Jaspreet Singh Why “Trusted Office Locations” Can Weaken Your Microsoft 365 Security Why “Trusted Office Locations” Can Weaken Your Microsoft 365 Security The Assumption Most Organizations Make Many organizations base their Microsoft 365 security policies on a straightforward assumpti... Mar 28, 2026
Jaspreet Singh Hybrid Identity Security: The Hidden Risk Most Businesses Don’t See Until It’s Too Late Hybrid Identity Security: The Hidden Risk Most Businesses Don’t See Until It’s Too Late NOTE: As part of our internal f11.ca lab series ( EID-EXP-09 ), we simulated a modern Hybrid Identity Security b... Mar 18, 2026
Jaspreet Singh MFA Fatigue Attacks: The Overlooked Risk Increasing Business Costs MFA Fatigue Attacks: The Overlooked Risk Increasing Business Costs NOTE: As part of our internal f11.ca lab series ( EID-EXP-08 ), we simulated a modern MFA fatigue attack, the same technique used in ... Mar 4, 2026
Jaspreet Singh Why SMBs Should Block High-Risk Sign-ins in Microsoft 365 (Before It Costs You) NOTE: This advisory is based on our evidence from the f11.ca lab experiment ( EID-EXP-007 ), in which we reproduced the issue. For engineers asking how this works technically. As an MSP owner, I have ... Feb 23, 2026
Jaspreet Singh Identity Protection Without Alerts Is a Silent Security Failure (And Clients Still Pay for It) NOTE: This advisory is based on our evidence from the f11.ca lab experiment (EID-EXP-006), in which we reproduced the issue. Hands-on lab (f11) For engineers asking how this works technically. Technic... Feb 16, 2026
Jaspreet Singh Microsoft 365 Identity Protection Alerts Alone Do Not Prevent Attacks, and This Gap Can Be Costly NOTE: This advisory is based on our evidence from the f11.ca lab experiment (EID-EXP-005), in which we reproduced the issue. Hands-on lab evidence (f11) For engineers asking how this works technically... Feb 12, 2026
Jaspreet Singh Identity Protection Alerts Do Not Automatically Prevent Attacks: Implications for Your Business Identity Protection Alerts Do Not Automatically Prevent Attacks: Implications for Your Business NOTE: This advisory is based on our evidence from the f11.ca lab experiment (EID-EXP-004), in which we r... Feb 7, 2026
Jaspreet Singh When Break-Glass Accounts Fail: The Hidden Business Risk and Cost for MSPs Why MSPs Should Care About Break-Glass Accounts The following lab demonstrates this risk in a real tenant with default Entra ID settings. Hands-on Lab evidence (F11) For engineers asking how this work... Feb 4, 2026
Jaspreet Singh Entra ID Sign-In Logs: The Hidden Risk MSPs Need to Explain to Clients Entra ID Sign-In Logs: The Hidden Risk MSPs Need to Explain to Clients The following lab demonstrates this risk in a real tenant with default Entra ID settings. Hands-on Lab evidence (F11) For enginee... Jan 29, 2026
Jaspreet Singh Microsoft Entra ID Defaults: A Risk MSPs Should Not Overlook Microsoft Entra ID Defaults: A Risk MSPs Should Not Overlook Many Microsoft 365 tenants may seem secure, but most rely on default Entra ID settings. The following lab demonstrates this risk in a real ... Jan 26, 2026
Jaspreet Singh Why Device Trust Is Often Assumed Rather Than Verified Why Device Trust Is Often Assumed Rather Than Verified This oversight can quietly increase breach risk for your clients. As MSPs, we dedicate significant effort to securing identities through MFA, Con... Jan 23, 2026
Jaspreet Singh Guest Users: The Silent Lateral Movement Risk Most MSPs Miss Guest Users: The Overlooked Lateral Movement Risk for MSPs Why This Matters for MSPs Guest users are intended to facilitate collaboration. For MSPs, guest users have become one of the most common and ... Jan 22, 2026