Entra 🆔 News #115 → This week in Microsoft Entra
Learn about a new proposal to evolve the SCIM protocol for AI agents, tracking of Entra ID free subscriptions with billing accounts and more.
👋 Hi, Merill and Joshua are here with this week’s roundup of the latest Microsoft Entra news from around the globe 🌍!
This week’s big story is groundbreaking research by Dirk-jan Mollema. Read all about it in his post, ‘One Token to Rule Them All - Obtaining Global Admin in Every Entra ID Tenant via Actor Tokens’.
I also dropped a killer Entra Chat episode with ex-pharmacist turned Entra defender Erica Zelic. She drops battle-tested tips for locking down your tenant against phishing "bypasses" and credential chaos. Check it out 👇
How a Pharmacist Became a Pro Hacker (And What She Found in YOUR Tenant)
Cybersecurity expert Erica shares her incredible journey from pharmacist to becoming a professional hacker. She reveals how attackers are bypassing modern security controls like MFA and what you can do to protect your tenant.
Enjoy!
Sponsored by:
What’s the secret to seamless sync in disconnected systems?
Synchronising across disconnected networks and high-security environments has traditionally been a major challenge, but it doesn’t have to be.
Whether you're working with air-gapped systems, strict compliance requirements, or complex IT infrastructures, secure identity synchronisation is now possible without compromising control.
Learn how organisations are overcoming these barriers to enable seamless collaboration and maintain robust security across even the most restricted environments
⚡️ Microsoft
📖 Read
🗣️ Message Center
📆 Upcoming Events
Identity and Network Security Practitioner Webinar Series • Laura Viarengo
From the community…
🚀 Most popular posts from last week
🥇Improving passkey registration experiences • Nathan McNulty
🥈Poor Man's IGA - Beyond the Cloud How to Offboard On-Premises AD Accounts with Microsoft Graph • Suryendu Bhattacharyya
🥉You shall not pass(key)! (updated) • Jan Bakker
Sponsored by:
EasyEntra: Eliminate Exchange On-Premises
Are you still running Exchange on-prem just to manage mail attributes after moving to Exchange Online?
End the upgrade/patching/troubleshooting loop with EasyEntra - a FREE alternative to AD Users & Computers for L1 teams.
EasyEntra Free Edition helps your helpdesk:
✅ Safely manage core mail attributes for mailbox users, distribution groups, etc.
✅ Instant, as-you-type AD searching (including advanced attribute access).
✅ One-click Microsoft Entra Connect sync.
✅ Simple copy/paste of group memberships between accounts.
✅ Adaptive password generator.
✅ Optional in-app auth with token-theft protection.
✅ Seamless AD management from Entra-joined devices.Install & configure in <1 min | No security or infrastructure changes | ADUC-style UI with zero learning curve.
☀️ Learn
📦 Apps
Entra ID – You can now manage Entra ID applications policies from the portal • Benoit Hamet
Augmenting the JWT with the “Token Issuance Start” custom authentication extension in Entra… • Rory Braybrook
Entra ID – When Ideas Become Features: Reflections on Entra ID App Policies • Michael Morten Sonne
Recommended Application Policies for Microsoft Entra Apps • Daniel Bradley
📺 Microsoft 365 Application Security – Stop Risky Apps Fast (15 min) • Jonathan Edwards
🔑 Authentication
Beat the Clock: A Free PowerShell Script for the Sept. 30 Legacy MFA Retirement Deadline • JJ Milner
Entra ID’s Keep Me Signed In Feature – Good or Bad? • Tony Redmond
Practical Protection: Microsoft Doubles Down on Azure MFA Enforcement • Paul Robichaux
👥 User & Group Management
Meet The Dragon In Entra ID • Michele Blum
🤖 DevOps & PowerShell
Automating Microsoft Graph Deployments Using Azure DevOps • Brian Veldman
🚦 Conditional Access
Advanced Conditional Access • Niklas Tinner
Conditional Access to zero trust compliance report with powershell • Jan Mulder
Stop MFA Registration Attacks on User Accounts • Blesslin Rinu
🔐 Credential Management
Onboarding New Users In an Entra ID Passkey World • Brian Reid
🖥️ Devices
Understanding the Default Compliance Policy: Enrolled User Exists • Rudy Ooms
Device Management in GCC High For Secure, Compliant Access • Arvind Suthar
Windows Device Enrollment Restrictions • Mark Orr
📺 Step by Step Guide to Onboarding Devices in Entra ID & Intune (19 min) • Andy Malone MVP
🏙️ External ID - Guests & Multi-Tenant Organizations
What’s the Best Way to Manage Guest Accounts? • Tony Redmond
Calendar Sharing In Exchange Online After Multi-Tenant Organizations (MTO) Is In Place • Brian Reid
🥷 Security
One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens • Dirk-jan Mollema
Lack of service-side validation allows group guest user restrictions bypass via OWA • Vasil Michev
How to Actually Security Benchmark Your Microsoft 365 Tenant • Daniel Bradley
♻️ Sync
Change source of authority (SOA) for Groups (Preview) • Andres Bohren
📒 Tenant Configuration
Scorched Earth: M365 and SaaS Disaster Recovery Tabletop Exercise • Erica Zelic
Microsoft Entra ID Quick Config Videos • Brian Baldock
Use RBAC to supercharge your Entra Admin Units • Per-Torben Sørensen
🛍️ External ID - Customers
Augmenting sign-up attributes with the Attribute Collection Submit custom authentication extension… • Rory Braybrook
Enabling SMS as an MFA method in Entra External ID • Rory Braybrook
⚒️ Toolkit
Check - Open source browser extension that provides real-time protection against Microsoft 365 phishing attacks • CyberDrain
Threat-Hunting-and-Detection/Privilege Escalation/Potential Actor Token Abuse in Entra ID • Mehmet Ergene
🔥 Maester
👨🏽💻 Merill’s corner
Want to get featured on Entra.News? → Submit your content 😎
Want us to say nice things about your company? Sponsor entra.news 🤩
Love the newsletter? Tell us 💚❤️💜
🪃 Acknowledgement of Country
Entra.News is created on Wurundjeri land and acknowledges the traditional owners of country throughout Australia, recognising their continuing connection to land, water and community. We pay our respect to them and their cultures and to elders both past and present.