Our Expertise

Identity & Access — Conditional Access, FIDO2, Entra ID governance

Endpoint Security — Intune, Defender for Endpoint, compliance baselines

Cloud Architecture — Microsoft 365, Azure, hybrid infrastructure

AI Readiness — Copilot deployment, data governance, security assessment

Cost Optimization — License audits, infrastructure right-sizing

Security Assessment — Posture review, gap analysis, remediation planning

Our Team

Nicklas Eriksson — Founder & Cloud Solution Architect. Senior consultant with 15+ years of experience in IT, specializing in hybrid infrastructure and Microsoft platforms. Works closely with architecture and business stakeholders to turn technical guidelines into sustainable, working solutions. Focused on automation, structure, and security.

Helena Berg — Operations & Client Relations. Ensuring smooth day-to-day operations and strong client relationships. Supporting the team with administration, logistics and business coordination.

Stina Berg Eriksson — Documentation & Quality Assurance. Supporting advisory engagements with a focus on structure, documentation and quality assurance. Helping ensure every deliverable meets our standards.

Sixten Berg Eriksson — Infrastructure & Lab. Contributing to cloud and infrastructure projects with fresh perspectives. Focused on hands-on testing, lab environments and enterprise security foundations.

Elna Berg Eriksson — Creative & Communications. Bringing curiosity and attention to detail to every project. Supporting communications, content creation and client-facing materials.

Latest Insights

Swedish municipalities hit by ransomware — is your business ready? — Dorotea and Vilhelmina municipalities were hit by ransomware on April 9. Here is what happened and what to check in your M365 environment.

BlueHammer — unpatched Windows zero-day grants SYSTEM via Defender updates — A published zero-day in Windows Defender signature updates gives attackers SYSTEM privileges. No patch exists. Here is how to protect your endpoints.

AI-powered phishing hits M365 — hundreds of orgs compromised daily — Storm-2755 uses AI to craft phishing emails that trick M365 users into giving up their tokens. Here is how to protect yourself.

Russian hackers steal M365 logins via your router — what to do now — APT28 compromised 18,000 routers to steal Microsoft 365 tokens. Here is how to check if your customers are affected.

EvilTokens hijacks M365 accounts — how to block it — New phishing-as-a-service kit bypasses MFA entirely through Microsoft 365 device code flow. Here is how to block it.

Kerberos RC4 hardening goes live in April — check your service accounts — April Windows updates enforce AES-only Kerberos for service accounts. Legacy RC4 dependencies will break.

EvilTokens — new phishing attack bypasses MFA entirely via device code flow — New PhaaS platform steals M365 tokens by tricking users into authenticating on Microsofts own login page.

Region Värmland hacked for four months — how to protect your M365 environment — Attackers had access to Region Värmland M365 email accounts for four months. CERT-SE warns of increasing BEC attacks against Swedish organizations.

Critical Chrome/Edge Zero-Day CVE-2026-5281 — Update Now — An actively exploited vulnerability in Chrome and Edge requires immediate patching. CISA added CVE-2026-5281 to its KEV catalog.

Kerberos RC4 enforcement April 2026 — what to do before patching — Microsoft April update enforces AES-only Kerberos. Service accounts still using RC4 will break. Here is how to prepare.

MFA does not protect against device code phishing — here is what does — Over 340 M365 organizations compromised via device code phishing. MFA is useless. Here is how to block it.

Device code phishing bypasses MFA — 340+ M365 organizations compromised — The EvilTokens platform steals M365 tokens that survive password resets. Here is how to block the attack in Conditional Access.

Excel vulnerability weaponizes Copilot — patch now — CVE-2026-26144 allows an attacker to use Copilot Agent in Excel to exfiltrate data without any user interaction.

Device code phishing hits 340 M365 orgs — block the flow now — Russian threat actors exploit Microsoft device code authentication to hijack M365 accounts. Conditional Access can stop it.

Outlook vulnerability runs malicious code without opening the email — CVE-2026-26113 and CVE-2026-26110 allow code execution just by viewing an email in the Preview Pane.

Tablets in Business: From Warehouse to Boardroom — How to use tablets as productivity tools in your business — not just entertainment devices.

Managing Company Phones with Intune: iPhone and Android — How to secure, configure, and manage all company phones centrally — whether iPhone or Android.

