Latest Microsoft Articles
The Ultimate Guide to App Consent in Microsoft Entra
Learn about Microsoft 365’s app consent changes with Erin Greenlee. Discover how the July 16, 2025, secure-by-default policy can impact your users.
In this episode, I sit down with Erin Greenlee, the Product Manager for App Consent on Microsoft’s App Platform Team. We dive into the critical world of app consent and the upcoming Microsoft 365 secure-by-default changes. We explore the nuances of user and admin consent, the impact of the mid-July 2025, policy shift, and how admins can prepare for a mo…
Entra 🆔 News #103 → This week in Microsoft Entra
Read about changes in retention to audit history of access reviews, new Microsoft managed app consent policies, info on retirement of Azure AD Graph and Azure AD PowerShell.
👋 Hi there! Merill and Joshua here, bringing you this week’s global roundup of Microsoft Entra news.
Entra 🆔 News #101 → This week in Microsoft Entra
Learn about the Conditional Access features that just went GA, a very special podcast episode and more!
👋 Hi, Merill and Joshua here!
Entra 🆔 News #102 → This week in Microsoft Entra
Learn about upcoming changes to app consent policies 📱✅, passkey authentication method policy 🔑, and more! 🌟
👋 Hi, Merill and Joshua here with this week’s roundup of the latest news on Microsoft Entra from around the globe 🌍.
Pushing Microsoft Entra to its Limits to Secure On-Prem AD
Learn about phish resistant auth for on-prem accounts, privileged access workstations, just-in-time to AD and more...
In this episode, we talk with an identity expert, ex-Microsoftie and Principal Domain Architect, Mark Renoden, about creating a modern Privileged Access Management (PAM) solution for on-premises Active Directory. Discover how to build a secure "Bastion Forest" architecture using Microsoft Entra. We talk about PIM for Groups, group write-back, phish-resi…
Pramod
•
Jun 22
Thanks for the video. Nice stuff.
Once the JIT is enabled, are the admin accounts used to manage the on-premises AD using PAW use any password or is it passwordless/ FIDO/ Windows Hello?
Microsoft Insiders: June Updates
New tools, articles, courses and discussions—let's get caught up!
Hello Insiders!
Microsoft Sentinel is now in the Microsoft Defender portal🚨
If you're still operating from the Azure portal, now is the time to transition and unify your SIEM and XDR experience.
In Sentinel, I'm able to decide which connectors to pull in events from (ie, not to pull in DLP incidents). I don't seem to have that same ability once I'm connected in the Unified Experience.
We have a separate team that generates hundreds of alerts per day for DLP policies that randomly get correlated with items we're looking at as Security Operations... and when we close our investigation, we close their alerts and mess up their stats and workflow.
If only we had a way to filter these out so they didn't get correlated. Similar to the toggle button we were given for IRM...
Microsoft Dependency Has Risks
This is not an opinion, this is not an opinion... it's an opinion, isn't it?
There was a recent incident where Microsoft somehow allegedly blocked a mailbox of a sanctioned individual. Any organization highly depending on MS products that might come into the crosshair should ask - can this happen to me? What would be the cost? How much I invest into prevention of this scenario? In this article I try to get the facts straight and…
A mostly good article, but to be honest, there are a number of things where I think you are wrong. One is: "From these, the email point seems to be most critical. In 2025, you really want a big provider to handle your emails - this point is so non-controversial that you have hosting companies advocating against hosting your own email."
Actually, letting a big provider handle my emails is absolutely the last thing I want - simply because, by design, they do it badly. If you want someone else to decide what you should and should not receive (in the name of blocking spam) - fine. If you want your incoming mail to be randomly tossed in the digital bin, without either the sender or yourself having any clue that's happened - fine. If you want to be subject to someone else's whims as to what's acceptable - fine. And as you point out in the blog, if you want to be subject to being disconnected "because ..." - fine If you want to be at the risk of your account (and all the email in it) to be deleted (whether by accident or malice) - fine. If you are fine with all of these then go ahead and trust your email to someone else and someone else's computer.
