Zero Trust for SMBs vs Enterprise: Same Principles, Different Reality

A 50-person accounting firm and a 5,000-person manufacturer face the same threats but have wildly different resources. Copying an enterprise Zero Trust playbook into an SMB creates complexity that no small IT team can maintain — and the complexity itself becomes a risk. This final article covers: the phased SMB approach (identity first, devices second, data third), the enterprise framework with full staffing, the complexity threshold by org size with recommended CA policy counts and licensing, six things SMBs should never copy from enterprise (FIDO2 at scale, Sentinel without SOC, Workload Identity CA, advanced session proxy), Microsoft-managed CA policies, practical recommendations per org size from 50 to 2,000+ users, and a Zero Trust strategy checklist. Most SMB breaches do not happen because of missing features. They happen because of misconfigured or misunderstood ones.
Read More

Identity, Device, Session: How Conditional Access Actually Makes Decisions

Every Conditional Access decision comes down to three signals: who you are, what you are using, and how that session behaves. Most admins invest heavily in the identity layer and under-invest in device and session controls. This article breaks down each pillar: identity evaluation (MFA, authentication strength, sign-in risk, user risk, PIM), device evaluation (compliance, hybrid join, device filters, managed vs unmanaged), session evaluation (sign-in frequency, persistent browser, CAE, token protection, adaptive lifetime), how the three pillars combine in CA policy logic with the "most restrictive wins" rule, when to focus on which pillar by scenario, common policy patterns, and where this model breaks in real environments.
Read More

Zero Trust in the Real World: The Gaps You Cannot Ignore

Every Zero Trust deployment has gaps. The slide decks do not mention them. The vendor assessments gloss over them. But they are there, in every tenant. This article is the honest assessment: the BYOD browser gap where unmanaged browsers bypass app protection entirely, legacy apps that cannot do modern auth and sit outside the CA perimeter, printers and IoT devices that cannot authenticate, third-party VPNs that mask device posture, service accounts that cannot do MFA, guest users with unknown MFA quality and no device compliance, a gap severity matrix, and a practical gap assessment checklist. Zero Trust does not fail because of technology. It fails because of compromises made for usability, legacy systems, and operational reality.
Read More

Zero Trust with Intune: How to Turn Device Compliance into Access Control

Intune compliance policies check device health. Conditional Access enforces access decisions based on that health. Without Conditional Access, compliance is monitoring. Without compliance, Conditional Access is guessing. This article covers the full device pillar implementation: compliance policies for Windows, macOS, iOS, and Android, Defender for Endpoint risk score integration, Conditional Access grant controls that require compliant devices, app protection policies for BYOD (MAM-WE), the "Require approved client app" retirement (June 30, 2026) and the OR transition pattern to "Require app protection policy," and a phased rollout approach that avoids the day-one lockout mistake.
Read More

Zero Trust in Microsoft 365: What It Actually Means (and What Most Get Wrong)

Zero Trust is everywhere — in vendor pitches, compliance checklists, and security strategies. But most organisations treat it as a product to buy rather than a model to implement. This article cuts through the marketing: what Zero Trust actually is (and is not), the six technology pillars mapped to your Microsoft 365 stack, why Conditional Access is the policy engine that connects everything, why MFA alone does not equal Zero Trust, and what the 2026 "All resources" enforcement change means for your tenant. Includes a visual mental model and a practical framework for getting started.
Read More

Secure Admin Workstations for Microsoft 365: The PAW Guide for Real-World Tenants

Build a Privileged Access Workstation for Microsoft 365 with Intune, Conditional Access, PIM, WDAC, and Windows LAPS. Practical PAW guide for SMB and mid-market tenants.
Read More

Password Protection in Microsoft Defender for Identity (Preview)

A new page in Microsoft Defender XDR that brings password-related risk from Active Directory, Entra ID and Okta into one place, leaked credentials, exposed passwords, weak policies and hygiene gaps, all actionable from a single view.

Read More

Microsoft 365 Secure Score: What Matters and What to Ignore

Most administrators have looked at their Secure Score at least once, felt a vague sense of guilt about the number, and either chased points or quietly stopped checking. Neither is the right response. This guide explains what the score actually measures, which recommended actions genuinely reduce risk, which to deprioritise, and how to use Secure Score as a sustained operational practice rather than a vanity metric.

Read More

Microsoft Defender for Office 365 Plan 1 Is Now in E3: What You Actually Get

Microsoft Defender for Office 365 Plan 1 is being added to Office 365 E3 and Microsoft 365 E3 with the July 2026 update. This article explains what you actually get, what still belongs to Plan 2, and the key settings to configure so the licence becomes real protection.

Read More

Microsoft Purview DLP + Power Automate: Automated Response to Policy Violations

Microsoft Purview DLP can now trigger Power Automate flows the moment a policy violation happens. This article shows how to build automated response workflows for alerting, logging, and remediation without treating DLP as a manual queue.

Read More

Security Drift in Microsoft 365: Eliminate It with Defender for Office 365 Configuration Analyzer

Security settings degrade over time. Learn how to detect and eliminate Security Drift in Microsoft 365 using Defender for Office 365 Configuration Analyzer and Preset Security Policies.

Read More

Microsoft Entra Conditional Access: A Practical Deployment Guide for Small and Medium Businesses

A practical, step-by-step guide to building secure and scalable Conditional Access policies in Microsoft Entra ID, designed specifically for SMBs. Includes baseline policies, planning strategy, deployment best practices and real-world troubleshooting.

Read More
Microsoft 365, Security & Compliance, SMB Solutions Tiago Carvalho Microsoft 365, Security & Compliance, SMB Solutions Tiago Carvalho

How to Configure Data Loss Prevention (DLP) for Small Businesses: A Step-by-Step Guide

Bring enterprise-grade security to your small business with Microsoft 365 Business Premium. Discover the new Defender and Purview add-ons that deliver enterprise protection and compliance for just $15 per user — making cybersecurity accessible to everyone.

Read More
Microsoft 365, Security & Compliance, SMB Solutions Tiago Carvalho Microsoft 365, Security & Compliance, SMB Solutions Tiago Carvalho

Microsoft 365 Business Premium: New Add-ons Elevate Security and Compliance for SMBs

Bring enterprise-grade security to your small business with Microsoft 365 Business Premium. Discover the new Defender and Purview add-ons that deliver enterprise protection and compliance for just $15 per user making cybersecurity accessible to everyone.

Read More