Identity is your perimeter.
Multi-factor authentication is now the bare minimum, not the answer. Adversary-in-the-middle toolkits like EvilProxy and Tycoon sit between the user and Microsoft's sign-in page, capturing both credentials and the resulting session token after MFA completes. The attacker replays the token to impersonate the user, MFA notwithstanding. The defence has to be deeper: Conditional Access policies bound to device compliance, Continuous Access Evaluation revoking sessions on risk events, and phishing-resistant authentication for the accounts that matter. Done well, the user experience improves: fewer prompts, more security, no theatre.
Adversary-in-the-middle phishing kits steal session tokens after MFA. VPN authentication is now a consistent entry vector — full domain compromise often follows within hours of one successful login. SMS MFA can be SIM-swapped. Push-notification fatigue attacks rely on the user eventually approving by mistake.
Entra ID with Conditional Access policies that bind sessions to compliant devices. Continuous Access Evaluation (CAE) so that a risky sign-in immediately revokes the session, not at the next 60-minute token refresh. Phishing-resistant auth (FIDO2, Windows Hello, passkeys) enforced for all admin accounts and high-risk roles. Number-matching MFA replaces simple push-approve. SMS auth retired.
Identity Protection risk scoring runs continuously, flagging unusual sign-in patterns and impossible travel. Privileged Identity Management (PIM) means standing admin rights are eliminated — admin access becomes just-in-time, time-bound, and audited. Sign-in audit logs are reviewed monthly; suspicious activity escalates to whedo.it within minutes.
Each of the six topics covers a layer of the security stack. They work together — phishing defence assumes good identity, identity assumes endpoint compliance, endpoint compliance assumes the tenant is locked down properly.
30 minutes, your environment, no deck. Warren walks the mfa & identity surface with you and tells you what it would take to lock it down properly. No follow-up unless you ask.
A Support Representative will get in touch.
A Support Representative will be in touch the same business day.
No deck, no pitch — walk your environment with a senior Australian practitioner. Confidential by default.
I built this business because I wanted to do Managed services properly — for a small number of clients, at a senior level, with the same person on the end of the phone every time. The work is too important and the stakes are too high for anything less.
Behind the formal qualifications: a Cyber Security degree from the University of the Sunshine Coast, currently working on my Master’s, plus a continuous stack of Microsoft, Acronis and Nerdio certifications — the ones that have to be renewed because the threats don’t stay still.
Behind the certifications: thirty years of doing the work. I cut my teeth in consulting, then went to Cisco on the team building the original iPhone — Cisco’s VoIP handset, the trademark Apple later acquired in the 2007 settlement. At TPG in 1999 I sold frame-relay networks when frame-relay was the cutting edge of business connectivity. I built and sold a Sydney-based MSP called Online IT before relocating to Perth.
Three decades of watching what’s actually changed and what hasn’t. The technology has changed almost beyond recognition. The principles haven’t. Identity first. Backup that has actually been tested. A senior practitioner who knows your environment. Calm in an incident. Honest answers when the answer is “no.”
That’s whedo.it. That’s the brief. That’s why long-tenure clients don’t leave.
— Warren Ephron, Director