
M365 Roundup, July 2025: Token Protection Comes to P1
Token protection reaches Entra ID P1, Defender gains mail-bombing detection, the Conditional Access Optimization Agent hits GA, and Intune ships LAPS for macOS.

Nick is not just a CEO, he's a respected thought leader and influencer in the MSP space. Tens of thousands of MSPs learn through his YouTube channel, T-Minus365. Nick has been honored as a three-time Microsoft MVP for his educational content; his expertise and influence are the backbone of our mission, ensuring that you are in the best hands when it comes to security.
Nick joined Pax8 in 2017, where he would ultimately oversee product management for PSA and Microsoft integrations. Following his tenure at Pax8, Nick has continued to demonstrate his leadership prowess as an executive at various MSPs, culminating in his most recent role at Sourcepass.
Nick holds a Bachelor's Degree in Business Management from Florida State University, as well as a Minor Degree in Entrepreneurship. In his free time, Nick is an avid hiker, reader, and fitness-junkie.

Token protection reaches Entra ID P1, Defender gains mail-bombing detection, the Conditional Access Optimization Agent hits GA, and Intune ships LAPS for macOS.

Entra flags risky users by default, but nobody gets told and nothing happens without P2. How to route risk detections to your PSA and the one policy that prevents most compromises.

Token theft via AiTM phishing hit 51% of webinar respondents in the past year. Five layered controls, from Defender tuning to attack disruption, break the kill chain at each stage.

Las Vegas MSP Agilitec cut Level 1 support with AI, put leadership back in front of clients, and operates like a general contractor of vetted experts. Inside the model.

Microsoft blocks legacy browser auth and requires admin consent by default, Safe Attachments loses Monitor mode, passkey profiles go per-group, and Teams channels learn to thread.

The Australian Essential Eight maps cleanly onto Microsoft 365. Here is the strategy-by-strategy mapping, the licensing each one needs, and which checks you can automate.

Six Conditional Access policies can stop token theft before it starts. Each blocks a different part of the attack, and each has a gap. Here is the full comparison with exact settings.

Microsoft kills the nonprofit Business Premium and E1 grants, raises the bar for CSP indirect resellers, and ships Copilot Tuning. May 2025's M365 changes, sorted by who has to act.

Entra's token protection session control sounds like the end of token replay. In testing, stolen tokens still replay in the browser. Here is exactly what the preview covers, as of May 2025.

GCS Technologies replaced point solutions with the Microsoft 365 security stack and built a practice around proactive improvement. Five lessons MSPs can borrow, from engagement model to pricing.

A stolen session token becomes a BEC campaign fast. This runbook walks the full cleanup, confirm, scope, evict, recover, with the exact portals, KQL queries, and PowerShell for each step.

Attack Surface Reduction rules block the macros and scripts antivirus misses, and a careless rollout blocks payroll too. The Intune deployment sequence that gets you to Block mode safely.