365 DEFENDER
Microsoft 365 Security Experts
Security Projects

Real-world Microsoft 365 security projects & walkthroughs.

A sample of the work we do across Entra ID, Intune, Defender XDR, Purview, and Microsoft 365 email security. Each project highlights the problem, the approach, and the impact.

Identity & Access Management (Entra ID)
Securing identities, enforcing MFA, and reducing sign-in risk without breaking access.
Entra ID

Conditional Access MFA Setup

Designing and rolling out Conditional Access policies to enforce MFA for admins and users in phases.

Outcome: 99% MFA coverage, reduced high-risk sign-ins.
View walkthrough →
Entra ID

Sign-in Risk Policies

Using risk-based Conditional Access to challenge or block sign-ins from suspicious locations and devices.

Outcome: Automated response to risky sign-ins.
View walkthrough →
Entra ID

Blocking Legacy Authentication

Gradually disabling legacy protocols and client apps that bypass modern authentication and MFA.

Outcome: Closed a major path for credential stuffing attacks.
View walkthrough →
Intune & Defender XDR
Hardening endpoints and improving Secure Score with Intune, Defender for Endpoint, and ASR.
Threat Protection

Improving Secure Score

Targeted remediation of top-risk actions to move Secure Score from the 30s into the 80s.

Outcome: Secure Score 38 → 82 in 45 days.
View walkthrough →
Defender XDR

ASR Rule Baseline

Designing Attack Surface Reduction policies and phased rollouts to minimize disruption.

Outcome: Blocked common malware and LOLBins without breaking key apps.
View walkthrough →
Intune

Intune Compliance Policy Setup

Defining baseline compliance policies for Windows and mobile devices tied into Conditional Access.

Outcome: Clear view of healthy vs. non-compliant devices.
View walkthrough →
Purview & Data Protection
Protecting sensitive data with labels, policies, and insider risk controls.
Purview

Data Classification Policies

Designing a practical sensitivity label taxonomy and mapping it to real-world use cases.

Outcome: Users can easily choose the right label for the job.
View walkthrough →
Purview

Insider Risk Management

Configuring insider risk policies to detect risky file exfiltration and anomalous activity.

Outcome: Early warning on abnormal data access patterns.
View walkthrough →
Purview

DLP (Data Loss Prevention)

Building email, Teams, and endpoint DLP policies focused on a few high-value data types.

Outcome: Fewer accidental leaks of sensitive information.
View walkthrough →
Email & Collaboration Security
Stopping phishing, spoofing, and abuse across Exchange Online and M365 services.
Email Security

DMARC Setup

Implementing SPF, DKIM, and DMARC with a safe transition from monitoring to enforcement.

Outcome: Spoofed messages significantly reduced.
View walkthrough →
Email Security

Tenant Allow/Block Lists

Using allow/block entries and Tenant Allow/Block List to handle edge cases without weakening security.

Outcome: Fewer false positives while staying locked down.
View walkthrough →
Awareness

User Email Reporting

Rolling out phishing and spam reporting buttons and connecting them into Defender workflows.

Outcome: Users become a detection asset, not a liability.
View walkthrough →