Entra.Chat

• Extending Microsoft Entra: Logic Apps, Power Apps, and the Art of Tinkering with Entra ID

  In this week’s episode Jan Bakker, Microsoft MVP and solution architect from the Netherlands, joins us for a masterclass in extending Microsoft Entra ID beyond out-of-the-box capabilities. This episode is your complete guide to building custom identity governance and lifecycle management using Power Apps, Logic Apps, and Azure automation.You’ll learn the fundamental building blocks of automation in the Microsoft ecosystem and how to combine them creatively.Jan’s approach: treat Entra as a platform, not just a product.The automation stack he teaches: → Power Automate (everyday workflows)→ Logic Apps (enterprise automation)→ Dynamic Groups (intelligent triggers)→ Graph API (the foundation of everything)→ Event Hub (cost-effective event streaming)Key topics covered:* Understanding Power Automate vs Azure Logic Apps (and when to use each)* Managed identities and least privilege automation* Dynamic groups as automation triggers* Event Hub for cost-effective event-driven workflows* Custom authentication extensions and token augmentation* Real implementation costs ($50/month for enterprise solutions!)From the conversation:* Step-by-step temporary access pass automation* Automatic refresh token revocation on account disable* MFA method change notifications (like Gmail/Twitter)* Guest lifecycle management and approval flows* Conditional access policy monitoringWhether you’re new to automation or an experienced architect, you’ll walk away with actionable ideas and a new way of thinking about identity solutions.Subscribe with your favorite podcast player or watch on YouTube 👇About Jan BakkerJan is a Microsoft MVP and Solution Architect based in the Netherlands. He is known for his ability to make complex DevOps and Entra concepts accessible and publishes extensive guides on his blog about extending Entra capabilities.LinkedIn: https://www.linkedin.com/in/jan-bakker/🔗 Related Links* Send an email on a new MFA method registration - https://janbakker.tech/send-an-email-on-a-new-azure-mfa-method-registration/* How to build a PowerApp – Temporary Access Pass Manager - https://janbakker.tech/category/power-platform/* Trigger Logic App on group membership changes in Entra ID - https://janbakker.tech/trigger-logic-app-on-group-membership-changes-in-entra-id/* Poor man’s IGA: Monitor and clean up stale guest accounts - https://janbakker.tech/poor-mans-iga-monitor-and-clean-up-stale-guest-accounts/* Poor man’s IGA: Generate Temporary Access Pass for joiners - https://janbakker.tech/poor-mans-iga-generate-temporary-access-pass-for-joiners/* Unlocking the Power of employeeHireDate in Entra ID Dynamic Groups - https://janbakker.tech/unlocking-the-power-of-employeehiredate-in-entra-id-dynamic-groups/* Temporary exclusions for Conditional Access using PIM for Groups - https://janbakker.tech/temporary-exclusions-for-conditional-access-using-pim-for-groups/Sponsored by:Shadow IT and SaaS sprawl are outpacing IT teamsIt can feel impossible to tackle these app governance challenges:📦 Entra ID isn’t secure by default💥 SaaS adoption & sprawl isn’t slowing down⌨️ Citizen Development keeps rising (hello, Copilot Studio!)🗑️ Vendors often don’t remove apps after uninstall🔃 Offboarding is inconsistent or doesn’t happen at all🥔 App governance is passed around like a hot potatoENow AppGov Score shines a light on lurking risks, providing a free App Governance Benchmark Report for your Entra tenant. Reclaim control and protect against breach & disruptions. Free upgrade to Standard Tier for 7 days once you get your score.Secure & Govern Entra Apps Now📗 Chapters00:03 The Poor Man’s IGA Concept 00:07 Revoking Refresh Tokens Automatically 00:13 Power Apps for Approval Workflows 00:16 Custom Logic for Managing Guest Access 00:19 Building a Temporary Access Pass Tool 00:25 Power Automate vs. Azure Logic Apps 00:28 Triggering Automation with Event Hubs 00:31 Alerting on Security Changes via Audit Logs 00:41 Self-Service Group Management 00:44 Why You Must Learn Graph APIPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill’s socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe

