Cybersecurity Executive • Microsoft
VP & DEPUTY CISO FOR MICROSOFT BUSINESS
Customer & Partner · Finance · Marketing
She didn't start from the perimeter. She started from the support desk - and found the crack in the wall every major attacker eventually finds. Now she's the person at Microsoft tasked with welding it shut, across 228,000 employees and one of the most targeted cloud platforms on the planet.
"The path attackers really like to use is to compromise support tooling and laterally move to your core tooling."
Most CISOs draw a threat map starting from the firewall. Raji Dani drew hers starting from a support ticket queue - and that different instinct has shaped everything she has built at Microsoft over the past two decades.
Dani is VP and Deputy CISO for Microsoft Business, a role that puts her in charge of cybersecurity across the company's Customer & Partner operations, Finance, and Marketing divisions. These are not the glamorous corners of enterprise security. They are the operational heartbeat - the parts of the organization where real humans are constantly opening attachments, authenticating into tools, and granting each other access. Which is exactly why attackers love them.
Her career at Microsoft began in 2006, when she joined as a Senior Development Lead - a full engineering role, not a policy one. Before Microsoft, she spent time at IBM in a similar capacity. She graduated from the Indian Institute of Technology Delhi in 1993 with a degree in Mathematics and Computer Science, part of one of India's most selective and demanding academic institutions. IIT shapes a particular kind of thinking: rigorous, first-principles, not easily impressed by received wisdom.
"Anomalous patterns in logs and telemetry data are often the first clue a cyberattack is underway."
- Raji Dani, Microsoft Security BlogThat engineering instinct followed her through progressively senior roles - Principal Program Manager Lead in the Application Services Group, Principal Group Program Manager for Office 365 Security, Partner Director of Products for M365 Security. Each title is a layer added to the same foundation: how do you build systems that stay secure when the humans using them are fallible, rushed, and constantly targeted?
In 2022 she became General Manager for M365 Cloud Security, and from there moved into the Deputy CISO seat for Microsoft Business. The scope broadened considerably. Now the question isn't just "how does Office 365 stay secure?" but "how does an entire business function - customer support agents, finance teams, marketing operations - stay secure while still being able to do their jobs?"
The insight she keeps returning to, in blog posts and conference talks alike, is that support tooling is the attacker's preferred bridge. A compromised support agent account becomes a skeleton key. Once inside the support infrastructure, a patient attacker can move laterally toward core systems that are otherwise well-defended. The perimeter holds. The help desk doesn't - unless you design it to.
Her published framework distills this into four concrete moves. Give support staff dedicated identities with phish-resistant multifactor authentication. Grant least-privilege access - the minimum permissions needed for a specific task, nothing more. Restrict tooling privileges so that service-to-service trust is earned rather than assumed. And build telemetry robust enough that the anomalous pattern that signals a breach doesn't get lost in noise.
None of these are new ideas in isolation. The contribution is in applying them specifically to the support surface, at Microsoft's scale, and then publishing the blueprint for every other organization to use. That last part - sharing the framework publicly rather than treating it as competitive advantage - says something about how she thinks about the security community.
Outside Microsoft, Dani has lived in the Seattle area for over 14 years. She recently joined the board of Teen Feed, a Seattle-area nonprofit that supports young people experiencing homelessness, and serves as Chair of its Strategic Initiatives Committee. The board role isn't an afterthought; it reflects the same instinct as her security work - you find the systemic vulnerability, build a structure around it, and then make sure the structure actually holds under pressure.
She has spoken at RSA Conference, the annual gathering where the security industry takes stock of what's working and what isn't. Her presence there reflects a deliberate choice to be legible outside Microsoft's walls - to say, here is what we learned, here is what failed before we fixed it, and here is what you should try.
In October 2025, she published a detailed post on the Microsoft Security Blog titled "The importance of hardening customer support tools against attack" - a specific, operational document written in the voice of someone who has watched this problem up close for years and gotten tired of watching others walk into the same trap.
The advice is unfussy. The language is direct. It does not hedge. Which is, in miniature, how Raji Dani appears to operate across everything she does. Not the loudest person in the room. The one who noticed the thing everyone else missed, built the fix, and then told everyone else how to do it.
18+ years inside Microsoft's security organization
"The path attackers really like to use is to compromise support tooling and laterally move to your core tooling."- Raji Dani, VP & Deputy CISO, Microsoft
Published publicly and adopted across Microsoft - a framework any organization can use to harden customer support operations against lateral movement attacks.
Create specialized support accounts with phish-resistant multifactor authentication. Support staff should operate under distinct identities separated from their regular corporate credentials - so a compromised support account can't walk into the broader network.
Grant the minimum permissions needed for each specific task - nothing more. Access should be scoped, time-limited, and constantly audited. A support agent resolving a billing question has no business touching infrastructure access.
Limit service-to-service trust and access rights. Don't let your support tools inherit elevated permissions from adjacent systems. Every tool-to-tool connection is a potential bridge an attacker can cross - design it to be a dead end instead.
Build logging and monitoring that actually catches anomalous patterns. Most breaches leave fingerprints in the data long before they become crises. The organizations that catch them early are the ones that invested in telemetry before they needed it.
She came up through development and program management, not policy. That means when she identifies a security gap, she's thinking about how the system actually works - not just what the governance document says it should do.
Customer support tooling was not on most CISO priority lists. Dani noticed the pattern before it became the headline. That kind of threat modeling - starting from what attackers actually do, not what you expect them to do - is rare.
She could have kept the framework internal. Instead she published it openly on the Microsoft Security Blog. The instinct to share hard-won knowledge rather than hoard it is the mark of someone who actually wants the problem solved, not just credit for solving it.
18+ years at one company, building steadily through each layer of the security organization. In an industry full of resume-hopping, she has gone deep rather than wide - and the scope of her current role reflects what that depth buys.
Joining the Teen Feed Board - and taking on the Chair role for Strategic Initiatives - isn't a corporate checkbox. It's the same instinct applied outside Microsoft: find the systemic problem, build the structure, make sure it holds.
Her published work returns repeatedly to the importance of logs and anomaly detection. Most organizations treat telemetry as overhead. She treats it as the primary early warning system - and has built accordingly.
Raji earned her degree from IIT Delhi - the Indian Institute of Technology, where admission is among the most competitive in the world. Less than 1% of applicants are accepted.
She started at Microsoft in a pure engineering role in 2006 and has spent nearly two decades building her way through every layer of the security organization without leaving.
Her four-pillar framework for customer support security was published openly on the Microsoft Security Blog - free for any organization to adopt, regardless of size or budget.
After 14+ years living in the Seattle area, Raji joined the Teen Feed Board and took on the Chair role for Strategic Initiatives - supporting youth experiencing homelessness in her community.
"Anomalous patterns in logs and telemetry data are often the first clue a cyberattack is underway."- Raji Dani, Microsoft