Episodes

  • Stop Leaving the Door Open: The Entra ID Hardening Checklist Security Experts Actually Use

    Stop Leaving the Door Open: The Entra ID Hardening Checklist Security Experts Actually Use
    Apr 18 2026

    Microsoft Entra security is evolving and the way organizations think about identity protection needs to evolve with it. In this episode, I’m joined by Sean Metcalf, one of the foremost identity security experts in the industry, whose work has helped shape how many organizations approach securing both Active Directory and Microsoft Entra.Sean shares the hardening steps many teams still overlook, and why advances in AI are making it easier for both defenders and attackers to work faster than ever before. From MFA and application controls to protecting privileged accounts and reducing unnecessary exposure, this conversation offers a practical look at where strong identity security starts and why getting the fundamentals right matters more than ever.

    Subscribe with your favorite podcast player or watch on YouTube 👇

    About Sean Metcalf

    Sean Metcalf is the Identity Security Architect at TrustedSec and a renowned expert in Microsoft identity security. He holds the rare Certified Master in Active Directory certification and has spoken at major security conferences including Black Hat, DEF CON, and BlueHat on how to defend cloud and hybrid environments.

    LinkedIn - https://www.linkedin.com/in/seanmmetcalf/

    🔗 Related Links

    * Securing Entra ID Administration: Tier 0 - https://trustedsec.com/blog/securing-entra-id-administration-tier-0

    * Managing Privileged Roles in Microsoft Entra ID: A Pragmatic Approach - https://trustedsec.com/blog/managing-privileged-roles-in-microsoft-entra-id-a-pragmatic-approach

    * Improve Entra ID Security More Quickly - https://adsecurity.org/?p=4825

    * Microsoft Graph Skill - https://graph.pm

    📗 Chapters

    00:04:05 AI and the Evolution of Attacks

    00:06:42 The Importance of Hardening Fundamentals

    00:12:03 Securing Entra ID Quickly

    00:16:24 Protecting Tokens with VBS and TPM

    00:19:58 Restricting Consent and Guest Users

    00:23:40 Managing Rogue Tenants

    00:27:36 Cloud Admin Workstation Strategies

    00:34:14 Delegated Admin Privileges

    00:44:32 The Danger of Application Permissions

    00:57:06 Artemis Mission Trivia

    Podcast Apps

    🎙️ Entra.Chat - https://entra.chat

    🎧 Apple Podcast → https://entra.chat/apple

    📺 YouTube → https://entra.chat/youtube

    📺 Spotify → https://entra.chat/spotify

    🎧 Overcast → https://entra.chat/overcast

    🎧 Pocketcast → https://entra.chat/pocketcast

    🎧 Others → https://entra.chat/rss

    Merill’s socials

    📺 YouTube → youtube.com/@merillx

    👔 LinkedIn → linkedin.com/in/merill

    🐤 Twitter → twitter.com/merill

    🕺 TikTok → tiktok.com/@merillf

    🦋 Bluesky → bsky.app/profile/merill.net

    🐘 Mastodon → infosec.exchange/@merill

    🧵 Threads → threads.net/@merillf

    🤖 GitHub → github.com/merill



    Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
    Show More Show Less
    1 hr
  • How to Design Bullet-Proof Conditional Access Policies in Microsoft Entra ID

