INFO: This feature relies on the App Access Policies, which are in the process of being replaced by Role-Based Access Control (RBAC) for applications. More information will be shared in an upcoming post about RBAC for Exchange applications. This is provided for your awareness, so please review and manage it
Introduction In 2026, it’s easy to overlook the security features that have been protecting Windows devices for years. Secure Boot is one of them. Introduced with Windows 8, it changed how PCs defend themselves during startup by blocking an entire class of pre-boot attacks—before the operating system even loads. Today,
We recommend assigning at least two owners to every Microsoft Teams site. This prevents the team from becoming “ownerless” if one owner leaves, ensuring settings and permissions can still be managed. Multiple owners share responsibilities and help maintain continuity, especially in larger teams, but having too many can create confusion.
Combine the power of Entra ID Conditional Access and Defender for Cloud Apps Conditional Access policies to gain even more control over how apps in your tenant can be accessed. A common scenario would be to block access from Tor/Botnet/Anonymous Proxy networks as there’s really no use-cases for end-users to
This week Microsoft is kicking off 2026 strong with a much-anticipated feature releasing into preview: Tenant Configuration Management (TCM) APIs. Traditionally administrators have to make configuration changes either in the portals one at a time or in through Graph API using, for example, PowerShell. However, what if another administrator comes
Many customers using Microsoft Teams request teams restricted to internal members, without guest account access. Teams’ behavior is very often controlled by SharePoint or Microsoft 365 Group settings and a typical team user may not know anything about these settings. We recommend building your own app or automation to ensure
Microsoft Sentinel best practices for 2026: reduce SIEM ingestion costs, tune KQL detections, avoid alert fatigue, optimize retention, and migrate to the Defender security portal.
Introduction Microsoft has begun the rollout of a new and powerful reporting capability to Windows Autopatch customers: Common Vulnerabilities and Exposures (CVE)/KB Reporting. While still in preview and it’s subject to change before GA, this feature is already proving to be one of the most valuable additions to the Autopatch reporting
Recently, I’ve assisted a customer with uplifting their security around Enterprise Applications. This is an area we see many of our customers struggle with as by default, Microsoft lets users register apps all by themselves. This leads to a sprawl of registered apps that may or may not still be
Microsoft Entra ID Privileged Identity Management (PIM) for Groups allows organizations to control and audit elevated group memberships through just-in-time access. Managing elevated permissions in Microsoft Entra ID can sometimes be tricky, especially when it comes to Privileged Identity Management (PIM) for Groups. While the Entra portal allows users to
In March 2026, Entra ID will stop supporting service principal-less authentication behavior. This may affect certain applications currently running in your tenant. Service principal-less apps may already be frozen since April 2025 if they weren’t actively used, but those apps that were, have remained uninterrupted until March next year. Microsoft
In this final blogpost on onboarding, I want to cover a way to automate some common post-deployment configuration tasks. When a machine is Arc onboarded, by default, it won’t really have much installed and it’s not particularly useful until you start deploying extensions. Azure Arc VM Onboarding blog mini-series overview:
Modern Workplace consultant and a Microsoft MVP in Windows and Devices.
Infrastructure architect with focus on Modern Workplace and Microsoft 365 security.
Cloud & security specialist with focus on Microsoft backend products and cloud technologies.
Cloud & security specialist with focus on Microsoft 365.
Cloud & Security Specialist, with a passion for all things Cybersecurity
Cloud and infrastructure security specialist with background in networking.
Infrastructure architect with focus on design, implementation, migration and consolidation.
Infrastructure consultant with focus on cloud solutions in Office365 and Azure.
Modern workplace and infrastructure architect with a focus on Microsoft 365 and security.
