Entra 🆔 News #144 → This week in Microsoft Entra
Learn about Microsoft's latest research into securing access in the age of AI, pause on passkey registration campaign rollout and more
👋 Hi, Merill and Joshua here with this week’s roundup of the latest news on Microsoft Entra from around the globe 🌍.
There’s quite a bit from the community this week, including a mix of agents, some solid deep dives into Conditional Access gaps and identity attack paths, and a few practical security findings from the field.
From Microsoft: the planned rollout for passkeys in Microsoft registration campaigns (MC1253746) has been paused for now. Read the post below for more info.
Also, this week’s Entra Chat podcast is with Per-Torben Sørensen. We go deep on designing Conditional Access policies. You’ll likely come away with at least one new idea to apply. Worth adding to your podcast queue.
Enjoy!
Sponsored by:
User Lifecycle: Onboard and Offboard With a Single CmdLet
Fact: Managing hybrid users across AD, Entra ID, and Exchange Online is a breeding ground for missed steps and security gaps - from day one to last day.
EasyEntra’s PowerShell-enabled workflows handle the entire lifecycle:
🚀 Onboard a fully provisioned user in 30 seconds - UI or two-parameter CmdLet.
🚀 Templates defined from existing users in seconds.
🚀 Offboard completely in 10 seconds - UI or single CmdLet.
🚀 Offboarding settings configured once, applied consistently every time.
🚀 Delegate life-cycle management to first-line support - no senior PowerShell skills or tribal knowledge required.Start your 30-day trial or book a demo - setup takes under a minute - free for tenants with fewer than 25 licensed users.
“It feels almost like a revolution.”
Head of IT, Arjeplog Municipality, Sweden
⚡️ Microsoft
🏆 General Availability
📖 Read
Plan for change – Agent Registry consolidation into Microsoft Agent 365
As AI adoption scales, is your access strategy still viable? • Kaitlin Murphy
Inside an AI‑enabled device code phishing campaign • Microsoft Defender Security Research Team
🗣️ Message Center
MC1253746 - Microsoft Entra: Passkeys in Microsoft registration campaigns - Updated April 9, 2026: After further review, we have decided not to move forward with this change at this time. We will communicate via a new Message center post when we are ready to proceed. We apologize for any inconvenience this may cause and appreciate your understanding.
From the community…
🚀 Most popular posts from last week
🥇Hidden Gem in Microsoft Entra Conditional Access: Authentication context • Henrik Piecha
🥈Conditional Access Policies are the Best Way to Block Weekend Access to Microsoft 365 • Tony Redmond
🥉Managing Shared Mailbox Access with Entra ID Governance • Christian Frohn
Sponsored by:
☀️ Learn
👩✈️ AI & Copilot
Microsoft Entra Agent ID Blueprints and Microsoft Foundry: A Security Guide • Jonas Bøgvad
Microsoft Security Copilot for M365 E5/E7 recommendations from the field • Derk van der Woude
Using the Microsoft 365 Connector for Claude • Tony Redmond
📺 Introduction to Agent 365 SDK - Microsoft Community Learning (9 min) • MK Bajwa
💳 Verified ID
Cross-Device Identity Verification via Entra Verified ID in a Multi-Agent System • Mateusz Jendza
Entra Verified ID Upgrade signing key to become FIPS compliant • Andres Bohren
⛑️ ID Protection
Common Entra ID Security Assessment Findings – Part 3: Weak Privileged Identity Management Configuration – Compass Security Blog • Christian Feuchter
Continuing the Sentinel & MCP Series: Hunting Identity Risk and Password Sprays • David Alonso Dominguez
🌐 Private Access & Internet Access (GSA)
KB – Entra Private Access Session persistence • Jan Bakker
📺 Network-layer data protection with Microsoft Entra GSA and Purview DLP (18 min) • Dominik Hoefling, Heike Ritter
📦 Apps
How to Assign Application Admin to Specific Enterprise Apps • Daniel Bradley
Leverage User and Group Assignments to Limit User Access to Apps • Tony Redmond
🎙️ Entra app sprawl - HIP Podcast • Sander Berkouwer, Sean Deuby, Raymond Comvalius
Authentication
Device-preferred Credential Logic in System-preferred MFA • Shanchana
System & Device-preferred Authentication • Michael Frank
📺 Your MFA Is Already Broken - Microsoft Just Didn’t Tell You (2 min) • Azure Academy
👥 User & Group Management
How to Track Changes in Microsoft 365 Groups • Tony Redmond
Manage Microsoft 365 Groups Using a PowerShell Script • Blesslin Rinu
🚦 Conditional Access
Break-Glass Accounts Done Right: Securing Emergency Access in Microsoft Entra • Sebastian Flæng Markdanner
Conditional Access: Location, Location, Location - and the Gaps We Create • Jon Hope
Demonstrating CA Policy Gaps using AADInternals • Anton Willoughby
🏙️ External ID - Guests & Multi-Tenant Organizations
📺 Automate Entra ID Guest Audits (Azure Automation + Graph API) (8 min) • Azure Brother
🥷 Security
MyStaff - hidden admin portal ?? • Jay Kerai
IAM the Captain Now – Hijacking Azure Identity Access • Justin Mahon
🛠️ GoXDR - KQL Query Library • Göksel Atakan
♻️ Sync
Entra Connect Sync 2.6.3 released • Andres Bohren
📒 Tenant Configuration
Microsoft Finally Built Native Backup into Entra ID • Moe Kinani
📺 Entra Backup and Recovery in Preview: Don’t Miss This (4 min) • Peter Rising
📺 Entra ID Backup. What you Need to Know! (12 min) • Andy Malone
📺 Entra ID Tenant Governance is Here! (11 min) • Colby Pryor
📺 How to Audit Microsoft Entra with CIS Benchmark v6.0.1 (58 min) • Mario Bien-Aime
🛍️ External ID - Customers
On Entra External ID (EEID) federation with Entra ID • Rory Braybrook
🔥 Maester
👨🏽💻 Merill’s corner
In Melbourne this week? I’ll be presenting a short session on MCP auth at the Identity Management Day Summit.
Come say hi! Register here.
Want to get featured on Entra.News? → Submit your content 😎
Want us to say nice things about your company? Sponsor entra.news 🤩
Love the newsletter? Tell us 💚❤️💜
🪃 Acknowledgement of Country
Entra.News is created on Wurundjeri land and acknowledges the traditional owners of country throughout Australia, recognising their continuing connection to land, water and community. We pay our respect to them and their cultures and to elders both past and present.