Entra 🆔 News #122 → This week in Microsoft Entra
Learn about GA of Group Source of Authority, Public Preview of User SOA and more...
👋 Hi, Merill and Joshua here with this week’s roundup of the latest news on Microsoft Entra from around the globe 🌍.
The big news this week - Group Source of Authority is now generally available and is a major step in Microsoft’s journey to help customers move to cloud-first identity management.
We also saw strong community discussions around service accounts, Conditional Access, and the new soft-deletion and recovery for cloud security groups, a small but powerful safeguard for admins.
🎧 On the podcast this week, Katie Knowles joined us for a fascinating conversation on securing Microsoft Entra. A must-listen for all defenders.
Hacking Entra ID: Bypassing AppLocks & Creating ‘Immortal’ Users
In this episode, I sit down with security researcher Katie Knowles to unpack the hidden layers of identity systems inside Microsoft Entra. We get into real-world attack paths like backdooring service principals, restricted administrative units that can accidentally create unstoppable accounts, and OAuth phishing in Copilot Studio.
Enjoy!
Sponsored by:
🤠 Wrangle the Entra App Frontier with ENow
The Entra ID app landscape has turned into a wild frontier: sprawling apps, tangled permissions, and citizen developers spinning up new agents and their apps faster than you can lasso ’em.
That’s where ENow’s AppGov Score comes in:
Surveys and benchmarks your Entra ID app governance
Identifies stale/risky apps
Flags risky permissions and credential expiry before breach/disruption
Delivers an App Governance Report - your map to a safer, smarter tenant
You don’t have to corral this Entra app chaos alone; there’s a whole community willing to help. Take the reins, spot risks on the horizon, and ride with confidence knowing your Entra environment is secure.
⚡️ Microsoft
🏆 General Availability
Driving cloud-first identity: User SOA is now Public Preview and Group SOA is Generally Available • Joseph Dadzie
Azure Container Registry now supports Microsoft Entra Attribute-based Access Control (ABAC) • Johnson Shi
📖 Read
Microsoft Entra ID Protection scenario for mastering risk analysis for effective remediation • Microsoft Learn
🗣️ Message Center
MC1183299 - Microsoft Entra: Soft deletion and restoration for cloud security groups
MC1097225 🔺 - Entra ID: Upcoming changes to support passkey profiles in the authentication methods policy (preview)
From the community…
🚀 Most popular posts from last week
🥇We Have To Talk About Service Accounts! • Debug Privilege
🥈Beware including “My Sign-ins” in Conditional Access policies • Rakhesh Sasidharan
🥉Some policies I use in Conditional Access • Lewis Barry
Sponsored by:
“EasyEntra Has Transformed Our Daily IT Operations”
If onboarding a hybrid user takes 20 minutes and senior tech keeps getting dragged into first-line support, perhaps the problem is not your support team. It’s their tools.
Unlock a new level of IT efficiency for your entire organization.
EasyEntra streamlines your AD + M365 management by:✅ Automating onboarding and offboarding.
✅ Consolidating management of users, mailboxes, and licenses.
✅ Stopping escalations of (what should be) simple helpdesk tickets.Trusted by organizations worldwide:
“One of the best products I’ve used” – Mirick Law, US
“It feels almost like a revolution” – Arjeplog Municipality, SE
“This is the best software ever” – Core Healthcare, USNo infrastructure changes. No security changes. One-minute installation.
☀️ Learn
👩✈️ AI & Copilot
📺 Why You Should Start Using Microsoft Learn MCP Today (7 min) • Brian Veldman
👮♂️ ID Governance
Finding and Cleaning Up Deleted Resources in Entra ID Access Packages • Christian Frohn
🌐 Private Access & Internet Access (GSA)
Having trouble with the GSA client health check? Here is how to fix the most common errors! • Per-Torben Sørensen
📦 Apps
Restrict App Consent and Permissions Microsoft Entra • Mark Oldham
Microsoft Requires Admin Consent for Apps Accessing Exchange & Teams APIs • Blesslin Rinu
📺 Entra Apps: Hunting Certificates & Secrets (23 min) • BlueScreen Brothers
🔑 Authentication
Microsoft Edge just fixed a big passkey problem • Jorge A. Aguilar
The Passwordless Paradox: Why Haven’t More Companies Adopted Windows Hello for Business? • Andrew Cooke
📺 This is how NOT to do MFA 😬 • Jonathan Edwards
👥 User & Group Management
Restore Deleted Cloud Security Groups in Microsoft Entra • Daniel Bradley
Entra ID – You can now recover deleted cloud security groups (preview) • Benoit Hamet
Microsoft Entra Adds Soft Deletion and Restoration for Cloud Security Groups • Ramya
🤖 DevOps & PowerShell
The Good (OIDC), The Bad (Secrets), and The Bicep • Stephen Tulp
A beginners guide to Microsoft Graph API rate limiting in Intune • Ben Whitmore
Building Event-Driven Automations in Microsoft 365 Using Graph Subscriptions • Brad Wyatt
🚦 Conditional Access
Diving into geo filter with Entra Conditional Access – Part 1 • Per-Torben Sørensen
How to Restore Deleted Conditional Access Policies in Microsoft Entra ID • Praba
Locking Down Conditional Access Policies: A Lesson in Entra ID Limitations • Manish Periwal
Mastering Microsoft Entra Authentication Contexts - Part 4: Monitoring and Reporting with KQL & M365IdentityPo • Sebastian Flæng Markdanner
📺 425 Show | Using AI to optimize Conditional Access policies (45 min) • Jeff Bley
📺 Conditional Access in Microsoft 365 – Real-World Scenarios (25 min) • Jonathan Edwards
🖥️ Devices
Migrate hybride identity to cloud native identity • Jan Mulder
Intune bitlocker recovery key missing in entra id • Benoit Lecours
📺 New controversial Entra ID feature • Andy Malone
📈 Reporting and Insights
🥷 Security
Deploying Entra ID and Azure Attack Paths with BadZure • Mauricio Velazco
Whitepaper: Securing Identities in the Microsoft Cloud | Google Cloud Security Community • Juraj S, Razvan Buliga, Ischa Rijff
📺 Deep-dive to Entra ID Token Theft Protection - Ekoparty 2025 (55 min) • Nestori Syynimaa
🛍️ External ID - Customers
Sign in with username in Entra External ID (EEID) • Rory Braybrook
⚒️ Toolkit
Automating Entra ID Documentation: From 10-Hour Marathon to a 3-Minute Export • Ugur Koc
WatchTra: Attribute Compliance in Microsoft Entra ID • Oliver Müller
🔥 Maester
👨🏽💻 Merill’s corner
Want to get featured on Entra.News? → Submit your content 😎
Want us to say nice things about your company? Sponsor entra.news 🤩
Love the newsletter? Tell us 💚❤️💜
🪃 Acknowledgement of Country
Entra.News is created on Wurundjeri land and acknowledges the traditional owners of country throughout Australia, recognising their continuing connection to land, water and community. We pay our respect to them and their cultures and to elders both past and present.