  --------  

  50:34

  --------

  50:34
• Inside Microsoft’s Entra Tenant: The Internal App Governance Playbook

  Khurram, a key member of the internal App Governance assessment team at Microsoft, joins the show to pull back the curtain on how Microsoft manages application security at a massive corporate scale and the rigorous internal security measures Microsoft employs to protect its corporate Entra ID tenant from risky applications.In this deep dive, Khurram reveals Microsoft’s custom-built App Governance blueprint. He details the process for reviewing and consenting to the hundreds of new application requests the organization receives monthly.Key Takeaways* Permission Risk Rating: Learn how Microsoft’s team assesses and assigns a severity rating—Low, Moderate, Important, or Critical—to permissions. This rating is based on the permission’s capability, whether it’s delegated or application, and its potential for PII exposure (e.g., Application permission or a .all scope will score higher).* The Weighting Model: Discover how the Microsoft app assessment team has proactively risk-rated between 3,000 and 3,500 permissions. This approach dictates when an app is automatically approved (for low-risk requests like User.Read) versus when it is flagged for manual, scenario-based review.* Holistic Risk Review: Khurram explains how the app’s overall risk is calculated beyond just permissions. This includes mandatory security controls like banning high-risk reply URLs (e.g., azurewebsites.net and aka.ms) , enforcing the use of certificates over secrets , and requiring multiple owners.* Multi-Team Veto Power: Understand the critical approval workflow where requests for higher-risk permissions are routed to specific organizational data owners (like the DLP, Identity, or Exchange teams). All teams must approve the request as a whole, giving each team a critical veto power over access to their services.Subscribe with your favorite podcast player or watch on YouTube 👇About Khurram ChaudharyKhurram is a Principal Security Assurance Eng on the internal assessment team at Microsoft. He specializes in App Governance and was instrumental in developing the systems and risk-rating methodologies used to manage thousands of application requests within Microsoft’s corporate tenant.🔗 Related Links* Entra Application Management - https://learn.microsoft.com/en-us/entra/identity/enterprise-appsSponsored by:Shadow IT and SaaS sprawl are outpacing IT teamsIt can feel impossible to tackle these app governance challenges:📦 Entra ID isn’t secure by default💥 SaaS adoption & sprawl isn’t slowing down⌨️ Citizen Development keeps rising (hello, Copilot Studio!)🗑️ Vendors often don’t remove apps after uninstall🔃 Offboarding is inconsistent or doesn’t happen at all🥔 App governance is passed around like a hot potatoENow AppGov Score shines a light on lurking risks, providing a free App Governance Benchmark Report for your Entra tenant. Reclaim control and protect against breach & disruptions. Free upgrade to Standard Tier for 7 days once you get your score.Secure & Govern Entra Apps Now📗 Chapters01:21 The Shift to Admin Consent 03:38 Factors for Reviewing App Risk 06:35 How We Rate Permission Severity 09:25 Automating Low-Risk Approvals 14:17 The Internal Review Workflow 21:40 The App Governance Scoring System 29:01 The Localhost Redirect Debate 39:35 Handling Stale Apps and Permissions 49:34 Advice for Identity AdminsPodcast Apps🎙️ Entra.Chat → https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill’s socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe

