Tom Rolvers
@azurewithtom.bsky.social
Love Microsoft Security, love to ride his Canyon roadbike, happy dad.
📂 GitHub: https://github.com/awt-tom
💼 LinkedIn: https://linkedin.com/in/tomrolvers
✍️ Blog: https://AzurewithTom.com
Working @ https://yellowarrow.nl
📂 GitHub: https://github.com/awt-tom
💼 LinkedIn: https://linkedin.com/in/tomrolvers
✍️ Blog: https://AzurewithTom.com
Working @ https://yellowarrow.nl
Ever seen PIM throw ‘CannotDeleteLastAdminAssignment’?
🧩I ran into a strange edge case that ended up as an MSRC report, Microsoft confirmed and fixed it.
Full write-up 👇
🔗 azurewithtom.com/posts/MSRC-C...
#MVPBuzz
🧩I ran into a strange edge case that ended up as an MSRC report, Microsoft confirmed and fixed it.
Full write-up 👇
🔗 azurewithtom.com/posts/MSRC-C...
#MVPBuzz
MSRC Case: When Temporary Global Admin Rights Don’t Expire in Microsoft Entra PIM
A confirmed and fixed Microsoft Entra PIM flaw reported to MSRC - learn what happened, how it was fixed, and what admins should check.
azurewithtom.com
October 12, 2025 at 11:44 PM
Ever seen PIM throw ‘CannotDeleteLastAdminAssignment’?
🧩I ran into a strange edge case that ended up as an MSRC report, Microsoft confirmed and fixed it.
Full write-up 👇
🔗 azurewithtom.com/posts/MSRC-C...
#MVPBuzz
🧩I ran into a strange edge case that ended up as an MSRC report, Microsoft confirmed and fixed it.
Full write-up 👇
🔗 azurewithtom.com/posts/MSRC-C...
#MVPBuzz
Reminder for #WindowsAutopatch admins:
Migrate to the Win32 Client Broker for better reliability and on-demand deployment. Script-based installs still work, but the Win32 app is the new standard.
➡️ azurewithtom.com/posts/Manage...
Migrate to the Win32 Client Broker for better reliability and on-demand deployment. Script-based installs still work, but the Win32 app is the new standard.
➡️ azurewithtom.com/posts/Manage...
Windows Autopatch Client Broker: What It Is, When to Use It, and Why It Matters
In this post, we’ll break down what it does, when you need it, and how to align it with your organization’s update strategy.
azurewithtom.com
October 8, 2025 at 8:43 PM
Reminder for #WindowsAutopatch admins:
Migrate to the Win32 Client Broker for better reliability and on-demand deployment. Script-based installs still work, but the Win32 app is the new standard.
➡️ azurewithtom.com/posts/Manage...
Migrate to the Win32 Client Broker for better reliability and on-demand deployment. Script-based installs still work, but the Win32 app is the new standard.
➡️ azurewithtom.com/posts/Manage...
🚀 New blog post: Windows Autopatch Client Broker – What It Is and Why It Matters
After sharing the new Autopatch capabilities, I got a lot of questions about the Client Broker.
Good news: it’s getting an update!
Read here 👉 azurewithtom.com/posts/Manage...
#Microsoftsecurity #Intune #MVPBuzz
After sharing the new Autopatch capabilities, I got a lot of questions about the Client Broker.
Good news: it’s getting an update!
Read here 👉 azurewithtom.com/posts/Manage...
#Microsoftsecurity #Intune #MVPBuzz
Windows Autopatch Client Broker: What It Is, When to Use It, and Why It Matters
In this post, we’ll break down what it does, when you need it, and how to align it with your organization’s update strategy.
azurewithtom.com
August 27, 2025 at 2:47 PM
🚀 New blog post: Windows Autopatch Client Broker – What It Is and Why It Matters
After sharing the new Autopatch capabilities, I got a lot of questions about the Client Broker.
Good news: it’s getting an update!
Read here 👉 azurewithtom.com/posts/Manage...
#Microsoftsecurity #Intune #MVPBuzz
After sharing the new Autopatch capabilities, I got a lot of questions about the Client Broker.
Good news: it’s getting an update!
Read here 👉 azurewithtom.com/posts/Manage...
#Microsoftsecurity #Intune #MVPBuzz
🚨 Call to action 🚨
Starting September 2025, Microsoft will permanently disable Basic Authentication for SMTP AUTH.
I just published a new blog post about this:
azurewithtom.com/posts/Say-go...
#Microsoft365 #ExchangeOnline #MicrosoftEntra
Starting September 2025, Microsoft will permanently disable Basic Authentication for SMTP AUTH.
