👋 Hi, Merill and Joshua here with this week’s roundup of the latest news on Microsoft Entra from around the globe 🌍. With Ignite just around the corner, it’s shaping up to be a big month for Entra. Expect major announcements!

In the meantime, this week’s updates bring a mix of new PIM API changes, fresh takes on Conditional Access, and some clever AI experiments using Microsoft Graph and Copilot.

And for this week’s Entra Chat episode, I was joined by Sami Lamppu and Thomas Naunheim, the creators of the Entra ID Attack and Defense Playbook. We unpack their five-year journey mapping out complex identity attacks. Check it out 👇

Hacking Entra ID: Inside the Attack & Defense Playbook with its Creators

Merill Fernando

·

Nov 1

Read full story

Enjoy!

Sponsored by:

Architecting Zero Trust Identity in Entra ID

Join ENow and MVPs Alistair Pugin, and Nicolas Blank, on November 12^th for a live Application Governance session on applying Zero Trust principles to identity architecture.

Zero Trust is more than a framework; it is a mindset that assumes compromise and requires verification at every turn. As organizations accelerate AI adoption and rely more on interconnected cloud applications, Non-Human Identities (NHIs) such as service principals, agents, and app registrations are rapidly multiplying, often without proper governance.

You’ll Learn:

• How to build Zero Trust resilience through identity lifecycle management

• Strategies to identify and govern Non-Human Identities (service principals, app registrations, agents)

• Techniques to verify explicitly and prepare for breach scenarios

  Register Now

⚡️ Microsoft

📖 Read

• Microsoft Entra at Ignite 2025: November 17-21 • Irina Nechaeva

🗣️ Message Center

MC1181281 - Microsoft Entra | Iteration 2 (beta): Privileged Identity Management (PIM) APIs to be phased out by Oct 28, 2026

From the community…

🚀 Most popular posts from last week

• 🥇Why You Should Start Using Microsoft Learn MCP Today • Brian Veldman

• 🥈Enable Passwordless Authentication for Hybrid Domain with Microsoft Entra Kerberos • Karthi

• 🥉Allowing Users to Add Enterprise Apps to Entra ID is a Bad Idea • Tony Redmond

Sponsored by:

Move your apps fast and safe to Intune

Managing multiple M365 tenants shouldn’t feel like copy-pasting policies or guessing what changed, clicking through every blade manually, and hoping nothing drifts. Tenant Manager gives a clear overview across all environments, with standardized onboarding, policy deployment, drift detection, instant backup & restore (critical for Cyber Insurance).

• A single view across all tenants

• Drift detection without scripting

• Rapidly deploy new tenants to industry baselines with a matter of clicksInstant

• backup, restore, comparison

• CIS Certified - check your tenant(s) against CIS benchmarks, deploy official policies in seconds

Most teams spend days setting up new tenants and still miss key policies. Tenant Manager cuts that to 30 minutes and keeps everything aligned after that.

Built for MSPs, enterprise teams, and anyone tired of managing M365 the hard way.

• See it here: https://bit.ly/45kJjHq

• Brought to you by Andrew Taylor and SoftwareCentral

Start Safe Passage trial

☀️ Learn

👩‍✈️ AI & Copilot

• Practical AI: AI Exploration of Microsoft Graph with Lokka • Paul Robichaux

• Developing an MCP Scenario with TypeScript: A production-ready reference implementation • Tobias Maestrini

• How to Copilot agent in Salesforce Lightning with Entra SSO • Brian Baldock

🧰 Workload ID

• We Have To Talk About Service Accounts! • Debug Privilege

👮‍♂️ ID Governance

• Solving Governance Gaps in Entra ID with Directory Extensions • Sandra Saluti

• PowerShell 7 Support Arrives for the Granfeldt PowerShell Management Agent • Darren Robinson

• Ever struggled to understand SCIM provisioning in Microsoft Entra? • Loïc Michel

• Automating Privileged Identity Management in Azure Landing Zones with Azure Bicep and Microsoft Graph • Brian Veldman

🌐 Private Access & Internet Access (GSA)

• Entra Private Access Channels Are Unreachable • Richard Hicks

📦 Apps

• How to Use Managed Identity for Multi-Tenant Microsoft Teams Authentication • Daniel Bradley

