top of page


Part 1: Identity Threat Protection Starts After the Login
Most Microsoft 365 environments treat the sign-in event as the finish line for identity security. Part 1 of The Security Bridge series breaks down where the real exposure lives after a successful login: standing privilege, unmanaged token handling, and over-permissioned app access. Includes 3 examples from real client engagements and a validation checklist for security architects, engineers, and CISOs.

Derek Morgan
20 hours ago4 min read


The 5 Entra ID Settings Every Admin Gets Wrong
MFA is on, Security Defaults are on, the audit passed, and the tenant still has an identity-shaped gap. This walks security admins and architects through the five Entra ID settings most often left at an insecure default, plus the break-glass account people get wrong in both directions. For each one: the attack it enables, the business cost when it stays open, and the exact admin-center fix. Written for the engineer configuring it and the CISO funding it.

Derek Morgan
Jun 249 min read


PIM vs Service Accounts: When Privileged Identity Management is the Right Answer
Three things get called "service account" in Microsoft Entra ID. Most incidents involve only one of them. This article gives security architects and CISOs a framework for picking the right control: PIM-eligible roles for human admins, managed identities and service principals for workloads. Two diagnostic questions, four patterns, and a 5-step checklist for converting a tenant from standing privilege to a controlled model.

Derek Morgan
May 197 min read
Start Your Cloud Journey
bottom of page