エピソード

  • If You Manage Entra Permissions, Watch This Before Deploying Agents

    If You Manage Entra Permissions, Watch This Before Deploying Agents
    2026/05/09
    Microsoft Entra Agent ID Just Went GA Here’s What You Need to Know About Agent PermissionsIf you’ve been waiting for the dust to settle on Microsoft Entra Agent ID before diving in, the wait is over. Agent ID hit General Availability on May 1st, and in this episode of Entra Chat, Erin Greenlee, a PM in the the Entra AuthN team joins to break down one of the trickiest parts of the new model: how permissions actually work.The three-tier model you need to understandThe biggest mental shift with Agent ID is moving from the familiar single app registration model to a three-tier hierarchy. Here’s the short version:* Agent Blueprint → the template for your agent. Think of it as a souped-up app registration that lives in one tenant and defines how the agent behaves. Every agent needs one, even if you’re only ever creating a single instance.* Blueprint Principle → the identity that represents the blueprint inside each tenant it’s deployed to. This is the middle tier, and it has a superpower: permissions granted here cascade down to all current and future agent identity instances automatically.* Agent Identity → the actual running instance of the agent. This is what authenticates, what shows up in your tenant logs, and what can hold its own individual permissions on top of whatever it inherits.Required Resource Access is a hint, not a grantOne thing that trips people up early: adding permissions to the blueprint’s Required Resource Access (RRA) doesn’t actually grant anything. It’s a signal to admins adopting your agent. A polite list of “here’s what this agent will need to function.” The real grant happens later, either upfront during adoption or dynamically as the agent needs it. Expect agents to lean more on dynamic consent than traditional apps have, since agents evolve and request new permissions as tasks change.Inheritance only works if you set it upPermissions granted on the Blueprint Principle will only cascade down to agent identities if the resource app (e.g. Microsoft Graph) is explicitly marked as an inheritable resource on the blueprint. It’s an easy thing to miss, and if you skip it, your Blueprint Principle grants won’t flow through to your instances.A free tool to visualise all of thisErin built an interactive web app — using GitHub Copilot, no less — that makes all of the above click visually. It has a no-sign-in tutorial that walks you through the object relationships, a permission matrix view, and even generates the PowerShell or Graph API scripts to apply your configuration in real life. No changes are made to your tenant unless you explicitly ask it to. The source code is being open-sourced too, so you can fork and customise it if you want.Watch the full episode to see Erin walk through the tool live, including how permission inheritance works in practice and a real-world debugging scenario that inspired the whole thing.Subscribe with your favorite podcast player or watch on YouTube 👇About Erin GreenleeErin is a member of the Entra AuthN team working on AI and Agent ID at Microsoft. She previously joined Entra Chat to discuss app permissions and consent, and she loves building tools that make complex identity concepts easier to understand.LinkedIn - https://www.linkedin.com/in/eringreenlee/Sponsored by:Find App Access Gaps Before They Break WorkflowsIn Microsoft Entra ID, small visibility gaps lead to outages and delays. Expired secrets break integrations, while unclear ownership and excessive permissions slow access decisions. Teams still struggle to answer:* Which apps access Microsoft 365 data?* Is that access still justified?* Who owns it?AppGov Score helps you quickly identify these gaps. ENow App Governance Accelerator then exposes app-specific credential risks, permission issues, and ownership gaps before they disrupt operations.Start with your AppGov Score, then upgrade to a 7-day free trial to take action.🔗 Related Links* https://aka.ms/erins-agent-helper📗 Chapters01:11 Agent ID General Availability 04:14 The Agent ID Visualizer Tool 05:35 Defining the Agent Blueprint 08:06 Understanding the Blueprint Principle 10:57 Agent Identity Instances Explained 13:37 Required Resource Access (RRA) 24:07 Inheritable Permissions and Cascading 30:18 Applying Changes with ScriptsPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill’s socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose...
    続きを読む 一部表示
    45 分
  • How to Secure Copilot Agents, Azure DevOps & Defender (+ more) with Maester 2.1 (Full Breakdown)

