Tenant architecture, Entra ID, conditional access, licensing, and governance.
7 articles
Compare Intune security baselines against CIS benchmarks using a PowerShell export-and-diff workflow. Includes ASR deployment, deviation tracking, and a decision framework.
M365 E3 vs E5 decision framework for architects: TCO breakpoints, cost comparison scripts, and the rule for when E5 actually beats E3 plus add-ons.
Microsoft 365 tenant health audit checklist: detect orphaned groups, expired app secrets, CA policy sprawl, and SharePoint chaos with Graph API scripts.
The patterns that survive contact with production, a baseline CA policy set built from common mistakes, circular dependencies, and hard-won lessons across multiple Microsoft 365 deployments.
Production-ready PowerShell scripts for M365 tenant assessment via Microsoft Graph API. Covers discovery, identity auditing, security posture, governance, and licensing.
Automated M365 licensing audit using Microsoft Graph API and PowerShell. Covers SkuPartNumber lookups (including Teams Exploratory), identifying unused Copilot seats, and reclaiming licences from disabled accounts still holding E5.
A practical look at Microsoft's Global Secure Access SSE solution: what it does, how it works, and where it fits in a zero-trust architecture.
