
Third-Party Apps Are the Patching Gap: Close It with Intune Win32 Deployments
EDR cannot save a workstation running an exploitable app version. Here is the full Intune Win32 workflow for deploying and updating third-party software at scale.

Nick is not just a CEO, he's a respected thought leader and influencer in the MSP space. Tens of thousands of MSPs learn through his YouTube channel, T-Minus365. Nick has been honored as a three-time Microsoft MVP for his educational content; his expertise and influence are the backbone of our mission, ensuring that you are in the best hands when it comes to security.
Nick joined Pax8 in 2017, where he would ultimately oversee product management for PSA and Microsoft integrations. Following his tenure at Pax8, Nick has continued to demonstrate his leadership prowess as an executive at various MSPs, culminating in his most recent role at Sourcepass.
Nick holds a Bachelor's Degree in Business Management from Florida State University, as well as a Minor Degree in Entrepreneurship. In his free time, Nick is an avid hiker, reader, and fitness-junkie.

EDR cannot save a workstation running an exploitable app version. Here is the full Intune Win32 workflow for deploying and updating third-party software at scale.

Teams Premium flags sensitive content during screen sharing, Purview meters GenAI data security as pay-as-you-go, and Copilot lands across PowerPoint, Forms, and calls.

Defender for Endpoint scans macOS devices around the clock, but only after ABM, Intune profiles, and an onboarding package are in place. Here is the rollout order.

Defender for Business ships 24/7 vulnerability scanning with Business Premium. How to onboard devices, read the exposure score, and run an approve-remove-patch SOP.

A malicious OAuth app keeps mailbox access after every password reset. How attackers plant them in Microsoft 365, plus the consent lockdown and hunting runbook.

Exchange Online enforces tenant-wide outbound email limits, E5 Security arrives as a Business Premium add-on, and the Report Message add-in enters maintenance mode.

A Power Automate flow that takes vendor requests from a Microsoft Form, routes approvals through Teams, logs the software inventory, and opens the IT ticket.

Shadow SaaS thrives where no approved software list exists. Build a vendor management policy, an inventory template, and use the three app inventories M365 already keeps.

Most businesses cannot produce an accurate application inventory, and the Microsoft 365 defaults make it worse. Here is the layered plan for CIS Control 2, from OAuth consent to ASR rules.

Microsoft-managed Conditional Access policies start auto-enforcing after 45 days, Skype interop in Teams dies May 1, and Hotpatch hits preview. The February 2025 changes, sorted by deadline.

A hands-on video walkthrough of building two working AI agents in Microsoft Copilot Studio: a loan analyzer that decides and emails applicants, and a Teams-based app access evaluator for IT.

Satya Nadella says AI agents could displace traditional SaaS. We built a working loan-approval agent in Copilot Studio in about an hour to test the claim. Here is what holds up and what is still hype.