created content
Presentations, publications and patents.
Books
2024
The Definitive Guide to KQL: Using Kusto Query Language for Operations, Defending, and Threat Hunting purchase options.
Microsoft Press: Exam Ref SC-900 (2nd Edition) purchase options.
2021
Microsoft Press: Exam Ref SC-900 (1st Edition) purchase options.
Presentations
2024
MacAdmins Conference: Best Practices for Deploying Platform SSO with Microsoft Entra ID video
2023
SANS Cloud Security Summit: Real World Lessons Learned from 18 months of CIEM implementations in the Enterprise video.
JAMF JNUC 2023 Jamf and Microsoft Entra ID Conditional Access video.
Microsoft Security: Final steps to remove ADFS video.
2022
Defcon 30 BTV: Improving security posture of MacOS and Linux with Azure AD video.
Objective by the Sea v5.0 Improving macOS Security by Reducing Authentication Prompts video.
JAMF JNUC 2022 Top 5 Ways to Improve Your Apple End User Experience in M365/Azure AD video.
MacAdmins Campfire Session Week 7.2: Top 5 Ways to Improve Your Apple End User Experience in M365/Azure AD video.
2021
Defcon 29 BTV: Modern Authentication for the Security Admin video.
SANS Blue Team Summmit: Modern Authentication for the Security admin video.
2020
Authenticate: Sucess strategies for your strong authentication journey video.
BSides: Hiding in the cloud: How attackers can use applications for sustained persistence and how to find it video.
2019
Blackhat: Attacking and defending the Microsoft cloud (Office 365 & Azure AD) video.
Microsoft Ignite: Shut the door to cybercrime with identity-driven security 2019 edition video.
Microsoft Ignite: Leverage the cloud to strengthen your on-premises Active Directory security video.
2018
Microsoft Ignite: Shut the door to cybercrmie with identity-driven security 2018 edition video.
Microsoft Ignite: Hybrid identity and access management best practices video.
2017
Microsoft Ignite: Azure Active Directory best practices from around the word video.
Podcasts
2024
MacAdmins Podcast Episode 392: Michael & Mark on Entra ID. link
SANS Blueprint Episode 55 “How Phishing Resistant Credentials Work”. link
The Microsoft Threat Intelligence Podcast Episode 28 “The Inside Scoop on Using KQL for Cloud Data Security”. link
The Cloud Architects Episode 84 “Entra like Magenta”. link
2023
MS EMS Community Podocast Episode 03 “Identity and Security and Endpoints, Oh My!” link
2022
SANS Blueprint Episode 31 “Azure AD Threat Detection and Logging”. link
2021
SANS Blueprint Episode 22 “Microsoft Incident Response Playbooks”. link
2020
SANS Blueprint Episode 07 “Passwordless- Can it be done?”. link
20019
The Cloud Architects Episode 26 “There is no choice that is do nothing and stay secure”. link
Articles & Blogs
2022
JAMF Blog Guest Post: Best practice when working with Azure AD article.
2021
ID Pro Vol1 Issue 6: Authentication and Authorization article.
Decreasing Attacker Dwell Time in Azure Active Directory SANS white paper.
2020
Azure AD Mailbag: Identity Protection article.
Azure AD Mailbag: What is identity provisioning and why does it matter? article.
2019
Azure AD Mailbag: Tips for Azure AD reportin and monitoring your day-to-day activies article.
Azure AD Mailbag: MFA Q&A Round 8! article.
Azure AD Mailbag: Return of the mailbag with Azure AD Logs article.
2016
Azure AD Mailbag: Syncing with Azure AD Part 3 article.
Azure AD Mailbag: Hybrid Identity and ADFS Part 2 article.
Azure AD Mailbag: Hybrid Identity and ADFS article.
Azure AD Mailbag: PowerShell Tips and Tricks! article.
Azure AD Mailbag: MFA Q&A, Round 2! article.
Azure AD Mailbag: Syncing with Azure AD Part 2 article.
Azure AD Mailbag: Q&A on Azure MFA article.
Azure AD Mailbag: Azure AD App Proxy article.
Azure AD Mailbag: PowerShell trips and tricks article.
2015
Azure Ad Mailbag: Syncing with Azure AD Connect article.
Azure AD Mailbag: Self-Service Password Reset article.
New Series: The Azure AD Mailbag article.
2011 to 2015
When I was a Premier Field Engineer, several of us wrote on the AskPFEPlat blog. This is the tag to the 59 posts.
Patents Awarded
2024
Sharing security settings between entities using verifiable credentials link.
2022
Cloud-based privileged access management link.