    How to Secure Copilot Agents, Azure DevOps & Defender (+ more) with Maester 2.1 (Full Breakdown)
    2026/05/02
    Maester is back with one of its biggest release since launch. In this episode, we are joined by Sam Erde, Architect at Patriot Consulting and one of Maester’s core maintainers, to walk through everything that’s landed in Maester 2.1.Since the December release, the community has shipped 540 new commits, grown the test suite from 128 to 168 tests, and added coverage across entirely new product areas. Here’s a taste of what’s covered:🤖 Securing Your AI Agents (Copilot Studio) With Microsoft’s Agent 365 going GA and organisations rapidly deploying Copilot Studio agents, Maester now includes tests based directly on Microsoft’s own recommendations for securing agents. Think orphaned agents with no owner, missing authentication on MCP connections, dormant agents, risky HTTP configurations, and agents shared too broadly. If you’re deploying agents in your tenant, these tests should be running.🔧 AI That Writes Its Own Security Tests One of the most exciting developments in this release isn’t a test, it’s a custom AI skill that writes Maester tests for you. Sam built a GitHub Copilot agent skill that understands Maester’s structure, coding conventions, and contributor guide. You describe a security check in plain English, and within minutes you get a properly structured test, helpers, and documentation. No VS Code required! You can do it straight from GitHub’s Agents tab or even the mobile app. The barrier to contributing to Maester just got a lot lower.🛡️ Defender for Endpoint Coverage Maester now includes 24 community-contributed MDE tests covering antivirus configuration, endpoint policy posture, cloud protection, behaviour monitoring, and PUA protection. Getting these tests into shape required the new AI skill to refactor months of pending work and it delivered.🔑 Azure DevOps Security (37+ New Tests) With AI-generated code accelerating supply chain risks, securing your DevOps pipeline has never been more critical. Maester 2.1 ships with 37+ new Azure DevOps tests, checking OAuth config, PAT token policies, external guest access, collection admin hygiene, and more.🔗 Linked Identity Checks for Privileged Accounts A new test surfaces a common blind spot: privileged admin accounts that remain active after their linked standard user account is disabled. If someone leaves your organisation and their cloud admin account stays enabled, Maester will now catch it.📋 CIS Benchmark Refresh & Conditional Access Improvements Community contributor Morten has refreshed the CIS benchmark tests to reflect the latest changes, plus improved the logic behind several conditional access policy checks — including automated tracking of Entra ID roles used in XSPM and commercial access quality checks.There’s a lot more covered in the full episode, including multi-tenant reporting updates, the new dev container for contributors, a surprisingly entertaining story about two AI models dissing each other’s code reviews, and a teaser for what’s coming in the next release.👉 Listen to the full episode for the deep dives, the war stories behind getting community PRs across the line, and Merill and Sam’s take on where AI fits into the future of security testing.Subscribe with your favorite podcast player or watch on YouTube 👇About Sam ErdeSam is an Architect at Patriot Consulting who focuses on performing security assessments, securing and deploying Microsoft 365, and writing PowerShell. He has been a critical pillar for the Maester community over the last year, helping heavily refactor the codebase and streamlining community contributions.LinkedIn - https://www.linkedin.com/in/samerde/Sponsored by:Would you bet your reputation on your current Microsoft 365 security posture?Sure, you’ve checked Purview. Maybe tightened Conditional Access. We all do that.But it’s usually the quiet stuff that bites... permissions that expanded, policies that drifted, exceptions nobody revisited.You could assume it’s fine.Or you could run the Microsoft 365 Security Posture Check.It’s free.It runs locally.And no, it doesn’t send your tenant data back to us.We’ll even help you set it up.🔗 Related Links* What’s new in Maester 2.1.0 - https://maester.dev/blog/whats-new-since-maester-2-0📗 Chapters00:00 Intro05:49 Securing Copilot Studio & AI Agents08:53 The Challenge with Defender for Endpoint Tests013:39 Using AI to Automate Writing Security Tests22:30 Dev Containers for Easy Contributions24:58 New Azure DevOps Security Checks31:02 Multi-Tenant Reporting & Xbox’s Secret37:00 Active Directory Tests & The Future of Hybrid43:00 The Long-Term Vision for Maester54:48 CIS Benchmarks & Linked Identity TestsPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → ...
    続きを読む 一部表示
    1 時間 2 分
  • What an ID Governance Consultant Wishes You Knew About Entra