The Perfect Home Office: Monitor, Keyboard, and Headset — The right accessories make the difference between a home office that works and one that frustrates. Here is what you need.

How to Choose the Right Laptop for Microsoft 365 Business Premium — A guide for IT managers at Swedish SMBs who want to select the right hardware for Microsoft 365, Intune, and Defender.

5 Things to Consider When Buying IT Hardware for Your Business — Avoid costly mistakes when upgrading your company IT. Here are the five most important questions to ask before you buy.

Why Intune and Autopilot Transform IT Management for SMBs — Stop configuring laptops manually. With Intune and Autopilot, you set up a new device in 15 minutes instead of 3 hours.

Hackers Wiped 200K Devices via Intune — Protect Your Environment Now — Iran-linked Handala used Microsoft Intune to wipe 200,000+ devices at Stryker. Here is how to protect your organization.

New Phishing Attack Bypasses MFA via Device Code — Block It Now — Active campaign steals M365 tokens via OAuth device code flow. 340+ organizations compromised. Here is how to block the attack.

Critical Office RCE vulnerabilities — the Preview Pane is the attack surface — Two critical RCE vulnerabilities in Microsoft Office let attackers execute code just by previewing a document in Outlook. Patch now.

Region Varmland hacked for four months — how to protect your business — A Swedish government region suffered a phishing attack that gave attackers access to email accounts for four months undetected. Here is how to avoid the same fate.

Entra ID deadline March 31 — apps without service principal will break — Microsoft Entra ID stops supporting app auth without a service principal on March 31. Check your app registrations now.

Tycoon2FA is back — MFA bypass against M365 works again — The Tycoon2FA phishing platform is back after Europol's takedown. AiTM attacks bypass standard MFA and steal M365 tokens.

Excel vulnerability lets Copilot silently leak your data — CVE-2026-26144 enables attackers to weaponize Copilot Agent for zero-click data exfiltration from Excel. Patch now.

AI-powered phishing campaign hits 340+ organizations — M365 tokens stolen — Active device code phishing campaign exploits Railway.com and AI-generated lures to steal M365 tokens. Password resets won't help.

The DarkSword attack — your iPhones could give hackers access to company data — CISA warns of actively exploited iOS attack chain threatening anyone running Microsoft Authenticator, Outlook, or Teams on iPhone.

Swedish Security Service warns — constant cyberattacks on Swedish organizations — Säkerhetspolisen annual report confirms: cyberattacks against Swedish organizations are constant. What SMBs should do now.

Handala Detection Pack v2: Sigma rules for Intune bulk wipe prevention — ThreatHunter.ai published Detection Pack v2 with five new Sigma rules and KQL queries for Microsoft Sentinel covering: MuddyWater pre-positioning IOCs, PIM Authentication Context gap detection, three-layer bulk wipe prevention for Intune, stale session detection, and Rclone exfiltration detection.

Copilot as attack vector — Excel flaw enables zero-click data exfiltration — CVE-2026-26144 in Excel can be exploited to make Microsoft Copilot exfiltrate sensitive data without any user interaction.

The Stryker Attack: CISA demands Intune hardening after 200,000 devices wiped — CISA urges all organizations to harden Microsoft Intune after Iran-linked Handala wiped 200,000 devices at medtech giant Stryker.

Excel vulnerability weaponizes Copilot for data theft — CVE-2026-26144 — A critical Excel vulnerability combines XSS with prompt injection to turn Copilot Agent into a data exfiltration tool. Zero-click — no user interaction required.

Teams calls from fake IT support — how one call compromises an entire company — Microsoft DART reveals how attackers use Teams voice calls and Quick Assist to deploy backdoors. Here is how to protect your organization.

Critical SharePoint Zero-Day Under Active Exploitation — Patch Before Friday — CISA added CVE-2026-20963 to its Known Exploited Vulnerabilities catalog with a 3-day patch deadline. If you run SharePoint on-prem, act now.

Why Your Organization Should Invest in FIDO2 and Passkeys in Entra ID — Passwords are the weakest link in enterprise security. FIDO2 security keys and passkeys in Microsoft Entra ID offer a phishing-resistant alternative that eliminates credential theft entirely.

