
Token Theft — The Threat That Kept Growing
If one security issue dominated my year, it was token theft and adversary-in-the-middle phishing. I’ve lost count of the conversations I’ve had about this. Traditional MFA is no longer enough — that’s not scaremongering, it’s just where things are. Attackers have industrialised AitM attacks and the toolkits are widely available.
The push towards phishing-resistant authentication (FIDO2, passkeys, certificate-based auth) has picked up speed, but honestly, most organisations are still in the early stages of getting it deployed. This is going to be a multi-year journey for many.
Personal Highlights
MVP Renewal
I was fortunate enough to have my Microsoft MVP award renewed again this year. I never take this for granted — it’s recognition of community contribution and I’m really proud of it. The MVP community continues to be one of the best professional networks I’m part of. The access to product teams, the early insight into roadmaps, and most importantly the friendships with other MVPs around the world — it’s something a bit special.
Blog Growth
This blog’s grown more than I expected. Traffic roughly doubled compared to 2024, and some posts I’ve written got picked up and shared far more widely than I anticipated. The Conditional Access and Defender for Cloud posts continue to be the most popular, but some of the identity governance content has really resonated too. Thank you to everyone who reads, shares, and reaches out with feedback — it makes the effort worthwhile, it really does.
Events and Speaking
2025 was a busy one on the events front. Ignite in November was the highlight as always, but I also got the opportunity to speak at several community events throughout the year. The Microsoft Cloud Security User Group continues to go from strength to strength, and the sessions we’ve run this year have been some of our best. Massive thanks to everyone who’s presented, attended, or supported the group.
I also attended some fantastic community-run conferences. The quality of content from the community never fails to impress me. People sharing knowledge freely, helping each other out — I don’t think I’ll ever get tired of that.
Certifications and Learning
Picked up a couple of new certifications this year and renewed several others. I won’t list them all, but the SC-300 renewal was a good reminder of just how much Entra ID has changed. If you haven’t looked at the exam content recently, it’s worth checking — it’s evolved a lot to cover the newer capabilities.
What I’m Looking Forward to in 2026
A few things I’m excited about heading into the new year:
- Phishing-resistant auth at scale — I reckon 2026 is the year passkeys go mainstream in enterprise. The tooling is ready, the user experience is there, and the threat environment demands it. Looking forward to helping more organisations make this transition.
- Security Copilot agents maturing — The potential for autonomous security agents is huge, but we need to see them battle-tested in production. I expect 2026 will be when that happens.
- Exposure Management adoption — Now that it’s GA, I think Exposure Management is going to change how organisations think about and communicate security posture. Planning to do a lot more work with this.
- More community content — I’ve got plans for the blog, the user group, and a couple of other projects I’m not quite ready to share yet. Watch this space.
Thank You
I want to end by saying thank you. To everyone who reads this blog, attends the user group, shares content, asks questions, and generally makes the cloud security community what it is. None of this happens in isolation, and I’m grateful for every conversation, every bit of feedback, and every connection.
Here’s to 2026. I’ve got a feeling it’s going to be a big one.
Have a brilliant New Year, and I’ll see you on the other side.
