👋 Hi, Merill and Joshua here with this week’s roundup of the latest Microsoft Entra news from around the globe 🌍.

The big headline this week is the release of Microsoft’s new Unified Tenant Configuration Management feature, designed to help admins centrally control and manage configuration settings across Microsoft 365 tenants.

We’re also flagging important upcoming changes to Conditional Access that you’ll want on your radar.

And with many organisations planning to roll out passkeys in 2026, don’t miss the latest Entra Chat podcast episode. I sat down with Eric Woodruff to discuss how Semperis successfully deployed phishing-resistant authentication across their organisation.

Mastering Microsoft Entra ID: Real-World Passkey Deployment Tips

Merill Fernando

·

Jan 31

In this episode, we sit down with Eric Woodruff, Chief Identity Architect at Semperis, to discuss the reality of achieving a 100% phishing-resistant environment. Over the course of just three months, Eric led a 600-person organization through a complete rollout of passkeys, Windows Hello for Business, and Platform SSO. This conversation moves beyond the…

Read full story

Enjoy!

Sponsored by:

Offboard a Hybrid User With One CmdLet

Hybrid user offboarding shouldn’t require juggling multiple consoles, manual checklists, and dozens of PowerShell commands. Yet that’s exactly what most IT teams face.

EasyEntra’s new Invoke-EEDecommissionHybridUser CmdLet changes that:

🚀 One command handles the entire offboarding workflow
🚀 ~20 configurable settings to match your exact requirements
🚀 Automatically revokes session tokens and purges group memberships
🚀 Removes inbox rules and clears recurring calendar events
🚀 Set up in minutes, no infrastructure changes, zero learning curve
🚀 Free for tenants with fewer than 25 licensed users

No more context switching. No more missed steps. Just consistent, automated offboarding every time.

“It feels almost like a revolution.”
Head of IT, Arjeplog Municipality, Sweden

Download EasyEntra

⚡️ Microsoft

🔥 Public Preview

• Upcoming Conditional Access change: Improved enforcement for policies with resource exclusions • Swaroop Krishnamurthy

• Overview of the unified tenant configuration management APIs in Microsoft Graph (preview) • Microsoft Learn

• Use the unified tenant configuration management APIs in Microsoft Graph (preview) - Microsoft Graph beta • Microsoft Learn

🗣️ Message Center

• MC1225192 - Microsoft Entra ID Governance: Azure subscription required to continue using guest governance features

• MC1223829 - Upcoming Conditional Access change: Improved enforcement for policies with resource exclusions

From the community…

🚀 Most popular posts from last week

• 🥇Simple But a Powerful Entra Setting to Make MFA Prompts User Friendly • Shehan Perera

• 🥈FIDO2 Only for Admins? Sounds Great — Until You Try It • Marco Wohler

• 🥉Least privilege for Temporary Access Pass creation • Jan Bakker

Sponsored by:

Live Entra Session Feb 4^th: Identity Attacks in 2026

Threat actors are quietly gaining persistent access through applications, service principals, and non-human identities in Entra that often go unreviewed. Join this expert-led session for a clear breakdown of:

• Identity attack patterns Entra admins are seeing accelerate into 2026

• How OAuth abuse, overprivileged service principals, legacy permissions, and unattended access paths are exploited in real environments

• Early warning signals inside Entra that indicate elevated identity risk

• Free tools and assessments to help you get ahead of identity risk

This is a practical, defender-focused session designed for Entra, identity, and cloud teams. We cut through theory to show what is actually breaking at scale, and which governance actions to prioritize now to reduce risk before attackers take hold.

