👋 Hi, Merill and Joshua here with this week’s roundup of the latest news on Microsoft Entra from around the globe 🌍.

This week, we’re diving into everything from securing your AI and Copilot applications and mastering Workload ID certificate rotation to the latest updates on user Source of Authority changes. Plus, get essential tips on Conditional Access implementation and managing Privileged Access Workstations (PAWs).

Don’t forget to check out this week’s podcast with Alexander Filipin on how agentic AI is helping improve Access Reviews.

AI is Coming to Identity Governance! Meet the Entra Access Review Agent

Merill Fernando

·

October 18, 2025

In this episode, I sit down with Alexander Filipin, a Product Manager at Microsoft, to unpack the essentials of identity governance and why access reviews are a game-changer for security and compliance.

Read full story

Enjoy!

Sponsored by:

“EasyEntra Has Transformed Our Daily IT Operations”

If onboarding a hybrid user takes 20 minutes and senior tech keeps getting dragged into first-line support, perhaps the problem is not your support team. It’s their tools.

Unlock a new level of IT efficiency for your entire organization.

EasyEntra streamlines your AD + M365 management by:

✅ Automating onboarding and offboarding.
✅ Consolidating management of users, mailboxes, and licenses.
✅ Stopping escalations of (what should be) simple helpdesk tickets.

Trusted by organizations worldwide:

“One of the best products I’ve used” – Mirick Law, US
“It feels almost like a revolution” – Arjeplog Municipality, SE
“This is the best software ever” – Core Healthcare, US

No infrastructure changes. No security changes. One-minute installation.

Free 30-Day Trial

⚡️ Microsoft

🏆 General Availability

• The Conditional Access Optimization Agent keeps getting better—and making your life easier • Alex Simons

🔥 Public Preview

• What’s new in Microsoft Entra – September 2025 • Shobhit Sahay

🗣️ Message Center

• 15 Oct - MC1097225 - (Updated) Entra ID: Upcoming changes to support passkey profiles in the authentication methods policy (preview)

📆 Upcoming Events

• Practitioner’s Playbook for Microsoft Entra Suite in Action • Microsoft Security Community

From the community…

🚀 Most popular posts from last week

• 🥇How to Get Entra Enterprise Application Permissions Report • Lokesh

• 🥈How to Change onmicrosoft.com fallback domain name • Rudy Mens

• 🥉Secretless confidential applications • Stephan Van Rooij

Sponsored by:

Move your apps fast and safe to Intune

Intune should be progress, not punishment.
Robopack gives you a clean handover. Your ConfigMgr apps discovered, packaged, patched, and tracked.

• Finds unmanaged apps automatically

• Patches with rollback and deployment control

• Supports custom scripts and app settings

• Keeps new apps patched with Radar tracking

• ISO 27001 certified for data protection

No lost apps. No manual patching. No rollback panic.
Your migration stays clean, your apps stay compliant. A secure, controlled move to Intune.

Start your 60-day Safe Passage trial and see how easy Intune can be.

Start Safe Passage trial

☀️ Learn

👩‍✈️ AI & Copilot

• Implement a secure MCP OAuth desktop client using OAuth and Entra ID • Damien Bowden

🧰 Workload ID

• A closer look at Entra Application policies to govern secrets and certificates • Jan Bakker

• Mastering Certificate Rotation in Entra ID • Tim Groothuis

• Tackling Expiring Entra ID Client Secrets And SAML Certificates • Flavio Meyer

• Resolving Entra Application Policies Conflict • Jay Kerai

👮‍♂️ ID Governance

• Trigger Logic App on group membership changes in Entra ID • Jan Bakker

• Grant Just-In-Time Access to Generative AI Apps Using Access Packages • Praba

🌐 Private Access & Internet Access (GSA)

• Global Secure Access and Sentinel Integration…. and brisket? • Dustin Gullett

• Extending the Migrate2GSA PowerShell Module – Why I added JSON support • Michael Morten Sonne

🔑 Authentication

• Dashboard of Windows authentication methods usage (WHfB vs password) • Damien Van Robaeys

