Author

Danny Vorst

Microsoft 365 Security Specialist

Danny works as a Technical Engineer, advising organizations on their Microsoft 365 environment and translating security findings into concrete changes a service desk can execute. Over ten years of experience with Microsoft 365 and security. His writing covers identity security, Conditional Access, and the attack patterns that show up in real tenants.

LinkedIn

  1. Require approved client app is retired on June 30: migrate now

    Require approved client app is deprecated June 30. After that date, existing policies stop enforcing. Here is what to configure before the deadline.

  2. Conditional Access enforcement changes June 15: check your exceptions now

    Apps could bypass Conditional Access by requesting minimal sign-in scopes. Non-excluded apps slipped through silently for years. Starting June 15, that stops.

  3. AiTM Phishing Exposed (2/2): Stop Session Hijacking

    Stop AiTM session hijacking with FIDO2, CAE, and token protection. Microsoft 365 configuration guide with 2 Sentinel queries and 7-step incident response.

  4. AiTM Phishing Exposed (1/2): How Session Hijacking Works

    AiTM phishing doesn't bypass MFA. It waits for MFA to succeed, then takes what comes next. This is how the attack works and why standard MFA provides no protection against it.

  5. Shadow AI Exposed (2/2): Building a Governance Program That Actually Works

    Technical controls catch the visible surface. This part covers what a shadow AI governance program looks like in practice: approved AI catalog, the personal account problem, and a maintenance cycle that doesn't erode.

  6. Social Engineering Exposed (3/3): Defence That Works

    MFA alone won't stop a helpdesk attack. Here's what actually does: the process changes, Entra ID settings, and monitoring that holds up under pressure.

  7. Shadow AI Exposed (1/2): What organizations don't know about the AI tools their employees use

    Most shadow AI incidents start with a legitimate task. What actually ends up in those tools, why security controls miss it, and what the NSW government breach tells us.

  8. Social Engineering Exposed (2/3): The Helpdesk Attack

    Attackers don't break MFA. They call your helpdesk and get it reset. Here's what that looks like in Entra ID, and why most tenants aren't built to catch it.

  9. Shadow AI in Microsoft 365: Find and Block It with Purview

    Shadow AI leaks data without triggering a single alert. Use Entra Internet Access, Defender for Cloud Apps, and Microsoft Purview to find and block it in 4 steps.

  10. Social Engineering Exposed (1/3): How attackers get in without breaking anything

    MGM lost $100M. Odido lost 6.2M records. Uber's systems went dark. None required a technical exploit. Just a phone call. Here's how it works.