    How to Design Bullet-Proof Conditional Access Policies in Microsoft Entra ID
    Apr 11 2026
    If you can’t immediately name your break glass accounts and the last time you tested them → you’re already at risk.In this episode of Entra Chat, Microsoft MVP Per Torben walks through the conditional access mistakes he sees even large enterprises making, and the practical framework he actually uses with customers.You’ll learn how to set up emergency access accounts the right way, why your CA policies should be built more like a firewall than a checklist, and the one naming convention that makes managing dozens of policies actually manageable.🎧 Hit play, your tenant will thank you.Sponsored by:Entra ID Gaps That Cause OutagesIn Microsoft Entra ID, outages often start small: an expired client secret, a lapsed certificate, or a suddenly failing integration. Traditional controls don’t track credential expiry or enforce application ownership, so issues appear only after something breaks.Teams are left asking:* Which applications can access Microsoft 365 data?* Is that access still appropriate?* Who owns the app?Unclear answers stall reviews, weaken accountability, and slow delivery.ENow App Governance Accelerator closes these gaps by highlighting expiring credentials, surfacing permission risks, and identifying ownership gaps before they disrupt operations. New Standard Tier pricing makes it accessible for organizations under 10,000 users, typically $3,500–$9,500 annually.Subscribe with your favorite podcast player or watch on YouTube 👇About Per TorbenPer Torben is a Senior Architect at Crayon and a Microsoft MVP for Identity and Access. Based in Norway, he frequently writes highly-read posts featured on Entra.News and runs the collaborative tech blog “Agder in the Cloud”.LinkedIn - https://www.linkedin.com/in/pertorbensorensen/🔗 Related Links* Agder in the Cloud - https://agderinthe.cloud* I.D.E.A. for creating/configuring break-glass accounts* GitHub - https://github.com/Per-Torben/I.D.E.A.* Blog - https://agderinthe.cloud/2026/01/06/introducing-i-d-e-a-and-i-d-e-a-001/* Protected actions: https://agderinthe.cloud/2025/02/12/protected-actions-adding-extra-guards-to-your-entra-id-gate/* Conditional Access hardeing (series): https://agderinthe.cloud/2024/12/05/how-to-fix-the-fundamental-flaw-in-conditional-access-part-1-introduction-and-coverage-gapsCA geo filter (series): https://agderinthe.cloud/2025/11/06/diving-into-geo-filter-with-entra-conditional-access-part-1* Entra Backup - https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/backup-restore📗 Chapters06:22 The importance of Break Glass accounts09:02 Securing emergency access with FIDO2 and RMAUs18:10 Configuring Conditional Access: The “Block by Default” strategy27:26 Managing scope and preventing accidental lockouts29:31 Persona-based naming conventions for CA policies35:38 Grouping settings and avoiding bloated policies41:54 Handling exceptions and travel access with Access Packages44:55 The flaw in Protected Actions for Conditional Access53:38 Using the new Entra Backup feature for quick restoresPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill’s socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
    Show More Show Less
    57 mins
  • 5 Entra ID Updates You Can’t Afford to Ignore in 2026 (Backup, Governance, CA Agent & Risk Score Exposed)