Microsoft 365 Tenant Consolidation After Mergers & Acquisitions — When two companies merge, their IT environments collide. Duplicate tenants, overlapping identities, and inconsistent security policies create cost, risk, and friction. Here is a structured approach to M365 tenant consolidation.

AI in 2025-2026: The Acceleration Is Real — And So Are the Security Risks — The last six months have seen an unprecedented acceleration in AI capabilities. From reasoning models to autonomous agents, the technology is advancing faster than most organizations can adapt.

Maximize the Security You Already Paid For: Microsoft 365 Business Premium — Most organizations running Microsoft 365 Business Premium are only using a fraction of the security features included in their license. Here is how to unlock the full value.

Services

Microsoft 365 Security Review — Know exactly where your Microsoft 365 security stands — and what to fix first.

Security & Compliance — Protect your organization with comprehensive security assessments, compliance frameworks, and threat protection strategies for Microsoft environments.

IT Consulting — Transform your IT landscape with strategic consulting services. We help organizations optimize technology investments, improve operational efficiency, and drive innovation.

NIS2 Compliance — Help your organization meet NIS2 supply chain security requirements using the Microsoft 365 tools you already have.

Microsoft 365 Consulting — Transform your workplace with expert Microsoft 365 implementation, optimization, and support. We help organizations leverage the full power of the Microsoft cloud ecosystem.

Digital Workplace — Empower your workforce with a modern digital workplace that enables seamless collaboration, productivity, and innovation from anywhere.

Cloud Services — Expert Azure and Microsoft 365 migration, hybrid infrastructure design, and cloud cost optimization. We help Swedish enterprises modernize with confidence.

Data & Analytics — Turn your data into a strategic asset. We help organizations build Power BI dashboards, govern data quality, automate reporting, and prepare for AI-driven analytics.

Training & Development — Empower your team with expert-led training programs. From Microsoft 365 end-user training to security awareness and admin certification, we build the skills your organization needs.

Digital Transformation — Modernize your operations with strategic digital transformation. We help organizations automate processes, manage change, and build future-ready infrastructure.

Haggeburger — Independent Advisory for Microsoft Cloud, Security & AI

Name: Haggeburger
Address: SE
Price range: $$

Trusted advisory. Architecture first. Independent guidance for Microsoft cloud, identity security, and AI.

Our Expertise

Identity & Access — Conditional Access, FIDO2, Entra ID governance
Endpoint Security — Intune, Defender for Endpoint, compliance baselines
Cloud Architecture — Microsoft 365, Azure, hybrid infrastructure
AI Readiness — Copilot deployment, data governance, security assessment
Cost Optimization — License audits, infrastructure right-sizing
Security Assessment — Posture review, gap analysis, remediation planning

Our Team

Nicklas Eriksson — Founder & Cloud Solution Architect. Senior consultant with 15+ years of experience in IT, specializing in hybrid infrastructure and Microsoft platforms. Works closely with architecture and business stakeholders to turn technical guidelines into sustainable, working solutions. Focused on automation, structure, and security.
Helena Berg — Operations & Client Relations. Ensuring smooth day-to-day operations and strong client relationships. Supporting the team with administration, logistics and business coordination.
Stina Berg Eriksson — Documentation & Quality Assurance. Supporting advisory engagements with a focus on structure, documentation and quality assurance. Helping ensure every deliverable meets our standards.
Sixten Berg Eriksson — Infrastructure & Lab. Contributing to cloud and infrastructure projects with fresh perspectives. Focused on hands-on testing, lab environments and enterprise security foundations.
Elna Berg Eriksson — Creative & Communications. Bringing curiosity and attention to detail to every project. Supporting communications, content creation and client-facing materials.

