Mike_MOSS

📔Big Notebooks glow-up in Microsoft 365 Copilot (May 2026)! Fresh streamlined design, richer grounding from across M365, super-easy mobile capture, and new ways to turn all that project context into polished deliverables in one place. Project work just got way more organized. Game changer for teams! #CopilotNotebooks #Copilot

Fun Fact: Your parents could've made you a tax free millionaire with $300 a month but they spent that on a '06 Honda. Here's how to do better for your kids: I'm not exaggerating. It takes 10 minutes and your daily coffee budget to set your kids up to be tax free millionaires. My girls are only 2 & 4... But they're worth $81k already. This is the exact blueprint we use 👇🏼 1) 529 Plan Most people think this is a college fund... But because of "Secure Act 2.0"... Even if our kids don't go to college the money will get transferred to them TAX FREE. Secure Act 2.0 Rules: -> 529 must be active for 15+ years -> $35,000 limit on rollover per beneficiary -> Subject to contribution limits ($7.5k in 2026) 👆🏻 keep this in mind before you over-invest 2) Parent Taxable Brokerage This is the only account my kids will get taxed on... But it's also the most flexible. I keep their brokerages in my name for now... And I'll transfer the money when they're responsible adults. 3) Custodial Roth IRA We use this to pay our daughters for reasonable work in our business. Right now, that's baby modeling... But we plan to increase their responsibilities as they get older. (requires earned income, not a parent's salary) 4) Investing Framework We keep our investing super simple: - Total US market funds - Total international market funds - Auto contributions on repeat We set this up ONCE & haven't looked back. If you start the day your kids are born... $300/mo will make them: - $22,627 by age 5 - $58,054 by age 10 - $160,906 by age 18 And even if they never add another dollar... Their investments will grow to $3,902,576 by the time they're 55 🤯 We've been investing $500/mo for Logan & Ellie from the beginning. Some people say that's "too much"... But if I can ensure my daughters never worry about retirement instead of upgrading my car... That's a pretty easy call to make 🤷‍♂️ If you want to set this up for your family... (but you're not sure where to start) Hit the link in my bio and let's figure it out together 🤝🏻

Roth vs Traditional is a math problem. Same length of time. Same tax rate going in and coming out. Same rate of return. You end up with the exact same amount of money. So the question was never which one is "better." The question is: how do you balance the two to pay the lowest possible tax rate across your lifetime, and potentially your kids' inheritance? Here's what most people miss. The biggest variable in that equation isn't your investment return. It isn't your contribution rate. It isn't the market. It's your future tax rate. And one of the most underrated risks in retirement planning right now is the national debt. The U.S. is over $36 trillion in debt. Interest alone now costs more than the defense budget. There are only two real ways out: massive inflation, or significantly higher taxes. Both are bad for retirees with pre-tax accounts. If you have $2M sitting in a Traditional IRA, you don't actually have $2M. You have $2M minus whatever the federal government decides to charge you 10, 20, 30 years from now. That's not a portfolio. That's a partnership with the IRS where they get to set the terms later. I hope I'm wrong about higher taxes. I'm planning like I'm not.

Modern Threat Modeling 101 Tip: Before Mythos came out we warned everyone to go into turtle mode in case your late to the game (get everything off the internet as possible). In case your super late to the game, get your employee SaaS apps off the internet. Almost all SaaS has SP-Initiated authentication built in to the implementation. Moreover, attackers are going to find authentication "bypasses" much easier now. SP-initiated authentication makes the SaaS enumerable from the internet for easy targeting. Now is not the time to have things on the internet. MFA will not save you. We left that era a couple years ago. You should be behind your SASE/ZTNA solution's dedicated IPs. If you are not requiring managed assets to access cloud resources, rhat means your cloud resources are accessible from the internet. Understand now?

The incident response mistakes that turn a 4-hour containment into a 4-day investigation: 1. Resetting the password before checking for persistence. The attacker returns with their own MFA method. 2. Investigating only the compromised user. BEC operators typically compromise a second account within 30 minutes — check sign-in logs for the same attacker IP across all users. 3. Not checking OfficeActivity for the compromised account. The email rules the attacker created are still active. They're still receiving forwarded emails from the account you think you secured. 4. Closing the ticket after containment without checking whether Conditional Access should have blocked the initial sign-in. The policy gap that let them in still exists. Each of these mistakes is a recurring finding. I've dropped the resource link in the comments👇

Our new multi-model agentic security system brings together more than 100 specialized agents across frontier and custom models to find exploitable bugs, delivering top performance on the CyberGym benchmark. We used it ahead of Patch Tuesday to help find and fix 16 vulnerabilities. Today we’re announcing that customers can sign up to test it in private preview. https://t.co/maAN55yZQ1

Silverfort published research two weeks ago showing the Agent ID Administrator role could take over any service principal in a tenant. Microsoft patched the specific flaw. But the underlying primitive is unchanged: if you own a service principal, you own its permissions. The attack is simple. Gain ownership of a service principal that holds a directory role. Add a client secret. Authenticate as that service principal. Inherit every permission it holds. If the target has Global Administrator, that's full tenant takeover. 99% of tenants have at least one privileged service principal. Most organizations don't audit who owns them. Here's what most environments look like: → Service principals created by developers who left 12+ months ago → Ownership assigned at creation time, never reviewed → Credentials that haven't been rotated since the application was registered → Application-level permissions that bypass every user-scoped control → No alert when someone changes ownership or adds credentials We wrote a post covering: 1. The attack chain — how ownership becomes takeover in four steps 2. Where to check in the Entra admin center — the portal paths most admins never open 3. Three PowerShell audit queries you can run in 30 minutes 4. Two KQL detection rules for Sentinel — ownership changes and credential additions 5. The consolidated audit script you can hand to your security lead The organizations that get compromised through service principal abuse aren't the ones that failed to patch a specific vulnerability. They're the ones that never governed the primitive.

The Re-Compromise Problem (the mistake that keeps getting companies re-breached) Most M365 identity compromise playbooks are dangerously incomplete. They tell you: Reset the password Revoke the session Notify the user Then they stop. What they don’t tell you is to check whether the attacker: Registered their own MFA method Consented to a malicious OAuth app Enrolled a new device (Intune/Autopilot) Created mailbox forwarding rules or transport rules Every single one of those survives a password reset and session revocation. Reset the password without cleaning up first? The attacker just walks right back in using their own persistence. We built the exact four-step investigation sequence that closes this gap — complete with the ready-to-run KQL queries for each step.