Iam-Sme

06/05/2026

I’ve always been frustrated by the limits and huge price of out of band comms tool. So I built my own.
It’s economical and extremely secure. Try it and let me know what you think.

Free trial of my BCP app is up.

21/08/2025

Quantum-Safe Security: Microsoft’s Strategic Leap into the Future

As someone who regularly scans the horizon for emerging security risks, I’ve been closely tracking the quantum computing shift, not just for its potential, but for its cryptographic consequences. The latest update from Microsoft confirms what many of us have anticipated: the quantum clock is ticking, and the time to prepare is now.

Microsoft’s QuantumSafe Programme is more than a technical roadmap, it’s a proactive, standards-aligned strategy to ensure cryptographic resilience across infrastructure, supply chains, and customer ecosystems. From integrating ML-KEM and ML-DSA into SymCrypt, to hybrid TLS key exchange support, the groundwork is being laid for a secure transition well ahead of the 2035 global deadline.

What’s reassuring is the phased, modular approach: foundational components first, followed by core infrastructure, and then full ecosystem coverage. This isn’t a quantum leap, it’s a methodical, multi-year migration that prioritises crypto-agility and legacy uplift.

Having worked across governance frameworks like ISO, NIST, and SOC 2, I’m particularly encouraged by Microsoft’s alignment with CNSA 2.0 and its early adoption targets for 2029. The inclusion of FrodoKEM in ISO standards and the Adams Bridge Accelerator in open-source silicon shows that this isn’t just theory, it’s operational.

Let’s be clear: quantum computing may be probabilistic, but Microsoft’s planning is anything but. The threat of “Harvest Now, Decrypt Later” attacks is real, and it’s refreshing to see TLS 1.3 being future-proofed with hybrid key exchange logic.

In short, Microsoft isn’t just observing the quantum wave, it’s collapsing the uncertainty and building a secure path forward. Entangled risks require disentangled strategy, and this is a textbook example of horizon scanning done right.

18/08/2025

My latest blog article.
A quick Peek at Copilot for Intune.

10/08/2025

🧠 Smarter Identity Security with AI: A Review of Microsoft Entra’s Latest Features

Microsoft has introduced two new AI-powered capabilities in Entra: the Conditional Access (CA) Optimization Agent and Security Copilot integration. Both aim to streamline identity security, reduce risk, and—if we’re lucky—make managing Conditional Access Policies (CAPs) feel less like deciphering ancient runes.

🛠 Conditional Access Optimization Agent: Finally, a Sanity Check for CAPs

This agent performs daily scans of your tenant, flags policy gaps, and offers one-click remediations. It logs its own activity, explains its logic in human-readable terms, and creates new policies in report-only mode so you can preview changes without triggering a fire drill.

Let’s caveat this clearly: it’s not a replacement for an experienced analyst. It won’t grasp the subtleties of your environment or the historical quirks baked into legacy access. But when you’re staring down hundreds of CAPs and trying to audit them without losing the will to live, it’s a productivity enabler worth noting.

🤖 Security Copilot in Entra: Conversational IAM, Minus the Guesswork

Security Copilot now sits inside the Entra admin centre, ready to answer your questions in natural language. Want to know which users are risky, which apps are misconfigured, or why your sign-in logs resemble abstract art? Just ask.

It’s context-aware, capable of resolving ambiguity, and even corrects itself when needed. It’s not clairvoyant, but it’s a solid companion for investigations and policy reviews—especially when time is short and the audit trail is long.

💸 Pricing: The SCU Shuffle

Now, the pricing. These features rely on Security Compute Units (SCUs), which are provisioned separately. The CA Optimization Agent only consumes SCUs when it runs, which is efficient—but understanding how many SCUs you need, when they’re used, and how this maps to your licensing tier (Entra ID P1 vs P2) is, shall we say, not immediately intuitive.

Microsoft’s documentation gestures toward clarity, but it’s more interpretive dance than financial transparency. If you’re budgeting for these features, expect to spend some quality time with a calculator and a strong cup of tea.

🧾 Final Thoughts

These additions are genuinely helpful—especially for environments with sprawling policy sets and limited time. The CA Optimization Agent is a welcome tool for audit-heavy workflows, and Security Copilot brings conversational ease to IAM investigations.

Just remember: AI can assist, but it can’t replace the strategic insight of a seasoned analyst. Think of it as a capable assistant—excellent at surfacing insights, but still best used under expert supervision.

You can read the full announcement on Microsoft’s Tech Community Blog.

10/08/2025

🕵️‍♂️ Book Review: Ctrl+Alt+Chaos by Joe Tidy – Teenage Hackers, Therapy Leaks, and the Grim Glory of Cyber Defence

Joe Tidy’s Ctrl+Alt+Chaos: How Teenage Hackers Hijack the Internet is a cracking read—equal parts investigative journalism and digital whodunnit. As the BBC’s cyber correspondent, Tidy has spent years embedded in the underbelly of the internet, and it shows. This isn’t a breathless romp through hacker folklore; it’s a well-researched, human-centred account of how adolescent mischief can spiral into global chaos.

