Entra 🆔 News #119 → This week in Microsoft Entra
Learn about updates to the CA Optimization agent, other upcoming Entra changes, deprecations and more.
👋 Hi, Merill and Joshua here with this week’s roundup of the latest news on Microsoft Entra from around the globe 🌍.
This week, we’re diving into everything from securing your AI and Copilot applications and mastering Workload ID certificate rotation to the latest updates on user Source of Authority changes. Plus, get essential tips on Conditional Access implementation and managing Privileged Access Workstations (PAWs).
Don’t forget to check out this week’s podcast with Alexander Filipin on how agentic AI is helping improve Access Reviews.
AI is Coming to Identity Governance! Meet the Entra Access Review Agent
In this episode, I sit down with Alexander Filipin, a Product Manager at Microsoft, to unpack the essentials of identity governance and why access reviews are a game-changer for security and compliance.
Enjoy!
Sponsored by:
“EasyEntra Has Transformed Our Daily IT Operations”
If onboarding a hybrid user takes 20 minutes and senior tech keeps getting dragged into first-line support, perhaps the problem is not your support team. It’s their tools.
Unlock a new level of IT efficiency for your entire organization.
EasyEntra streamlines your AD + M365 management by:
✅ Automating onboarding and offboarding.
✅ Consolidating management of users, mailboxes, and licenses.
✅ Stopping escalations of (what should be) simple helpdesk tickets.Trusted by organizations worldwide:
“One of the best products I’ve used” – Mirick Law, US
“It feels almost like a revolution” – Arjeplog Municipality, SE
“This is the best software ever” – Core Healthcare, USNo infrastructure changes. No security changes. One-minute installation.
⚡️ Microsoft
🏆 General Availability
The Conditional Access Optimization Agent keeps getting better—and making your life easier • Alex Simons
🔥 Public Preview
What’s new in Microsoft Entra – September 2025 • Shobhit Sahay
🗣️ Message Center
📆 Upcoming Events
Practitioner’s Playbook for Microsoft Entra Suite in Action • Microsoft Security Community
From the community…
🚀 Most popular posts from last week
🥇How to Get Entra Enterprise Application Permissions Report • Lokesh
🥈How to Change onmicrosoft.com fallback domain name • Rudy Mens
🥉Secretless confidential applications • Stephan Van Rooij
Sponsored by:
Move your apps fast and safe to Intune
Intune should be progress, not punishment.
Robopack gives you a clean handover. Your ConfigMgr apps discovered, packaged, patched, and tracked.
Finds unmanaged apps automatically
Patches with rollback and deployment control
Supports custom scripts and app settings
Keeps new apps patched with Radar tracking
ISO 27001 certified for data protection
No lost apps. No manual patching. No rollback panic.
Your migration stays clean, your apps stay compliant. A secure, controlled move to Intune.Start your 60-day Safe Passage trial and see how easy Intune can be.