    5 Entra ID Updates You Can’t Afford to Ignore in 2026 (Backup, Governance, CA Agent & Risk Score Exposed)
    Apr 4 2026
    Microsoft just dropped a massive wave of features for Entra, and the rules of Tenant Governance have officially changed. Join us as we talk to three world-class MVPs about their hands-on experience with the new Entra Backup and Recovery and Tenant Governance features.Our Microsoft MVP guests Nathan McNulty, Ru Campbell, and Thomas Naunheim break down the most exciting new features in Microsoft Entra.In this episode, we explore:* The “Shadow Tenant” Problem: One org found 700+ Entra tenants they didn’t know they had.* Version Control for Admins: Why “Difference Reports” are a total game-changer for troubleshooting.* Recovery Safeguards: How to protect your tenant from accidental deletions and “sneaky” background changes.* Backup & Recovery: The truth about Entra Backup vs. Third-Party ISV tools.Subscribe with your favorite podcast player or watch on YouTube 👇About The GuestsNathan, Ru, and Thomas are highly experienced MVPs specializing in identity security, governance, and Microsoft Entra.Nathan McNulty - LinkedIn - https://www.linkedin.com/in/nathanmcnulty/Ru Campbell - LinkedIn - https://www.linkedin.com/in/rlcam/Thomas Naunheim LinkedIn - https://www.linkedin.com/in/thomasnaunheim/🔗 Related Links* Microsoft Entra Backup and Recovery Documentation - https://learn.microsoft.com/en-us/entra/backup/overview* Microsoft Entra Tenant Governance - https://learn.microsoft.com/en-us/entra/id-governance/tenant-governance/overview* Synced Passkeys - https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-authentication-passkeys-fido2* Microsoft Work IQ CLI (Public Preview) - https://learn.microsoft.com/en-us/microsoft-365/copilot/extensibility/workiq-overview* Playwright https://playwright.dev/* Entra Auth Tracer (Chrome Extension) - https://github.com/darrenjrobinson/EntraAuthTracer* Unified Risk Score - https://learn.microsoft.com/en-us/defender-xdr/investigate-users#risk-score-tab-preview📗 Chapters00:00 Intro to New Entra Features02:04 Entra Backup and Recovery Deep Dive10:41 Difference Reports Explained15:54 Intro to Tenant Governance23:34 Managing Multi-Tenant Organizations33:31 Conditional Access Optimization Agent36:55 The Great Passkey Debate47:22 Retirements: SP-less Auth & ACS for SharePoint48:46 Unified Risk Score in Defender52:38 MVP Tips of the WeekPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill’s socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
    Show More Show Less
    1 hr
  • Finding Every MFA Gap: Testing 250 Million Conditional Access Combinations in Under 20 Minutes

    Finding Every MFA Gap: Testing 250 Million Conditional Access Combinations in Under 20 Minutes
    Mar 28 2026
    Emilien Socchi, Cloud Security Research Engineer at Storebrand, joins us to discuss CA Insight and AZTier.Two open-source tools Emilien built to find gaps in Conditional Access policies and categorize Azure/Entra roles based on attack paths. Learn how CA Insight evaluates 250 million sign-in combinations offline in minutes instead of days, why the What If API doesn't scale, and how AZTier helps defenders and pen testers understand privilege escalation risks across Entra ID, Azure, and Microsoft Graph.Together, these projects help security teams move from reactive log monitoring to a proactive defense strategy.What’s Breaking and Slowing Your Entra ID Environment?In Microsoft Entra ID, the same visibility gaps cause two problems:* Things break* Work slows downExpired client secrets disrupt integrations. Certificates lapse and authentication fails. New apps appear with excessive permissions and no clear ownership. At the same time, teams struggle to answer basic questions, which applications have access to Microsoft 365 data, whether that access is still required, and who is responsible for it.When answers are not immediate, reviews stall and projects slow down.ENow App Governance Accelerator Credential Guard helps identify expiring credentials and expose permission and ownership gaps.For organizations under 10,000 users, pricing ranges from $3,500 to $9,500 annually through March 31, 2026.Subscribe with your favorite podcast player or watch on YouTube 👇About Emilien SocchiEmilien Socchi is a Cloud Security Research Engineer at Storebrand (Oslo, Norway) focusing on the proactive discovery of security issues. With an extensive background in application and cloud penetration testing, Emilien has published practical research and tooling used by defenders. He also maintains several open‑source projects, including Azure administrative tiering models and Entra ID role‑monitoring utilities.LinkedIn - https://www.linkedin.com/in/emilien-socchi🔗 Related Links* CA Insight- https://github.com/emiliensocchi/entra-ca-insight* Azure Administrative Tiering (AzTier) - https://aztier.com* AzTier Source: https://github.com/emiliensocchi/azure-tiering* AzTier Deployer - https://github.com/emiliensocchi/aztier-deployer📗 Chapters00:00 The Story Behind CA Insights16:52 Why the ‘What If’ API Doesn’t Scale 21:09 Building an Offline Evaluation Engine 45:22 Deep Dive into AZTier: A Red Team Perspective Podcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill’s socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
    Show More Show Less
    1 hr and 2 mins
  • From FIM/MIM to Cloud Sync: Complete Identity Journey with Australia’s Top Identity MVP Darren “Doc” Robinson