I just published a new blog post about this:
azurewithtom.com/posts/Say-go...
#Microsoft365 #ExchangeOnline #MicrosoftEntra
Say Goodbye to Basic Authentication in Exchange Online: What You Need to Know
Prepare for the deprecation of Basic Authentication in Exchange Online by September 2025. Start detect legacy sign-ins (including ROPC) using Microsoft Entra ID, disabling Basic Auth in Microsoft 365,...
azurewithtom.com
June 10, 2025 at 10:39 PM
🚨 Call to action 🚨
Starting September 2025, Microsoft will permanently disable Basic Authentication for SMTP AUTH.
I just published a new blog post about this:
azurewithtom.com/posts/Say-go...
#Microsoft365 #ExchangeOnline #MicrosoftEntra
Starting September 2025, Microsoft will permanently disable Basic Authentication for SMTP AUTH.
I just published a new blog post about this:
azurewithtom.com/posts/Say-go...
#Microsoft365 #ExchangeOnline #MicrosoftEntra
Windows Autopatch just got better in 2025:
✅ Hotpatching for Win11
✅ Better reporting in Intune
✅ Now for Business Premium
azurewithtom.com/posts/Whats-...
I wrote a quick rundown on what’s new + how to get started:
#Windows11 #Autopatch #Intune #Hotpatch #MicrosoftSecurity
✅ Hotpatching for Win11
✅ Better reporting in Intune
✅ Now for Business Premium
azurewithtom.com/posts/Whats-...
I wrote a quick rundown on what’s new + how to get started:
#Windows11 #Autopatch #Intune #Hotpatch #MicrosoftSecurity
Whats New in Windows Autopatch
Learn how Windows Autopatch lets you orchestrate updates for Windows, Microsoft 365 Apps, Microsoft Edge, and Teams. All from a single automated solution. Discover what’s new in 2025, including hotpat...
azurewithtom.com
May 20, 2025 at 11:42 AM
Windows Autopatch just got better in 2025:
✅ Hotpatching for Win11
✅ Better reporting in Intune
✅ Now for Business Premium
azurewithtom.com/posts/Whats-...
I wrote a quick rundown on what’s new + how to get started:
#Windows11 #Autopatch #Intune #Hotpatch #MicrosoftSecurity
✅ Hotpatching for Win11
✅ Better reporting in Intune
✅ Now for Business Premium
azurewithtom.com/posts/Whats-...
I wrote a quick rundown on what’s new + how to get started:
#Windows11 #Autopatch #Intune #Hotpatch #MicrosoftSecurity
New blogpost!
Implementing "Attack Surface Reduction" policies is in my opinion mandatory.
If you have not yet touched this feature, please make sure to give it a shot and configure it!
azurewithtom.com/posts/Attack...
#ASRrules #MicrosoftSecurity #AttackSurfaceReduction #Hardening #MDE
Implementing "Attack Surface Reduction" policies is in my opinion mandatory.
If you have not yet touched this feature, please make sure to give it a shot and configure it!
azurewithtom.com/posts/Attack...
#ASRrules #MicrosoftSecurity #AttackSurfaceReduction #Hardening #MDE
Implementing Attack Surface Reduction Policies
Start implement Microsoft’s Attack Surface Reduction (ASR) policies today!
azurewithtom.com
April 14, 2025 at 3:01 PM
New blogpost!
Implementing "Attack Surface Reduction" policies is in my opinion mandatory.
If you have not yet touched this feature, please make sure to give it a shot and configure it!
azurewithtom.com/posts/Attack...
#ASRrules #MicrosoftSecurity #AttackSurfaceReduction #Hardening #MDE
Implementing "Attack Surface Reduction" policies is in my opinion mandatory.
If you have not yet touched this feature, please make sure to give it a shot and configure it!
azurewithtom.com/posts/Attack...
#ASRrules #MicrosoftSecurity #AttackSurfaceReduction #Hardening #MDE
🚀 Microsoft 365 Business Premium has a new friend! 🔐
You can now add the E5 Security Add-on!
📢 Important: Check out if your license state is correct!
🔗 Read more about it: azurewithtom.com/posts/E5-Sec...
#Entra #E5Security #MDO #MDE #MicrosoftDefender #Microsoft
You can now add the E5 Security Add-on!
📢 Important: Check out if your license state is correct!
🔗 Read more about it: azurewithtom.com/posts/E5-Sec...
