In this episode, we dissect the real-world challenges of securing Microsoft 365 environments—especially for small and medium-sized businesses—amid rising threats and licensing limitations.

From Reddit frustrations to official Microsoft documentation, we explore the harsh truth: many essential security features, like alerting on suspicious logins, require Azure AD Premium or Defender for Cloud Apps. Can SMBs still stay secure without these? We look at third-party workarounds and how far PowerShell and community tools like Admindroid can go.

We also take a hard look at OAuth 2.0 phishing—a growing tactic used by Russian threat actors to hijack accounts via malicious app consent. Learn how attackers are bypassing traditional login alerts by quietly enrolling new devices, and how Microsoft recommends detecting these OAuth abuses through risky app investigation and alert configuration.

Other key topics include:

• How to manage access from unmanaged devices using Conditional Access (and the licensing hurdles involved)
• Why Microsoft’s default alert policies fall short—and how to build custom ones for better protection
• What "trusted device" really means in a Zero Trust world, and how attackers are exploiting that ambiguity
• A checklist of practical security recommendations specifically for Microsoft 365 Business users

Whether you’re an IT admin trying to protect your org with basic licenses, or a security lead facing OAuth phishing on the front lines, this episode offers concrete strategies, policy insights, and a dose of real talk.

🎧 Tune in and learn how to secure Microsoft 365—even when your tools are limited and the threats are anything but.