👋 Hi, Merill and Joshua here with this week’s roundup of the latest news on Microsoft Entra from around the globe 🌍.

A quick note from Merill: Earlier this week, I shared that I’m leaving Microsoft to start out on my own. The flood of responses has been completely overwhelming. Thank you all so much for the incredible support.

I won’t lie, taking a leap like this is terrifying, and I’ve definitely had moments of second-guessing my sanity! But seeing your kind words reminds me why I need to follow my heart.

Though my day job is changing, my loyalty isn’t: I will always be the #1 Entra fan.

Merill

Sponsored by:

PST Export in One Line of PowerShell (FREE)

Exporting an Exchange Online mailbox to PST traditionally means wrestling with eDiscovery exports, installing Outlook, or paying for third-party tools - hours of work for what should take one command.

EasyEntra’s Invoke-EEMailboxToPst handles the entire export in a single line:

🚀 Export any mailbox to PST with one CmdLet
🚀 Real-time progress reporting and minimal memory burn
🚀 Native PST writer - no Outlook/MAPI tie-in
🚀 Delegate exports to first-line support - zero tribal knowledge
🚀 PowerShell module is free – no license required

Available via EasyEntra GUI and PowerShell (no license required). Download EasyEntra to get started.

“Your product is such a time saver - I love it.”
IT Infrastructure Specialist, MEC Aerial Work Platforms, United States

Free PST Export

⚡️ Microsoft

🏆 General Availability

• Secure the moments attackers target: onboarding, access requests, and account recovery • Ankur Patel

• Sponsor group type requirements for agent identities • Microsoft Entra Agent ID team

• Microsoft Identity Manager 2016 SP3 now available: Enhanced stability for hybrid identity • Ben Mann

📖 Read

• Defense at AI speed: Microsoft’s new multi-model agentic security system finds 16 new vulnerabilities • Taesoo Kim

• New Microsoft Certified: Cybersecurity Business Professional Certification • Liberty Munson

• Microsoft Entra Global Secure Access operations guide • Microsoft Learn

📺 Watch

• 📺 Azure Files Native Entra ID support with AVD FSLogix

🗣️ Message Center

• RM561035 - Microsoft Edge: Allow M365 authentication popups in work profiles

Sponsored by:

Benchmark Entra ID Application Governance

How many enterprise apps, OAuth integrations, and service principals are sitting in your Microsoft Entra ID tenant? In many Microsoft environments, application sprawl builds quietly through:

• User-consented third-party SaaS integrations

• Custom and internal applications

• Test deployments and abandoned dev projects

ENow’s free AppGov Score Assessment uses read-only access to benchmark application governance in Microsoft Entra ID and identify visibility gaps, ownership issues, excessive permissions, expired credentials, and high-privilege access risks.

Get a baseline of enterprise applications, app registrations, ownership gaps, and permission exposure measures across your environment.

Check your AppGov Score

From the community…

☀️ Learn

🧰 Workload ID

• Using configurable token lifetimes in Microsoft Entra ID, .NET and Microsoft Graph • Damien Bowden

👮‍♂️ ID Governance

• PIM Tray: Activate Microsoft Entra ID PIM Roles From the Windows Tray • Thomas Marcussen

🌐 Private Access & Internet Access (GSA)

• 📺 AI Prompt Injection Attacks Are Easy [How To Stop This] • Ru Campbell

📦 Apps

• Entra Enterprise App Recon • Derk van der Woude

• Configure excluded callers for Entra application management policies • Vasil Michev

• Member, Guest, and Wrong: Classifying Entra Users the Practical Way • Nicolas Blank

🫆 Authentication

• Use Device Code Flow to register a passkey in Microsoft Authenticator App • Jan Bakker

• Passkeys enabled ≠ phishing-resistant • Per-Torben Sorensen

• Finding Your Way on the Passkey Path • Brandon Colley

🤖 DevOps & PowerShell

• Understanding How Graph Permissions for Groups Work • Tony Redmond

🚦 Conditional Access

• Protecting Against Credential and Token Theft | 🛡️Jay Kerai • Jay Kerai

• Getting With The Times: Time-Based Conditional Access • Sebastian Flaeng Markdanner

🔐 Credential Management

• Registration Campaigns Now Include Passkeys in Microsoft Entra • Daniel Bradley

🖥️ Devices

• Creating Dynamic Device Model Groups in Entra with PowerShell • Jorge Suarez

• Restricted Management Administrative Unit for PAW Workstations • Jan Mulder

• Control SharePoint Online Site Access for Unmanaged Devices • Adi

🥷 Security

• 📺 The dark art of OIDC abuse - A case study in Entra ID - Cody Burkard - NDC Security 2026 • Cody Burkard

• 📺 Hardening Microsoft Entra, 5 Critical Tips for Admins • Andy Malone

📒 Tenant Configuration

• How Many Global Admins Should I Have in Microsoft 365? • Daniel Bradley

👨🏽‍💻 Merill’s corner

• Want to get featured on Entra.News? → Submit your content 😎

• Want us to say nice things about your company? Sponsor entra.news 🤩

🪃 Acknowledgement of Country

Entra.News is created on Wurundjeri land and acknowledges the traditional owners of country throughout Australia, recognising their continuing connection to land, water and community. We pay our respect to them and their cultures and to elders both past and present.