  --------  

  52:30

  --------

  52:30
• The "Secret Sauce" Behind Microsoft's New MCP Server

  Luca Spolidoro from the Microsoft Entra AI Innovations team joins us to unveil the new Microsoft MCP Server for Enterprise. We discuss how this innovation allows admins and AI agents to interface with their tenant using natural language, bridging the gap between LLMs and the complexity of Microsoft Graph.We also talk about the technical challenges of token limits, the patented “three-tool” solution that optimizes queries, and the roadmap for write operations and PowerShell script generation.Subscribe with your favorite podcast player or watch on YouTube 👇About Luca Spolidoro Luca is a Product Manager on the Entra AI Innovations team at Microsoft. Formerly working on advanced queries for Microsoft Graph, he now focuses on enabling AI agents to interact securely and efficiently with directory objects and tenant data. LinkedIn - https://www.linkedin.com/in/lucaspolidoro/🔗 Related Links * Microsoft MCP Server for Enterprise - https://aka.ms/mcp/entraSponsored by:Shadow IT and SaaS sprawl are outpacing IT teamsIt can feel impossible to tackle these app governance challenges:📦 Entra ID isn’t secure by default💥 SaaS adoption & sprawl isn’t slowing down⌨️ Citizen Development keeps rising (hello, Copilot Studio!)🗑️ Vendors often don’t remove apps after uninstall🔃 Offboarding is inconsistent or doesn’t happen at all🥔 App governance is passed around like a hot potatoENow AppGov Score shines a light on lurking risks, providing a free App Governance Benchmark Report for your Entra tenant. Reclaim control and protect against breach & disruptions. Free upgrade to Standard Tier for 7 days once you get your score.Secure & Govern Entra Apps Now📗 Chapters 03:36 The Hackathon Origin Story 05:55 What is the Model Context Protocol? 09:22 The Token Limit Problem 15:45 Microsoft’s “Secret Sauce” Solution 19:54 Current Limitations & Future Scope 23:57 Future: Write Operations & Scripts 30:12 Security & Admin Controls 42:43 Security Copilot vs. Standalone MCP 50:21 Getting StartedPodcast Apps 🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple 📺 YouTube → https://entra.chat/youtube 📺 Spotify → https://entra.chat/spotify 🎧 Overcast → https://entra.chat/overcast 🎧 Pocketcast → https://entra.chat/pocketcast 🎧 Others → https://entra.chat/rssMerill’s socials 📺 YouTube → youtube.com/@merillx 👔 LinkedIn → linkedin.com/in/merill 🐤 Twitter → twitter.com/merill 🕺 TikTok → tiktok.com/@merillf 🦋 Bluesky → bsky.app/profile/merill.net 🐘 Mastodon → infosec.exchange/@merill 🧵 Threads → threads.net/@merillf 🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe

  --------  

  55:13

  --------

  55:13
• Entra Ignite Recap: Synced Passkeys, Agent ID & The Future of Identity

  This week, I’m joined by a stellar panel of Nathan McNulty, Ru Campbell, Martin Sandren, and Thomas Naunheim to break down the firehose of news from Microsoft Ignite related to Entra. We dive straight into the hot debate over synced passkeys versus device-bound credentials and why consumer adoption might force our hand in the enterprise. We also explore the new Account Recovery features that could save companies thousands in helpdesk costs and unpack the massive shift toward “Agentic AI” with the launch of Entra Agent ID, a feature that fundamentally changes how we think about non-human identities. If you are feeling overwhelmed by the pace of AI and identity changes, you are not alone. Listen in as we figure this out together.Subscribe with your favorite podcast player or watch on YouTube 👇About our guests* Nathan McNulty: Nathan is a Senior Security Solutions Architect at Patriot Consulting and a Microsoft Security MVP. He has been working with Microsoft cloud identity solutions since the days of Live@edu and Office 365 in 2010.* https://www.linkedin.com/in/nathanmcnulty/* Ru Campbell: Ru is a Microsoft Security MVP who leads Microsoft Security at Threatscape. He describes himself as a “jack of all trades” when it comes to Microsoft 365 security, getting involved in a wide range of security topics.* https://www.linkedin.com/in/rlcam/* Martin Sandren: Martin is the Product Lead for Identity Access at Inter IKEA, where he manages identity solutions across the globe. He offers a unique perspective as a practitioner running identity for a massive enterprise.* https://www.linkedin.com/in/martinsandren/* Thomas Naunheim: Thomas is a Cloud Security Architect at glueckkanja and a Microsoft Security MVP. He specializes in cloud security architecture and actively tracks new features and announcements in the Microsoft ecosystem.Sponsored by:Shadow IT and SaaS sprawl are outpacing IT teamsIt can feel impossible to tackle these app governance challenges:📦 Entra ID isn’t secure by default💥 SaaS adoption & sprawl isn’t slowing down⌨️ Citizen Development keeps rising (hello, Copilot Studio!)🗑️ Vendors often don’t remove apps after uninstall🔃 Offboarding is inconsistent or doesn’t happen at all🥔 App governance is passed around like a hot potatoENow AppGov Score shines a light on lurking risks, providing a free App Governance Benchmark Report for your Entra tenant. Reclaim control and protect against breach & disruptions. Free upgrade to Standard Tier for 7 days once you get your score.🔗 Related Links* Microsoft Entra: What’s New in Secure Access on the AI Frontier* Entra.Chat - Access Review Agent* Entra.Chat - Conditional Access Agent📗 Chapters00:00 Intro04:36 The Debate: Synced vs Device-Bound Passkeys20:47 Entra Account Recovery & Identity Verification30:00 Passwordless Self-Remediation33:01 Security Copilot Comes to E536:47 The Rise of AI Agents in Entra42:49 Understanding Entra Agent ID56:47 MCP Servers & VS Code Integration01:05:20 Global Secure Access & AI Security01:09:14 Microsoft Security BaselinePodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill’s socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe

