Before You Enable Copilot for M365: The Security Checklist Every Admin Needs
The security baseline every M365 admin needs before enabling Copilot: permissions hygiene, sensitivity labels, DLP, audit logging, and oversharing remediation.
Phil Rowland
Purview Sensitivity Labels: The Only Guide You Need in 2026
Design a Purview sensitivity label taxonomy that works with Copilot. Covers label architecture, encryption gaps, licensing tiers, and enforcement sequence.
10 Microsoft 365 Copilot Risks That Aren't in Your Threat Model (But Should Be)
Copilot doesn't bypass your permissions — it makes bad permissions consequential. Ten specific risks, mechanisms, and mitigations for M365 Copilot deployments.
Axios npm compromise: determine your exposure and remediate in 20 minutes
Two axios versions on npm delivered a cross-platform RAT on March 31. Here's how to determine if your environment is affected and what to do about it.
Zero Trust on a Small-Team Budget: A 30-Day MVP Playbook
Learn a practical 30-day Zero Trust MVP approach for small IT teams, including identity-first controls, phased rollout, and measurable security outcomes.
Passwordless Rollout Without User Revolt: A Phased Strategy for SMBs
A step-by-step guide for SMBs to roll out Microsoft passwordless authentication — Authenticator, Windows Hello, and FIDO2 — without locking users out or flooding the helpdesk.
Coming soon
This is Mitten State Publications, a brand new site by Phil Rowland that's just getting started. Things will be up and running here shortly, but you can subscribe in the meantime if you'd like to stay up to date and receive emails when new content is