Incident Readiness Without a SOC: A 30-Day Plan for Lean IT Teams
How lean IT teams can build incident readiness in 30 days: logging baseline, escalation runbook, and tabletop exercises without a dedicated SOC.
Latest
Secure SaaS Offboarding in Under 24 Hours: The Revocation Sequence IT Teams Actually Need
A step-by-step SaaS offboarding sequence for IT teams: revoke tokens, audit PATs, close SCIM gaps, and collect SOC 2 and ISO 27001 audit evidence.
Microsoft Purview Auto-Labeling Policies Reach Full GA: What Compliance Admins Need to Know
Auto-labeling policies in Microsoft Purview reached full GA in April 2026. Learn what changed, what file types are covered, and how to deploy correctly.
Why Passwordless Pilots Fail: Five Mistakes That Derail Microsoft Entra Rollouts
Passwordless pilots in Microsoft Entra fail for predictable reasons. This post names five failure modes and gives you one concrete fix for each.
What Microsoft Defender Actually Catches (and Where It Goes Dark)
Microsoft Defender for Identity covers 30+ credential access alerts. But execution and C2 are nearly empty without MDE. Here's what to verify in your deployment.
The threat to critical infrastructure has changed. Has your readiness?
Five-year dwell times and living-off-the-land techniques have changed what critical infrastructure readiness means. Here's what actually closes the gap.
AI Is Now an Attack Surface. Most Security Teams Are Still Treating It Like a Tool.
Threat actors are now targeting enterprise AI systems, not just using AI as a tool. Here are three controls security teams can implement without a new platform.
Before You Enable Copilot for M365: The Security Checklist Every Admin Needs
The security baseline every M365 admin needs before enabling Copilot: permissions hygiene, sensitivity labels, DLP, audit logging, and oversharing remediation.
Purview Sensitivity Labels: The Only Guide You Need in 2026
Design a Purview sensitivity label taxonomy that works with Copilot. Covers label architecture, encryption gaps, licensing tiers, and enforcement sequence.
10 Microsoft 365 Copilot Risks That Aren't in Your Threat Model (But Should Be)
Copilot doesn't bypass your permissions — it makes bad permissions consequential. Ten specific risks, mechanisms, and mitigations for M365 Copilot deployments.
Axios npm compromise: determine your exposure and remediate in 20 minutes
Two axios versions on npm delivered a cross-platform RAT on March 31. Here's how to determine if your environment is affected and what to do about it.
Zero Trust on a Small-Team Budget: A 30-Day MVP Playbook
Learn a practical 30-day Zero Trust MVP approach for small IT teams, including identity-first controls, phased rollout, and measurable security outcomes.
Passwordless Rollout Without User Revolt: A Phased Strategy for SMBs
A step-by-step guide for SMBs to roll out Microsoft passwordless authentication — Authenticator, Windows Hello, and FIDO2 — without locking users out or flooding the helpdesk.
Coming soon
This is Mitten State Publications, a brand new site by Phil Rowland that's just getting started. Things will be up and running here shortly, but you can subscribe in the meantime if you'd like to stay up to date and receive emails when new content is