Jaspreet Singh MFA Fatigue Attacks: The Overlooked Risk Increasing Business Costs MFA Fatigue Attacks: The Overlooked Risk Increasing Business Costs NOTE: As part of our internal f11.ca lab series ( EID-EXP-08 ), we simulated a modern MFA fatigue attack, the same technique used in ... Mar 4, 2026
Jaspreet Singh Why SMBs Should Block High-Risk Sign-ins in Microsoft 365 (Before It Costs You) NOTE: This advisory is based on our evidence from the f11.ca lab experiment ( EID-EXP-007 ), in which we reproduced the issue. For engineers asking how this works technically. As an MSP owner, I have ... Feb 23, 2026
Jaspreet Singh Identity Protection Without Alerts Is a Silent Security Failure (And Clients Still Pay for It) NOTE: This advisory is based on our evidence from the f11.ca lab experiment (EID-EXP-006), in which we reproduced the issue. Hands-on lab (f11) For engineers asking how this works technically. Technic... Feb 16, 2026
Jaspreet Singh Microsoft 365 Identity Protection Alerts Alone Do Not Prevent Attacks, and This Gap Can Be Costly NOTE: This advisory is based on our evidence from the f11.ca lab experiment (EID-EXP-005), in which we reproduced the issue. Hands-on lab evidence (f11) For engineers asking how this works technically... Feb 12, 2026
Jaspreet Singh Identity Protection Alerts Do Not Automatically Prevent Attacks: Implications for Your Business Identity Protection Alerts Do Not Automatically Prevent Attacks: Implications for Your Business NOTE: This advisory is based on our evidence from the f11.ca lab experiment (EID-EXP-004), in which we r... Feb 7, 2026
Jaspreet Singh When Break-Glass Accounts Fail: The Hidden Business Risk and Cost for MSPs Why MSPs Should Care About Break-Glass Accounts The following lab demonstrates this risk in a real tenant with default Entra ID settings. Hands-on Lab evidence (F11) For engineers asking how this work... Feb 4, 2026
Jaspreet Singh Entra ID Sign-In Logs: The Hidden Risk MSPs Need to Explain to Clients Entra ID Sign-In Logs: The Hidden Risk MSPs Need to Explain to Clients The following lab demonstrates this risk in a real tenant with default Entra ID settings. Hands-on Lab evidence (F11) For enginee... Jan 29, 2026
Jaspreet Singh Microsoft Entra ID Defaults: A Risk MSPs Should Not Overlook Microsoft Entra ID Defaults: A Risk MSPs Should Not Overlook Many Microsoft 365 tenants may seem secure, but most rely on default Entra ID settings. The following lab demonstrates this risk in a real ... Jan 26, 2026
Jaspreet Singh Why Device Trust Is Often Assumed Rather Than Verified Why Device Trust Is Often Assumed Rather Than Verified This oversight can quietly increase breach risk for your clients. As MSPs, we dedicate significant effort to securing identities through MFA, Con... Jan 23, 2026
Jaspreet Singh Guest Users: The Silent Lateral Movement Risk Most MSPs Miss Guest Users: The Overlooked Lateral Movement Risk for MSPs Why This Matters for MSPs Guest users are intended to facilitate collaboration. For MSPs, guest users have become one of the most common and ... Jan 22, 2026
Jaspreet Singh When Break-Glass Accounts Let MSPs Down the Most When Break-Glass Accounts Let MSPs Down the Most Most MSPs claim to have break-glass accounts. But only a few can actually use them when a real incident happens. (Protecting Against Cyber Threats to M... Jan 21, 2026
Jaspreet Singh The Hidden Risks of “All Users” in Conditional Access (And Why MSPs Get Burned) The Hidden Risks of “All Users” in Conditional Access (And Why MSPs Get Burned) Conditional Access is often marketed as a security control you can set up once and not worry about again. But for MSPs, ... Jan 20, 2026