I can't believe I still see this in security recommendations, compliance requirements or advise given in social media.

We're saving well over two million dollars per year on this cloud exit. We got much faster gear (local nvme storage vs network mounts is a game changer!). We own all our hardware. And when things go down, we can actually do something about it ourselves.

When “Block All” in Conditional Access blocks too much… 🔒 Until recently, guest users couldn’t change their MFA methods when you blocked all cloud apps. The My Sign-ins app is now selectable in Conditional Access 🎉 Finally possible: ✅ Limit guests to M365 resources ✅ Keep

There’s a less known edge case for fortinet devices where, rather than act merely as a remote code execution platform, they can serve as firewalls

The Office of the eSafety Commissioner has produced a guidance note to assist social media companies with the fast approaching under 16 social media ban. The methods used to verify age are likely to include the disclosure of sensitive data like documents, facial scans, location

Did you know Entra ID Protection never automatically clears Medium or High risk? We either need to use Risk Based Conditional Access policies to remediate or an admin needs to manually remediate User risk = password reset Sign-in risk = require MFA https://t.co/T1KT4DQbhl

Please stop using Private browser sessions for cloud admin accounts Look, we all know we shouldn't be using admin accounts while signed into our productivity account, but if you're gonna do it, at least use browser profiles so you can enforce compliance https://t.co/e8I882Lh9w

Cookie banners have been a blight on the internet. Worse than the old scourge of pop-up advertisements! They need to die entirely. The idea has failed. Nobody reads any of it. If you want to ban targeted ads, do that. Let's see if the EU can correct,

This is the embodiment of Christianity. Forgiving the man who assassinated your husband while you’re grieving at his funeral because that’s what Christ did for you. God bless Erika Kirk.

Is it just me, or does this UI choice in Firefox drive other people mad too? Burying "Close Other Tabs" in a sub-menu when something as rarely-used as "Close Duplicate Tabs" gets a spot on the main context menu.

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog:

Was just looking at the issues on a MCP-related repo, saw this cheeky GitHub Issue... #mcp #promptinjection

Sentinel UEBA got a welcome set of new data sources ◽Defender XDR device logon events ◽Entra ID managed identity signin logs ◽Entra ID service principal signin logs ◽AWS CloudTrail ◽GCP audit logs ◽Okta MFA https://t.co/l9ZLvnDQ0U

This (in preview) feature in M365 looks like a great fit for sending emails from MFDs, line of business apps. It only permits sending to internal recipients.

This "Always Works" command/hook for Claude Code is mega handy. I've lost count of the number of times it has told me that things are working when it hasn't even checked. https://t.co/U3OL1rGBy8

A bunch of apps I’ve been poking around with lately interact with Dataverse using $batch queries. Not seen much chatter about it, but really handy to subvert intended logic when the queries and writes are just … there. Any authz issues are super obvious too 👁️👁️

Microsoft have released a great (free) Zero Trust Workshop that helps organizations with an actionable roadmap to achieving zero trust in their organization. https://t.co/dcqjcTcSXA https://t.co/08Gu0UVzjV 00:00 - Introduction 00:07 - Zero Trust 101 00:22 - NIST zero trust

A chat with my teenage son about SIEM detection rules (he saw me working on some) pivoted into MITRE, TTPs, network services/ports, and a trip around Shodan. Ridiculous what's still exposed to the web in this day and age. We just spent 15mins looking at RTSP and VNC screenshots.

Even though Microsoft provided a PowerShell command in April 2025 to disable the SMTP DirectSend feature in Exchange Online, we are still seeing attackers successfully reach the inbox for organizations that do not have their DMARC DNS Record set to Reject or Quarantine. According

I also have some potential use cases for the hooks feature.