Zero trust architecture, conditional access, security baselines, and identity.
7 articles
Compare Intune security baselines against CIS benchmarks using a PowerShell export-and-diff workflow. Includes ASR deployment, deviation tracking, and a decision framework.
M365 E3 vs E5 decision framework for architects: TCO breakpoints, cost comparison scripts, and the rule for when E5 actually beats E3 plus add-ons.
Microsoft 365 tenant health audit checklist: detect orphaned groups, expired app secrets, CA policy sprawl, and SharePoint chaos with Graph API scripts.
The patterns that survive contact with production, a baseline CA policy set built from common mistakes, circular dependencies, and hard-won lessons across multiple Microsoft 365 deployments.
Production-ready PowerShell scripts for M365 tenant assessment via Microsoft Graph API. Covers discovery, identity auditing, security posture, governance, and licensing.
How to build a repeatable, auditable Windows estate using Intune, Autopilot, and GitOps, and why it matters more than ever.
A practical look at Microsoft's Global Secure Access SSE solution: what it does, how it works, and where it fits in a zero-trust architecture.
