Entra 🆔 News #133→ This week in Microsoft Entra
Learn and prepare for auto-enabling passkey profiles, retiring of Approved Client App control in CA and more...
👋 Hi, Merill and Joshua here with this week’s roundup of the latest news on Microsoft Entra from around the globe 🌍.
Identity is moving faster than an OAuth token refresh. This week, we’re diving into the ‘Agentic’ future with Microsoft’s new Identity Platform, but we’re keeping our feet on the ground with a critical warning on the resurgence of SharePoint phishing.
Inside this issue:
The June Deadline: Why you need to audit your Conditional Access policies now before ‘Approved Client App’ controls retire.
Automation Wins: Tony Redmond’s latest PowerShell gems for role and group membership cleanup.
The AI Pivot: Joy Chik’s 2026 priorities for AI-powered security.
Deep Dives: From FIDO2 admin pitfalls to bridging the Zero Trust gap for legacy systems.
Grab a coffee ☕… it’s time to level up.
Sponsored by:
Offboard a Hybrid User With One CmdLet
Hybrid user offboarding shouldn’t require juggling multiple consoles, manual checklists, and dozens of PowerShell commands. Yet that’s exactly what most IT teams face.
EasyEntra’s new
Invoke-EEDecommissionHybridUserCmdLet changes that:🚀 One command handles the entire offboarding workflow
🚀 ~20 configurable settings to match your exact requirements
🚀 Automatically revokes session tokens and purges group memberships
🚀 Removes inbox rules and clears recurring calendar events
🚀 Set up in minutes, no infrastructure changes, zero learning curve
🚀 Free for tenants with fewer than 25 licensed usersNo more context switching. No more missed steps. Just consistent, automated offboarding every time.
“It feels almost like a revolution.”
Head of IT, Arjeplog Municipality, Sweden
⚡️ Microsoft
📖 Read
Four priorities for AI-powered identity and network access security in 2026 • Joy Chik
Resurgence of a multi‑stage AiTM phishing and BEC campaign abusing SharePoint • Microsoft Defender Security Research Team
🗣️ Message Center
From the community…
🚀 Most popular posts from last week
🥇Control which tenants can access your Entra ID integrated applications • Vasil Michev
🥈Allow One, Allow All: When Conditional Access Loses the Plot • Graham Gold
🥉It’s 10 p.m. - Do you know what your Conditional Access policies are doing? • Kåre Overgård
Sponsored by:
Scan, Score, and Secure Your Applications in Entra
Application identities represent one of the largest attack surfaces in Entra and are often among the least consistently governed. AppGov Score helps IT and Security teams understand where risk exists. The 24-check assessment evaluates Entra ID application integrations against Microsoft-recommended governance practices, analyzing:
App registrations and enterprise apps for excessive permissions
Expired or unmanaged secrets
Ownerless apps
Risky consent grants, and
Privileged service principals
Results are delivered as a clear, defensible risk score with actionable findings. No scripts. No manual inventory. Just a fast, read-only scan that reveals app sprawl, identity misconfigurations, and blast radius so you can prioritize remediation and strengthen your security posture with confidence.
☀️ Learn
👩✈️ AI & Copilot
Microsoft Agent Identity Platform Fundamentals (61 min) • Kyle Marsh
Building a Secure MCP Server on Azure with OAuth2 On-Behalf-Of Flow • Jay Walaszek
💳 Verified ID
Verified ID Integration for IoT • Mateusz Jendza
👮♂️ ID Governance
Microsoft Entra Guest Governance Deep Dive: MAU Billing and Lifecycle Automation • Sreejith Reghunathan Pillai
When Static Roles Are Not Enough: Dynamic Admin Assignment for Entra AUs • Klaus Bierschenk
🌐 Private Access & Internet Access (GSA)
Microsoft Entra Private Network Connector Overview and Deployment Strategies • Richard M. Hicks
📺 Protecting Access Tokens Using GSA – Everything You Need to Know (13 min) • Rio Hindle
🔑 Authentication
Least privilege for Temporary Access Pass creation • Jan Bakker
FIDO2 Only for Admins? Sounds Great — Until You Try It • Marco Wohler
Microsoft Introduces Automatic Enablement of Passkey Profiles in Microsoft Entra ID • Karthi
Simple But a Powerful Entra Setting to Make MFA Prompts User Friendly • Shehan Perera
🤖 DevOps & PowerShell
Generate a Weekly Report of Role Assignments • Tony Redmond
Synchronizing Security and Microsoft 365 Group Memberships • Tony Redmond
🖥️ Devices
Autopilot Hybrid Join Failure: 80004005 and a Malformed id_token • Rudy Ooms
Fix Windows App Authentication Error 0x80080005 for AVD & W365 • Prajwal Desai
🥷 Security
Zero Trust for Legacy Systems: Bridging the Gap Without Compromising Principles • Anders Ahl
Dude, where’s my CopilotInteraction? • Katie Knowles
Inside OAuth App: Risks, Real Attacks, and How Microsoft Defender Shuts Them Down (29 min) • Heike Ritter, Kijo Girardi, Shaleen Dev
Allowing ARM for Dev Box: When Portals Impersonate Users (and How to Avoid It) • Graham G
OID-See v1.0.1: Small Release, Sharper Edges • Graham G
Watch our discussion on the ‘Sentinels Talk Show’ and learn essential Entra ID security • Sander Berkouwer
🛍️ External ID - Customers
Azure AD B2C to Entra External ID (EEID)Migration Kit • Rory Braybrook
⚒️ Toolkit
Introducing WebAuthn DevTools • Eiji Kitamura
🎙️ Podcasts
Agentic Identity - The Azure Security Podcast • Michael Howard, Sarah Young, Mark Simos, Nick Wryter
Want to get featured on Entra.News? → Submit your content 😎
Want us to say nice things about your company? Sponsor entra.news 🤩
Love the newsletter? Tell us 💚❤️💜
🪃 Acknowledgement of Country
Entra.News is created on Wurundjeri land and acknowledges the traditional owners of country throughout Australia, recognising their continuing connection to land, water and community. We pay our respect to them and their cultures and to elders both past and present.