Entra 🆔 News #125 → This week in Microsoft Entra
Get the latest Microsoft Entra insights on securing AI agents, synced passkeys, Ignite 2025 session replays, Microsoft's new MCP server for Graph API and more...
👋 Hi, Merill and Joshua here with this week’s roundup of the latest news on Microsoft Entra from around the globe 🌍.
The dust has finally settled on Microsoft Ignite 2025, but for identity pros, the real work is just beginning. This week’s issue is heavily influenced by the community’s reaction to the biggest announcements - specifically the rapid rise of AI Agents and the new security paradigms required to manage them (hello, Agent ID!).
Whether you are catching up on the “must-watch” session replays or looking for practical guides on the new External ID features and Passkey implementations, we’ve got you covered.
Also, don’t miss my deep dive with Luca Spolidoro into the “Secret Sauce” behind the new MCP server - it’s a fascinating look at how we are bridging context between systems.
The "Secret Sauce" Behind Microsoft's New MCP Server
Luca Spolidoro from the Microsoft Entra AI Innovations team joins us to unveil the new Microsoft MCP Server for Enterprise. We discuss how this innovation allows admins and AI agents to interface with their tenant using natural language, bridging the gap between LLMs and the complexity of Microsoft Graph.
Enjoy!
Sponsored by:
Get Control of Entra NHIs Before AI Scales
Most Entra tenants are full of service principals, app registrations, and other non-human identities (NHIs) nobody fully owns or monitors. Before Copilot Studio and new AI integrations multiply that access, you need a clean baseline:
See every NHI in Entra and AD: service principals, app registrations, managed identities, and more in one view.
Know who owns what: map NHIs to teams, apps, and business owners instead of chasing spreadsheets and tickets.
Understand real risk: unused, over-privileged, and stale identities called out with actionable fixes.
Support copilots and automations safely: let teams connect AI and workflows without losing control of access.
See how enterprises are getting NHI visibility, tightening Entra hygiene, and supporting copilots and automations safely at scale with Oasis.
⚡️ Microsoft
🏆 General Availability
Building defense in depth: Simplifying identity security with new partner integrations in Microsoft Entra External ID • Pawan-Nrisimha
🔥 Public Preview
Enhance protection of Microsoft Entra ID authentication by blocking external script injection • Ankur Patel
Connect to a Windows VM using RDP - Azure Bastion • Microsoft Learn
Managed Identity for Virtual Network Flow Logs - Azure Network Watcher • Microsoft Learn
📖 Read
ICYMI: Watch replays of Microsoft Entra sessions at Microsoft Ignite 2025 | Microsoft Community Hub • Kaitlin Murphy
📺 Watch
📺 Build A365-Ready Agents for the Enterprise | BRK305 (43 min) • Robert Bruckner, James Oleinik
📺 Explore Microsoft Agent 365 security and governance capabilities | BRK269 (41 min) • Kim Kischel, Joanne Marone, Irina Nechaeva, Shilpa Ranganathan
📺 Microsoft Entra: What’s New in Secure Access on the AI Frontier | BRK243 (45 min) • Joy Chik, Nichole Peterson, John Savill
📺 On-Behalf-Of (OBO) flows with Microsoft 365 Agents SDK (30 min) • Sarah Critchley, Matthew Barbour
🗣️ Message Center
MC1189663 - Retirement of external access token for actionable messages – moving to Microsoft Entra authentication
From the community…
🚀 Most popular posts from last week
🥇Enabling and Using Synced Passkeys in Entra ID • Gabriel Delaney
🥈New Baseline Security Mode for Microsoft 365 • Rudy Mens
🥉KB- Windows 11 Advanced passkey settings • Jan Bakker
Sponsored by:
An Early Christmas Gift for IT Support
1st of December is coming up - lights, traditions, and for IT, the usual monthly cycle of joiners and leavers.
Yet hybrid AD onboarding still relies on mixed tools, PowerShell, and “secret steps” passed down like tribal knowledge only senior admins know.EasyEntra Virtual User Templates changes that:
🎄 Create reusable templates from any existing hybrid user in under a minute
🎄 Template + new Display Name = fully provisioned hybrid account in ~30 seconds
🎄 No scripts, no guesswork, no deviations from standards - everA full set of templates for every role? Built in under one hour, including EasyEntra installation.