    From FIM/MIM to Cloud Sync: Complete Identity Journey with Australia’s Top Identity MVP Darren “Doc” Robinson
    Mar 21 2026
    Darren Robinson, Identity and Zero Trust Strategy and Architecture Capability Lead at Increment, shares his extensive experience in identity governance and administration.In this episode Merill sits down with Darren “Doc” Robinson – Microsoft MVP since 2017, former SailPoint Ambassador and one of Australia’s most experienced identity architects.Darren takes us on a 25+ year journey from Novell networks to modern Microsoft Entra ID, reveals why he’s building custom ECMA2 connectors, and shares the exact PowerShell tools he just open-sourced (Granfeldt uplift, ECMA2 Host Tools, Provision On-Demand module).We also compare Entra ID Governance vs SailPoint and dive into his latest obsession: MCPs for Entra News and personal AI agents.Whether you’re migrating legacy apps or levelling up your IGA strategy, this episode is pure gold.Sponsored by CoreView:Would you bet your reputation on your current Microsoft 365 security posture?Sure, you’ve checked Purview. Maybe tightened Conditional Access. We all do that.But it’s usually the quiet stuff that bites... permissions that expanded, policies that drifted, exceptions nobody revisited.You could assume it’s fine.Or you could run the Microsoft 365 Security Posture Check.It’s free.It runs locally.And no, it doesn’t send your tenant data back to us.We’ll even help you set it up.Subscribe with your favorite podcast player or watch on YouTube 👇About Darren RobinsonDarren is highly accomplished in digital identity and cybersecurity specialising in Identity & Access Management for over three decades. Darren is renowned for driving Digital Identity innovation, building global offerings, and leading high-impact teams to deliver cutting-edge solutions that enhance security posture, operational efficiency, and business value.🔗 Related Links* Blog: https://blog.darrenjrobinson.com* GitHub: https://github.com/darrenjrobinson* LinkedIn: https://www.linkedin.com/in/darrenjrobinson/In this episode…1. Understanding the “Metaverse”The foundation of Microsoft’s identity strategy dates back to the acquisition of Zoomit in 2000. This introduced the Metaverse—not a VR world, but a “hologram” or central representation of a user that exists across multiple systems like SQL databases and LDAP directories. By correlating these identities into one object, organizations can maintain consistency across a fragmented environment.2. The Modern Bridge: ECMA and SCIMAs organizations move to the cloud, the “heavy” sync engines like MIM (Microsoft Identity Manager) are being replaced by Entra Cloud Sync. The modern approach uses:* A Light Shim: A small on-premises component that acts as a member of the domain.* SCIM Instructions: The Entra provisioning service sends instructions via the SCIM protocol to this shim.* ECMA Connectors: The Extensible Connector Management Agent (ECMA) translates these cloud instructions into a language legacy on-prem apps can understand, such as SQL or Oracle updates.3. Scaling with PowerShell 7One of the biggest hurdles in legacy identity management was performance. Darren Robinson recently uplifted the popular Granfeldt PowerShell Management Agent to support PowerShell 7. This update allows for:* 64-bit Processing: Handling larger datasets with ease.* Parallelism: Sending multiple identity updates in parallel rather than waiting for individual “gets,” significantly speeding up sync times.4. Managing the “Cache”A common pain point for administrators is the lack of visibility into the ECMA host cache. To solve this, Darren developed a new module that allows practitioners to programmatically query the cache, back up configurations, and document every connector and parameter in the system.Key Takeaway: Whether you are migrating from legacy solutions like Novell or managing a complex hybrid Entra environment, the goal remains the same: automated, secure, and visible identity lifecycles.📗 Chapters00:00 Intro02:22 The Evolution of Directory Services and Synchronization08:05 Understanding Sync Engines and the Metaverse14:45 Modern Identity Provisioning with Entra17:39 Developing Custom PowerShell ECMA Connectors20:53 Automating Provisioning with New PowerShell Modules28:53 The Current Landscape of Identity Governance31:37 Solving the Disconnected Apps Challenge35:46 Exploring Model Context Protocol (MCP)45:34 Leveraging Local AI and LLMs for Identity TasksPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill’s socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 ...
    Show More Show Less
    55 mins
  • How to Migrate from Legacy VPNs to Entra Private Access (Real Strategies from a Veteran)

