If you’re here, you probably manage, secure, or architect Microsoft 365 environments and you’ve hit the same wall I keep hitting: the official docs tell you the what but rarely the why or the what-if.
That’s the gap this blog tries to fill.
What you’ll get
Every post here is built on three rules:
- Hands-on. No theory dumps. If I cover a feature, I configure it, break it, and tell you what happened.
- Production-realistic. I write from the perspective of someone who has to live with the configuration on Monday morning, not just demo it in a lab.
- No vendor cheerleading. Microsoft does some things brilliantly. It also ships features that aren’t ready. I’ll tell you which is which.
What’s coming first
The first series I’m planning for 2026:
- Microsoft Secure Score as a Cyber GRC Instrument — A 4 to 6 parts series on turning Secure Score into a board-level governance tool. (Part 0, Part 1, Part 2 already published.)
A note on the format
Posts will often be long. Some will run 15–20 minutes of reading time. That’s intentional short posts on these topics tend to leave the most important questions unanswered. There’s a table of contents on every long post, and a search box in the menu. Use them.
If a post is part of a series, you’ll see a Series badge in the header and links to the other parts at the bottom.
Get in touch
If you spot a mistake, have a better way to do something, or want to suggest a topic, ping me on LinkedIn.
Related technical notes, implementation details, and supporting references are maintained here: Github