• Managing OATH/TOTP Hardware Tokens in Microsoft Entra ID: Graph API Is Here, but GUI Still Missing • Dr. Emin Huseynov

👥 User & Group Management

• Cloud Identity Migration with SOA | Entra ID • Michael Frank

• How to Change Active Directory Group Source of Authority to Microsoft Entra ID • Sreejith Reghunathan Pillai

• Why You Should Use Administrative Units to Delegate Entra Administration • Mark Oldham

• 📺 How to convert Active Directory groups to Entra ID controlled group (21 min) • BlueScreen Brothers

• 📺 Entra ID Administrative Units Overview (11 min) • Charlie Parmiter

🤖 DevOps & PowerShell

• Managing Entra ID Configuration and Security using the Terraform MSGraph Provider ❤️ • Brian Veldman

• Microsoft Graph Bicep – Part 3 • Flavio Meyer

• 📺 Authentication unpacked: What does MSAL actually do? Ben Reader (28 min) • PowerShell Conference EU

🚦 Conditional Access

• Conditional Access Essentials: From Report-Only to Enforced Mode • Ewelina Paczkowska

• Configuring Conditional Access for Guest Users: Allowing Only Office 365 and Essential Apps • Kenneth van Surksum

• Microsoft Conditional Access: Implementation Considerations and Common Mistakes • Anders Ahl

• The My Sign-Ins Portal, Applications, and Conditional Access • Tony Redmond

• Conditional Access - Supplementing Exclusions for Travelling Users • Jay Kerai

• 📺 Restore Named Locations in Entra ID (Public Preview) (6 min) • Rio Hindle

🖥️ Devices

• Microsoft Intune & Entra ID Secure Configuration Framework – A Practical Guide for Administrators • Ricardo Barbosa

• RDP connect to a Microsoft Entra joined machine - macOS edition • Samuel Eng

• Should you exclude “Microsoft Intune Enrollment” from your compliance CAP or not? • Patrick Seltmann

• Windows finally translates Entra group and role SIDs to real names • Rudy Ooms

🏙️ External ID - Guests & Multi-Tenant Organizations

• Creating a Comprehensive Inactive Guest Account Report • Tony Redmond

• Guest User Access: A High-Level Checklist • Shehan Perera

• How External Identities Improve Security and Collaboration in AVD and Windows 365 • Dieter Kempeneers

🥷 Security

• Death by Token: Understanding CVE-2025-55241 • Paul Robichaux

• Microsoft Privileged Access Workstations: A Comprehensive Guide • Ankit Gupta

• MSRC Case: When Temporary Global Admin Rights Don’t Expire in Microsoft Entra PIM • Tom Rolvers

• NAA or BroCI...? Let Me Explain • Hope Walker

• 📺 SyncJacked - Hijacking Identities Through Entra Connect Synchronization (20 min) • Tomer Nahum

📒 Tenant Configuration

• KB – Failed to verify domain name – Entra ID • Jan Bakker

• Remove Custom Domains in Microsoft 365 • Blesslin Rinu

🛍️ External ID - Customers

• Some notes on migrating from Azure AD B2C to Entra External ID (EEID) (Part 3) • Rory Braybrook

⚒️ Toolkit

• Conditional Access Baseline October 2025 (v2025-10) Available on GitHub • Kenneth van Surksum

🎙️ Podcasts

• Avoiding identity mistakes using IdentityProxy with Stephan van Rooij • Jussi Roine, Tobias Zimmergren, Stephan van Rooij

🔥 Maester

• Governance Entra ID with Backstage and Maester • Mateusz Jendza

👨🏽‍💻 Merill’s corner

• Want to get featured on Entra.News? → Submit your content 😎

• Want us to say nice things about your company? Sponsor entra.news 🤩

• Love the newsletter? Tell us 💚❤️💜

🪃 Acknowledgement of Country

Entra.News is created on Wurundjeri land and acknowledges the traditional owners of country throughout Australia, recognising their continuing connection to land, water and community. We pay our respect to them and their cultures and to elders both past and present.