OK, I'm a techie and been in It for <cough> decades. But it actually isn't hard to run your own mail server. And if you do, then you can decide your own policies as to what is and isn't spam, and the biggest for me is that you can filter mail the only sane way (and which AFAIK not one of the big providers does) - and that is to decide whether it's going to be delivered, and if it isn't then you don't accept it. Lest there be any doubt there - AFAIK every large provider will accept mail (so to the sender's mail server "it's been delivered") and then throw some of it away.
Of course, someone with services to sell will egg up the problems. DNS is not hard. SPF is not hard. DMARC is not hard. Staying off blacklists is not hard (if you are only handling your own traffic, and generally not too much of a problem if doing it for clients). It is true that the big providers are more than happy to put blocks in the way of small providers (they'd rather you gave them money to mis-manage your email) - but in more than 2 decades of running my own mailserver (and with a previous work hat on, running one for clients) there have been relatively few issues. In general, the hardest part (running my own mail, on my own server at home) has been finding the forms the various providers have to say "actually, this is a real mailserver at this address" when blocked for being a "residential" address - but once found, I've found even AOL would accept my mail !
For good measure, I have access ot the unadulterated logs, and can turn up the logging level if needed to debug a problem.
I can understand hosting providers being against running your own mail servers. Firstly, again you usually are competing with a service they'd be happy to sell you. Secondly, I suspect that while it's not too onerous, there will be many clients who won't manage it and then expect the hsoting provider to sort out whatever mess they've got into. Other providers are simply against it because they think you should be paying them instead - but that's just business.
Lastly, there is one really REALLY important reason why any business (in Europe or the UK) cannot outsource it's email to the big providers - it is my opinion that it cannot be done legally !
I know that (for example) Microsoft will provide assurances that you can, you can arrange for all your data to stay within Eurpoean data centres, and so on. But you hinted that DNS is hard - and if you use Microsoft's mail systems, then the domain microsoft.com is involved. That is under US control, and so in the US they have the power to direct your login and authentication anywhere they want - e.g. they could collect an authentication token to give themselves access, or just plain route you through a dummy sign-in and harvest your credentials. Now, if someone has that level of control, can you tell me my data is 100% safe from them ? And if it isn't, then it's illegal under European and UK data protection laws to put any personal information (and that will include email) at that risk. Perhaps I'm just paranoid, but we've seen Microsoft hand over data held in data centre in Ireland as soon as the CLOUD act was passed.
YSOD??
From Active Directory to AI Agents: The 25-Year Saga of Microsoft's Identity
This episode is for the die hard AD + Azure AD + Entra fans! The history of Microsoft Identity like it's never been told before.
In this very special episode, I sit down with the "Yoda of Entra" himself, Tarek Dawoud, who also happens to be my manager!
Microsoft, Google, and Amazon's Quantum Launches
Chapter 1 of the Quantum Computing Series. Discussion about what progress big companies are really making in this field, and the state of quantum computing, with Joel Pendleton of Conductor Quantum
About the Quantum Computing Series
ATTENTION Microsoft Partners: Unlock 2025 Partner Benefits with Security & Modern Work Specializations 💵
Solutions Partners who earn a Security or Modern Work specializations now gain access to exclusive incremental product benefits — designed to enhance your service offerings and accelerate business growth.
OpenAI and Microsoft: The Gloves are Coming Off
The alliance that shaped AI’s rise is breaking under the weight of its own success
We’ve talked before about the $13 billion knot binding the world’s most valuable enterprise software giant to the most hyped startup of the AI era. Microsoft and OpenAI - the original AI frenemies.
