18Sep2020
08Sep2020
A Tale of Two Incidents
I have two stories to share today. Both are from individuals who contacted me about recent Cybersecurity incidents that their MSP had suffered. Both incidents were very different, and yet they share some common threads and lessons that I think we would be wise to heed. And this is all...
01Sep2020
A simpler Conditional Access baseline
Some folks have written to me about the "complexity" of my Conditional Access guide and were hoping to find something a bit simpler. This surprised me, and initially I shrugged it off. But I have heard this feedback more than once now, so I decided to take this thought experiment...
18Aug2020
Behold: The Power of Sensitivity Labels
Even though some people are aware of the concepts of Data Classification and tools such as Microsoft 365 Sensitivity Labels, I do not think that many of us out there have yet grasped the full implications, or taken the long view, so to speak. Note: this is a longer read....
04Aug2020
A Brief History of Collaboration and Governance
I have slowly been converting people to the "modern collaboration mindset" during the past couple of years through my op-ed style of writing. I think you can appreciate that changing minds through writing is something which rarely if ever happens in areas like politics, but it turns out this can...
28Jul2020
Is “Best Practices” a myth?
I often find myself musing over this question these days. Granted, I actually do publish something called The Microsoft 365 Best Practices Checklists--but really these are more like recommendations. In fact, I recently updated them to include governance decisions around collaboration (e.g. affecting apps such as OneDrive for Business, Teams...
21Jul2020
My opinion on Microsoft Threat Protection for the SMB
Since I released my guide on Microsoft 365 E5 Security and Microsoft Threat Protection, I have been getting a lot of questions and comments about my stance on the use of these products for SMB customers. I left it too neutral, I guess, in the original publication. So, let me...
14Jul2020
U.K. Cyber Essentials Simple Assessment Tool
I recently came across the U.K.'s Cyber Essentials, as published by the National Cyber Security Centre (NCSC). Not two days after I learned about this simple control framework while on a conference call spanning several time zones with friends from around the world, that I received this email from a...
07Jul2020
Yes, you really can let go: Microsoft 365 Groups and Teams creation policy, revisited
I have to laugh because this is still such a seemingly controversial idea. "Should users be allowed to create their own Teams?" I have written about this topic many times before, but I still get the best comments about it from non-believers. The real issue is that these folks have...
30Jun2020