Entra 🆔 News #145 → This week in Microsoft Entra
Learn about hardening Entra ID, passkey registration campaign updates, conditional access baseline scope settings and more.
👋 Hi, Merill and Joshua here with this week’s roundup of the latest news on Microsoft Entra from around the globe 🌍.
There are some important updates in this week’s Message Center posts, so be sure to check them out and prepare for the changes.
Don’t forget to queue up this week’s Entra Chat featuring the legendary Sean Metcalf, and hear his top tips for hardening Entra ID in 2026.
Enjoy!
Sponsored by:
Uncover Risky Entra ID Apps Faster
Most Microsoft 365 tenants accumulate hundreds of enterprise applications, with OAuth permissions granted over time and ownership left undefined. Security teams often lack visibility into which apps access mailboxes, files, or user data, and which introduce risk.
Native tools provide pieces of this data, but not a unified view. That gap makes consistent application governance hard to maintain.
AppGov Score assesses your Entra ID application landscape. Identify high-risk permissions, detect unused or overprivileged apps, and surface ownership gaps so you can prioritize remediation based on real exposure.
Attending the Microsoft 365 Community Conference in Orlando? Visit ENow at booth #617 to see how teams are strengthening application governance while enabling their users.
⚡️ Microsoft
🔥 Public Preview
📖 Read
What’s new in Microsoft Entra – March 2026 • Shobhit Sahay
🗣️ Message Center
MC1282568 - General Availability: Microsoft Entra passkeys on Windows
MC1279092 - Microsoft Entra: Passkeys in registration campaigns update
MC1223829 - Upcoming Conditional Access change: Improved enforcement for policies with resource exclusions - The new Baseline scope configuration is now available to preview the enforcement behavior before it is enabled by default.
From the community…
🚀 Most popular posts from last week
🥇Microsoft Security Copilot for M365 E5/E7 recommendations from the field • Derk van der Woude
🥈Common Entra ID Security Assessment Findings – Part 3: Weak Privileged Identity Management Configuration – Compass Security Blog • Christian Feuchter
🥉How to Track Changes in Microsoft 365 Groups • Tony Redmond
Sponsored by:
Would you bet your reputation on your current Microsoft 365 security posture?
Sure, you’ve checked Purview. Maybe tightened Conditional Access. We all do that.
But it’s usually the quiet stuff that bites... permissions that expanded, policies that drifted, exceptions nobody revisited.
You could assume it’s fine.
Or you could run the Microsoft 365 Security Posture Check.
It’s free.
It runs locally.
And no, it doesn’t send your tenant data back to us.
We’ll even help you set it up.
☀️ Learn
👩✈️ AI & Copilot
A Deep-Dive into Entra Agent ID Authentication • Derk van der Woude
🧰 Workload ID
Block or limit multi-tenant and consumer applications in Entra ID • Jan Bakker
Who Created That Service Principal? Tracing It Back with Microsoft Graph • Shannon Kuehn
👮♂️ ID Governance
Beyond Basic SCIM: Custom Role and Warehouse Mapping with Microsoft Entra ID and Snowflake • Parshu Anantharam
Making Lifecycle Workflows State-Aware with State Groups • Patrik Jonsson
🌐 Private Access & Internet Access (GSA)
📦 Apps
Block Multi-Tenant and Consumer Applications in Microsoft Entra • Shanchana
Getting the Group Claims when authenticating with Microsoft Graph • Brian Veldman
📺 Entra ID Integrated SFTP (16 min) • John Savill
📺 Device Authentication Flows in Microsoft Entra (12 min) • Colby Pryor
Authentication
Any user can disable passkeys in Windows. Completely. No admin rights needed. • Dr. Emin Huseynov
Prevent disabling passkeys on Windows • Dániel Kovács
Microsoft Entra Passkeys: Registration Campaign Delays Explained • Daniel Bradley
Synchronizing Forced Password Changes from AD to Entra ID for AVD and Cloud PC Access – All about Endpoint Management • Eswar Koneti
📺 Are passkeys as secure as you think? (43 min) • Fabian Bader
📺 How to Handle Upcoming Entra Passkey Changes [Defaults Fail] (17 min) • Ru Campbell
📺 Not Another Tech Podcast - Synced Passkeys (38 min) • Andy Kemp, Nate Hutchinson
👥 User & Group Management
Customize Microsoft 365 Profile Cards with Division, Role & Employee Type using Entra ID • Sreejith Reghunathan Pillai
Entra ID – You can now synchronize groups with cross-tenant capability • Benoit Hamet
🛠️ I built a free Microsoft Entra ID tool that finds roles Microsoft hasn’t documented yet • Antonio Russo
🤖 DevOps & PowerShell
Writing PowerShell for the Eventually Consistent Entra ID Database • Tony Redmond
Complete Microsoft 365 PowerShell Environment Setup • Tiago S. Carvalho
🚦 Conditional Access
Common Entra ID Security Assessment Findings – Part 4: Weak Conditional Access Policies • Christian Feuchter
Conditional Access, or how to stop playing security Whac-A-Mole • Åsne Holtklimpen
Your Conditional Access Device Filters Are a Paper Wall • Rawson Wade
🏙️ External ID - Guests & Multi-Tenant Organizations
Manage external users in your Microsoft 365 tenant • Erik Lindeboom
📒 Tenant Configuration
📺 Microsoft FINALLY Adds Entra Backup… But Wait (8 min) • Jonathan Edwards
🛠️ TrustM365 - Baseline, Detect, Restore for M365 • Anthony Porter
🔥 Maester
👨🏽💻 Merill’s corner
Want to get featured on Entra.News? → Submit your content 😎
Want us to say nice things about your company? Sponsor entra.news 🤩
Love the newsletter? Tell us 💚❤️💜
🪃 Acknowledgement of Country
Entra.News is created on Wurundjeri land and acknowledges the traditional owners of country throughout Australia, recognising their continuing connection to land, water and community. We pay our respect to them and their cultures and to elders both past and present.