    How to Migrate from Legacy VPNs to Entra Private Access (Real Strategies from a Veteran)
    Mar 14 2026
    Richard Hicks wrote the book on DirectAccess. Then he wrote the one on Always On VPN. Now he’s here to tell you it’s time to move on from both (and other legacy VPNs). Over the last two years, Richard has helped numerous enterprise customers navigate the shift from legacy VPN to Microsoft Entra Private Access, and he’s collected some hard-learnt lessons along the way that most migration guides won’t tell you.In this episode, Richard - enterprise security consultant and early Entra Private Access insider - breaks down why traditional VPN is fundamentally broken for today’s threat landscape, how Entra Private Access works under the hood, and the exact crawl-walk-run playbook he uses to migrate enterprise customers without disruption. Plus: his hot take on the Microsoft E7 announcement and why it just changed the pricing conversation forever.In this episode you’ll learn:* Why your VPN tunnel is a security liability — and how a single compromised device can expose your entire corporate network* How Entra Private Access works differently to traditional VPN, and why that architectural shift matters for security* The “Quick Access” migration strategy that lets you get off legacy VPN fast, without locking everything down on day one* How to deploy the Global Secure Access client alongside your existing VPN — so you can migrate field-based workers without a single disconnection* What most teams get wrong about the Entra Private Network Connector — and the scaling pitfalls that catch enterprises off guard* Why Conditional Access knowledge, not connectivity, is the real key to a successful zero trust migration* The current limitations of Entra Private Access and how to plan around them* We also discuss the new ‘E7’ which includes Entra Private AccessSubscribe with your favorite podcast player or watch on YouTube 👇About Richard HicksRichard Hicks is the founder and principal consultant at Richard M. Hicks Consulting, Inc. A Microsoft Most Valuable Professional (MVP) with more than 30 years of experience implementing secure remote access and public key infrastructure (PKI) solutions, he is a widely recognized enterprise mobility and security infrastructure expert sought after by organizations worldwide. His mission is to help companies provide visibility, control, and assurance for their field-based users and devices, ensuring the highest level of security and productivity for today’s highly mobile workforce.LinkedIn - https://www.linkedin.com/in/richardhicks/🔗 Related Links* Richard’s Blog - https://directaccess.richardhicks.com/* Richard M. Hicks Consulting, Inc - https://www.richardhicks.com/* https://directaccess.richardhicks.com/always-on-vpn-vs-entra-private-access/📗 Chapters00:00 Intro 01:10 The History of Direct Access and Always On VPN 05:59 Transitioning to Zero Trust and Entra Private Access 11:34 Seamless Side-by-Side VPN Migration 17:37 Using Quick Access to Kickstart Zero Trust 23:43 Changing Mindsets: Identity over IP Addresses 27:55 The New Zero Trust Network Assessment Tool 29:17 Avoiding Pitfalls with the Entra Private Network Connector 33:11 Feature Wishlist: IPv6 and Process Binding 38:46 Hot Takes on the New Entra E7 SuitePodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill’s socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
    Show More Show Less
    43 mins
  • Passkeys, Conditional Access, Hard-match updates, GSA BYOD: What Entra Admins Need To Know

