Blog

Notes and guidance from the field—identity, messaging, and Microsoft 365 security with a pragmatic lens.

Getting Conditional Access Right (Without Locking Out Everyone)

Dec 2025 • Identity

Start with Security Defaults, map user risk, and stage policies with report‑only before enforcement.

Modern Auth and SMTP: What’s Safe to Disable?

Nov 2025 • Exchange

Inventory legacy app dependencies, migrate to Graph/Modern APIs, and pin exceptions with time‑boxed reviews.

Designing OU & Delegation Models You Won’t Regret

Oct 2025 • Active Directory

Separate policy from structure, use tiering for admins, and keep GPO hygiene as a first‑class practice.