Business email compromise isn’t going away—Nathan Taylor continues the conversation with a focus on how organizations can actually secure their Microsoft 365 environments.

Most security issues come from gaps in configuration and inconsistent enforcement of basic controls. Nathan walks through how to approach tenant hardening step by step, starting with understanding your current environment through an assessment.

From there, he breaks down how to prioritize high-impact changes. The focus stays on identity and access, where MFA and conditional access policies play a central role. He explains why identity has become the primary security boundary and how small misconfigurations can create entry points for attackers.

The episode also covers email security, including DMARC, SPF, and phishing protection, before moving into risks like dormant accounts and unmanaged applications. As the conversation progresses, Nathan touches on more advanced threats like token theft and how approaches like FIDO2 authentication and compliant device policies help reduce exposure.

Nathan Taylor is Senior Vice President and Global Microsoft Practice Leader at Sourcepass, where he leads the Sourcepass Center of Excellence for Microsoft, also known as the Sourcepass MCOE. With nearly two decades of experience, he helps organizations navigate complex Microsoft cloud and security decisions by turning technology into secure, scalable outcomes.  

[00:05:30] Starting with an Assessment
The first step in securing a tenant is understanding what exists today. Nathan explains how running an assessment helps identify gaps and focus on improvements that reduce risk quickly without overwhelming teams or disrupting users.

[00:12:40] Why Identity is the New Security Boundary
Security has shifted from network perimeters to user identity. This section explores why MFA, conditional access, and authentication methods are now the most critical controls for preventing unauthorized access.

[00:20:15] Dormant Accounts as a Risk Factor
Unused accounts often go unnoticed but remain accessible. These accounts are typically not secured with MFA and can be exploited through password resets or social engineering, making them a common entry point for attackers.

[00:27:10] Strengthening Email Security Controls
Email continues to be the primary attack vector. Nathan outlines how DMARC, SPF, and Defender policies help reduce phishing and spoofing risks and why many tenants are still misconfigured.

[00:31:20] Defending Against Token-Based Attacks
More advanced attacks target authentication tokens instead of credentials. This section explains how FIDO2 authentication and device-based policies make it harder for attackers to gain persistent access.

Assess your Microsoft 365 Security Posture
Not sure where identity or access gaps exist in your tenant? A Microsoft 365 Security Assessment helps surface real risk and prioritize the next steps. Get a clear view of your exposure: https://sourcepassmcoe.com/m365-security-assessment-sourcepass-mcoe

Harden your Microsoft 365 environment
Many compromises succeed because foundational settings are missed. This checklist highlights the core controls every tenant should review. Validate your hardening baseline: https://sourcepassmcoe.com/articles/microsoft-365-hardening-checklist-sourcepass-mcoe

Close gaps with critical Conditional Access policies
Misconfigured Conditional Access remains a common entry point for attackers. This guide outlines the policies every tenant should enforce. Review the must have Conditional Access policies: https://sourcepassmcoe.com/articles/top-conditional-access-policies-for-m365-security-sourcepass-mcoe