Blog Posts

Why Microsoft 365 Management Doesn’t End After Initial Configuration

Published on: 3/6/2025

One of the most common misconceptions is the belief that once a Microsoft 365 tenant is configured, the work is done. Many organizations assume they can set up a baseline configuration and leave it untouched indefinitely. Unfortunately, this mindset overlooks the reality of configuration drift and the evolving nature of […]

Read more

Why You Should Never Store Credentials in Plain Text

Published on: 3/6/2025

Storing credentials in plain text-whether in Excel spreadsheets, Word documents, or text files, is one of the riskiest practices a business can adopt. Yet, many organizations do this. I consistently find password files sitting in file shares or SharePoint sites, often labeled something as obvious as “passwords.xlsx.” While this might […]

Read more

Why You Should Disable User Consent and Enable Admin Consent Workflow in Entra

Published on: 3/5/2025

One of the most overlooked security settings in Entra is user consent for enterprise applications. By default, users may be allowed to consent to third-party apps, granting them permissions to access organizational data—often without understanding the implications. This can lead to unauthorized access, data leakage, or even malicious activity within […]

Read more

Why Restricting and Monitoring PowerShell is Essential for Security

Published on: 3/5/2025

Device Code Flow is a convenient authentication method designed for devices with limited input capabilities, like smart TVs and other IoT devices. However, attackers have found ways to exploit it for phishing attacks, making it a serious vulnerability in your Microsoft 365 tenant. Blocking DCF is a simple yet effective […]

Read more

How We Stopped a Potential Breach Before It Happened

Published on: 3/2/2025

Recently, we discovered a security vulnerability for one of our clients that could have escalated into a serious issue. The client had a VPN user portal exposed to the internet, even though it was not actively being used. This oversight created an attack vector that was being exploited by malicious […]

Read more

Administering macOS with Microsoft Intune: Best Practices

Published on: 2/28/2025

Managing macOS devices in a business environment can be challenging, especially for organizations with IT staff who are most familiar with Windows-based systems. However, with Microsoft Intune, you can effectively manage macOS devices while leveraging your existing Microsoft 365 ecosystem. Getting Started: Apple Business Manager The first step to managing […]

Read more

NIST 800-171 Compliance

Published on: 2/28/2025

NIST 800-171 is a set of cybersecurity standards designed to protect sensitive information within non-federal systems and organizations. Whether you’re a contractor, small business, or educational institution, implementing these 110 controls across 14 families strengthens your cybersecurity posture and ensures compliance with federal requirements. Below is a simplified checklist to […]

Read more

CMMC Compliance: A Path To Securing DoD Contracts

Published on: 2/28/2025

The Cybersecurity Maturity Model Certification, otherwise known as CMMC is a framework created by the U.S. Department of Defense to ensure that contractors and subcontractors within the Defense Industrial Base protect sensitive information, such as Controlled Unclassified Information. Achieving CMMC compliance is now a critical requirement for organizations seeking to […]

Read more

From Home-Grade to Enterprise: How We Modernized a Client’s Network

Published on: 2/25/2025

Picture a business running critical operations on a network designed for a small home: consumer-grade Google Access Points with spotty coverage, sluggish speeds, and no centralized security. This was the reality for one of our clients—until they partnered with us to overhaul their infrastructure with enterprise-grade Palo Alto firewalls and […]

Read more

How We Implemented Monitoring for a Small On-Premises Environment

Published on: 2/24/2025

For many businesses, IT issues often go unnoticed until they start impacting end users, and the IT Support inbox blowing up. This was exactly the case for one of our clients, who had a small on-premises footprint of around 12 servers but no monitoring or observability in place. A server […]

Read more