    What an ID Governance Consultant Wishes You Knew About Entra
    2026/04/25
    Identity Governance is often treated as a “nice-to-have” compliance checkbox, but as ID Governance expert Sandra Saluti reveals, it is actually the foundation of a secure, scalable environment. In this technical deep dive, we move past the marketing slides to discuss some of the common real-world “gotchas” that break Entra ID deployments.In this episode, you will learn:* The Golden Rule of Automation: Why you must stop using “presentation data” (like UPNs or Email addresses) as your anchor. We explain why the Object ID is the only immutable truth for your automation.* The “Marriage Bug”: A cautionary tale of how a simple name change can break hybrid joins and lead to accidental laptop wipes and how to prevent it.* The “Unsexy” Side of Governance: Why the most important part of your job isn’t writing PowerShell, but interviewing HR and stakeholders to map out process flow diagrams before you ever touch the portal.* Closing the “Rehire Gap”: How to solve the common crisis where contractors lose access for 48 hours during a renewal because of lifecycle synchronization delays.* Directory Extensions vs. Exchange Attributes: Technical advice on where to store your identity metadata for the most reliable governance.Sponsored by:Entra ID Gaps That Cause OutagesIn Microsoft Entra ID, outages often start small: an expired client secret, a lapsed certificate, or a suddenly failing integration. Traditional controls don’t track credential expiry or enforce application ownership, so issues appear only after something breaks.Teams are left asking:* Which applications can access Microsoft 365 data?* Is that access still appropriate?* Who owns the app?Unclear answers stall reviews, weaken accountability, and slow delivery.ENow App Governance Accelerator closes these gaps by highlighting expiring credentials, surfacing permission risks, and identifying ownership gaps before they disrupt operations. New Standard Tier pricing makes it accessible for organizations under 10,000 users, typically $3,500–$9,500 annually.Subscribe with your favorite podcast player or watch on YouTube 👇About Sandra SalutiSandra Saluti is a consultant at Epical working with Microsoft Entra ID and identity governance. She helps organisations design secure and practical identity solutions with a focus on governance, access management, and Zero Trust.LinkedIn - https://www.linkedin.com/in/sandra-saluti-6866a686/🔗 Related Links* Sandra’s Blog - https://agderinthe.cloud/author/sandra/ 📗 Chapters00:00 Welcome to Entra Chat 03:18 Explaining Identity Governance 08:51 Handling Late Hires and Rehires 11:25 Using Directory Extensions Effectively 18:50 Stop Targeting UPNs for Automation 25:18 Managing Chaos with Guest Access Reviews 30:56 Deciding Who Approves App Access 33:51 Replacing Nested Groups with Access Packages 39:29 Closing Thoughts and CommunityPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill’s socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
    続きを読む 一部表示
    47 分
  • Stop Leaving the Door Open: The Entra ID Hardening Checklist Security Experts Actually Use

    Stop Leaving the Door Open: The Entra ID Hardening Checklist Security Experts Actually Use
    2026/04/18

    Microsoft Entra security is evolving and the way organizations think about identity protection needs to evolve with it. In this episode, I’m joined by Sean Metcalf, one of the foremost identity security experts in the industry, whose work has helped shape how many organizations approach securing both Active Directory and Microsoft Entra.Sean shares the hardening steps many teams still overlook, and why advances in AI are making it easier for both defenders and attackers to work faster than ever before. From MFA and application controls to protecting privileged accounts and reducing unnecessary exposure, this conversation offers a practical look at where strong identity security starts and why getting the fundamentals right matters more than ever.

