Microsoft 365, made simple

Audit. Harden. Automate. Intune and Exchange configured to best practices, with security you can measure.

Talk to me
Talk to me

Last articles…

Featured
Intune App Packaging Decision Guide: Win32, LOB, MSIX, Store, and When to Use Each
Intune App Packaging Decision Guide: Win32, LOB, MSIX, Store, and When to Use Each
Five app types in the Intune admin center and no single guide from Microsoft on when to use which one. This article covers the full app packaging decision: Win32 vs LOB vs MSIX vs Microsoft Store vs web links, a decision table mapping 10 common scenarios to the right app type, the Win32 packaging workflow with IntuneWinAppUtil, detection rules (MSI code, file version, registry, PowerShell) and why they're the number one cause of deployment confusion, supersedence and dependency chains, Microsoft Store winget integration, PSADT for complex installs, the 32-bit execution context trap, common packaging mistakes, an SMB quick-start guide, and a 12-point audit checklist.
Reporting, Remediations & Day-2 Operations
Reporting, Remediations & Day-2 Operations

Most Intune projects fail quietly after deployment — not because the configuration is wrong, but because nobody builds an operational rhythm to keep it healthy. This final part fixes that.

Featured
Exchange Online Transport Rules: Real-World Patterns That Actually Work in Production
Exchange Online Transport Rules: Real-World Patterns That Actually Work in Production
Transport rules have been in Exchange since the on-prem days. Microsoft keeps adding newer policy engines, but mail flow rules remain the workhorse for anything those engines do not cover. This article covers the baseline rules most tenants need, external sender tagging (custom vs native), disclaimers, security-focused patterns, encryption triggers, the AND/OR condition logic trap, rule priority and stop processing, where transport rules overlap with Purview DLP and Defender, PowerShell management patterns, limits and constraints, and a 14-point audit checklist.
Email authentication in Exchange Online in 2026: SPF, DKIM, DMARC, MTA-STS and TLS-RPT done right
Email authentication in Exchange Online in 2026: SPF, DKIM, DMARC, MTA-STS and TLS-RPT done right

SPF, DKIM, DMARC, MTA-STS and TLS-RPT done properly for Exchange Online — the order of operations, the Exchange Online-specific gotchas, and how to get to DMARC p=reject without breaking mail flow.

Featured
Secure Admin Workstations for Microsoft 365: The PAW Guide for Real-World Tenants
Secure Admin Workstations for Microsoft 365: The PAW Guide for Real-World Tenants
Build a Privileged Access Workstation for Microsoft 365 with Intune, Conditional Access, PIM, WDAC, and Windows LAPS. Practical PAW guide for SMB and mid-market tenants.
Password Protection in Microsoft Defender for Identity (Preview)
Password Protection in Microsoft Defender for Identity (Preview)

A new page in Microsoft Defender XDR that brings password-related risk from Active Directory, Entra ID and Okta into one place, leaked credentials, exposed passwords, weak policies and hygiene gaps, all actionable from a single view.