Identity, Governance & Security Writing
Practical thinking on Microsoft Entra ID, M365 Governance, and Conditional Access. No fluff, no vendor spin.
Groups: The Connective Tissue
Every MFA policy, every CA exclusion, every app assignment, every privileged role — it's all groups underneath. Get them wrong and everything else fails quietly.
Identity
5 articlesMicrosoft Entra ID, authentication, identity architecture, and threat detection. The fundamentals that everything else builds on.
Identity Is Everything
Defense in depth, Zero Trust, RBAC, and ITDR explained through everyday life. Why signal correlation matters.
Authentication Methods: The Spectrum
From SMS OTP to phishing-resistant MFA — understanding the full range and when each matters.
Passkeys: Security Only Works If People Use It
The strongest authentication method doesn't matter if adoption fails. What makes passkeys stick.
Who Did You Let Into Your House?
Guest accounts, external identities, and the access you forgot you gave.
Groups: The Connective Tissue
Every MFA policy, CA exclusion, app assignment, and privileged role is enforced through group membership. Get groups wrong and everything else fails quietly.
Conditional Access
2 articlesConditional Access policy design, exclusions, service principal gaps, and the real-world decisions behind every rule.
CA Policy Analyzer Update
What changed in the latest CA Policy Analyzer update and how to use it to validate exclusions, gaps, and policy coverage faster.
MFA for All… But Not the Same
One foundational policy. Four excluded service principals. And the production scars that explain every decision.
More Conditional Access articles on the way
Deep dives on policy design, named locations, device compliance, and sign-in risk.
Governance
5 upcomingM365 governance, group lifecycle, ownership models, and the cleanup work that never makes it onto roadmaps — until something breaks.
Groups Are the Connective Tissue — and Nobody Owns the Scissors
A governance lens on groups: dynamic rules, naming policy, expiry, and why ungoverned groups become risk vectors.
The Governance Gap
Settings are the starting point. What separates a configured tenant from a controlled one is operationalisation.
The Cleanup Campaign That Never Ends
Lifecycle management isn't a one-time project — it's a countermeasure against the entropy of a living tenant.
Clean the House Before the Guests Arrive
Before Copilot goes live, you need to know what it will find. A practical audit framework for governance readiness.
The Ownership Operating Model
Governance doesn't fail because of technology. It fails because nobody owns anything. Building an operating model that sticks.
Never miss a new article.
Subscribe via RSS or follow the full archive of 38 published articles on Medium.