    Subscribe with your favorite podcast player or watch on YouTube 👇

    About Sean Metcalf

    Sean Metcalf is the Identity Security Architect at TrustedSec and a renowned expert in Microsoft identity security. He holds the rare Certified Master in Active Directory certification and has spoken at major security conferences including Black Hat, DEF CON, and BlueHat on how to defend cloud and hybrid environments.

    LinkedIn - https://www.linkedin.com/in/seanmmetcalf/

    🔗 Related Links

    * Securing Entra ID Administration: Tier 0 - https://trustedsec.com/blog/securing-entra-id-administration-tier-0

    * Managing Privileged Roles in Microsoft Entra ID: A Pragmatic Approach - https://trustedsec.com/blog/managing-privileged-roles-in-microsoft-entra-id-a-pragmatic-approach

    * Improve Entra ID Security More Quickly - https://adsecurity.org/?p=4825

    * Microsoft Graph Skill - https://graph.pm

    📗 Chapters

    00:04:05 AI and the Evolution of Attacks

    00:06:42 The Importance of Hardening Fundamentals

    00:12:03 Securing Entra ID Quickly

    00:16:24 Protecting Tokens with VBS and TPM

    00:19:58 Restricting Consent and Guest Users

    00:23:40 Managing Rogue Tenants

    00:27:36 Cloud Admin Workstation Strategies

    00:34:14 Delegated Admin Privileges

    00:44:32 The Danger of Application Permissions

    00:57:06 Artemis Mission Trivia

    Podcast Apps

    🎙️ Entra.Chat - https://entra.chat

    🎧 Apple Podcast → https://entra.chat/apple

    📺 YouTube → https://entra.chat/youtube

    📺 Spotify → https://entra.chat/spotify

    🎧 Overcast → https://entra.chat/overcast

    🎧 Pocketcast → https://entra.chat/pocketcast

    🎧 Others → https://entra.chat/rss

    Merill’s socials

    📺 YouTube → youtube.com/@merillx

    👔 LinkedIn → linkedin.com/in/merill

    🐤 Twitter → twitter.com/merill

    🕺 TikTok → tiktok.com/@merillf

    🦋 Bluesky → bsky.app/profile/merill.net

    🐘 Mastodon → infosec.exchange/@merill

    🧵 Threads → threads.net/@merillf

    🤖 GitHub → github.com/merill



    Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
    続きを読む 一部表示
    1 時間
  • How to Design Bullet-Proof Conditional Access Policies in Microsoft Entra ID