Latest Insights

Swedish municipalities hit by ransomware — is your business ready? — Dorotea and Vilhelmina municipalities were hit by ransomware on April 9. Here is what happened and what to check in your M365 environment.
BlueHammer — unpatched Windows zero-day grants SYSTEM via Defender updates — A published zero-day in Windows Defender signature updates gives attackers SYSTEM privileges. No patch exists. Here is how to protect your endpoints.
AI-powered phishing hits M365 — hundreds of orgs compromised daily — Storm-2755 uses AI to craft phishing emails that trick M365 users into giving up their tokens. Here is how to protect yourself.
Russian hackers steal M365 logins via your router — what to do now — APT28 compromised 18,000 routers to steal Microsoft 365 tokens. Here is how to check if your customers are affected.
EvilTokens hijacks M365 accounts — how to block it — New phishing-as-a-service kit bypasses MFA entirely through Microsoft 365 device code flow. Here is how to block it.
Kerberos RC4 hardening goes live in April — check your service accounts — April Windows updates enforce AES-only Kerberos for service accounts. Legacy RC4 dependencies will break.
EvilTokens — new phishing attack bypasses MFA entirely via device code flow — New PhaaS platform steals M365 tokens by tricking users into authenticating on Microsofts own login page.
Region Värmland hacked for four months — how to protect your M365 environment — Attackers had access to Region Värmland M365 email accounts for four months. CERT-SE warns of increasing BEC attacks against Swedish organizations.
Critical Chrome/Edge Zero-Day CVE-2026-5281 — Update Now — An actively exploited vulnerability in Chrome and Edge requires immediate patching. CISA added CVE-2026-5281 to its KEV catalog.
Kerberos RC4 enforcement April 2026 — what to do before patching — Microsoft April update enforces AES-only Kerberos. Service accounts still using RC4 will break. Here is how to prepare.
MFA does not protect against device code phishing — here is what does — Over 340 M365 organizations compromised via device code phishing. MFA is useless. Here is how to block it.
Device code phishing bypasses MFA — 340+ M365 organizations compromised — The EvilTokens platform steals M365 tokens that survive password resets. Here is how to block the attack in Conditional Access.
Excel vulnerability weaponizes Copilot — patch now — CVE-2026-26144 allows an attacker to use Copilot Agent in Excel to exfiltrate data without any user interaction.
Device code phishing hits 340 M365 orgs — block the flow now — Russian threat actors exploit Microsoft device code authentication to hijack M365 accounts. Conditional Access can stop it.
Outlook vulnerability runs malicious code without opening the email — CVE-2026-26113 and CVE-2026-26110 allow code execution just by viewing an email in the Preview Pane.
Tablets in Business: From Warehouse to Boardroom — How to use tablets as productivity tools in your business — not just entertainment devices.
Managing Company Phones with Intune: iPhone and Android — How to secure, configure, and manage all company phones centrally — whether iPhone or Android.
The Perfect Home Office: Monitor, Keyboard, and Headset — The right accessories make the difference between a home office that works and one that frustrates. Here is what you need.
How to Choose the Right Laptop for Microsoft 365 Business Premium — A guide for IT managers at Swedish SMBs who want to select the right hardware for Microsoft 365, Intune, and Defender.
5 Things to Consider When Buying IT Hardware for Your Business — Avoid costly mistakes when upgrading your company IT. Here are the five most important questions to ask before you buy.
Why Intune and Autopilot Transform IT Management for SMBs — Stop configuring laptops manually. With Intune and Autopilot, you set up a new device in 15 minutes instead of 3 hours.
Hackers Wiped 200K Devices via Intune — Protect Your Environment Now — Iran-linked Handala used Microsoft Intune to wipe 200,000+ devices at Stryker. Here is how to protect your organization.
New Phishing Attack Bypasses MFA via Device Code — Block It Now — Active campaign steals M365 tokens via OAuth device code flow. 340+ organizations compromised. Here is how to block the attack.
Critical Office RCE vulnerabilities — the Preview Pane is the attack surface — Two critical RCE vulnerabilities in Microsoft Office let attackers execute code just by previewing a document in Outlook. Patch now.
Region Varmland hacked for four months — how to protect your business — A Swedish government region suffered a phishing attack that gave attackers access to email accounts for four months undetected. Here is how to avoid the same fate.
Entra ID deadline March 31 — apps without service principal will break — Microsoft Entra ID stops supporting app auth without a service principal on March 31. Check your app registrations now.
Tycoon2FA is back — MFA bypass against M365 works again — The Tycoon2FA phishing platform is back after Europol's takedown. AiTM attacks bypass standard MFA and steal M365 tokens.
Excel vulnerability lets Copilot silently leak your data — CVE-2026-26144 enables attackers to weaponize Copilot Agent for zero-click data exfiltration from Excel. Patch now.
AI-powered phishing campaign hits 340+ organizations — M365 tokens stolen — Active device code phishing campaign exploits Railway.com and AI-generated lures to steal M365 tokens. Password resets won't help.
The DarkSword attack — your iPhones could give hackers access to company data — CISA warns of actively exploited iOS attack chain threatening anyone running Microsoft Authenticator, Outlook, or Teams on iPhone.
Swedish Security Service warns — constant cyberattacks on Swedish organizations — Säkerhetspolisen annual report confirms: cyberattacks against Swedish organizations are constant. What SMBs should do now.
Handala Detection Pack v2: Sigma rules for Intune bulk wipe prevention — ThreatHunter.ai published Detection Pack v2 with five new Sigma rules and KQL queries for Microsoft Sentinel covering: MuddyWater pre-positioning IOCs, PIM Authentication Context gap detection, three-layer bulk wipe prevention for Intune, stale session detection, and Rclone exfiltration detection.
Copilot as attack vector — Excel flaw enables zero-click data exfiltration — CVE-2026-26144 in Excel can be exploited to make Microsoft Copilot exfiltrate sensitive data without any user interaction.
The Stryker Attack: CISA demands Intune hardening after 200,000 devices wiped — CISA urges all organizations to harden Microsoft Intune after Iran-linked Handala wiped 200,000 devices at medtech giant Stryker.
Excel vulnerability weaponizes Copilot for data theft — CVE-2026-26144 — A critical Excel vulnerability combines XSS with prompt injection to turn Copilot Agent into a data exfiltration tool. Zero-click — no user interaction required.
Teams calls from fake IT support — how one call compromises an entire company — Microsoft DART reveals how attackers use Teams voice calls and Quick Assist to deploy backdoors. Here is how to protect your organization.
Critical SharePoint Zero-Day Under Active Exploitation — Patch Before Friday — CISA added CVE-2026-20963 to its Known Exploited Vulnerabilities catalog with a 3-day patch deadline. If you run SharePoint on-prem, act now.
Why Your Organization Should Invest in FIDO2 and Passkeys in Entra ID — Passwords are the weakest link in enterprise security. FIDO2 security keys and passkeys in Microsoft Entra ID offer a phishing-resistant alternative that eliminates credential theft entirely.
Microsoft 365 Tenant Consolidation After Mergers & Acquisitions — When two companies merge, their IT environments collide. Duplicate tenants, overlapping identities, and inconsistent security policies create cost, risk, and friction. Here is a structured approach to M365 tenant consolidation.
AI in 2025-2026: The Acceleration Is Real — And So Are the Security Risks — The last six months have seen an unprecedented acceleration in AI capabilities. From reasoning models to autonomous agents, the technology is advancing faster than most organizations can adapt.
Maximize the Security You Already Paid For: Microsoft 365 Business Premium — Most organizations running Microsoft 365 Business Premium are only using a fraction of the security features included in their license. Here is how to unlock the full value.