🔑 Authentication

• 📺 Authenticate 2025: Passkey Mythbusters - Short Takes on Common Misunderstandings (59 min) • Tim Cappalli

• Disabling Entra Seamless SSO – some extra notes • Dániel Kovács

• Firefox multi-account containers and Entra ID SSO • Rakhesh Sasidharan

• How to Find Inactive Authentication Methods in Microsoft Entra • Daniel Bradley

• Implementing Windows Hello for Business using the Cloud Trust Model • Anders Ahl

• The Passwordless Future: FIDO2 and Passkeys Transform Enterprise Security • Sameer Bhanushali

👥 User & Group Management

• Identify how users authenticate on Windows (PIN, fingerprint, facial recognition, password) with PowerShell • Damien Van Robaeys

• Last used data for authentication methods is now available on the Graph • Vasil Michev

• Restricted Management Administrative Units • Mark Oldham

• 📺 Changing the User Source of Authority from AD to Entra ID (16 min) • John Savill’s Technical Training

🤖 DevOps & PowerShell

• EntraIDAccessToken, our open module for simplifying Entra ID authentication in your PowerShell scripts and modules • Marius Solbakken

• Microsoft Graph: a Practical Guide - Part 2 • Hailey Phillips

🚦 Conditional Access

• Beware including “My Sign-ins” in Conditional Access policies • Rakhesh Sasidharan

• Conditional Access Token Protection • Michael Vink

• Dynamic Conditional Access policies using custom security attributes • Jan Bakker

• Some policies I use in Conditional Access • Lewis Barry

• 📺 How to Set Up Conditional Access in Microsoft 365 (Step-by-Step) (36 min) • Jonathan Edwards

🔐 Credential Management

• Temporary access pass and MFA (re)registration • Benoit Hamet

🖥️ Devices

• Device Risk Meets Conditional Access: The Real Power of Unified Endpoint Security • Shehan Perera

• Intune-SetPrimaryUsers.ps1 – Version 6.0: 10x Faster, Smarter, and More Reliable • Torbjorn Granheden

• KB – Enable Single Sign On for Windows 365 Cloud PC • Jan Bakker

• Windows 11 Hardening With Intune for a Secure Environment • Marco Wohler

🏙️ External ID - Guests & Multi-Tenant Organizations

• 📺 Why Your Entra Guest Access Is Risky [5 Critical Mistakes] (13 min) • Ru Campbell

🥷 Security

• 2 Ways to Disable Security Defaults in Entra ID • Prajwal Desai

• KQL – Get a list of users removed from an Entra ID group • Rakhesh Sasidharan

• Stealing Access Token Secrets from Teams is Hard Unless a Workstation is Compromised • Tony Redmond

♻️ Sync

• Convert AD Groups to Cloud Authority & Enforce JIT Access with Entra PIM + Cloud Sync • Sreejith Reghunathan Pillai

📒 Tenant Configuration

• Major Azure Front Door Outage Causing Widespread Service Disruptions Across Microsoft 365, Microsoft Azure, and the Azure Portal • Chris Pietschmann

🛍️ External ID - Customers

• Issue with migrating users with a password from Azure AD B2C to Entra External ID using OTP • Rory Braybrook

⚒️ Toolkit

• kayasax/SCIMTool: Inspect EntraID SCIM flows for troubleshooting • Loïc Michel

🎙️ Podcasts

• Azure Security Podcast - Zero Trust Workshop (and so much more!) • Michael Howard, Merill Fernando

• Ctrl+Alt+Azure - Microsoft Digital Defense Report 2025 • Jussi Roine & Tobias Zimmergren

🔥 Maester

👨🏽‍💻 Merill’s corner

• Want to get featured on Entra.News? → Submit your content 😎

• Want us to say nice things about your company? Sponsor entra.news 🤩

• Love the newsletter? Tell us 💚❤️💜

🪃 Acknowledgement of Country

Entra.News is created on Wurundjeri land and acknowledges the traditional owners of country throughout Australia, recognising their continuing connection to land, water and community. We pay our respect to them and their cultures and to elders both past and present.