☀️ Learn
👩✈️ AI & Copilot
🧰 Workload ID
A closer look at Entra Application policies to govern secrets and certificates • Jan Bakker
Mastering Certificate Rotation in Entra ID • Tim Groothuis
Tackling Expiring Entra ID Client Secrets And SAML Certificates • Flavio Meyer
Resolving Entra Application Policies Conflict • Jay Kerai
👮♂️ ID Governance
Trigger Logic App on group membership changes in Entra ID • Jan Bakker
Grant Just-In-Time Access to Generative AI Apps Using Access Packages • Praba
🌐 Private Access & Internet Access (GSA)
Global Secure Access and Sentinel Integration…. and brisket? • Dustin Gullett
Extending the Migrate2GSA PowerShell Module – Why I added JSON support • Michael Morten Sonne
🔑 Authentication
Dashboard of Windows authentication methods usage (WHfB vs password) • Damien Van Robaeys
Managing OATH/TOTP Hardware Tokens in Microsoft Entra ID: Graph API Is Here, but GUI Still Missing • Dr. Emin Huseynov
👥 User & Group Management
Cloud Identity Migration with SOA | Entra ID • Michael Frank
How to Change Active Directory Group Source of Authority to Microsoft Entra ID • Sreejith Reghunathan Pillai
Why You Should Use Administrative Units to Delegate Entra Administration • Mark Oldham
📺 How to convert Active Directory groups to Entra ID controlled group (21 min) • BlueScreen Brothers
📺 Entra ID Administrative Units Overview (11 min) • Charlie Parmiter
🤖 DevOps & PowerShell
Managing Entra ID Configuration and Security using the Terraform MSGraph Provider ❤️ • Brian Veldman
Microsoft Graph Bicep – Part 3 • Flavio Meyer
📺 Authentication unpacked: What does MSAL actually do? Ben Reader (28 min) • PowerShell Conference EU
🚦 Conditional Access
Conditional Access Essentials: From Report-Only to Enforced Mode • Ewelina Paczkowska
Configuring Conditional Access for Guest Users: Allowing Only Office 365 and Essential Apps • Kenneth van Surksum
Microsoft Conditional Access: Implementation Considerations and Common Mistakes • Anders Ahl
The My Sign-Ins Portal, Applications, and Conditional Access • Tony Redmond
Conditional Access - Supplementing Exclusions for Travelling Users • Jay Kerai
📺 Restore Named Locations in Entra ID (Public Preview) (6 min) • Rio Hindle
🖥️ Devices
Microsoft Intune & Entra ID Secure Configuration Framework – A Practical Guide for Administrators • Ricardo Barbosa
RDP connect to a Microsoft Entra joined machine - macOS edition • Samuel Eng
Should you exclude “Microsoft Intune Enrollment” from your compliance CAP or not? • Patrick Seltmann
Windows finally translates Entra group and role SIDs to real names • Rudy Ooms
🏙️ External ID - Guests & Multi-Tenant Organizations
Creating a Comprehensive Inactive Guest Account Report • Tony Redmond
Guest User Access: A High-Level Checklist • Shehan Perera
How External Identities Improve Security and Collaboration in AVD and Windows 365 • Dieter Kempeneers
🥷 Security
Death by Token: Understanding CVE-2025-55241 • Paul Robichaux
Microsoft Privileged Access Workstations: A Comprehensive Guide • Ankit Gupta
MSRC Case: When Temporary Global Admin Rights Don’t Expire in Microsoft Entra PIM • Tom Rolvers
NAA or BroCI...? Let Me Explain • Hope Walker
📺 SyncJacked - Hijacking Identities Through Entra Connect Synchronization (20 min) • Tomer Nahum
📒 Tenant Configuration
KB – Failed to verify domain name – Entra ID • Jan Bakker
Remove Custom Domains in Microsoft 365 • Blesslin Rinu
🛍️ External ID - Customers
⚒️ Toolkit
Conditional Access Baseline October 2025 (v2025-10) Available on GitHub • Kenneth van Surksum
🎙️ Podcasts
Avoiding identity mistakes using IdentityProxy with Stephan van Rooij • Jussi Roine, Tobias Zimmergren, Stephan van Rooij
🔥 Maester
Governance Entra ID with Backstage and Maester • Mateusz Jendza
👨🏽💻 Merill’s corner
Want to get featured on Entra.News? → Submit your content 😎
Want us to say nice things about your company? Sponsor entra.news 🤩
Love the newsletter? Tell us 💚❤️💜
🪃 Acknowledgement of Country
Entra.News is created on Wurundjeri land and acknowledges the traditional owners of country throughout Australia, recognising their continuing connection to land, water and community. We pay our respect to them and their cultures and to elders both past and present.
Fantastic weekly roundup! The Conditional Access Optimization Agent improvements are really game-changing - it's great to see Microsoft iterating on this. The article on passkey profiles in the authentication methods policy is particulary interesting as phishing-resistant authentication becomes more critical. I also appreciate the community section highlighting practical implementation guides - the piece on Conditional Access implementation considerations is a must-read. These newsletters do a great job of keeping the Entra community informed and connected. Keep up the excellent work!
So many great content. Kudos to everyone who has made their valuable work available to all of us.