Practical Protection: Getting Started with Graph Threat Hunting
In this episode of Practical Protection, we dive into the basics of Threat Hunting, tools you can use, and even some DIY hunting advice.
June 17, 2025
Latest Articles
Practical Protection: Protecting Your Tenant by Restricting Applications
Any time you allow a third-party application to run in a system you own or control, you’re assuming risk. In this episode of Practical Protection, we discuss how to reduce that risk by managing app consent in Microsoft Entra ID, as well as a few other alternatives.
May 6, 2025
Practical Graph: Use App Management Policies to Control App Credentials
App secrets are used to authenticate registered apps with Entra ID. App secrets (or passwords) are convenient and easy to use, but they're relatively insecure. The default app management policy for the tenant can block app secrets while custom app management policies can allow selective apps to use app secrets for testing or other well-defined purposes. All explained here.
May 5, 2025
Controlling Access to Microsoft 365 Entra ID Apps Part #2
In the second part of this series on Controlling Access to Microsoft 365 Entra ID Apps, Ingo dives into the process of creating custom Role-Based Access Control (RBAC) to Improve Security in your tenant.
April 29, 2025
On-Premises Pain, Copilot Curiosity, and a Glimpse into Global Secure Access: Practical 365 Podcast S04E38
Steve Goodman and Paul Robichaux dissect the latest Microsoft news, focusing on the sting of rising on-premises licensing costs. The team also explores Copilot Studio and the Model Context Protocol (MCP). Plus, Steve Goodman and Bastiaan Verdonk interview Microsoft's Janice Ricketts, to unravel the complexities of Global Secure Access (GSA) and Zero Trust security.
April 23, 2025
Using Conditional Access to Combat Token Theft
With AiTM phishing attacks on the rise, it is important to have procedures in place to combat future attacks. In this article, we explore three different ways to protect against token theft using Conditional Access.
April 2, 2025
Exchange Online Cracks Down, Message Center Madness, and Conditional Access Done Right: Practical 365 Podcast S04 E37
Steve and Paul cut through the noise of a million Message Center notifications to bring you the need-to-know on Exchange Online's new sending limits. Plus, security expert Louis Mastelinck schools us on practical Conditional Access – because let's face it, most deployments are a mess.
March 27, 2025
Controlling Access to Microsoft 365 for Entra ID Apps
In the first installment of this new series on Entra ID Access Control, we explore the fundamentals of granting permissions to Entra ID user accounts and applications for task automation.
March 20, 2025
Practical Graph: Combining Sign In Activity and App Detail in a User Report
Often tenants create user sign-in reports based on the sign-in data held in user account properties. This article explains how to supplement that information with insights about the apps users sign into using sign-in audit logs. The combined information is more valuable than simply knowing when someone last successfully signed in.
January 7, 2025
How to Swap Licenses Using Group-Based Licensing
Moving Group-Based Licensing to the Microsoft 365 Admin Center can create some challenges. Luckily there is a way to avoid this. In this blog, we explain how to execute Group-Based License swaps with the help of the Microsoft Graph PowerShell SDK.
November 12, 2024
Practical Endpoint: Restricting Admin Access to an Endpoint
In this episode of Practical Endpoint, we explain two approaches to restricting Admin rights to corporate devices using Intune and Autopilot.
November 5, 2024
Evaluating Privileged Identity Management Effectiveness
This article outlines how to get started with PIM, how to audit its use, and what workarounds could be circumventing your security controls.
October 17, 2024