Articles - Check out the latest news

Cloud Adoption Framework - How management groups fix the security chaos you've been tolerating On her first day, Marta opened the Azure portal and counted the subscriptions sitting directly under the root management group. Forty-seven. No hierarchy. No inherited policy. No consistent RBAC. Security alerts lighting up Defender for Cloud with no clear owner. Every team had provisioned what they needed, when they needed it, under whoever had Owner rights that week. The tenant ha

Series · Part 2 of 2 Access controls, permission models, data protection through sensitivity labels, governance tooling, and compliance. You have done Part 1. Conditional Access is configured. Private Links are under discussion. The network team is happy, or at least no longer actively unhappy. You have a presentation slide that says "Authentication via Entra ID — always on" and a compliance officer who has stopped asking uncomfortable questions. And then a data analyst sends

Access is rarely gained through a dramatic technical exploit or by “breaking down a digital wall.” More often, an attacker signs in with valid credentials and moves quietly through systems, staying under the radar long enough to find what they need.

Series · Part 1 of 2 How the platform authenticates, how network traffic is controlled, and why the SaaS model changes what you actually need to worry about. It always starts the same way. The Fabric proof-of-concept goes well. The data team is excited. Someone in leadership says "let's move this to production," and then — somewhere between the handshake and the go-live — security has a meeting with the platform team, and the platform team says something they really should no

This is the first article in a series of five, describing what MCP is, why you need it, and how it helps AI agents talk to your system. 

Most teams do not struggle with creating the first AI agent. They struggle with creating the fiftieth.

Understanding the architecture of Verified ID is one thing; seeing how it transforms real business processes is another. This section explores concrete use cases and the tangible benefits organizations achieve when implementing this technology.

In late January 2026, Microsoft introduced a preview of Unified Tenant Configuration Management (UTCM) APIs in Microsoft Graph (/beta). The promise is straightforward: baseline your tenant configuration, monitor it on a fixed schedule, and detect configuration drift across multiple workloads through one unified API surface.  If you are a CISO, CTO, or a security-minded advisor, the strategic value is not “yet another API.” It is a platform capability.

You want to let teams build and use agents without creating a parallel identity estate you cannot explain, audit, or shut down. You want autonomy with boundaries, and speed with accountability. Why Governance Fails in Predictable Ways Governance for AI agents fails in predictable ways. Not because people do not care, but because the old playbooks assume either a human user or a classic application. Agents sit in the middle: they can act with user-like impact, with application

AI agents are moving from experiments to infrastructure. They read, decide, and act. Sometimes in response to a human. Sometimes on their own. The speed is the feature. The speed is also the risk.