Hey folks, I have to start with a massive shout-out to Morten Knudsen and his entire team at Experts Live Denmark where I’m just returning from. Organizing an event for over 1,200+ attendees is no small feat, and they pulled it off with incredible energy and precision. It was easily one of the most impressive community gatherings I’ve been a part of.Amidst that massive crowd, I had the privilege of co-leading a deep-dive Identity Masterclass alongside four exceptional Microsoft MVPs: Jan Vidar Elven, Pim Jacobs, Thomas Naunheim, and Klaus Bierschenk.We weren’t sure what to expect, but the response was overwhelming. We had over 120 dedicated attendees who stayed with us for the full 7-hour session - diving deep into the weeds of Entra ID, governance, privileged access, Agent ID and more. Instead of theory-heavy slides, we built a practical, end-to-end governance story.Because we believe this knowledge should be accessible, we are now giving away the labs for free so everyone can skill up, learn, and implement these patterns in their own environments.Here’s the core of what we covered, and what you will learn in this podcast walk through of the labs and what you can try out yourself today!Links to GitHub repo and YouTube video below.Sponsored by:If you’re a systems administrator, you already know – patching is painful. It’s time-consuming, risky, and one small mistake can mean downtime. So, it gets postponed. Again. And again. What if patching was just… Easy?Introducing Action1, a cloud-native patch management platform for Windows, macOS, Linux, and third-party apps. You’ll be up and running in five minutes. No infrastructure to maintain. No complexity.And here’s the best part: you can use Action1 on your first 200 endpoints for free. Forever. No feature limits. No credit card. No hidden tricks. Seriously, It’s NOT a disguised free trial. Too good to be true? Too good and actually true! Check for yourself, go to: on.action1.com/entrachatSo, if you’re looking for an easy-to-use patching tool that would help you save weeks, if not months of your time, go to on.action1.com/entrachat and sign up for “Patching That Just Works”.1️⃣ Inbound Provisioning: Start with a Source of TruthMost identity problems start with one issue:There is no clean, authoritative identity source.We demonstrated how to use Inbound Provisioning in Entra to:* Accept identity payloads via Microsoft Graph* Create users in a disabled state* Capture attributes like hire date, leave date, department* Treat HR (or another system) as the lifecycle authorityWhy this mattersIf identities are manually created:* Joiners are inconsistent* Leavers are missed* Privileged accounts become orphanedInbound provisioning allows you to:* Standardize creation* Attach lifecycle automation immediately* Reduce manual admin overheadKey concept:Provision first. Enable later. Automate everything in between.2️⃣ Lifecycle Workflows: Automate Joiner / Mover / LeaverOnce a user is provisioned, lifecycle workflows take over.We implemented:* Pre-hire workflow* Day-one onboarding workflow* Post-onboarding actionsTriggers included:* Employee hire date* Creation time* Group membership* Attribute changesReal-world onboarding pattern* Account is created disabled* Workflow enables the account at the correct time* Temporary Access Pass (TAP) is generated* TAP is sent securely* Access is assigned automaticallyThis reduces:* Manual enablement* Helpdesk load* Security gapsDesign principle:Automation should enforce timing — not people.3️⃣ Privileged Account Design: Separate the IdentitiesWe had a strong opinion in the session:Admin accounts should be separate and cloud-only.Why?* Syncing privileged accounts from on-prem introduces risk* HR systems should not directly control privileged identities* Governance features work best with cloud-native identitiesWe explored three creation patterns:* Inbound provisioning for privileged accounts* Access Packages (with auto-assignment or request model)* Lifecycle workflows + custom Logic AppsEach has trade-offs.What matters most:Privileged identities must be:* Separately authenticated* Phishing-resistant (FIDO2 or passkeys)* Independently governed* Linked for offboarding4️⃣ Linking Identities for InvestigationOne challenge in Entra:There’s no native “this person owns these 3 accounts” view.We explored identity linking in Microsoft Defender XDR, where:* Multiple accounts can be associated to one identity* Incident investigations become clearer* Privileged activity can be correlated with user contextThis becomes critical during:* Compromise investigations* Insider threat analysis* Lateral movement trackingSecurity takeaway:If you can’t correlate identities, you can’t fully investigate them.5️⃣ Backup & Restore: The Truth About EntraThere is no traditional backup system in Entra.Instead, you have:* Soft-delete (with recycle bin)* Hard-delete (irreversible)* API-based recovery* ...
続きを読む
一部表示
39 分
1 時間 2 分