    Passkeys, Conditional Access, Hard-match updates, GSA BYOD: What Entra Admins Need To Know
    Mar 7 2026
    I am back home in Melbourne today, and joining me are Nathan McNulty from Alaska and Daniel Bradley from the UK as we dive into all the massive Entra updates that dropped last month. We are breaking down the controversial shift to syncable passkeys , why your Conditional Access policies might suddenly start blocking apps , and the absolute necessity of moving privileged accounts away from on-prem AD. We’re also geeking out over some incredible new Global Secure Access (GSA) features and how AI is completely transforming the way we work with Graph API. You won’t want to miss the under-the-radar changes that could impact your tenant’s security architecture overnight.Here’s a quick overview of all the topics we covered in this episode (links below).Sponsored by:Scan, Score, and Secure Your Applications in EntraApplication identities represent one of the largest attack surfaces in Entra and are often among the least consistently governed. AppGov Score helps IT and Security teams understand where risk exists. The 24-check assessment evaluates Entra ID application integrations against Microsoft-recommended governance practices, analyzing:* App registrations and enterprise apps for excessive permissions* Expired or unmanaged secrets* Ownerless apps* Risky consent grants, and* Privileged service principalsResults are delivered as a clear, defensible risk score with actionable findings. No scripts. No manual inventory. Just a fast, read-only scan that reveals app sprawl, identity misconfigurations, and blast radius so you can prioritize remediation and strengthen your security posture with confidence.Subscribe with your favorite podcast player or watch on YouTube 👇About Nathan McNultySenior Security Solutions Architect at Patriot Consulting and Microsoft MVP in security. Nathan is the practice lead for identity and has extensive experience with endpoint deployments and everything Entra.LinkedIn - https://www.linkedin.com/in/nathanmcnulty/About Daniel BradleySenior Solution Architect for CDW down in the UK and an MVP in Identity Security and M365 for Graph API. Daniel specializes in pre-sales, mergers, acquisitions, and the highly technical migration space.LinkedIn - https://www.linkedin.com/in/danielbradley2/🔗 Related Links* Entra What's New - https://learn.microsoft.com/en-us/entra/fundamentals/whats-new* Upcoming Conditional Access change: Improved enforcement for policies with resource exclusions - https://techcommunity.microsoft.com/blog/microsoft-entra-blog/upcoming-conditional-access-change-improved-enforcement-for-policies-with-resour/4488925* XDRInternals - https://github.com/MSCloudInternals/XDRInternals* Passkey Login - https://github.com/nathanmcnulty/nathanmcnulty/blob/main/Entra/passkeys/PasskeyLogin.ps1* Graph PM - https://graph.pm📗 Chapters03:01 Syncable Passkeys & Registration Changes18:10 Conditional Access Policy Updates26:35 Blocking Hard Match for Privileged Roles35:42 External Authentication Methods GA43:04 Lifecycle Workflows & Admin Units48:01 Global Secure Access (GSA) BYOD Preview53:06 New My Account Portal & Authenticator Updates58:43 AI Skills & Automating Graph APIPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill’s socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
    Show More Show Less
    1 hr and 9 mins
  • We Gave Away Our Microsoft Entra Masterclass Labs → Full Governance, Privileged Access & Agent ID Labs Walkthrough

