Did you know on May 22, 1906, the Wright Brothers were granted their patent for the “Flying Machine”? It took them years of tinkering, a few spectacular crashes, and a whole lot of wind to finally get off the ground… which, if we’re being honest, feels a lot like keeping up with Microsoft’s licensing calendar.

May has officially landed, and it has brought luggage! The Microsoft 365 E7 Frontier Suite is now generally available, bundling the E5 with a whole lot of stuff Microsoft thinks you’re already using but in reality, you’ve never heard of. Meanwhile, the beloved 30-day grace period for subscription expiration has quietly shuffled off this mortal coil, replaced by the Extended Service Term (EST)… which is essentially Microsoft’s way of saying, “You can still procrastinate, but now it costs 3% more.” And speaking of costs, the July 1 price increases are now close enough to feel real.

So, gear up for this month’s newsletter so we can break it all down and spend less time deciphering Microsoft announcements and more time running your IT operations.

In this latest installment of Demystifying CSPM, Danny George is back, and this time, he’s tackling the wonderfully messy reality of multi-cloud and hybrid environments. Let’s be honest; juggling AWS, Azure and GCP all at once isn’t a “multi-cloud strategy” so much as it is “security team stress testing.”

This session breaks down why visibility becomes the first casualty in a multi-cloud world, how inconsistent vendor standards keep everyone guessing, and why trying to piece together your security posture without a unified view is a bit like assembling IKEA furniture without instructions. Danny walks through how CSPM tools step in to bring order to the chaos by normalizing configurations, centralizing compliance, and connecting the dots across platforms.

Ane because no modern cloud conversation is complete without more acronyms, we also touch on how CSPM fits into the broader ecosystem… think CNAP, runtime protection, and the never-ending quest for “just one dashboard to rule them all.”

Grab a coffee (or something a bit stronger), hit play, and let’s make multi-cloud security a little less mysterious and a lot more manageable.

Microsoft seems to be slowly coming to terms with a reality we’ve all known for a while… not everyone exclusively lives inside the Copilot bubble.

In a recent update, Microsoft Purview Data Security Posture Management has been extended to include Anthropic’s Claude because shockingly, organizations are using more than one AI tool. This means security teams can no see and investigate Claude activity alongside everything else instead of relying on strongly worded policies and crossed fingers that employees actually read that policy update HR just sent out.

This change introduces a Claude Compliance API, giving Purview visibility into Claude interactions and audit signals. This provides the same governance controls you already rely on for Microsoft 365 data to now follow your data when it inevitably wanders off into third-party AI tools.

Why the change? Because AI usage has officially outgrown the “we’ll just standardize on one tool” phase. Between Copilot, Claude, and a handful of “I swear this is for work” browser tabs, data is moving everywhere, and Microsoft’s response is surprisingly simple (and refreshingly practical): if you can’t stop the sprawl, at least make it visible.

But somewhere, deep in Redmond, a single tear rolled down the cheek of a product marketer whispering, “But… what about Copilot?“ ☹

Remember that 30-day grace period where subscriptions could expire and nothing really urgent happened? Probably not as Improving CSP clients are always diligent on their planning to ever let that happen!

But, for your friends’ companies, services kept running, employees stayed happy, and renewal could wait another meeting or two. As of early May, Microsoft has officially retired the 30-day subscription grace period and replaced it with something a little more… financially motivating.

Say hello to the Extended Service Term (EST). In practice, this means if auto-renew is off an no action is taken, subscriptions can roll into EST automatically, which is essentially the equivalent monthly-term subscription with a nice 3% convenience fee to keep the lights on. It’s intended as a short-term bridge which decision can be made but priced to encourage those decisions to happen sooner rather than later.

In other words, Microsoft didn’t remove the safety net… they just added a usage fee.

But as an Improving CSP client, we default to automatic renewals to avoid any EST. Remember, you have 7-days post-renewal to make any last second changes, but don’t worry, we’ll be politely (and frequently) reminding you of subscription renewals turns into a game of licensing roulette.

Because nothing says “efficient SOC” like 17 browser tabs, three different portals, and that one bookmark you’re afraid to delete because no one remembers what it does. Maybe Microsoft has been listening and in their latest effort to unite the family, Microsoft Sentinel is moving into the Microsoft Defender portal, brining SIEM and XDR operations together in one place.

Now, if you’re thinking, “Haven’t we done this before?” you’re not wrong. Microsoft does have a bit of a… messy history when it comes to consolidating experiences. But this time, the goal is clear: reduce the “swivel-chair security operations” and give a single workspace for investigations, response, and (hopefully) fewer existential questions ab out which portal they should be in.

And yes, the timeline has evolved a bit too. What started as a July 2026 change has now been extended to end of March 2027. Think of it less a delay and more as Microsoft giving everyone a chance to fully embrace this new vision at their own pace.

To Microsoft’s credit, this isn’t just a UI shuffle. The Defender portal is positioned as the future home for unified security operations, where Sentinel continues to do what it does best, just without the portal hopping. And yes, they’ve said there is no additional cost to make this move, which is always nice to hear right before you start rewriting your runbooks.

So what’s the takeaway? Treat this like any other meaningful platform shift: plan the move, retrain the team, and update anything that still says, “click here in the Azure portal.” Because this time… probably… we’re all staying in Defender.

If there’s one thing we take seriously, it’s security. You already know we don’t exactly treat it like a once-a-year checklist. From quarterly assessments to ongoing conversations about risk, we’re big believers in staying ahead of the curve… not waving at it as it passes by.

That’s why we’re excited to offer Microsoft Security Immersion Briefings; a no-cost, 90-minute workshop that complements the work you’re already doing to stay secure. Think of it as a guided, hands-on tour through Microsoft’s security capabilities, where threat protection, data security, and advanced security for SMBs come to life in real-world scenarios instead of abstract diagrams.

Whether you’re looking to validate your current approach, explore new capabilities, or simply see what’s possible beyond the settings you’ve already mastered, this is a low-effort, high-value way to level up your security game. And at 90 minutes with zero cost, it’s one of the few things in security that doesn’t come with a surprise charge… or incident report.

Contact us at [email protected] to schedule your briefing or learn more about this offering.

Our monthly checkpoints are your all-access pass to asking all the cloud questions you may have. Whether that is bouncing new ideas off of, looking for guidance on specific solutions, learning more about upcoming capabilities, diving deeper into a technical issue, or simply just being your monthly emotional support human. If you don’t have a monthly team checkpoint already scheduled, don’t be shy, drop us a message and let’s get one scheduled!