Register Now

☀️ Learn

👩‍✈️ AI & Copilot

• We need to protect our Agent IDs in Entra ID! • Julian Rasmussen

• 📺 Technical AI Agent foundations and Microsoft Entra Agent ID (33 min) • Anton Staykov, Heike Ritter

• 📺 Microsoft Entra - Conditional Access Optimization Agent (8 min) • Microsoft Security

🧰 Workload ID

• Analyzing Workload Identity Activity Through Token-Based Hunting • Thomas Naunheim

• Entra App instance property lock vs SAML signing certificate – an uncommon way of self-sabotage • Dániel Kovács

👮‍♂️ ID Governance

• Custom Extension Runner: Execute Entra ID Governance Custom Extensions On-Demand • Christian Frohn

• Entra-PIM a PowerShell Module • Mark Orr

• Microsoft Announced Billing Enforcement for Guest Governance in Entra ID • Adi

• You’re not managing PIM if you can’t see PIM for Groups • Joël Prins

🌐 Private Access & Internet Access (GSA)

• Always On VPN vs. Entra Private Access: Choosing the Right Access Model for Your Organization • Richard M. Hicks

• 📺 Understanding and getting started with Entra Global Secure Access (36 min) • BlueScreen Brothers

📦 Apps

• How to Control Access to Entra Multi-Tenant Apps • Tony Redmond

🔑 Authentication

• Microsoft Entra Connect Sync - Migrate from Pass-through Authentication to Password Hash Sync • Brian Veldman

• My Entra MFA Confession: The Setting I Missed for 3 Years • Craig Camacho

• The Reality of Entra ID Passkeys: A Migration Story • Shane M

• Understanding FIDO2, WebAuthn, and Passkeys • Alf Løkken

• 📺 Automatic Passkey Rollout Update (11 min) • John Savill

• 📺 iCloud Passkeys for Microsoft 365 - The Game-Changing Update (8 min) • Jonathan Edwards

👥 User & Group Management

• Why and How to Move User Source of Authority from Active Directory to Microsoft Entra ID • Sreejith Reghunathan Pillai

🤖 DevOps & PowerShell

• How to Resolve Connect-MgGraph : InteractiveBrowserCredential authentication failed: A window handle must be configured Error • Karthi

• 📺 Microsoft Entra Kerberos authentication for Cloud-only Identities on Azure Files SMB (6 min) • Brian Veldman

🚦 Conditional Access

• Upcoming Change on Conditional Access to Improve Policy Targeting All Resources with Exclusion • Lokesh

🔐 Credential Management

• Microsoft Entra ID Will Auto-Enable Passkey Profiles in March 2026 • Rudy Mens

• Heads up – doing nothing now might enable synced passkeys in your Entra ID tenant soon • Tom Aafloen

• Password Randomization for AD User • Moe Kinani

• Secure Your Temporary Access Pass • Michael Vink

🖥️ Devices

• Autopilot Hybrid Join Failure: 80004005 and a Malformed ID Token • Rudy Ooms

• Self-Service Local Admin Password (LAPS) automation • Michael Frank

🏙️ External ID - Guests & Multi-Tenant Organizations

• Enable Group Synchronisation for Microsoft Entra Cross-Tenant Sync • Daniel Bradley

🥷 Security

• ConsentFix (a.k.a. AuthCodeFix): Detecting OAuth2 Authorization Code Phishing • Stamatis Chatzimangou

📒 Tenant Configuration

• Azure / Entra ID Emergency Kit • Rory Braybrook

• First look: Unified Tenant Configuration Management APIs • Frank van Zandwijk

• How to Setup Unified Tenant Configuration Management • Daniel Bradley

• Microsoft to Introduce Native Tenant Configuration Drift Monitoring • Daniel Bradley

• Monitor Tenant-Wide Configuration Drift with UTCM APIs in Microsoft Graph • Kanaga

• Stop Configuration Drift in Microsoft 365 Using the new Configuration Management API’s – A Deep Dive • Brad Wyatt

• Want to get featured on Entra.News? → Submit your content 😎

• Want us to say nice things about your company? Sponsor entra.news 🤩

• Love the newsletter? Tell us 💚❤️💜

🪃 Acknowledgement of Country

Entra.News is created on Wurundjeri land and acknowledges the traditional owners of country throughout Australia, recognising their continuing connection to land, water and community. We pay our respect to them and their cultures and to elders both past and present.