    We Gave Away Our Microsoft Entra Masterclass Labs → Full Governance, Privileged Access & Agent ID Labs Walkthrough
    Feb 28 2026
    Hey folks, I have to start with a massive shout-out to Morten Knudsen and his entire team at Experts Live Denmark where I’m just returning from. Organizing an event for over 1,200+ attendees is no small feat, and they pulled it off with incredible energy and precision. It was easily one of the most impressive community gatherings I’ve been a part of.Amidst that massive crowd, I had the privilege of co-leading a deep-dive Identity Masterclass alongside four exceptional Microsoft MVPs: Jan Vidar Elven, Pim Jacobs, Thomas Naunheim, and Klaus Bierschenk.We weren’t sure what to expect, but the response was overwhelming. We had over 120 dedicated attendees who stayed with us for the full 7-hour session - diving deep into the weeds of Entra ID, governance, privileged access, Agent ID and more. Instead of theory-heavy slides, we built a practical, end-to-end governance story.Because we believe this knowledge should be accessible, we are now giving away the labs for free so everyone can skill up, learn, and implement these patterns in their own environments.Here’s the core of what we covered, and what you will learn in this podcast walk through of the labs and what you can try out yourself today!Links to GitHub repo and YouTube video below.Sponsored by:If you’re a systems administrator, you already know – patching is painful. It’s time-consuming, risky, and one small mistake can mean downtime. So, it gets postponed. Again. And again. What if patching was just… Easy?Introducing Action1, a cloud-native patch management platform for Windows, macOS, Linux, and third-party apps. You’ll be up and running in five minutes. No infrastructure to maintain. No complexity.And here’s the best part: you can use Action1 on your first 200 endpoints for free. Forever. No feature limits. No credit card. No hidden tricks. Seriously, It’s NOT a disguised free trial. Too good to be true? Too good and actually true! Check for yourself, go to: on.action1.com/entrachatSo, if you’re looking for an easy-to-use patching tool that would help you save weeks, if not months of your time, go to on.action1.com/entrachat and sign up for “Patching That Just Works”.1️⃣ Inbound Provisioning: Start with a Source of TruthMost identity problems start with one issue:There is no clean, authoritative identity source.We demonstrated how to use Inbound Provisioning in Entra to:* Accept identity payloads via Microsoft Graph* Create users in a disabled state* Capture attributes like hire date, leave date, department* Treat HR (or another system) as the lifecycle authorityWhy this mattersIf identities are manually created:* Joiners are inconsistent* Leavers are missed* Privileged accounts become orphanedInbound provisioning allows you to:* Standardize creation* Attach lifecycle automation immediately* Reduce manual admin overheadKey concept:Provision first. Enable later. Automate everything in between.2️⃣ Lifecycle Workflows: Automate Joiner / Mover / LeaverOnce a user is provisioned, lifecycle workflows take over.We implemented:* Pre-hire workflow* Day-one onboarding workflow* Post-onboarding actionsTriggers included:* Employee hire date* Creation time* Group membership* Attribute changesReal-world onboarding pattern* Account is created disabled* Workflow enables the account at the correct time* Temporary Access Pass (TAP) is generated* TAP is sent securely* Access is assigned automaticallyThis reduces:* Manual enablement* Helpdesk load* Security gapsDesign principle:Automation should enforce timing — not people.3️⃣ Privileged Account Design: Separate the IdentitiesWe had a strong opinion in the session:Admin accounts should be separate and cloud-only.Why?* Syncing privileged accounts from on-prem introduces risk* HR systems should not directly control privileged identities* Governance features work best with cloud-native identitiesWe explored three creation patterns:* Inbound provisioning for privileged accounts* Access Packages (with auto-assignment or request model)* Lifecycle workflows + custom Logic AppsEach has trade-offs.What matters most:Privileged identities must be:* Separately authenticated* Phishing-resistant (FIDO2 or passkeys)* Independently governed* Linked for offboarding4️⃣ Linking Identities for InvestigationOne challenge in Entra:There’s no native “this person owns these 3 accounts” view.We explored identity linking in Microsoft Defender XDR, where:* Multiple accounts can be associated to one identity* Incident investigations become clearer* Privileged activity can be correlated with user contextThis becomes critical during:* Compromise investigations* Insider threat analysis* Lateral movement trackingSecurity takeaway:If you can’t correlate identities, you can’t fully investigate them.5️⃣ Backup & Restore: The Truth About EntraThere is no traditional backup system in Entra.Instead, you have:* Soft-delete (with recycle bin)* Hard-delete (irreversible)* API-based recovery* ...
    Show More Show Less
    39 mins