👋 Hi, Merill and Joshua here with this week’s roundup of the latest news on Microsoft Entra from around the globe 🌍.

In case you missed it, World Passkey Day was this week, and Microsoft had a few announcements to mark the occasion, including Microsoft Entra ID account recovery reaching GA and the preview of passkey-preferred authentication.

This week, I also had a fascinating conversation with Erin Grenlee about a really cool Entra Agent ID tutorial she built. It’s a guided walkthrough covering Agent ID, permissions, and the key concepts you need to understand. You can also use it to visualize all the agent blueprints you have in your tenant.

Watch the full walkthrough below.

Enjoy!

Sponsored by:

User Lifecycle: Onboard and Offboard With a Single CmdLet

Fact: Managing hybrid users across AD, Entra ID, and Exchange Online is a breeding ground for missed steps and security gaps - from day one to last day.

EasyEntra’s PowerShell-enabled workflows handle the entire lifecycle:

🚀 Onboard a fully provisioned user in 30 seconds - UI or two-parameter CmdLet.
🚀 Templates defined from existing users in seconds.
🚀 Offboard completely in 10 seconds - UI or single CmdLet.
🚀 Offboarding settings configured once, applied consistently every time.
🚀 Delegate life-cycle management to first-line support - no senior PowerShell skills or tribal knowledge required.

Start your 30-day trial or book a demo - setup takes under a minute - free for tenants with fewer than 25 licensed users.

“It feels almost like a revolution.”
Head of IT, Arjeplog Municipality, Sweden

Wait… One CmdLet?

⚡️ Microsoft

🏆 General Availability

• What’s New in Microsoft Entra: May 2026 • Martin Coetzer

  • Network content filtering by file type in Global Secure Access

  • Prompt injection protection

  • Global Secure Access client on iOS and iPadOS

  • Configure Global Secure Access with Cloud Firewall and remote networks for internet access

  • External user access in the Global Secure Access Windows client

  • Secure branch office Microsoft Entra Internet Access with Global Secure Access remote network connectivity

  • View approver details for access package requests in the My Access portal

  • Enforce Conditional Access policies on Privileged Identity Management role activation

  • Reduce risk with Microsoft Identity Manager 2016 Service Pack 3

  • Issuer Hints streamline certificate selection in certificate-based authentication

  • Certificate-based authentication on iOS

  • Certificate-based authentication elevated in system-preferred MFA list on iOS

  • Certificate Authority scoping for certificate-based authentication

  • Configurable token lifetimes in Microsoft Entra ID

  • Social identity provider support for native authentication in Microsoft Entra External ID

  • Prefetch Workday termination data to customize account disable logic

  • Track and optimize Microsoft Entra license usage in the Microsoft Entra admin center

📖 Read

• Passkeys aren’t the finish line: Eliminating fallbacks and fixing recovery • Ankur Patel

• World Passkey Day: Advancing passwordless authentication • Vasu Jakkal, Nadim Abdo

• Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise • Microsoft Defender Security Research Team

📺 Watch

• Simplifying Entra ID authentication with AI • Kyle Marsh, Jean‑Marc Prieur

• Keynote - Securing AI: Building Trust in the Era of AI • Vasu Jakkal

• Agent 365 - Security & Compliance Controls • Shilpa Ranganathan

🗣️ Message Center

• MC1303719 - Microsoft Entra: Upcoming changes to federatedTokenValidationPolicy default settings

• MC1243549 - Retirement of SharePoint One-Time Passcode (SPO OTP) and transition to Microsoft Entra B2B

• MC1300981 - Power Apps - Dataverse Agent users with Microsoft Entra Agent ID

• MC1300584 - Microsoft Entra: App Instance Lock enabled by default for new applications

• RM502875 - Microsoft Copilot (Microsoft 365): Microsoft Graph APIs for App & Agent Inventory and Details

• RM561652 - Microsoft Edge: Passkey Sync for Enterprise Users

📆 Upcoming Events

• Build a secure identity foundation: 5 webinars to strengthen access management with Microsoft Entra • Melanie Maynes

Sponsored by:

Book a demo

☀️ Learn

👩‍✈️ AI & Copilot

• Step-by-Step guide to Microsoft Entra Agent ID • Dishan M. Francis

• AI governance overview: stop panicking and fix the basics • Ewelina Paczkowska

• Primer: bulk actions with the Agent 365 API • Vasil Michev

• Shadow AI in Microsoft 365 Admin Center • Shanchana

🧰 Workload ID

• Managed Identity Support for Azure Bastion - Azure Network Security in the Field • Andrew Mathu and Aaron Tsang

👮‍♂️ ID Governance

• Entra ID Governance - View approver information for pending requests • Jan Bakker

🌐 Private Access & Internet Access (GSA)

• Microsoft Entra Global Secure Access Troubleshooting Guide • Oliver Mueller

📦 Apps

• App Instance Lock enabled by default for new applications • Daniel Bradley

• Entra App Instance Lock Enabled by Default in June • Rudy Mens

• 🛠️ JeffBley/SamlCertRotation: An automation tool to rotate and set as active Saml certificates in Entra ID • Jeff Bley

🫆 Authentication

• Android Finally Supports FIDO2 PIN-protected Credentials Over NFC ; Only Six Years Late • Dr. Emin Huseynov

• Passkey Path - A Choose Your Own Adventure Guide • Brandon Colley

👥 User & Group Management

• Take control over AD-managed groups • Jeffrey Tigchelaar

• How to Manage Default User Permissions in Microsoft 365 • Dhinesh

🚦 Conditional Access

• Conditional Access: The Safety Net • Jon Hope

• Microsoft Entra ID Continuous access evaluation and how it works! • Tom Wechsler

• Conditional Access Policy Maximum Limit Explained • Ali Tajran

• 📺 Secure Android BYOD: Intune App Protection + Conditional Access Guide • Alexandru Malos

• 📺 3 Conditional Access Policies Every Microsoft 365 Tenant Needs Day One • Jonathan Edwards

🖥️ Devices

• Windows Hello Not Working? Recover Entra Joined Device Sign-in Without Knowing the Password • Sreejith Reghunathan Pillai

📈 Reporting and Insights

• Custom Security Attributes Report • Roy Klooster

• Update the Microsoft 365 User Profile Card with Awards • Tony Redmond

🥷 Security

• Configurable token lifetimes in Entra ID • Jan Bakker

• AADGraphActivityLogs: How to Detect Legacy Azure AD Graph Attacks • Invictus-IR

♻️ Sync

• Entra ID – Prepare to migrate from Entra Connect Sync to Entra Cloud Sync • Benoit HAMET

🛍️ External ID - Customers

• Connecting Entra External ID (EEID) to Entra ID as an external provider via OIDC, using private_key_jwt, not client_secret • Rory Braybrook

• On Entra External ID (EEID) custom extensions and event listeners • Rory Braybrook

👨🏽‍💻 Merill’s corner

• Want to get featured on Entra.News? → Submit your content 😎

• Want us to say nice things about your company? Sponsor entra.news 🤩

• Love the newsletter? Tell us 💚❤️💜

🪃 Acknowledgement of Country

Entra.News is created on Wurundjeri land and acknowledges the traditional owners of country throughout Australia, recognising their continuing connection to land, water and community. We pay our respect to them and their cultures and to elders both past and present.