👋 Hi, Merill and Joshua here with this week’s roundup of the latest news on Microsoft Entra from around the globe 🌍.

This week brings another step forward in the journey toward phishing-resistant identity. Make sure to check the latest Message Center update on passkey profiles and registration, which includes new details about upcoming changes to passkey registration. There’s also big news around the new Microsoft 365 E7 license, which now includes the Entra Suite.

There’s plenty from the community as well. One highlight is the Entra News MCP Server created by fellow Aussie Darren ‘Doc’ Robinson, an incredibly useful way to tap into the collective knowledge of the Microsoft Entra community.

Finally, I caught up with Richard Hicks for the Entra Chat podcast. Having worked through every major era of remote access, from DirectAccess and Always On VPN to Microsoft Entra Private Access, Richard shares the hard-earned lessons he’s learned helping enterprises modernize their VPN strategy. Definitely one to add to your podcast listening queue! 🎧

Enjoy!

Sponsored by:

User Lifecycle: Onboard and Offboard With a Single CmdLet

Fact: Managing hybrid users across AD, Entra ID, and Exchange Online is a breeding ground for missed steps and security gaps - from day one to last day.

EasyEntra’s PowerShell-enabled workflows handle the entire lifecycle:

🚀 Onboard a fully provisioned user in 30 seconds - UI or two-parameter CmdLet.
🚀 Templates defined from existing users in seconds.
🚀 Offboard completely in 10 seconds - UI or single CmdLet.
🚀 Offboarding settings configured once, applied consistently every time.
🚀 Delegate life-cycle management to first-line support - no senior PowerShell skills or tribal knowledge required.

Start your 30-day trial or book a demo - setup takes under a minute - free for tenants with fewer than 25 licensed users.

“It feels almost like a revolution.”
Head of IT, Arjeplog Municipality, Sweden

Wait… One CmdLet?

⚡️ Microsoft

🏆 General Availability

• Email and SMS OTP as Second‑Factor MFA for Native Authentication in Entra External ID • Sasha Mars

🔥 Public Preview

• New myacount.microsoft.com home page

📖 Read

• Secure agentic AI for your Frontier Transformation • Vasu Jakkal

📺 Watch

• QR code authentication: Fast, simple sign‑in designed for Frontline Workers (46 min) • Akshat Goel

• Building MCP on Entra: Design Choices for Enterprise Agents (61 min) • Merill Fernando

🗣️ Message Center

• MC1221452 - (Update)Microsoft Entra ID: General Availability of passkey profiles and migration for existing Passkeys (FIDO2) tenants

• MC1247893 - Microsoft Entra passkeys on Windows now support phishing-resistant sign-in

📆 Upcoming Events

Microsoft Security Webinars

• 18 March - Microsoft Entra | From Lockouts to Logins: Modern Account Recovery and Passkeys

• 31 March - Microsoft Entra | Developer Tools for Agent ID: SDKs, CLIs & Samples

From the community…

🚀 Most popular posts from last week

• 🥇Making Global Administrators Safer • Dennis J.

• 🥈Rethinking “Allow my organization to manage my device” Why opt‑in enrollment works better for Intune • Ramya Sharma

• 🥉Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale • Microsoft Threat Intelligence, Microsoft Defender Security Research Team

Sponsored by:

Benchmark Your Entra App Governance

Enterprise applications and service principals accumulate rapidly in Microsoft Entra ID. Over time, many retain OAuth permissions and access to corporate data without clear ownership or regular review.

This creates a growing governance gap. Administrators often lack visibility into which applications hold high-risk permissions and whether those permissions are still justified.

ENow AppGov Score evaluates your Entra ID application environment against 24 governance checks and benchmarks your governance posture. Identify risky permissions, orphaned apps, role assignments, and credential risks that require review. Get your AppGov Score to see where your environment stands and access free community resources for practical guidance. 🛡️🔍

Access Your Score

☀️ Learn

👩‍✈️ AI & Copilot

• Microsoft Ownerless Agents: The silent risk in your Entra tenant • Raymond Roethof

• Microsoft releases new AI self service support experience in Entra • Daniel Bradley

• 📺 How to Enable Entra ID Agent Identity for Copilot Studio Agents (4 min) • Wario W. Wario

🌐 Private Access & Internet Access (GSA)

• Blocking the Microsoft Store Web Installer using Entra Internet Access • Peter van der Woude

• Windows Cloud – Pushing Private Access to the Limit • Julian Jakob

📦 Apps

• Guidance and best practices for ISVs on rotating certificates • Microsoft Learn

