
The 1.5TB Mailbox Hiding Inside Business Premium
Mailbox full tickets do not need an Exchange Online Plan 2 upsell. Online archiving plus auto-expanding archive grows a mailbox to 1.5TB on licensing many tenants already own.

Nick is not just a CEO, he's a respected thought leader and influencer in the MSP space. Tens of thousands of MSPs learn through his YouTube channel, T-Minus365. Nick has been honored as a three-time Microsoft MVP for his educational content; his expertise and influence are the backbone of our mission, ensuring that you are in the best hands when it comes to security.
Nick joined Pax8 in 2017, where he would ultimately oversee product management for PSA and Microsoft integrations. Following his tenure at Pax8, Nick has continued to demonstrate his leadership prowess as an executive at various MSPs, culminating in his most recent role at Sourcepass.
Nick holds a Bachelor's Degree in Business Management from Florida State University, as well as a Minor Degree in Entrepreneurship. In his free time, Nick is an avid hiker, reader, and fitness-junkie.

Mailbox full tickets do not need an Exchange Online Plan 2 upsell. Online archiving plus auto-expanding archive grows a mailbox to 1.5TB on licensing many tenants already own.

CIPP and Microsoft 365 Lighthouse both beat Partner Center for multi-tenant management. Here is the full comparison across twelve categories, with a downloadable matrix and a clear verdict.

Geo-blocking Conditional Access creates a ticket every time a user travels. This Forms plus Power Automate build grants time-boxed access to approved countries, then revokes it automatically.

Rotation, JIT elevation, audit logging, and a plan for the two moments admin rights actually get used. The full governance picture for local admin accounts, first party and third party.

July 2024 ships the new Microsoft Entra Suite, auto-enables Microsoft-managed MFA Conditional Access policies, archives unlicensed OneDrive accounts after 90 days, and adds dynamic watermarking and scheduled Copilot prompts.

Out of the box, SharePoint generates Anyone links with edit rights. Here is the staged path to safer sharing defaults, with the exact guest and Gmail user flows that generate tickets.

Two accounts, a 32-character split password, FIDO2 keys, one Conditional Access exclusion, and an alert on every sign-in. The full checklist for Microsoft 365 emergency access accounts.

Three overlapping enforcement systems and no central report make MFA coverage in Microsoft 365 genuinely hard to prove. Here is what insurers will eventually demand and how to produce it.

June 2024 brings token protection and the Entra PowerShell module to preview, hardware-backed device attestation and Config Refresh in Intune, expanded Copilot prerequisites, and a batch of Teams and Outlook updates.

Compromise is the opening move; persistence is the game. The MFA methods, device joins, app consents, and inbox rules attackers plant in Microsoft 365, with the CIS-mapped settings that block each.

Passkeys stop phishing, not stolen sessions. A real $530K wire fraud shows how pass-the-cookie walks past FIDO2, and the layered Microsoft 365 controls that actually close the gap.

App secrets and refresh tokens hardcoded in scripts are a breach waiting to happen. Two scripts to load Secure Application Model secrets into Azure Key Vault and pull them at runtime for headless automation.