    How to Design Bullet-Proof Conditional Access Policies in Microsoft Entra ID
    2026/04/11
    If you can’t immediately name your break glass accounts and the last time you tested them → you’re already at risk.In this episode of Entra Chat, Microsoft MVP Per Torben walks through the conditional access mistakes he sees even large enterprises making, and the practical framework he actually uses with customers.You’ll learn how to set up emergency access accounts the right way, why your CA policies should be built more like a firewall than a checklist, and the one naming convention that makes managing dozens of policies actually manageable.🎧 Hit play, your tenant will thank you.Sponsored by:Entra ID Gaps That Cause OutagesIn Microsoft Entra ID, outages often start small: an expired client secret, a lapsed certificate, or a suddenly failing integration. Traditional controls don’t track credential expiry or enforce application ownership, so issues appear only after something breaks.Teams are left asking:* Which applications can access Microsoft 365 data?* Is that access still appropriate?* Who owns the app?Unclear answers stall reviews, weaken accountability, and slow delivery.ENow App Governance Accelerator closes these gaps by highlighting expiring credentials, surfacing permission risks, and identifying ownership gaps before they disrupt operations. New Standard Tier pricing makes it accessible for organizations under 10,000 users, typically $3,500–$9,500 annually.Subscribe with your favorite podcast player or watch on YouTube 👇About Per TorbenPer Torben is a Senior Architect at Crayon and a Microsoft MVP for Identity and Access. Based in Norway, he frequently writes highly-read posts featured on Entra.News and runs the collaborative tech blog “Agder in the Cloud”.LinkedIn - https://www.linkedin.com/in/pertorbensorensen/🔗 Related Links* Agder in the Cloud - https://agderinthe.cloud* I.D.E.A. for creating/configuring break-glass accounts* GitHub - https://github.com/Per-Torben/I.D.E.A.* Blog - https://agderinthe.cloud/2026/01/06/introducing-i-d-e-a-and-i-d-e-a-001/* Protected actions: https://agderinthe.cloud/2025/02/12/protected-actions-adding-extra-guards-to-your-entra-id-gate/* Conditional Access hardeing (series): https://agderinthe.cloud/2024/12/05/how-to-fix-the-fundamental-flaw-in-conditional-access-part-1-introduction-and-coverage-gapsCA geo filter (series): https://agderinthe.cloud/2025/11/06/diving-into-geo-filter-with-entra-conditional-access-part-1* Entra Backup - https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/backup-restore📗 Chapters06:22 The importance of Break Glass accounts09:02 Securing emergency access with FIDO2 and RMAUs18:10 Configuring Conditional Access: The “Block by Default” strategy27:26 Managing scope and preventing accidental lockouts29:31 Persona-based naming conventions for CA policies35:38 Grouping settings and avoiding bloated policies41:54 Handling exceptions and travel access with Access Packages44:55 The flaw in Protected Actions for Conditional Access53:38 Using the new Entra Backup feature for quick restoresPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill’s socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
    続きを読む 一部表示
    57 分
  • 5 Entra ID Updates You Can’t Afford to Ignore in 2026 (Backup, Governance, CA Agent & Risk Score Exposed)

    5 Entra ID Updates You Can’t Afford to Ignore in 2026 (Backup, Governance, CA Agent & Risk Score Exposed)
    2026/04/04
    Microsoft just dropped a massive wave of features for Entra, and the rules of Tenant Governance have officially changed. Join us as we talk to three world-class MVPs about their hands-on experience with the new Entra Backup and Recovery and Tenant Governance features.Our Microsoft MVP guests Nathan McNulty, Ru Campbell, and Thomas Naunheim break down the most exciting new features in Microsoft Entra.In this episode, we explore:* The “Shadow Tenant” Problem: One org found 700+ Entra tenants they didn’t know they had.* Version Control for Admins: Why “Difference Reports” are a total game-changer for troubleshooting.* Recovery Safeguards: How to protect your tenant from accidental deletions and “sneaky” background changes.* Backup & Recovery: The truth about Entra Backup vs. Third-Party ISV tools.Subscribe with your favorite podcast player or watch on YouTube 👇About The GuestsNathan, Ru, and Thomas are highly experienced MVPs specializing in identity security, governance, and Microsoft Entra.Nathan McNulty - LinkedIn - https://www.linkedin.com/in/nathanmcnulty/Ru Campbell - LinkedIn - https://www.linkedin.com/in/rlcam/Thomas Naunheim LinkedIn - https://www.linkedin.com/in/thomasnaunheim/🔗 Related Links* Microsoft Entra Backup and Recovery Documentation - https://learn.microsoft.com/en-us/entra/backup/overview* Microsoft Entra Tenant Governance - https://learn.microsoft.com/en-us/entra/id-governance/tenant-governance/overview* Synced Passkeys - https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-authentication-passkeys-fido2* Microsoft Work IQ CLI (Public Preview) - https://learn.microsoft.com/en-us/microsoft-365/copilot/extensibility/workiq-overview* Playwright https://playwright.dev/* Entra Auth Tracer (Chrome Extension) - https://github.com/darrenjrobinson/EntraAuthTracer* Unified Risk Score - https://learn.microsoft.com/en-us/defender-xdr/investigate-users#risk-score-tab-preview📗 Chapters00:00 Intro to New Entra Features02:04 Entra Backup and Recovery Deep Dive10:41 Difference Reports Explained15:54 Intro to Tenant Governance23:34 Managing Multi-Tenant Organizations33:31 Conditional Access Optimization Agent36:55 The Great Passkey Debate47:22 Retirements: SP-less Auth & ACS for SharePoint48:46 Unified Risk Score in Defender52:38 MVP Tips of the WeekPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill’s socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
    続きを読む 一部表示
    1 時間
  • Finding Every MFA Gap: Testing 250 Million Conditional Access Combinations in Under 20 Minutes

