Practical articles on IT, Microsoft 365, AI and digitalisation.
New articles straight to your inbox.

From Q3 2026, Microsoft automatically rolls out Intune Suite capabilities for E3 and E5 tenants. Remote Help, Advanced Analytics, Endpoint Privilege Management, and Cloud PKI are now included. But provisioning is not the same as use: without configuration, none of these capabilities reach your end users.
Read article →
Conditional Access policies grow with your environment — but so do the gaps. New employees, shadow IT applications, AI agents with their own identities: each can fall outside your existing policies. The Conditional Access Optimization Agent in Microsoft Entra scans your tenant daily and shows exactly where coverage is missing.
Read article →
On 6 July 2026, Entra ID Conditional Access extends to Windows Hello for Business enrolment and macOS Platform SSO registration. Policy requirements such as trusted locations and authentication strength will then apply during device registration — not only at sign-in. Which policies need reviewing, and what can you still do this week?
Read article →
Microsoft is rolling out Authoritative Sites for SharePoint in Copilot this week. With a single PowerShell command you mark a site as a trusted source, so Copilot Chat and Copilot Search consistently prioritise its content over random documents elsewhere in the tenant. How it works, which sites to mark first, and how it relates to Restricted Content Discovery.
Read article →
Microsoft has rolled out the Vulnerability Remediation Agent for Intune to all customers in public preview this month. The agent analyses CVE data from Defender Vulnerability Management, prioritises vulnerabilities per device, and surfaces remediation recommendations directly in the Intune admin centre. How does the new Entra agentic identity work, which licences are required, and what can you configure this week?
Read article →
Calling over the internet has long been the standard, but what is under the hood? We explain VoIP for SMEs, from SIP and codecs to IVR and call queues, and how to switch without hassle.
Read article →
Two named vulnerabilities — YellowKey and Bitskrieg — show that BitLocker without a startup PIN can be bypassed. The permanent fix is in the June 2026 Patch Tuesday. But patching alone is not enough: organisations that keep using TPM-only remain structurally exposed. How do the attacks work, how do you configure TPM+PIN via Intune, and what should you do this week?
Read article →
Organisations that connect Duo, RSA or another external MFA provider through Conditional Access Custom Controls must migrate to External MFA before 30 September 2026. Microsoft is replacing the legacy Custom Controls approach with an OIDC-based standard that integrates more deeply and is more secure. What changes, which steps are required, and how much time is left?
Read article →
Microsoft is rolling out the new SharePoint experience between mid-June and mid-July 2026. The rollout is mandatory with no permanent opt-out. Admins can request up to six months of delay, but after that the new navigation structure is final. What changes, and which steps do you take now?
Read article →
With Intune service release 2603, the security baseline for Windows 11 25H2 is now available. Nine settings have changed, existing 24H2 profiles are not auto-updated and become read-only. Which two settings need the most attention and how to complete the migration in four steps.
Read article →
In 2026 ransomware attackers first disable your security software — then they strike. BYOVD techniques and encryption-less extortion have become the new standard. What are EDR killers, how does BYOVD work, and which four measures break the attack chain?
Read article →
Attackers are calling employees via Teams posing as IT support or banks. Vishing grew 442 percent last year. Microsoft's new brand impersonation protection detects suspicious calls in real time. What do your employees see, what do you need to configure, and what additional measures help?
Read article →