For years, the playbook was simple: Centralize everything into a SIEM. Security logs. Application logs. Performance telemetry. Network noise. If it could produce a log… it got shipped. Platforms like Splunk and QRadar became the catch-all data sinks for the enterprise. And for a while, that made sense. But that model doesn’t hold up anymore.…

Last week, I wrote about why blocking AI is easy—but governing it is where most organizations fail. That post focused on permissioning: what really happens the moment a user flips an AI connector from Needs approval to Always allow. This article is about what comes next. Because once you allow it… you need to see…

The Refoundry team has earned the Microsoft Threat Protection Specialization, a designation that verifies proven, hands-on expertise in deploying Microsoft Threat Protection and Microsoft Cloud App Security workloads.   What the specialization actually means To earn a Threat Protection Specialization, Microsoft requires partners to demonstrate real-world deployment experience (verified by customers who can speak to…

Most organizations are not ready for what “Always allow” actually means in tools like Claude Cowork. By default, it’s set to Needs approval. That’s intentional. But the moment a user flips that to Always allow, they’ve effectively delegated their identity. Not just access… authority. Now you have: AI operating with user-level permissions Access to email,…

Most organizations still think about risk the old way: Phishing. Malware. Endpoint compromise.   But we’re entering a different era. The next wave of enterprise risk sits at the intersection of AI + access. And most organizations aren’t ready. AI Is Not Just a Tool. It’s an Operator. Whether it’s Copilot, ChatGPT, or Claude—these aren’t…

For years, security leaders have operated under a familiar assumption: “Best of breed always wins.” Buy the best SIEM. Buy the best EDR. Buy the best identity tool. Integrate everything later.   That model made sense in a world where: Data was fragmented Tooling was siloed Humans were the primary operators That world is changing…

Microsoft recently pushed the retirement of Azure portal-based Microsoft Sentinel management to March 31, 2027. On paper, that sounds like more time. In reality, it’s a signal.  The real story isn’t the deadline. It’s the direction. What’s Actually Changing New Sentinel instances created after August 2025 are already defaulting to the Microsoft Defender portal. That’s…

Industry-Leading Microsoft Technology Executive Brings Pioneering AI Security Framework to Accelerate Corporate AI Adoption CHICAGO, March 16, 2026 — Refoundry today announced the strategic appointment of Stephen Christiansen as Field Chief Technology Officer, positioning the company as a destination for corporate executives seeking transformational Microsoft AI and Security services. Christiansen brings a powerful combination of…

In cybersecurity, detection gets most of the attention—dashboards, alerts, telemetry, and visibility. But when a real incident unfolds, none of that matters nearly as much as one capability: response. The most costly breaches rarely happen because suspicious activity wasn’t detected; they happen because response was too slow. If your MXDR provider can’t move from detection…