#Entra #E5Security #MDO #MDE #MicrosoftDefender #Microsoft
E5 Security Addon Now Available to Microsoft 365 Business Premium
Enhance your Microsoft 365 Business Premium security with the E5 Security Addon. Gain access to advanced Defender features and security hardening tools.
azurewithtom.com
March 11, 2025 at 8:58 PM
🚀 Microsoft 365 Business Premium has a new friend! 🔐
You can now add the E5 Security Add-on!
📢 Important: Check out if your license state is correct!
🔗 Read more about it: azurewithtom.com/posts/E5-Sec...
#Entra #E5Security #MDO #MDE #MicrosoftDefender #Microsoft
You can now add the E5 Security Add-on!
📢 Important: Check out if your license state is correct!
🔗 Read more about it: azurewithtom.com/posts/E5-Sec...
#Entra #E5Security #MDO #MDE #MicrosoftDefender #Microsoft
A small write-up about Device Code abuse.
Microsoft recently revealed an ongoing phishing campaign by Storm-2372, targeting authentication methods that use device codes.
#EntraID #RestrictDeviceCode #ClientID #Microsoft
azurewithtom.com/posts/The-hi...
Microsoft recently revealed an ongoing phishing campaign by Storm-2372, targeting authentication methods that use device codes.
#EntraID #RestrictDeviceCode #ClientID #Microsoft
azurewithtom.com/posts/The-hi...
The hidden danger of device code phishing
Currently there is a peak in abuse of device codes which are gathered by phishing attempts
azurewithtom.com
February 18, 2025 at 8:34 PM
A small write-up about Device Code abuse.
Microsoft recently revealed an ongoing phishing campaign by Storm-2372, targeting authentication methods that use device codes.
#EntraID #RestrictDeviceCode #ClientID #Microsoft
azurewithtom.com/posts/The-hi...
Microsoft recently revealed an ongoing phishing campaign by Storm-2372, targeting authentication methods that use device codes.
#EntraID #RestrictDeviceCode #ClientID #Microsoft
azurewithtom.com/posts/The-hi...
🚨 𝐉𝐨𝐢𝐧 𝐮𝐬 𝐨𝐧 𝐌𝐚𝐫𝐜𝐡 6𝐭𝐡 𝐟𝐨𝐫 #Yellowhat 👷 A 𝒈𝒍𝒐𝒃𝒂𝒍 𝒍𝒊𝒗𝒆𝒔𝒕𝒓𝒆𝒂𝒎 dedicated to Microsoft Security 🥷 Ticket sales NOW OPEN for live-audience (𝘈𝘮𝘴𝘵𝘦𝘳𝘥𝘢𝘮): yellowhat.live 𝘌𝘹𝘵𝘳𝘦𝘮𝘦𝘭𝘺 𝘭𝘪𝘮𝘪𝘵𝘦𝘥 𝘲𝘶𝘢𝘯𝘵𝘪𝘵𝘺!
January 16, 2025 at 11:48 AM
🚨 𝐉𝐨𝐢𝐧 𝐮𝐬 𝐨𝐧 𝐌𝐚𝐫𝐜𝐡 6𝐭𝐡 𝐟𝐨𝐫 #Yellowhat 👷 A 𝒈𝒍𝒐𝒃𝒂𝒍 𝒍𝒊𝒗𝒆𝒔𝒕𝒓𝒆𝒂𝒎 dedicated to Microsoft Security 🥷 Ticket sales NOW OPEN for live-audience (𝘈𝘮𝘴𝘵𝘦𝘳𝘥𝘢𝘮): yellowhat.live 𝘌𝘹𝘵𝘳𝘦𝘮𝘦𝘭𝘺 𝘭𝘪𝘮𝘪𝘵𝘦𝘥 𝘲𝘶𝘢𝘯𝘵𝘪𝘵𝘺!
New blogpost:
Check out my latest blog post on the new Unified Coverage Management experience in the Microsoft Defender portal.
Sentinel and your XDR unified
azurewithtom.com/posts/Optimi...
#Cybersecurity #MicrosoftSentinel #XDR #Optimization #UnifiedCoverage #MITREATTACK
Check out my latest blog post on the new Unified Coverage Management experience in the Microsoft Defender portal.
Sentinel and your XDR unified
azurewithtom.com/posts/Optimi...
#Cybersecurity #MicrosoftSentinel #XDR #Optimization #UnifiedCoverage #MITREATTACK
Optimize your SOC with SIEM and XDR Recommendations
Use the Microsoft XDR optimization feature to improve a unified SIEM and XDR environment
azurewithtom.com
January 9, 2025 at 1:01 PM
New blogpost:
Check out my latest blog post on the new Unified Coverage Management experience in the Microsoft Defender portal.
Sentinel and your XDR unified
azurewithtom.com/posts/Optimi...