🧑‍💻 Respect Where It’s Due: Cyber Pros Aren’t Just Background Characters

One of the book’s strengths is Tidy’s clear admiration for cyber security professionals. He doesn’t treat us as faceless firewall jockeys or clipboard-wielding compliance gremlins. Instead, he gives proper airtime to the investigators, analysts, and digital first responders who spend their days (and nights) untangling the mess left by script kiddies and seasoned operators alike. It’s refreshing to see the profession portrayed with nuance, rather than as a backdrop for Hollywood-style heroics.

🧠 The Vastaamo Leak: A Case Study in Malice

The chapter on the Finnish psychotherapy breach is particularly sobering. Tidy handles it with journalistic integrity and emotional intelligence, laying bare the cruelty of Julius Kivimäki (aka “Zeekill”) without resorting to melodrama. The blackmail of thousands of vulnerable patients—including children—is presented not just as a cyber incident, but as a moral failure of staggering proportions. It’s the kind of story that reminds you why we bother with all the tedious patching and policy-writing in the first place.

✍️ Writing Style: Pacy, Accessible, and Mercifully Free of Jargon

Tidy’s writing is brisk, engaging, and pitched just right. If I had to describe it, I’d say it reads like a well-briefed threat intel report written by someone who’s actually met a human. It’s technical enough to satisfy the infosec crowd, but clear enough that your mum could follow it—assuming she knows what a VPN is and doesn’t think “zero-day” is a bank holiday. It’s the rare kind of book you could leave in a communal office kitchen and not worry about someone thinking you’re trying to show off.

🧾 A Minor Quibble: Cyber Work Isn’t All Digital Derring-Do

If there’s one gentle criticism, it’s that the book might give readers the impression that cyber security is 99% chasing pantomime villains across the dark web. In reality, most of us spend our time writing policies no one reads, auditing systems no one wants audited, and producing reports that get skimmed just enough to tick a box. We’re the ones who get blamed when someone’s macros stop working or their password policy requires more symbols than a Norse saga. Tidy knows this, of course—but the drama of the chase is understandably more compelling than the quiet agony of a risk register.

🎯 Final Thoughts: A Top Read for Techies and Normals Alike

Ctrl+Alt+Chaos is a rare beast: a cyber book that’s both informative and genuinely enjoyable. It’s ideal for security professionals who want to see their world reflected with accuracy and empathy, and for non-tech readers who fancy a peek behind the curtain without needing a CISSP. Joe Tidy has done the industry proud—and reminded us that behind every breach headline is a team of people trying to keep the lights on.

Recommended without reservation. Just don’t expect it to help you write your next ISO 27001 policy.

---

24/07/2025

Microsoft fuse MDTI
GaryC Jul 24, 2025 0
🧠 No Licence Required, Just a Bit of Intelligence

In a world where cyber threats evolve faster than your average corporate rebrand, organisations need threat intelligence that doesn’t arrive three weeks late and wrapped in jargon. Microsoft’s plan? Fuse Microsoft Defender Threat Intelligence (MDTI) into Defender XDR and Sentinel so security teams can access timely threat insights without needing a separate licence or a nervous call to procurement.

This fusion offers direct access to both raw and finished intelligence crafted from 84 trillion daily signals (give or take), supported by over 10,000 security bods. All for the same cost you paid yesterday: nothing extra.

🧵 Seamless Threads of Threat, Woven Neatly

When MDTI is fully stitched into Defender XDR and Sentinel, users will experience real-time enrichment of alerts and investigations. Think of it as threat context turning up before anyone’s hit “escalate.” Teams gain visibility, speed, and the ability to react faster than a weekend news cycle.

🧱 What’s Landing First? Block by Block

Phase One is inbound by October 2025. Here’s what’s turning up:

Finished Threat Intelligence: Defender XDR users gain access to threat reports detailing threat actors, tools, and vulnerabilities, all tied directly to incidents. Basically, the intel you used to hunt for across three tabs now lives in one.
Indicators of Compromise (IoCs): These are updated in real time and, conveniently, don’t vanish after expiry—allowing teams to conduct historical analyses and hunt shadowy infrastructure. Even expired data gets a second life. Very eco-friendly.
MITRE TTPs Integration: Move from reactive IoC blocking to proactive tactic detection. Less fire-fighting, more fireproofing.
Sentinel Experience: Sentinel users get access to most of these same threat analytics soon after. Keep refreshing the MDTI blog like it’s the Glastonbury lineup.
🔄 Sharing Is Caring—IoCs in Case Management

Sentinel customers can now pass IoCs across case management like notes in class—except with less doodling and more impact. It’s proper cross-team collaboration that accelerates response and ensures intelligence gets to the right people before they realise it’s missing.

🧭 The Fully Unified Future (With Only Mild Subscription Stress)

Once MDTI is properly embedded:

Defender XDR: Users can map intelligence directly to alerts, endpoints and vulnerabilities.
Sentinel: Enhancements like automated detection triggers, TTP enrichment, and triage automation become part of the toolkit. Some log ingestion may carry a nominal cost, but nothing that sets off budget alarms.
A handy chart (not included here, lest it resemble every other roadmap in existence) outlines full feature availability post-rollout.

