Tag: Enterprise Security
-
Microsoft Entra Backup and Recovery: A Practitioner’s Guide to What it Does and Does Not Solve
On 19 March 2026, Microsoft quietly released one of the most requested enterprise identity features to Public Preview: a native, platform-managed backup and point-in-time recovery capability for Entra ID tenant configuration. No big announcement, no Message Centre notification. Just a new blade in the Entra admin centre. This post cuts through the surface-level excitement, maps…
-
Unified Tenant Configuration Management: Microsoft moves tenant governance into continuous control
Microsoft is introducing Tenant Configuration Management as a native configuration governance layer for Microsoft 365. This article explores how continuous configuration monitoring, drift detection and baseline enforcement will reshape Microsoft security and compliance operating models.
-
Exploring Conditional Access Bypasses in Microsoft Entra ID
Conditional Access is the backbone of Zero Trust in Microsoft Entra ID, yet real world attacks increasingly demonstrate how it can be bypassed. From device and token abuse to built in exclusions and misunderstood session controls, attackers exploit gaps that many organisations assume are protected. Triggered by Microsoft’s upcoming change in February 2026, where session…
-
Require Risk Remediation: The Game-Changer for Conditional Access Policies
Discover the game-changing ‘Require Risk Remediation’ control in Microsoft Entra Conditional Access. This preview feature simplifies risk management by handling both password and passwordless users in one policy, reducing complexity and misconfigurations. Get a step-by-step guide, real-world benefits, and pragmatic insights into its limitations for enhanced security.
-
AI Governance in 2025: Protecting Against Data Exfiltration
As Artificial Intelligence (AI) transforms industries with unparalleled innovation, it also brings serious security risks like data leaks and malicious attacks. A staggering 57% of organisations report rising AI-related incidents, yet 60% lack basic controls. This blog explores the top AI threats, including data exfiltration and malicious prompt injection, and outlines a Zero Trust framework…
-
Key Updates to OneDrive Retention Policies: What You Need to Know
Microsoft is updating OneDrive retention policies starting 27 January 2025, offering organisations more flexibility while addressing compliance needs and storage concerns. Learn what’s changing, why, and how to prepare
-
Strengthening Cloud Governance and Resilience with Microsoft
Effective cloud governance is critical in today’s digital landscape. Organisations must tackle risks, ensure compliance, and design resilient architectures to meet directives like NIS2. This guide outlines six essential steps to achieve robust cloud governance using Microsoft tools like Azure Service Health, Microsoft Defender for Cloud, and Azure Backup. From mitigating concentration risks to preparing…
-
Comprehensive Guide to Setting Up Microsoft Entra Global Secure Access (GSA) with Internet Access, Licensing, and Key Differences with SSE
Learn how to implement Microsoft Entra Global Secure Access (GSA) for secure internet access. This step-by-step guide covers everything from activating GSA for your tenant to configuring web content filtering, security profiles, and conditional access policies. Understand the key differences between GSA and Security Service Edge (SSE) and how to improve your organisation’s security posture.…
-
Introducing Enhanced File Integrity Monitoring (FIM) in Microsoft Defender for Cloud
Enhance your security with Microsoft Defender for Cloud’s improved File Integrity Monitoring (FIM). This powerful tool detects unauthorized changes to critical files and system configurations in real-time, ensuring compliance with regulations like NIS2 and PCI-DSS. Learn how FIM integrates with Microsoft Defender for Endpoint, provides real-time alerts, and helps safeguard your critical assets with proactive…
-
NIST Password Guidelines 2024: A Game Changer for Cybersecurity
**Excerpt:** Stay ahead in cybersecurity by adopting NIST’s updated password guidelines for 2024. The new **SP 800-63-4** emphasizes stronger password management, eliminating outdated practices like forced 60-day resets. Learn why passphrases, phish-resistant authentication, and dynamic password changes are the future of digital security. Make sure your systems, including Active Directory, are aligned with these modern…