Scope note:

In this article I'm focusing on ZTNA and NAC from the endpoint access perspective, not server and IoT networks. Servers and critical back-end segments are typically static, predictable, and benefit from simpler, lower‑change controls.

Overview

The big question and the motivation for writing this article is to understand whether NAC solutions are still relevant when a Full Zero Trust architecture is in-place?

As I see it, NAC and Zero Trust Network Access (ZTNA) are complementary but often misunderstood

At their core, NAC and Zero Trust Network Access (ZTNA) are designed to complement each other in a layered security architecture. NAC acts as a gatekeeper, verifying device identity, posture, and compliance before granting network access. ZTNA extends this by continuously authenticating users and devices, enforcing least-privilege, and controlling access to specific applications regardless of network location.

Together, they form the foundation and superstructure of modern access control: NAC ensures devices are trustworthy before stepping inside, while ZTNA governs what those devices and users can do within the environment - so far so good.

However, reality tells another story. we see that many organizations continue to use NAC as if the security perimeter has not shifted. They treat NAC as a static gatekeeper - and neglect to incorporate dynamic, identity- and application-centric controls that ZTNA provides. Essentially, while the "cheese" has moved to identity, context, and cloud, many have not recalibrated their architecture or processes accordingly.

This misalignment leads to inefficiencies, increased complexity, and missed opportunities to strengthen security postures.

Rolling Out Intune Security Baselines: What We See in the Field

When working with Microsoft Intune across organizations of all sizes, the concept of security baselines comes up almost daily. In our teams, we manage security settings for over half a million endpoints across all our customers. Security baselines basically let us apply Microsoft’s best-practice security recommendations in bulk, and keep them updated as Windows, Defender, and other Microsoft products evolve.

What Are Intune Security Baselines?

Security baselines in Intune are not just templates—they’re collections of pre-configured device settings that help us enforce a strong security posture without having to reinvent the wheel. Microsoft publishes different baselines for specific products:

• Windows baseline: Covers core OS settings.

• Defender for Endpoint baseline: Adds advanced threat protection policies.

• Microsoft Edge baseline: Manages browser-related security.

• Microsoft 365 Apps baseline: Locks down Office apps.

• Windows 365 baseline: For securing cloud PCs.

For each customer, we choose and tweak the baseline as needed, depending on their compliance needs and digital workforce. Baselines get applied in Intune admin center, assigned to the right groups, and pushed out to all managed devices almost instantly.

TL;DR:

- What Are Intune Security Baselines?

Quick overview of baseline types and why we use them for mass device management.

- Managing Baselines in the Real World

How we deploy, update, and track baselines for over 500K devices.

- Highlights of Windows 11 25H2 Baseline

Main new features: app removal, Wi-Fi 7, backup & recovery, energy saver, security improvements.

- Our Implementation Workflow

How we test, roll out, and monitor baselines for customers.

- Key Takeaways

Why updating to the latest security baseline is a must for security, compliance, and efficiency.

Sources

Malicious URL Protection in Microsoft Teams (Preview)

Phishing remains one of the most common and effective attack vectors, and attackers increasingly exploit collaboration platforms like Microsoft Teams. To help reduce this risk, Microsoft has introduced Link Protection in Teams (currently in preview).

This feature automatically scans URLs sent in chats, channels, or meeting conversations, warns senders if they include a suspicious link, and alerts recipients before they click. It’s a valuable new capability — but it is not a replacement for Microsoft Defender Safe Links. Instead, it works best alongside Safe Links as part of a layered defense strategy.

Overview

In August 2025, Salesloft (owner of Drift) disclosed a breach that had been active for several months. The attackers moved step by step across systems: starting in GitHub, pivoting into AWS, and from there harvesting OAuth tokens that provided direct access into Salesforce environments.

With these tokens, they extracted business-critical data and even uncovered additional secrets like AWS keys, Snowflake tokens, and passwords. Several global companies, including Cloudflare, Zscaler, and Palo Alto Networks, confirmed they were affected.

The case highlights a growing risk area: OAuth tokens and third-party integrations that are often overlooked but provide deep access to SaaS platforms.