🕰 Countdown to Retirement (But Not Quite a Goodbye Yet)

Current MDTI customers continue with their full-fat experience until 1 August 2026. No need to panic or draft farewell emails—account teams will get in touch to guide transitions and trim licences without adding panic to your inbox.

24/07/2025

🛠 Sentinel’s Moving House — Into Defender’s Flat

Microsoft’s decided Sentinel deserves a proper home. By 1 July 2026, it’ll be packed up and settled nicely into the Microsoft Defender portal. No more back-and-forth between flats (or portals)—it’s all under one roof now.

🧭 What’s Changing

• One-Stop Shop: Sentinel’s bags are packed and it’s leaving the Azure portal. Everything—alerts, rules, investigations—will now live in Defender.
• Shared Incident Queue: Whether it’s Sentinel or Defender XDR blowing the whistle, they’ll pipe down into the same inbox. Much easier to keep the noise down.
• Unified Threat Hunting: Run your KQL queries across both datasets like you mean business. More context, less faff.
• Security Copilot On Tap: Automated responses, AI insights—like having the cleverest member of the IT team never call in sick.

💡 Why It’s Actually Quite Brilliant

• Streamlined Workflows: No more hopping between dashboards like a caffeine-fuelled squirrel. Everything’s where you need it.
• Budget-Friendly Logs: The new Sentinel Data Lake claims to cut retention costs by up to 90%. You could buy a round with the savings (if anyone’s buying).
• Better Threat Intelligence: Defender Threat Intel’s folding in too—real-time IOCs, MITRE mappings and more, included for free.

📅 Mark Your Calendar

Date What’s Happening
July 2025 You get a polite nudge: one year to get sorted
October 2025 MDTI rolls into the mix, phase one
July 2026 Azure portal locks the door; Defender takes over

---

If you’re managing Sentinel, now’s the time to dust off your migration plan, check those RBAC setups, and give your incident triage a dry run.

11/05/2025

The UK's Software Security Code of Practice: Short but Effective

Introduction

Cybersecurity threats are evolving fast, and software supply chain attacks are on the rise. To help tackle this, the UK government has rolled out the **Software Security Code of Practice—a short but solid framework designed to encourage software developers to adopt better security measures.

With just 14 principles, the Code keeps things simple while promoting stronger security across the industry. This article looks at its brevity, how it lines up with OWASP’s principles, and why it matters for cybersecurity in the UK.

You can read the full Software Security Code of Practice [here](https://www.gov.uk/government/publications/software-security-code-of-practice).

Keeping it Short: Why Less is Sometimes More

The UK’s Cyber Essentials scheme proved that a handful of security measures can dramatically cut cyber risks. By introducing just five key controls, Cyber Essentials helped reduce successful cyber attacks in the UK—a great example of how a streamlined approach can still be highly effective.

The Software Security Code of Practice takes a similar path, outlining 14 principles to improve software security. Keeping things short and straightforward makes it easier for companies to implement, leading to greater adoption and better security overall.

Where It Aligns with OWASP

While the Code doesn’t directly name OWASP, several of its principles mirror OWASP’s best practices for secure software development. Key similarities include:

- Secure Development: OWASP stresses the importance of secure coding and the UK Code reinforces the need to **build security in from the start.
- Supply Chain Security: OWASP highlights the risks of third-party components, and the Code encourages vendors to keep an eye on dependencies and minimise vulnerabilities.
- Incident Response: Both frameworks emphasise clear communication and transparency when security issues arise.

Essentially, the Code isn’t reinventing the wheel—it’s borrowing well-established principles from global best practices, making it familiar and easier to adopt.

Wrapping Up

1. Keeping it simple makes it accessible– The shorter the framework, the easier it is for companies to follow.
2. OWASP-style best practices boost security– The Code leans on proven cybersecurity principles, reinforcing good habits.
3. Software supply chain security is crucial– The framework recognises the rising risks of third-party vulnerabilities.
4. It’s voluntary, but still influential – While there’s no legal requirement to follow it, the Code sets strong industry expectations.

Overall, the Software Security Code of Practice is a solid step forward. It’s simple, practical, and encourages better security across the board—exactly what the UK needs in an era of increasing cyber threats

This Code of Practice sets out expectations for the security and resilience of software.

01/05/2025

Hello Gary Clarke,

You did it! Thanks to your participation, we've officially set the GUINNESS WORLD RECORDS™ title for the most users to take an online multi-level artificial intelligence lesson in 24 hours on April 8, 2025. This is a huge achievement, and we couldn't have done it without you.

Microsoft .

16/03/2025

Go native on your non-native estate.

Picture this: Heathrow Airport on a busy Monday morning. Planes are queuing to land, passengers are jostling through security, and somewhere, a suitcase is inexplicably heading to Reykjavik instead of Rome.