    Finding Every MFA Gap: Testing 250 Million Conditional Access Combinations in Under 20 Minutes
    2026/03/28
    Emilien Socchi, Cloud Security Research Engineer at Storebrand, joins us to discuss CA Insight and AZTier.Two open-source tools Emilien built to find gaps in Conditional Access policies and categorize Azure/Entra roles based on attack paths. Learn how CA Insight evaluates 250 million sign-in combinations offline in minutes instead of days, why the What If API doesn't scale, and how AZTier helps defenders and pen testers understand privilege escalation risks across Entra ID, Azure, and Microsoft Graph.Together, these projects help security teams move from reactive log monitoring to a proactive defense strategy.What’s Breaking and Slowing Your Entra ID Environment?In Microsoft Entra ID, the same visibility gaps cause two problems:* Things break* Work slows downExpired client secrets disrupt integrations. Certificates lapse and authentication fails. New apps appear with excessive permissions and no clear ownership. At the same time, teams struggle to answer basic questions, which applications have access to Microsoft 365 data, whether that access is still required, and who is responsible for it.When answers are not immediate, reviews stall and projects slow down.ENow App Governance Accelerator Credential Guard helps identify expiring credentials and expose permission and ownership gaps.For organizations under 10,000 users, pricing ranges from $3,500 to $9,500 annually through March 31, 2026.Subscribe with your favorite podcast player or watch on YouTube 👇About Emilien SocchiEmilien Socchi is a Cloud Security Research Engineer at Storebrand (Oslo, Norway) focusing on the proactive discovery of security issues. With an extensive background in application and cloud penetration testing, Emilien has published practical research and tooling used by defenders. He also maintains several open‑source projects, including Azure administrative tiering models and Entra ID role‑monitoring utilities.LinkedIn - https://www.linkedin.com/in/emilien-socchi🔗 Related Links* CA Insight- https://github.com/emiliensocchi/entra-ca-insight* Azure Administrative Tiering (AzTier) - https://aztier.com* AzTier Source: https://github.com/emiliensocchi/azure-tiering* AzTier Deployer - https://github.com/emiliensocchi/aztier-deployer📗 Chapters00:00 The Story Behind CA Insights16:52 Why the ‘What If’ API Doesn’t Scale 21:09 Building an Offline Evaluation Engine 45:22 Deep Dive into AZTier: A Red Team Perspective Podcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill’s socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
    続きを読む 一部表示
    1 時間 2 分
  • From FIM/MIM to Cloud Sync: Complete Identity Journey with Australia’s Top Identity MVP Darren “Doc” Robinson

