@brianbaldock.bsky.social
Microsoft Senior Program Manager | Cybersecurity, Identity and AI
Majority voting barely improves long-horizon reliability. Thinking tokens, ie: "reasoning" before acting, win every time. Pay for the right compute.
#ThursdayThoughts #AI #LLM #AIAgents
My desk looks like a small tornado passed through, coffee mug, cables, notebooks, and a few rogue spinner magnets that didnβt survive another fidget session.
Some people need calm to focus; I apparently need creative chaos.
Curious, whatβs the one item on your desk you canβt live without?
Agent build tip: Plan externally, execute in small, verifiable steps. Cleaner pipelines.
#ThursdayThoughts #AI #LLM #AIAgents
Entra rollout made easier.
Check out these step-by-step deployment videos for Microsoft Entra, covering hybrid join, Conditional Access, and more. Perfect for IT admins in the trenches.
Link: blog.brianbaldock.net/when-ethical...
29.09.2025 13:04 β π 0 π 0 π¬ 0 π 0
Ghost citations, part 2: my 7-step checklist to keep AI-assisted content faithful, accurate, and complete. Move fastβwithout burning trust.
Link in first reply.
Drift happens when agents read their own bad outputs. Cut context, watch error rate, escalate sooner. Human in the loop!
#ThursdayThoughts #AI #LLM #AIAgents
Tip: Use naming like PIMβSecOpsβMDEβReaders so your audit trail reads well.
23.09.2025 14:03 β π 0 π 0 π¬ 0 π 0
Step 1: Create the PIMβenabled group.
Entra β Group β Enable PIM β add Eligible Member assignments (timeβboxed).
Full guide (pics): aka.ms/defpim
#EntraID #PIM #LeastPrivilege
Hereβs the blog π blog.brianbaldock.net/bite-sized-e...
22.09.2025 14:06 β π 0 π 0 π¬ 0 π 0Quick reminder β the Entra ID snackable video series is live, thanks to a big team effort across FastTrack and several partner groups at Microsoft.
Theyβre short, practical sessions covering everything from Conditional Access to Token Protection. I pulled them into one blog, link below.
An βethical AIβ report shipped with 15+ fake citations. Why? Hallucinations + humans pasting smart-sounding lines. I share a simple playbook to stop ghost citations and keep trust.
Link in first reply.
π Track horizon length, not just accuracy. Tiny perβstep gains can mean big jumps in how far agents run without help.
#ThursdayThoughts #AI #LLM #AIAgents
β οΈ Headsβup: PIMβforβGroups requires Entra ID P2 or Governance licensing AND relevant Defender licensing.
17.09.2025 14:02 β π 0 π 0 π¬ 0 π 0
Still giving standing access in Defender XDR?
Use PIMβforβGroups + URBAC for JIT, timeβboxed permissions.
Clean guide from Matt Novitsch β aka.ms/defpim
Check out the full list of videos here: blog.brianbaldock.net/bite-sized-e...
16.09.2025 14:04 β π 0 π 0 π¬ 0 π 0The FastTrack, Product Marketing, GTM, WWL Studios, and Microsoft Learn teams built out a library of Entra ID βsnackableβ deployment videos. These are short, focused sessions covering everything from Internet Access to Identity Governance and Privileged Identity Management.
#Microsoft365 #EntraID
Quick reminder: I built a PowerShell mini-module to simplify Viva Engage policy management (Copilot + AI Summarization).
Org-wide disable β group enables.
buff.ly/lfgVxuh
repo in the first comment π
#LazyAdmins #Microsoft365 #M365Copilot #VivaEngage #PowerShell
Check out the code repo here: github.com/brianbaldock...
04.09.2025 15:57 β π 0 π 0 π¬ 0 π 0
Hey #LazyAdmins π I put together a PowerShell mini-module to manage Viva Engage access policies for Copilot + AI Summarization.
The flow: start with an org-wide disable, then enable for groups you choose. Clean, predictable, repeatable. blog.brianbaldock.net/admin-guide-...
When was the last time you looked at your Microsoft Secure Score?
Hereβs why I treat mine like a kitchen cleaning list, and how you can too.
blog.brianbaldock.net/securescore
#CyberSecurity #Microsoft365 #SecureScore
When I worked in kitchens, we had a rule: βAlways be cleaning.β
Now I use the same mindset in security with Microsoft Secure Score.
New post: blog.brianbaldock.net/securescore
#CyberSecurity #Microsoft365 #SecureScore
ICYMI: My latest post on identity design for AI agents is still fresh.
OBO flow vs service creds, secrets, and audit trails, all covered.
Still relevant. Still useful.
blog.brianbaldock.net/recipe-desig...
#CyberSecurity #AgenticAI
New post: Designing Identity for Agentic AI.
How do agents securely access systems like SQL Server?
I break down two flows (OBO + service creds) + give you a practical checklist.
Check it out π blog.brianbaldock.net/recipe-desig...
#ZeroTrust #AIIdentity
Last week I shared what breaking into my own systems taught me as a defender. From missed file permissions to my first reverse shellβit was eye-opening.
What moment shifted your view on defense?
Catch the full post here: blog.brianbaldock.net/a-better-def...
New blog just dropped: How breaking in made me a better defender.
Offensive security taught me more than I expected; reverse shells, overlooked basics, and how fragile assumptions really are.
What changed your view on defense?
π blog.brianbaldock.net/a-better-def...
Push fatigue + phishing = breach.
Learn how to upgrade your MFA game with phishing-resistant options that actually work.
blog.brianbaldock.net/mfa-beyond-p...
#ZeroTrust #MFA #CyberSecurity
