This week, I’m joined by a stellar panel of Nathan McNulty, Ru Campbell, Martin Sandren, and Thomas Naunheim to break down the firehose of news from Microsoft Ignite related to Entra.
We dive straight into the hot debate over synced passkeys versus device-bound credentials and why consumer adoption might force our hand in the enterprise. We also explore the new Account Recovery features that could save companies thousands in helpdesk costs and unpack the massive shift toward “Agentic AI” with the launch of Entra Agent ID, a feature that fundamentally changes how we think about non-human identities.
If you are feeling overwhelmed by the pace of AI and identity changes, you are not alone. Listen in as we figure this out together.
Subscribe with your favorite podcast player or watch on YouTube 👇
About our guests
Nathan McNulty: Nathan is a Senior Security Solutions Architect at Patriot Consulting and a Microsoft Security MVP. He has been working with Microsoft cloud identity solutions since the days of Live@edu and Office 365 in 2010.
Ru Campbell: Ru is a Microsoft Security MVP who leads Microsoft Security at Threatscape. He describes himself as a “jack of all trades” when it comes to Microsoft 365 security, getting involved in a wide range of security topics.
Martin Sandren: Martin is the Product Lead for Identity Access at Inter IKEA, where he manages identity solutions across the globe. He offers a unique perspective as a practitioner running identity for a massive enterprise.
Thomas Naunheim: Thomas is a Cloud Security Architect at glueckkanja and a Microsoft Security MVP. He specializes in cloud security architecture and actively tracks new features and announcements in the Microsoft ecosystem.
Sponsored by:
Shadow IT and SaaS sprawl are outpacing IT teams
It can feel impossible to tackle these app governance challenges:
📦 Entra ID isn’t secure by default
💥 SaaS adoption & sprawl isn’t slowing down
⌨️ Citizen Development keeps rising (hello, Copilot Studio!)
🗑️ Vendors often don’t remove apps after uninstall
🔃 Offboarding is inconsistent or doesn’t happen at all
🥔 App governance is passed around like a hot potatoENow AppGov Score shines a light on lurking risks, providing a free App Governance Benchmark Report for your Entra tenant. Reclaim control and protect against breach & disruptions. Free upgrade to Standard Tier for 7 days once you get your score.
🔗 Related Links
📗 Chapters
00:00 Intro
04:36 The Debate: Synced vs Device-Bound Passkeys
20:47 Entra Account Recovery & Identity Verification
30:00 Passwordless Self-Remediation
33:01 Security Copilot Comes to E5
36:47 The Rise of AI Agents in Entra
42:49 Understanding Entra Agent ID
56:47 MCP Servers & VS Code Integration
01:05:20 Global Secure Access & AI Security
01:09:14 Microsoft Security Baseline
Podcast Apps
🎙️ Entra.Chat - https://entra.chat
🎧 Apple Podcast → https://entra.chat/apple
📺 YouTube → https://entra.chat/youtube
📺 Spotify → https://entra.chat/spotify
🎧 Overcast → https://entra.chat/overcast
🎧 Pocketcast → https://entra.chat/pocketcast
🎧 Others → https://entra.chat/rss
Merill’s socials
📺 YouTube → youtube.com/@merillx
👔 LinkedIn → linkedin.com/in/merill
🐤 Twitter → twitter.com/merill
🕺 TikTok → tiktok.com/@merillf
🦋 Bluesky → bsky.app/profile/merill.net
🐘 Mastodon → infosec.exchange/@merill
🧵 Threads → threads.net/@merillf
🤖 GitHub → github.com/merill