    From FIM/MIM to Cloud Sync: Complete Identity Journey with Australia’s Top Identity MVP Darren “Doc” Robinson
    2026/03/21
    Darren Robinson, Identity and Zero Trust Strategy and Architecture Capability Lead at Increment, shares his extensive experience in identity governance and administration.In this episode Merill sits down with Darren “Doc” Robinson – Microsoft MVP since 2017, former SailPoint Ambassador and one of Australia’s most experienced identity architects.Darren takes us on a 25+ year journey from Novell networks to modern Microsoft Entra ID, reveals why he’s building custom ECMA2 connectors, and shares the exact PowerShell tools he just open-sourced (Granfeldt uplift, ECMA2 Host Tools, Provision On-Demand module).We also compare Entra ID Governance vs SailPoint and dive into his latest obsession: MCPs for Entra News and personal AI agents.Whether you’re migrating legacy apps or levelling up your IGA strategy, this episode is pure gold.Sponsored by CoreView:Would you bet your reputation on your current Microsoft 365 security posture?Sure, you’ve checked Purview. Maybe tightened Conditional Access. We all do that.But it’s usually the quiet stuff that bites... permissions that expanded, policies that drifted, exceptions nobody revisited.You could assume it’s fine.Or you could run the Microsoft 365 Security Posture Check.It’s free.It runs locally.And no, it doesn’t send your tenant data back to us.We’ll even help you set it up.Subscribe with your favorite podcast player or watch on YouTube 👇About Darren RobinsonDarren is highly accomplished in digital identity and cybersecurity specialising in Identity & Access Management for over three decades. Darren is renowned for driving Digital Identity innovation, building global offerings, and leading high-impact teams to deliver cutting-edge solutions that enhance security posture, operational efficiency, and business value.🔗 Related Links* Blog: https://blog.darrenjrobinson.com* GitHub: https://github.com/darrenjrobinson* LinkedIn: https://www.linkedin.com/in/darrenjrobinson/In this episode…1. Understanding the “Metaverse”The foundation of Microsoft’s identity strategy dates back to the acquisition of Zoomit in 2000. This introduced the Metaverse—not a VR world, but a “hologram” or central representation of a user that exists across multiple systems like SQL databases and LDAP directories. By correlating these identities into one object, organizations can maintain consistency across a fragmented environment.2. The Modern Bridge: ECMA and SCIMAs organizations move to the cloud, the “heavy” sync engines like MIM (Microsoft Identity Manager) are being replaced by Entra Cloud Sync. The modern approach uses:* A Light Shim: A small on-premises component that acts as a member of the domain.* SCIM Instructions: The Entra provisioning service sends instructions via the SCIM protocol to this shim.* ECMA Connectors: The Extensible Connector Management Agent (ECMA) translates these cloud instructions into a language legacy on-prem apps can understand, such as SQL or Oracle updates.3. Scaling with PowerShell 7One of the biggest hurdles in legacy identity management was performance. Darren Robinson recently uplifted the popular Granfeldt PowerShell Management Agent to support PowerShell 7. This update allows for:* 64-bit Processing: Handling larger datasets with ease.* Parallelism: Sending multiple identity updates in parallel rather than waiting for individual “gets,” significantly speeding up sync times.4. Managing the “Cache”A common pain point for administrators is the lack of visibility into the ECMA host cache. To solve this, Darren developed a new module that allows practitioners to programmatically query the cache, back up configurations, and document every connector and parameter in the system.Key Takeaway: Whether you are migrating from legacy solutions like Novell or managing a complex hybrid Entra environment, the goal remains the same: automated, secure, and visible identity lifecycles.📗 Chapters00:00 Intro02:22 The Evolution of Directory Services and Synchronization08:05 Understanding Sync Engines and the Metaverse14:45 Modern Identity Provisioning with Entra17:39 Developing Custom PowerShell ECMA Connectors20:53 Automating Provisioning with New PowerShell Modules28:53 The Current Landscape of Identity Governance31:37 Solving the Disconnected Apps Challenge35:46 Exploring Model Context Protocol (MCP)45:34 Leveraging Local AI and LLMs for Identity TasksPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill’s socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 ...
    続きを読む 一部表示
    55 分