#Cybersecurity #MicrosoftSentinel #XDR #Optimization #UnifiedCoverage #MITREATTACK
Check out my latest blog post on the new Unified Coverage Management experience in the Microsoft Defender portal.
Sentinel and your XDR unified
azurewithtom.com/posts/Optimi...
#Cybersecurity #MicrosoftSentinel #XDR #Optimization #UnifiedCoverage #MITREATTACK
I have submitted my session “Behind the Scenes of Phishing: Understanding and Defending Against AitM Attacks” for speaking at Workplace Ninjas Norway 2025.
Have you submitted a session already? You have until 28 February to submit one yourself!
sessionize.com/workplace-ni...
Have you submitted a session already? You have until 28 February to submit one yourself!
sessionize.com/workplace-ni...
Workplace Ninjas Norway 2025: Call for Speakers
Join us at Workplace Ninjas Norway 2025 where IT experts and community leaders come together to share knowledge, best practices, and the latest advan...
sessionize.com
December 11, 2024 at 7:16 PM
I have submitted my session “Behind the Scenes of Phishing: Understanding and Defending Against AitM Attacks” for speaking at Workplace Ninjas Norway 2025.
Have you submitted a session already? You have until 28 February to submit one yourself!
sessionize.com/workplace-ni...
Have you submitted a session already? You have until 28 February to submit one yourself!
sessionize.com/workplace-ni...
🚀 You can now access Microsoft Sentinel Workbooks directly in the Microsoft XDR portal!
No more jumping between portals. 🎯
azurewithtom.com/posts/Bringi...
#Cybersecurity #MicrosoftSentinel #XDR #Workbooks
No more jumping between portals. 🎯
azurewithtom.com/posts/Bringi...
#Cybersecurity #MicrosoftSentinel #XDR #Workbooks
Bringing Microsoft Sentinel Workbooks to the Microsoft XDR Portal
Microsoft has added the Microsoft Sentinel Workbooks to the XDR portal
azurewithtom.com
December 11, 2024 at 12:30 PM
🚀 You can now access Microsoft Sentinel Workbooks directly in the Microsoft XDR portal!
No more jumping between portals. 🎯
azurewithtom.com/posts/Bringi...
#Cybersecurity #MicrosoftSentinel #XDR #Workbooks
No more jumping between portals. 🎯
azurewithtom.com/posts/Bringi...
#Cybersecurity #MicrosoftSentinel #XDR #Workbooks
🚀 New Blog Alert: Store your fresh created detection rules in Devops
I will post more of these blogs in the future on how to deploy the rules, use a pipeline and automate validation.
azurewithtom.com/posts/Upload...
Got feedback? Please let me know!
I will post more of these blogs in the future on how to deploy the rules, use a pipeline and automate validation.
azurewithtom.com/posts/Upload...
Got feedback? Please let me know!
Upload your analytic rules to Azure Devops
Today we will create our detection rules and make them available in Azure Devops
azurewithtom.com
December 5, 2024 at 3:30 PM
🚀 New Blog Alert: Store your fresh created detection rules in Devops
I will post more of these blogs in the future on how to deploy the rules, use a pipeline and automate validation.
azurewithtom.com/posts/Upload...
Got feedback? Please let me know!
I will post more of these blogs in the future on how to deploy the rules, use a pipeline and automate validation.
azurewithtom.com/posts/Upload...
Got feedback? Please let me know!
Hey @merill.net 👋, I just got in on Bluesky! Am I late to the party?
I also added Bsky to my web blog to share pages. Due to a nice upgrade I am able to deploy blogs easier now. So expect some new ones on here.
Thanks for having me motivated to check this out!
azurewithtom.com/posts/Genera...
I also added Bsky to my web blog to share pages. Due to a nice upgrade I am able to deploy blogs easier now. So expect some new ones on here.
Thanks for having me motivated to check this out!
azurewithtom.com/posts/Genera...
Generate ready to use analytic rules
We will use a script I recently created to generate a set of analytic rules, ready to be used in Microsoft Sentinel.
azurewithtom.com
December 4, 2024 at 8:50 PM
Hey @merill.net 👋, I just got in on Bluesky! Am I late to the party?
I also added Bsky to my web blog to share pages. Due to a nice upgrade I am able to deploy blogs easier now. So expect some new ones on here.
Thanks for having me motivated to check this out!
azurewithtom.com/posts/Genera...
I also added Bsky to my web blog to share pages. Due to a nice upgrade I am able to deploy blogs easier now. So expect some new ones on here.
Thanks for having me motivated to check this out!
azurewithtom.com/posts/Genera...