  --------  

  1:16:43

  --------

  1:16:43
• Zero Trust Assessment: Secure your tenant

  This week, I’m so excited to share the inside story of a project I’ve been working on for over a year: the new Zero Trust assessment. I’m joined by some of the key folks from the team: Tarek, who’s leading the charge; Sarah and John, who are crushing docs; and Ravi, who’s owning Intune.We unpack the wild breach that sparked it all, geek out over those Sankey charts that spotlight sneaky unmanaged devices and privileged access landmines, and tease why even “expired” app creds could be your silent killer. If you’re tired of silos between identity and endpoints, this is your wake-up call—tune in to see how to make Zero Trust practical before the next attack hits.Subscribe with your favorite podcast player or watch on YouTube 👇About Our GuestsSarah LipseySarah Lipsey has been with Microsoft for almost four years and writes about monitoring and health, ID Protection, and Security Copilot in Microsoft Entra. Sarah has worked as a technical writer and instructional designer for around 20 years, and for a university, a telecommunications firm, and a railroad. She lives in the woods with her family where she loves to knit, play video games, hike, and ski. Yes, she spends way too much time trying to close out every dot on a video game map. Still working on the Skellige map for The Witcher 3.LinkedIn - https://www.linkedin.com/in/sarah-lipsey-b53b746/John FloresJohn is a Senior Content Developer at Microsoft, where he has worked for over eight years. He specializes in creating high-impact technical content for identity security within Microsoft Entra, focusing on areas like Conditional Access, MFA, ID Protection, and device identity. John also leads the documentation efforts for Zero Trust content across Microsoft 365 and Identity teams. He actively collaborates with engineers and PMs to test pre-release features and engages with customers to refine technical guidance.LinkedIn - https://www.linkedin.com/in/johnbflores/Ravi KalwaniRavi is a Senior Program Manager at Microsoft, based in Sydney, Australia. With over 14 years of IT experience spanning technical training, support, consulting, and program management, his focus for the past five years has been on Enterprise Client and Mobility, specifically Microsoft Configuration Manager and Intune. Ravi is also an experienced public speaker, having presented at numerous technical conferences and delivered a wide range of workshops for both internal teams and enterprise customers.LinkedIn - https://www.linkedin.com/in/rkalwani/Tarek DawoudTarek Dawoud is a long-time veteran at Microsoft, having been with the company for over 18 years. Tarek currently leads the architecture team within the customer engineering (CXE) organization, where he helps customers deploy Entra, gathers insights for the product group, and works to solve the hardest identity problems.LinkedIn - https://www.linkedin.com/in/tarekdawoud/🔗 Related Links* aka.ms/zerotrust/assessment → Microsoft Learn docs page for the assessment* aka.ms/zerotrust/demo → Interactive demo of a sample assessment report* aka.ms/zerotrust/feedback → Share your feedback* aka.ms/zerotrust/issues → Logging bugs & issuesZero Trust Assessment - Five minute walkthroughZero Trust Assessment ReportSample report generated by the Zero Trust Assessment tool. Try aka.ms/zerotrust/demo for an interactive demo.📗 Chapters00:00 Intro 01:11 The Origin Story: A Customer Breach 05:59 A New Way to Write Docs 08:55 Bringing Intune into the Story 11:07 How This Compares to Secure Score 14:46 Uncovering Insights with Sankey Charts 21:55 Behind the Scenes: How a Test is Built 36:18 Why We Target Privileged Access (AI Attackers) 39:59 The Myth of “Safe” Expired Credentials 42:35 Final Thoughts: “Please Run It”Podcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill’s socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe

  --------  

  44:09

  --------

  44:09

Plus de podcasts Actualités

Podcasts tendance de Actualités

À propos de Entra.Chat