© 2026 GEMXIT
Develop IT. Protect IT.
GEMXIT
Real-world capability. Not just services.
GEMXIT brings together Microsoft security, Azure architecture, training and development to solve real problems — improving visibility, reducing risk and delivering systems that actually hold up under pressure.
Stop Azure cost blowouts and security gaps
Azure environments that are secure, controlled and cost-efficient — with governance, visibility and architecture that actually make sense.
👉 Deep dive: Cloud Services
See what your environment is not telling you
Identity, endpoint and cloud security built around visibility — uncovering real activity using Defender, Sentinel and Entra ID, not just relying on alerts.
👉 Deep dive: Cyber Security
Build capability that actually sticks
Microsoft-aligned training built from real environments and real incidents — helping your team gain skills they can apply immediately, not forget next week.
👉 Deep dive: Training
Microsoft credentials & recognition
Proven capability across Microsoft cloud, identity, administration, AI and training, backed by recognised certifications and real-world delivery experience.
Security, Identity & Training Leadership
Microsoft Certified Trainer | Top 100 (Nominated 2024 & 2025)
Global Recognition | Top 100 of 22,000+ MCTs Worldwide
Nominated for the Microsoft MCT Top 100 in 2024 and again in 2025, this recognition places me among the top 100 trainers globally out of more than 22,000 Microsoft Certified Trainers worldwide.
Through GEMXIT PTY LTD and GEMXIT UK LTD, the focus remains simple: practical skills, measurable outcomes, and training that works beyond the classroom.
Microsoft TSP
July 2025As a Microsoft Training Services Partner (TSP), GEMXIT PTY LTD delivers Microsoft-certified training backed by real-world engineering experience. Every course is grounded in practical deployment scenarios, security-first design principles and measurable outcomes, bridging the gap between certification theory and operational capability.
Identity and Access Administrator Associate
February 2026We architect and secure identity platforms using Microsoft Entra ID, implementing Conditional Access policies, multi-factor authentication, privileged access management and governance controls. By embedding Zero Trust design principles and strong access lifecycle management, we help organisations strengthen their security posture while maintaining operational agility.
Cloud Architecture & Modern Workplace
Information Security Administrator
March 2026Advanced data protection and compliance across Microsoft 365, focusing on safeguarding sensitive information throughout its lifecycle. This certification demonstrates expertise in Microsoft Purview, including Data Loss Prevention (DLP), Information Protection, Insider Risk Management and eDiscovery. Emphasis is placed on identifying data risks, applying classification and protection policies, and implementing real-world controls to prevent data leakage and insider threats. Designed to align security with business operations, ensuring organisations can protect their most critical asset... their data.
Azure Solutions Architect Expert
February 2026Designing secure, scalable and cost-optimised Azure architectures across identity, networking, compute and storage. This certification reflects deep capability in translating business requirements into resilient cloud solutions, balancing performance, governance, security posture and operational efficiency. From hybrid environments to enterprise-scale deployments, every design prioritises reliability, clarity and long-term sustainability.
Microsoft 365 Certified: Administrator Associate
February 2026End-to-end Microsoft 365 administration across Exchange Online, SharePoint, Teams, Intune and compliance frameworks. Focused on building secure, productive and well-governed environments that empower users without compromising protection. Identity management, device compliance, information protection and collaboration architecture are delivered with a strong security-first mindset.
Built in the real world.
Not just designed for it.
GEMXIT was founded in Australia in 2006 with a simple idea:
technology should be clear, secure and actually work in real environments.
Not over-engineered. Not over-promised. Just delivered properly.
Today, GEMXIT supports organisations across Australia and the United Kingdom across cloud, cybersecurity, training and development — with a focus on Microsoft security, real visibility and practical outcomes.
Led by Jonathan Foskett, a Microsoft Certified Trainer ranked in the Top 100 globally (2024 & 2025), GEMXIT brings together deep technical expertise with hands-on experience across real deployments, real incidents and real business environments.
This isn’t theory-led consulting.
It’s built on what actually happens in production.
Years in the Field
Since 2006 | Australia → UKBuilt over two decades of hands-on delivery across small business, enterprise systems and high-trust environments. Long-term relationships. Consistent results.
Security That’s Actually Applied
Identity • Cloud • DetectionSecurity isn’t added later. It’s built into identity, access, infrastructure and monitoring from the start — using Microsoft Defender, Sentinel and Entra ID.
Visibility Over Assumptions
KQL • Threat Hunting • Real SignalsMost environments already have the data — they just don’t see it. GEMXIT focuses on uncovering what’s actually happening, not just what tools report.
Capability, Not Just Delivery
Microsoft TSP | Real-World TrainingTraining is built from real environments, real incidents and real workflows — helping teams build skills they can actually use.
