Tag: Risk Management
-
Microsoft Entra Backup and Recovery: A Practitioner’s Guide to What it Does and Does Not Solve
On 19 March 2026, Microsoft quietly released one of the most requested enterprise identity features to Public Preview: a native, platform-managed backup and point-in-time recovery capability for Entra ID tenant configuration. No big announcement, no Message Centre notification. Just a new blade in the Entra admin centre. This post cuts through the surface-level excitement, maps…
-
Unified Tenant Configuration Management: Microsoft moves tenant governance into continuous control
Microsoft is introducing Tenant Configuration Management as a native configuration governance layer for Microsoft 365. This article explores how continuous configuration monitoring, drift detection and baseline enforcement will reshape Microsoft security and compliance operating models.
-
Exploring Conditional Access Bypasses in Microsoft Entra ID
Conditional Access is the backbone of Zero Trust in Microsoft Entra ID, yet real world attacks increasingly demonstrate how it can be bypassed. From device and token abuse to built in exclusions and misunderstood session controls, attackers exploit gaps that many organisations assume are protected. Triggered by Microsoft’s upcoming change in February 2026, where session…
-
Require Risk Remediation: The Game-Changer for Conditional Access Policies
Discover the game-changing ‘Require Risk Remediation’ control in Microsoft Entra Conditional Access. This preview feature simplifies risk management by handling both password and passwordless users in one policy, reducing complexity and misconfigurations. Get a step-by-step guide, real-world benefits, and pragmatic insights into its limitations for enhanced security.
-
Is Your Guest Access in Entra Putting Your Organisation at Risk?
Many organisations assume Microsoft Entra ID handles guest users securely by default—but it doesn’t. In this post, we uncover the top 5 common mistakes in guest access management, from excessive directory visibility to perpetual access without lifecycle controls. Learn how to lock down your tenant with practical fixes, ensuring secure B2B collaboration without the risks.
-
Step-by-Step: Build a Copilot Agent for Smarter Intune Alerts in 15 Minutes
Every IT professional knows the struggle: an Intune notification pings with a vague error code or cryptic alert about a device compliance issue, failed update, or potential security threat. You’re left scratching your head, wondering, “What does this even mean?” These unclear messages can bury critical issues, like non-compliant devices or malware risks, in a…
-
Key Updates to OneDrive Retention Policies: What You Need to Know
Microsoft is updating OneDrive retention policies starting 27 January 2025, offering organisations more flexibility while addressing compliance needs and storage concerns. Learn what’s changing, why, and how to prepare
-
Strengthening Cloud Governance and Resilience with Microsoft
Effective cloud governance is critical in today’s digital landscape. Organisations must tackle risks, ensure compliance, and design resilient architectures to meet directives like NIS2. This guide outlines six essential steps to achieve robust cloud governance using Microsoft tools like Azure Service Health, Microsoft Defender for Cloud, and Azure Backup. From mitigating concentration risks to preparing…
-
Why Password Policies Matter and How Often to Update Them
In today’s digital age, securing online accounts goes beyond just choosing a strong password. Frequent password changes, once seen as a key security measure, may actually do more harm than good. This blog explores the latest insights from NIST and Microsoft, highlighting why password policies should focus on long, complex passwords and multi-factor authentication (MFA)…
-
Managing Passwords in the Digital Age: Leveraging Microsoft Purview for Enhanced Credential Security and NIS2 Compliance
Are you using a password manager? That’s a great start, but credential management requires more than secure storage. With the NIS2 Directive imposing stricter cybersecurity standards, it’s essential to manage usernames and passwords with full visibility and compliance. Explore how Microsoft Purview enables advanced data scanning, automated remediation, and DLP policies to protect your credentials…