I’m an expert in Microsoft 365 and Entra ID (previously Azure AD). I have specific expertise in security assessments, mergers, and migrations. My preferred tool is BitTitan MigrationWiz for migrating Exchange Online mailboxes, OneDrive files, SharePoint files, and Teams.
Here are testimonials and five reasons we should speak further.
- Entra ID and Microsoft 365: I spent 14 years in Microsoft’s Identity division, the last seven helping customers get the most value out of their investments in Entra ID and Microsoft 365. I have an Entra ID engagement framework and a Conditional Access workshop to help ensure nothing is overlooked.
- Intune, Azure Arc, Defender, AWS: I worked with a client deploying Intune, Azure Arc, and Microsoft Defender for Endpoint to get workstations and AWS servers compliant with HITRUST.
- MFA, SSO, and Group Configuration: Part of my work at Microsoft was to root cause, mitigate, and plan prevention for security breaches. I am familiar with the security controls in both Entra ID and Microsoft 365 that can prevent breaches. These include Entra MFA, Conditional Access, and passwordless/phishing-resistant authentication methods like FIDO2 and Windows Hello for Business. I have helped customers get these SAML integrations configured – most recently configuring SAML federation with Google Workspace and receiving this testimonial from a Washington DC firm.
- Security Best Practices: I delivered half a dozen Azure AD Assessments involving a 3-hour customer interview, PowerShell scripts, and a 90-minute findings review. I was responsible for the Identity division’s demo environment at Microsoft, ensuring it was configured using security best practices from Azure Bastion to Privileged Identity Management. My team developed best practice guidance for industry analysts like Gartner for securing cloud infrastructure. Here is a blog post, an Entra ID assessment framework, and a Microsoft 365 assessment framework.
- Secure Software Development: My most profound expertise is with React and .NET, which underlie my security product. However, I have helped clients on other platforms. One client had trouble integrating Entra ID as the IDP for his AWS-based Java Spring Boot app. Another needed to enhance their single sign-on implementation in Laravel/PHP. Here are the GitHub repositories for these samples:
- AWS-based Java Spring Boot app (token-mediated backend vs. a BFF architecture)
- Single sign-on implementation in Laravel/PHP (Sanctum for front-end auth to BFF, Azure AD for auth from BFF to Azure AD)
Here are security courses I recommend to bolster your security knowledge:
- SANS SEC540: Cloud Security and DevSecOps Automation 5-day course
- Pragmatic Web Security: Cutting-edge React security 1-day workshop
- Pragmatic Web Security: API Security Best Practices 2-day workshop
Most exploits over the past ten years could have been prevented by (1) using MFA and cert-based-auth (Okta, SolarWinds, Microsoft), (2) patching servers (Equifax), and (3) blocking social engineering in the account recovery flow (MGM). Of course, other measures exist, such as token binding to prevent exfiltration (Evilginx2), token audience verification by your apps (Grammarly), etc. For a complete list, please refer to 25 Simple Ways to Secure Your Apps.
Root causes for the breach recoveries I worked on include phishing and compromise propagation from on-premises to the cloud.
- Identity Platforms (Azure AD, Google Workspace, Okta, ForgeRock).
- Development Frameworks: ASP.NET Core, Java Spring Boot, React, Angular, Telerik KendoReact
- Security best practices: Phishing Resistant MFA, Privileged Identity Management, Azure Bastion
- Azure Architecture: Azure Functions/Web App Service/Service Bus/CosmosDB/SignalR
- DevOps best practices: CI/CD Pipelines, Git, Azure DevOps, Bicep Infrastructure as Code