This is the first post on this blog, so a short explanation of what you can expect here seems appropriate.
I work daily in Microsoft 365 environments where compliance is not a paper exercise but a requirement: BIO2, NIS2, and the Dutch Cybersecurity Act. What stands out most in that work is the gap between thinking everything is configured correctly and being able to prove that it is. Almost every organization has policies. Far fewer organizations can demonstrate, on any random Tuesday afternoon, that their tenant actually complies with those policies.
That gap is what this blog is about.
What you'll find here
The topics will be familiar if you've already looked around this site:
- Microsoft 365 governance: ownership, lifecycle management, external sharing, and why a decision log is often more valuable than a thick policy document.
- Compliance frameworks in practice: what BIO2 and NIS2 actually mean for a Microsoft 365 tenant, translated into configuration instead of intention.
- Automation with PowerShell: measuring configuration instead of assuming it, using tools such as Microsoft365DSC, Microsoft Graph, and the familiar PowerShell modules.
- Azure: where it intersects with the modern workplace, from Conditional Access to logging.
You won't find rewrites of product announcements or "10 tips" listicles. Instead, you'll find real-world scenarios I've encountered, worked out into something you can reproduce yourself.
Publishing cadence
I'm aiming for a weekly schedule, with the usual caveat that client work comes first. If you don't want to miss a post, there's an RSS feed, and I announce the larger articles on LinkedIn.
Have a question or a topic you'd like to see covered? Get in touch.