Services

Microsoft 365 Security Review — Know exactly where your Microsoft 365 security stands — and what to fix first.
Security & Compliance — Protect your organization with comprehensive security assessments, compliance frameworks, and threat protection strategies for Microsoft environments.
IT Consulting — Transform your IT landscape with strategic consulting services. We help organizations optimize technology investments, improve operational efficiency, and drive innovation.
NIS2 Compliance — Help your organization meet NIS2 supply chain security requirements using the Microsoft 365 tools you already have.
Microsoft 365 Consulting — Transform your workplace with expert Microsoft 365 implementation, optimization, and support. We help organizations leverage the full power of the Microsoft cloud ecosystem.
Digital Workplace — Empower your workforce with a modern digital workplace that enables seamless collaboration, productivity, and innovation from anywhere.
Cloud Services — Expert Azure and Microsoft 365 migration, hybrid infrastructure design, and cloud cost optimization. We help Swedish enterprises modernize with confidence.
Data & Analytics — Turn your data into a strategic asset. We help organizations build Power BI dashboards, govern data quality, automate reporting, and prepare for AI-driven analytics.
Training & Development — Empower your team with expert-led training programs. From Microsoft 365 end-user training to security awareness and admin certification, we build the skills your organization needs.
Digital Transformation — Modernize your operations with strategic digital transformation. We help organizations automate processes, manage change, and build future-ready infrastructure.