• How to Limit Multi-Tenant Applications to Specific Tenants in Entra ID • Thiraviam

• How to Restrict Multi-Tenant Entra Apps to Specific Tenants • Daniel Bradley

• Rethinking application access in Microsoft Entra ID • Sandra Saluti

🫆 Authentication

• Microsoft Entra Passkeys on Windows now Support Phishing-Resistant Sign-In • Rudy Mens

• New Microsoft Entra Passkeys for Windows Hello Enter Public Preview • Daniel Bradley

• Passkeys, Windows Hello And Phishing-Resistant Sign-Ins • Michael Vink

• 📺 [D26] Are passkeys as secure as you think? (43 min) • Fabian Bader

👥 User & Group Management

• New! Switching User Source of Authority (SOA) in Entra ID • Matthew Levy

• 📺 Break the Chain: Convert Synced Distribution Lists to Cloud-Only! (7 min) • Azure Brother

🚦 Conditional Access

• Conditional Access Exclusion: What’s Actually Changing on March 27th and Should You Care? • Rory Wade

• Conditional Access: Finding the Gaps in Your Entra CA Before Attackers Do! • Jon Hope

• Device Code Flow and Authentication Transfer in Conditional Access Rules – One or two rules required? • Brian Reid

• Tracking OAuth scopes in sign‑in logs and upcoming change in conditional access • Martin Rublik

🖥️ Devices

• Edge (MAM) on iOS Keeps removing the Work Account after Sign-in!: Why one Broken identity breaks it All - Just about the Modern Workplace • Joost Gelijsteen

• Happy Little Edge. Securing Windows BYOD with Edge for Business • Dustin Gullett

• Intune – Block automatic mobile device management enrollment (preview) • Benoit Hamet

• MAM for Contractors • Michael Frank

• Microsoft Entra: Hybrid Join Without ADFS • Fabrizio Volpe

• More secure version of the Bitlocker recovery keys export script • Vasil Michev

• 📺 Ditch Public RDP Before It’s Too Late | Entra ID Bastion Setup (8 min) • Travis Roberts

• 📺 Entra ID support for Azure Bastion (4 min) • Brian Veldman

🏙️ External ID - Guests & Multi-Tenant Organizations

• Invite Guest users in a Entra ID Multi-tenant setup • Damien Bowden

📈 Reporting and Insights

• Microsoft Entra Sign-in Diagnostic tool • Mark Oldham

🥷 Security

• Entra ID Password Spraying using APIM as IP-Rotating Mechanism • Patrick Binder

• Uncovering agent logging gaps in Copilot Studio • Katie Knowles

♻️ Sync

• Entra ID – Entra ID Connect/Cloud Sync going to block hard match for privileged roles • Benoit Hamet

📒 Tenant Configuration

• Entra News MCP Server • Darren Robinson

• Microsoft 365 E7 Has Arrived • Ankit Gupta

• Microsoft Entra to Receive Native Backup Capabilities • Daniel Bradley

• New Microsoft 365 E7 Plan Explained • Rudy Mens

• Tenant Switching From Bookmarks • Brian Reid

• 📺 Microsoft Just Launched E7 - Here’s the Truth (7 min) • Jonathan Edwards

• 📺 Why Your Entra ID Still Depends on AD [Fix This] (34 min) • Ru Campbell

🛍️ External ID - Customers

• Getting the sign-up attributes via native authentication in Entra External ID (EEID) • Rory Braybrook

⚒️ Toolkit

• M365 Tenant Analyzer • EasyEntra

• EntraOps v0.6 - AgentID Support, Advanced API Permission Classification & Performance Improvements • Thomas Naunheim

🎙️ Podcasts

• 📺 Episode 423 – Non-Human Identities in Microsoft Entra with Eric Woodruff and Chris Brumm (39 min) • Microsoft Cloud IT Pro Podcast

👨🏽‍💻 Merill’s corner

New homepage in the unified portal for myaccount.microsoft.com

Microsoft just made a big improvement to the end-user identity experience.

The new homepage in the unified portal for myaccount.microsoft.com is now in public preview.

For the first time, users have a single front door for identity tasks.

Instead of navigating multiple pages, the homepage brings everything together

• Want to get featured on Entra.News? → Submit your content 😎

• Want us to say nice things about your company? Sponsor entra.news 🤩

• Love the newsletter? Tell us 💚❤️💜

🪃 Acknowledgement of Country

Entra.News is created on Wurundjeri land and acknowledges the traditional owners of country throughout Australia, recognising their continuing connection to land, water and community. We pay our respect to them and their cultures and to elders both past and present.