Dinosaur leaders seen off by being out of step
ALSO: Microsoft says we're living an infinite workday
You might vaguely remember the headlines last year when Seb James, the CEO of Boots announced that working in the office was proving so ‘fun and inspiring’ that he’d decided to give an inflation busting fun rise to all employees. Boots office employees would be back in the office five days a week by the the end of the summer
Hi Bruce, thank you for this insightful post. I'm training to be a nurse in the NHS after many years in corporate and NGO desk-based jobs. It has been quite profond to see the impact of effective teamwork, senior staff role-modelling behaviour and a culture of learning on quality of care, performance and staff morale. I'm talking about some wards/units - not all of course. I am also reminded of something an American friend said to me recently in discussions about hierarchy and team-work; "Some people kiss up and kick down, some people kick up and kiss down"...now I wonder what gets the best results?....
Love this!!! Yeah, let’s not fight the dinosaurs.
They’re good at fighting.
Let’s just leave them behind and go in and do our own thing.
Entra 🆔 News #99 → This week in Microsoft Entra
Learn about linkable identifiers in Entra Sign in logs going GA, public preview of TLS inspection in Entra Internet Access, decommissioning Active Directory and more!
👋 Hi, Merill and Joshua here with this week’s roundup of the latest news on Microsoft Entra from around the globe 🌍
Microsoft Stock Holds Steady as AI Drives Workforce Shift
Microsoft cuts again—AI efficiency or hidden trouble ahead?
How to avoid Wall Street’s Bitcoin trap (From Brownstone Research)
Why Embracing Microsoft 365 Copilot Accelerates Your Professional Growth
Imagine what you could do with more time and less stress at work. Microsoft 365 Copilot helps you work smarter, not harder. You see real results—users report up to 70% higher productivity and finish tasks 29% faster. Take a look:
Germany & Denmark Ditch Microsoft
Others will follow soon
Brought to you by WriteStack* — an exciting Substack tool and extension for professional Substackers
Outside of USA I'm sure savvy people have been drifting away from MS for a long time. I haven't used Outlook in years, or any office product at home for... I can't remember how long. Good move by Denmark. Trump doing a great job of isolating the US
I have been a fan of using open-source software for a while. I still use Microsoft Office 2007. I haven't used Office 365 due to pricing and privacy concerns. I think that this is a great decision.
The growing rift between OpenAI and Microsoft - Sync #524
Plus: OpenAI secures $200M contract with US DoD; Meta aggressively recruits big names for its AI lab; 1X Redwood; Sam Altman on GPT-5 and ads in ChatGPT; cyborg embryos; and more!
Hello and welcome to Sync #524!
💰BlackRock just became a Bitcoin whale — quietly.
PLUS: Why is Alphabet cheaper than Apple, Microsoft, and Amazon?
Today’s edition is brought to you by Bitget - We partnered with Bitget to bring you a top offer: deposit at least 100 USDT and instantly claim a 200 USDT trading voucher. Rewards go up to $5,000 for active users—don’t miss it!
Blackrock is known for politicizing capitalism Leftward. In my opinion, the Lefties naturally support fiat and oppose hard money Bitcoin, because they siphon the value off of the fiat, and use it for Lefty social engineering and vote buying.
Why Travel Allowlists Cause More Pain Than Protection
“Only allow log‑ins from known places” sounds great, but falls apart in practice.
This week, I wanted to dive into a “feature” of many detection systems that ends up harming security teams more than helping them: travel allowlists.
50 Years of Microsoft and Developer Tools with Scott Guthrie
Scott Guthrie, a 28-year Microsoft veteran shares the inside story of how the company evolved its developer tools—from Visual Basic to Azure, VS Code, and GitHub—and what’s next with AI.
Stream the Latest Episode
🧠 OpenAI vs Microsoft, WhatsApp AI Recaps, App Store Fight
Plus: Creative Commons Unveils AI Data Rules; Deep Tech Boosts IFC.
Good morning. It’s Thursday, June 26. Today we are covering:
Microsoft Faces Its Own Pirate Books AI Lawsuit - DTNSB 5048
Creative Commons launched CC Signals to do for datasets what it did for creative works, and Dr. Niki discusses why seals are learning to play video games.
DeepMind's AlphaGenome, Microsoft AI's MAI-DxO, Arc Institute's State 🚀
Health Intelligence (HINT)
2025-06-30
Related Microsoft Substacks
