Audit. Harden. Automate. Intune and Exchange configured to best practices, with security you can measure.
Most Intune projects fail quietly after deployment — not because the configuration is wrong, but because nobody builds an operational rhythm to keep it healthy. This final part fixes that.
Transport rules have been in Exchange since the on-prem days. Microsoft keeps adding newer policy engines, but mail flow rules remain the workhorse for anything those engines do not cover. This article covers the baseline rules most tenants need, external sender tagging (custom vs native), disclaimers, security-focused patterns, encryption triggers, the AND/OR condition logic trap, rule priority and stop processing, where transport rules overlap with Purview DLP and Defender, PowerShell management patterns, limits and constraints, and a 14-point audit checklist.SPF, DKIM, DMARC, MTA-STS and TLS-RPT done properly for Exchange Online — the order of operations, the Exchange Online-specific gotchas, and how to get to DMARC p=reject without breaking mail flow.
A 50-person accounting firm and a 5,000-person manufacturer face the same threats but have wildly different resources. Copying an enterprise Zero Trust playbook into an SMB creates complexity that no small IT team can maintain — and the complexity itself becomes a risk. This final article covers: the phased SMB approach (identity first, devices second, data third), the enterprise framework with full staffing, the complexity threshold by org size with recommended CA policy counts and licensing, six things SMBs should never copy from enterprise (FIDO2 at scale, Sentinel without SOC, Workload Identity CA, advanced session proxy), Microsoft-managed CA policies, practical recommendations per org size from 50 to 2,000+ users, and a Zero Trust strategy checklist. Most SMB breaches do not happen because of missing features. They happen because of misconfigured or misunderstood ones.
Every Conditional Access decision comes down to three signals: who you are, what you are using, and how that session behaves. Most admins invest heavily in the identity layer and under-invest in device and session controls. This article breaks down each pillar: identity evaluation (MFA, authentication strength, sign-in risk, user risk, PIM), device evaluation (compliance, hybrid join, device filters, managed vs unmanaged), session evaluation (sign-in frequency, persistent browser, CAE, token protection, adaptive lifetime), how the three pillars combine in CA policy logic with the "most restrictive wins" rule, when to focus on which pillar by scenario, common policy patterns, and where this model breaks in real environments.