ACSC Logo
© 2026 GEMXIT
GEMXIT Logo
Cyber Security • Real-world lessons • Agent Foskett

Agent Foskett Cyber Briefings

Real-world cyber security insights drawn from Microsoft 365, Azure environments, identity security, phishing investigations, cloud misconfigurations and emerging AI governance challenges. Each briefing highlights practical scenarios seen in the field and the lessons organisations can apply before small issues become serious incidents.

Discuss your environment View security services
Agent Foskett Friday Cyber Briefings
About the briefings

Agent Foskett briefings translate real technical observations into clear, practical lessons for organisations operating modern Microsoft environments. They focus on the kinds of issues that often go unnoticed until they become operational, security or governance risks.

Practical security observations
Real-world configuration lessons
Modern Microsoft security insights

Why organisations read these briefings

Short, practical insights that help organisations recognise common security risks before they become incidents.
Real security scenarios
Microsoft ecosystem insights
Practical defensive thinking

Friday Cyber Briefings

A selection of real-world cyber security scenarios covering Microsoft 365, Azure infrastructure, identity protection, cloud exposure and emerging risks. Each briefing highlights the situation, the underlying issue and the lesson learned.
Episode: “The Missing Click” A client believed Microsoft 365 protections were all configured properly, but phishing emails kept getting through. The cause was not a sophisticated attacker, it was a correctly built Exchange transport rule left disabled.
Lesson: a security control that exists but is not enabled is basically no control at all.
Microsoft 365 Exchange Online Phishing
AI Rollout… But the Guardrails Weren’t AI tools had been deployed to boost productivity, but access was too broad, governance was unclear, and no one had tested what happened when users got creative with prompts.
Lesson: AI is not set-and-forget. Unsecured AI behaves like a highly motivated internal user with broad access.
AI Security Governance Data Access
Using Impossible Travel Sign-ins to Teach Real-World Security Skills A user account appeared to sign in successfully from Melbourne and then London within minutes. The login worked, but the geography told a very different story about identity risk.
Lesson: successful authentication does not always mean trusted access.
Entra ID Impossible Travel Identity Risk
Building Security Intuition with Sentinel Workbooks Security data was already flowing into the platform, but the real patterns stayed hidden until it was visualised properly. Once the noise became visible, the risks became much easier to understand.
Lesson: people act faster on security data when they can actually see the story it is telling.
Microsoft Sentinel Workbooks Visibility
Episode: “Just This One Exception” One temporary Conditional Access exclusion was added to help a user while travelling. It was never reviewed, never removed, and quietly weakened the tenant for months.
Lesson: most security failures start with well-intentioned shortcuts, not attackers.
Conditional Access MFA Zero Trust
Episode: “The MFA Was On… Just Not Everywhere” MFA existed on paper, but not for legacy authentication, temporary exclusions, or forgotten service accounts. Sign-in logs showed password spray activity quietly probing the tenant.
Lesson: MFA doesn’t protect what it doesn’t cover.
Entra ID MFA Legacy Auth
Episode: “When Nothing Looks Wrong” No alerts, no outages, no angry calls — yet a quick review found a global admin without MFA, legacy auth still enabled, short audit log retention, and Conditional Access not enforcing as expected.
Lesson: most breaches don’t start with alarms, they start with assumptions.
Audit Logs Global Admin Review
Azure Looked Healthy… Until One VM Failed An Azure finance environment looked fine until a critical VM failed. Backup was failing silently, no restore testing had been done, no ASR existed, and RDP was still exposed to the internet.
Lesson: cloud does not automatically make systems resilient — resilience still has to be engineered.
Azure Backup Resilience
Your Organisation Might Soon Have AI Employees AI agents are becoming the next big security surface. They analyse data, automate actions, and work across systems — which means unmanaged agents may soon become a major governance problem.
Lesson: the future of cybersecurity is not just protecting people — it’s protecting the machines working beside them.
AI Agents Identity Future Security
The RDP Port Was Open… And Everyone Could See It A Windows Server VM in Azure had a public IP with RDP exposed on port 3389. Logs showed thousands of connection attempts per day from around the world.
Lesson: if RDP is open to the world, someone will eventually knock on the door.
RDP Azure VM Attack Surface
The Storage Account Was Public… And Nobody Noticed An Azure storage account used for backups and diagnostic logs had public blob access enabled. That meant anyone finding the endpoint could potentially access the data without authentication.
Lesson: some of the biggest risks aren’t advanced attacks — they’re resources that were never meant to be public.
Azure Storage Blob Access Exposure

What these briefings highlight

Small configuration gaps often create the largest security risks.
Awareness before impact Many cyber incidents begin with simple oversights: a rule that was never enabled, an exception that was never removed, a cloud resource that was accidentally exposed, or an identity control that was only partially applied.

The purpose of these briefings is not alarm — it is awareness. Understanding how these issues appear in real environments helps organisations strengthen their security posture before attackers discover the same weaknesses.
Looking for a practical security review?
GEMXIT helps organisations assess Microsoft 365, Azure and identity security to identify risks, strengthen controls and improve resilience.
Contact GEMXIT
ACSC Logo   GEMXIT PTY LTD   GEMXIT UK LTD   © GEMXIT 2026

Agent Foskett Cyber Security Briefings by GEMXIT

Agent Foskett is GEMXIT’s cyber security briefing series covering Microsoft 365 security, Exchange Online protection, Azure cloud security, RDP exposure risks, phishing defence, multi-factor authentication, Conditional Access policies, identity protection, AI governance and modern cloud security practices.

These briefings highlight real-world security observations from Microsoft environments and provide practical lessons organisations can apply to strengthen their cyber security posture.