Microsoft 365 Security

Blog

Practical articles on Entra ID, Intune, Conditional Access, and device security.

  1. Danny Vorst 10 min read

    Require approved client app is retired on June 30: migrate now

    Require approved client app is deprecated June 30. After that date, existing policies stop enforcing. Here is what to configure before the deadline.

    microsoft 365securityconditional accessentra idintuneapp protectionmamidentity security
  2. Donny van Huizen 13 min read

    Intune Multiple Managed Accounts: what admins need to know

    Intune's MMA feature, rolling out in June 2026, lets users hold multiple MAM accounts in one app. Here's what admins managing external access need to know.

    intunemamapp protection policymultiple managed accountsbyodexternal usersb2bmmaconditional access
  3. Danny Vorst 11 min read

    Conditional Access enforcement changes June 15: check your exceptions now

    Apps could bypass Conditional Access by requesting minimal sign-in scopes. Non-excluded apps slipped through silently for years. Starting June 15, that stops.

    microsoft 365securityconditional accessentra idmfaidentity securitypolicy
  4. Danny Vorst 13 min read

    AiTM Phishing Exposed (2/2): Stop Session Hijacking

    Stop AiTM session hijacking with FIDO2, CAE, and token protection. Microsoft 365 configuration guide with 2 Sentinel queries and 7-step incident response.

    securityphishingmfaconditional accessentra idmicrosoft 365session tokenaitmfido2passkeys
  5. Donny van Huizen 18 min read

    Unmanaged Devices with Microsoft Intune (3/3): iOS

    iOS MAM covers the full M365 app suite but requires Microsoft Authenticator as broker. 3 BYOD paths, the CA gap most organizations miss, and what goes wrong.

    byodiosintunemamapp protection policyuser enrollmentsupervisedconditional accessunmanaged devicesendpoint management
  6. Danny Vorst 12 min read

    AiTM Phishing Exposed (1/2): How Session Hijacking Works

    AiTM phishing doesn't bypass MFA. It waits for MFA to succeed, then takes what comes next. This is how the attack works and why standard MFA provides no protection against it.

    securityphishingmfaconditional accessentra idmicrosoft 365session tokenaitm
  7. Donny van Huizen 15 min read

    Unmanaged Devices with Microsoft Intune (2/3): Android

    Android MAM protects all Microsoft 365 apps on mobile, not just Edge. 3 BYOD paths, different control levels, and the CA gap most organizations miss.

    byodandroidintunemamapp protection policyandroid enterprisework profileconditional accessunmanaged devicesendpoint management
  8. Danny Vorst 10 min read

    Shadow AI Exposed (2/2): Building a Governance Program That Actually Works

    Technical controls catch the visible surface. This part covers what a shadow AI governance program looks like in practice: approved AI catalog, the personal account problem, and a maintenance cycle that doesn't erode.

    securityshadow aiai governancemicrosoft 365data protection
  9. Donny van Huizen 23 min read

    Unmanaged Devices with Microsoft Intune (1/3): Windows

    Windows BYOD with Intune has three distinct paths. Most organizations configure the wrong one. MAM, MDM enrollment, Conditional Access, and the enrollment pitfalls clients hit in practice.

    byodwindowsintunemammdmconditional accessunmanaged devicesendpoint management
  10. Danny Vorst 13 min read

    Social Engineering Exposed (3/3): Defence That Works

    MFA alone won't stop a helpdesk attack. Here's what actually does: the process changes, Entra ID settings, and monitoring that holds up under pressure.

    securitysocial engineeringconditional accessmfaentra idmicrosoft 365
  11. Danny Vorst 13 min read

    Shadow AI Exposed (1/2): What organizations don't know about the AI tools their employees use

    Most shadow AI incidents start with a legitimate task. What actually ends up in those tools, why security controls miss it, and what the NSW government breach tells us.

    securityshadow aiai governancemicrosoft 365data protection
  12. Donny van Huizen 7 min read

    Intune compliance policies: what they actually change in your organization

    Most organizations running Microsoft 365 have devices connecting without any enforced security requirements. Intune compliance policies close that gap, and the impact goes further than the security team.

    microsoft intuneendpoint compliancecompliance policiesconditional accessdevice managementmicrosoft 365endpoint security
  13. Danny Vorst 13 min read

    Social Engineering Exposed (2/3): The Helpdesk Attack

    Attackers don't break MFA. They call your helpdesk and get it reset. Here's what that looks like in Entra ID, and why most tenants aren't built to catch it.

    securitysocial engineeringhelpdeskmfaentra idmicrosoft 365
  14. Danny Vorst 15 min read

    Shadow AI in Microsoft 365: Find and Block It with Purview

    Shadow AI leaks data without triggering a single alert. Use Entra Internet Access, Defender for Cloud Apps, and Microsoft Purview to find and block it in 4 steps.

    securityshadow aimicrosoft purviewdefender for cloud appsentra id
  15. Donny van Huizen 13 min read

    Intune MDM vs MAM: When to use which approach

    MDM controls the device, MAM controls the data. A decision matrix for IT admins, including the June 30 Conditional Access deadline you can't miss.

    intunemdmmambyodmicrosoft 365conditional accessmobile security
  16. Danny Vorst 7 min read

    Social Engineering Exposed (1/3): How attackers get in without breaking anything

    MGM lost $100M. Odido lost 6.2M records. Uber's systems went dark. None required a technical exploit. Just a phone call. Here's how it works.

    securitysocial engineeringidentity securitymfaphishingmicrosoft 365