Let first-line support confidently take over onboarding and let senior IT spend December (and every month after) focusing on strategy and security - not user provisioning. 🎁
☀️ Learn
👩✈️ AI & Copilot
How Microsoft Entra aims to keep your AI agents from running wild • David Berlind
AI Agents Are Swarming Your Tenant. How Conditional Access for Agent ID Keeps Them in Check • Dustin Gullett
Reimagining Conditional Access: How Microsoft Entra’s Optimization Agent Elevates Zero Trust Security • Sameer Bhanushali
Understanding Agent ID for Security Copilot • Jaime Guimerá Coll
💳 Verified ID
📺 Account recovery with Face Check (1 min) • Jarred Boone
🌐 Private Access & Internet Access (GSA)
Intelligent Local Access Deep Dive • Chris Brumm
Intelligent Local Access for Private Access • Michael Morten Sonne
📺 Connect users to on-premises resources while enforcing Conditional Access policies (1 min) • Ashish Jain
📺 Avoid network roundtripping with intelligent local access (1 min) • Ashish Jain
📦 Apps
Applications – The Third Pillar of Zero Trust • Andy Kemp
Consent between first party application and first party resource must be configured • Rakhesh Sasidharan
🔑 Authentication
You can now use Entra ID authentication when connecting to a virtual machine using Bastion • Benoit Hamet
Easy Sign-In to Entra ID Applications for Frontline Workers With QR Codes • Brian Reid
The Future Is Phishing-Resistant (Synced Passkeys) • Jon Hope
📺 Synced passkeys (1 min) • Jarred Boone
👥 User & Group Management
How to Use Role-Assignable Groups in Microsoft Entra ID • AIMA
📺 Easily Download Users in Entra ID (1 min)• Andy Malone
🚦 Conditional Access
Stop Skipping MFA For Office/Trusted IPs • Jay Kerai
Reimagining Conditional Access: How Microsoft Entra’s Optimization Agent Elevates Zero Trust Security • Sameer Bhanushali
🔐 Credential Management
Store your Microsoft 365 passkeys in 1Password • Jan Bakker
PKI Requirements for Windows Hello for Business Cert trust • Anders Ahl
🖥️ Devices
📺 Configuring Passwordless Access to On-Prem Resources with WHfB & Cloud Trust (8 min) • Azure Brother
📺 Master AVD and FSLogix: Unveiling Entra-only Identity Secrets! (20 min) • Travis Roberts
🏙️ External ID - Guests & Multi-Tenant Organizations
📺 When Guest Accounts Go Wild in Microsoft 365 😅 • Jonathan Edwards
🥷 Security
3 OAuth TTPs Seen This Month — and How to Detect Them with Entra ID Logs • Sapir Federovsky
Microsoft 365: The Essential 10 Security Considerations • Ru Campbell
Top 10 Entra & Intune Security Tips • Niklas Tinner
What Is Baseline Security Mode and Should You Rely on It? • Daniel Bradley
How to Enable Baseline Security Mode in Microsoft 365 • Daniel Bradley
📺 BruCON 0x11 - Deep-dive to Entra ID Token Theft Protection (44 min) • Dr. Nestori Syynimaa
📺 TROOPERS25: Finding Entra ID CA Bypasses - The Structured Way (58 min) • Fabian Bader, Dirk-jan Mollema
📺 TROOPERS25: Getting developers to follow standards is easy, and other lies we tell ourselves (51 min) • Eric Woodruff
📺 TROOPERS25: The Ultimate Guide for Protecting Hybrid Identities in Entra ID (46 min) • Dr. Nestori Syynimaa
📺 Microsoft Entra ID Delegation: Best Practices and Use Cases (64 min) • Uros Babic
📒 Tenant Configuration
Goodbye Domain Controllers: Access Azure File Shares with Microsoft Entra Kerberos (Step-by-Step Guide) • Sreejith Reghunathan Pillai
📺 Microsoft 365 Licensing Made Easy – Business Premium vs E3 vs E5 (13 min) • Jonathan Edwards
🛍️ External ID - Customers
Creating a new B2C tenant if you already have an existing one • Rory Braybrook
Using PowerShell 7 with Entra External ID (EEID) to handle “Profile Edit” • Rory Braybrook
Using PowerShell 7 with Entra External ID (EEID) to link identities • Rory Braybrook
🎙️ Podcasts
A look at the new Zero Trust assessment tool from Microsoft | Ctrl+Alt+Azure • Jussi Roine & Tobias Zimmergren
🔥 Maester
👨🏽💻 Merill’s corner
Want to get featured on Entra.News? → Submit your content 😎
Want us to say nice things about your company? Sponsor entra.news 🤩
Love the newsletter? Tell us 💚❤️💜
🪃 Acknowledgement of Country
Entra.News is created on Wurundjeri land and acknowledges the traditional owners of country throughout Australia, recognising their continuing connection to land, water and community. We pay our respect to them and their cultures and to elders both past and present.
Outstanding curation of Entra ID developments, particularly appreciate the Agent ID coverage. The Spolidoro interview on Microsoft's MCP server for Graph API is a standout, bridging LLM natural language interfaces with enterprise tenant management addresses a real operational gap. What's slightly underexplored is how the 60M Gas limit shift (wrong reference but you get the spirit) connects to identity workload management at scale. Conditional Access policies for Agent IDs are crucial, but the attestation andaudit trail mechanics for autonomous agentic workflows remain murky. If Ignite session BRK269 dives deeper into governance rails for copilot identity sprawl, that would clarify implementation guardrails considerably.