Trusted platforms & strategic alignment
Built around established platforms, recognised ecosystems and trusted industry relationships that support secure, modern delivery.
Agent Foskett investigations
These are not just blog posts. They are practical investigations built around the same thinking used when reviewing client environments: ask better questions, read the logs properly, and find what normal dashboards often miss.
No alert triggered... but the data told a different story.
The RDP Port Was Open… And Everyone Could See It
A practical look at exposed remote administration, constant internet scanning, and what a simple cloud misconfiguration can really mean in the real world.
Read briefingAI Rollout Without Guardrails
A practical look at AI security, governance, access control and prompt risk when productivity tools are introduced before proper boundaries are defined.
Read briefingThe Storage Account Was Public
A practical Azure security lesson on public blob access, cloud data exposure and why storage controls matter more than people think.
Read briefingACSC-aligned security that works in the real world
GEMXIT is registered with the Australian Cyber Security Centre (ACSC)
and aligns security practices to current ACSC guidance, including the
Essential Eight mitigation strategies.
This provides access to current threat intelligence, security advisories and
best practice recommendations — applied in real environments using Microsoft Defender,
Sentinel and Entra ID.
Rather than treating frameworks as compliance exercises, GEMXIT applies ACSC principles
in a practical way — focusing on identity protection, reducing attack surface,
improving visibility and strengthening real-world response capability.
Most environments don’t fail because tools are missing.
They fail because controls aren’t applied effectively.
👉 The focus is simple: reduce real risk, not just meet a standard.
Essential Eight mindset
Focus on the controls that matter most: application control, patching, MFA, least privilege and user protection — reducing real attack surface, not just ticking boxes.
Identity is the control plane
Strong Conditional Access, MFA enforcement and identity monitoring using Microsoft Entra ID — because modern attacks target identity first.
Detection & visibility
Microsoft Defender and Sentinel used for real visibility — focusing on behaviour, correlation and investigation, not just alerts.
Least privilege & access control
Reduce exposure by limiting access, removing standing privilege and enforcing governance across users, administrators and systems.
Resilience & response
Not just prevention — building the ability to detect, respond and recover quickly when something goes wrong.
Built for real environments
Designed for real businesses — balancing security, usability and operational reality instead of over-engineered solutions.
Microsoft Security resources & KQL guides
Real-world Microsoft Defender, Sentinel and Entra ID investigations. Built for analysts and organisations that want to move from alerts… to understanding what actually happened.
Start Here: EmailEvents KQL Guide
The fastest way to investigate suspicious emails in Microsoft Defender. Includes copy-ready KQL queries for spoofing, DMARC failures and delivery analysis.
EmailEvents
| where SpoofedDomain != ""
| project Timestamp, SenderFromAddress, SubjectDetect Spoofed Emails
Learn how to detect spoofed emails using EmailEvents, AuthenticationDetails and sender mismatch analysis.
EmailEvents
| where AuthenticationDetails has "dmarc=fail"DMARC Fail Investigation
Understand why emails fail DMARC but still get delivered — and how to investigate them properly.
EmailEvents
| where AuthenticationDetails has "dmarc=fail"
| where DeliveryAction has_any ("Delivered", "Allowed")KQL Threat Hunting Guide
Core KQL queries used across Microsoft Defender and Sentinel to detect suspicious behaviour and hidden activity.
EmailEvents
| where SenderFromDomain != SenderMailFromDomain
| project Timestamp, SenderFromAddress, RecipientEmailAddressAuthenticationDetails Explained
Break down SPF, DKIM and DMARC results in Microsoft Defender and understand what the logs are really telling you.
EmailEvents
| where AuthenticationDetails has_any ("spf=fail", "dkim=fail", "dmarc=fail")
| project Timestamp, SenderFromAddress, AuthenticationDetailsSecurity Operations
Practical detection, monitoring and response workflows across Microsoft Sentinel, Defender XDR and SOC environments.
SecurityAlert
| summarize AlertCount=count() by AlertName, Severity
| order by AlertCount descMicrosoft Security Hub
Full overview of Microsoft Defender, Sentinel, Entra ID and Zero Trust architecture for modern organisations.
MicrosoftSecurity
| project Defender, Sentinel, EntraID, ZeroTrustAzure Security Melbourne
Microsoft security services for Australian organisations, aligned with ACSC guidance and real-world environments.
AzureSecurity
| where Location == "Melbourne"
| project Cloud, Identity, Defender, Review
Let’s find what your environment
is not showing you.
If you want real visibility, not just dashboards and reports, let’s run a practical security review and see what is actually happening.
GEMXIT operates across Australia and the United Kingdom, delivering Microsoft security reviews, Azure cloud services, Microsoft training and secure custom development.
Melbourne (AU)
London (UK)