Entra 🆔 News #154 → This week in Microsoft Entra
Learn about
👋 Hi, Merill and Joshua here with this week’s roundup of the latest news on Microsoft Entra from around the globe 🌍.
In today’s issue Jonathan Hope asks the uncomfortable question of who exactly you’ve let in as a guest, Katie Knowles walks through a real cross-tenant agent compromise, and Sebastian Flaeng Markdanner breaks down how to pick the right extension type so you’re not bolting things on the wrong way.
There’s cleanup material too. Sandra Saluti’s excellent naming-standard piece could finally make your tenant readable, Conditional Access starts processing baseline scopes, and SSPR tightens up in September. A little housekeeping now beats an incident write-up later. 🧹
Plus don’t miss this week’s Entra Chat. Erica Zelick joins us with sharp, practical tips for securing the non-human identities hiding across your tenant.
Shadow Admins: The Non-Human Identities Hiding in Your Entra Tenant
Not every admin in your tenant is a person. Service principals, app registrations, and the new wave of agent identities can quietly hold permissions powerful enough to own your entire environment and most orgs can’t even see them. In this episode of Entra Chat, we sits down again with Erika Zellig to expose the “shadow admins” hiding in your Entra tenan…
Enjoy!
Sponsored by:
OneDrive Delegation Without the Time Travel
Granting OneDrive access with Microsoft’s native tools means clicking from the M365 Admin Center into SharePoint Admin, digging under “More features” → “User Profiles”, and landing in a portal whose UI hasn’t changed since 2010 - minutes of hunting for a one-second setting.
EasyEntra brings OneDrive management back to the future:
☁ Delegate OneDrive access in seconds - no portal maze
☁ Works for hybrid and cloud-only accounts alike
☁ No SharePoint Admin Center, no classic User Profiles detour
☁ Available directly in user properties with instant loading
☁ Free to use for smaller tenants - no license requiredOne place, one click, zero detours - download EasyEntra and never open the classic SharePoint portal again.
“This is the best software ever.”
CIO, Care Alliance Health Center, United States
⚡️ Microsoft
🔥 Public Preview
AI is accelerating cyberattacks—here’s how to stay ahead • Sandeep Deo
🗣️ Message Center
MC1395007 - Microsoft Entra: New service plans for Conditional Access and ID Protection for agents
MC1179154 - Updated - Microsoft Authenticator app: Upcoming changes to jailbreak and root detection
MC1243549 - Updated - Retirement of SharePoint One-Time Passcode (SPO OTP) and transition to Microsoft Entra B2B
From the community…
🚀 Most popular posts from last week
🥇Stop wasting time and use Custom Extensions for PIM approvals • Daniel Bradley
🥈Entra Agent ID from a Security Perspective • Christian Feuchter
🥉Applying Sensitivity Labels to Groups In Entra • Colby Pryor
Sponosored by:
PowerSyncPro 3.3 is now generally available!
Organisations operating in Microsoft 365 21Vianet, GCC and GCC High environments can now benefit from our trusted Windows Migration Agent and Directory Synchronisation tools.
ü Support for 21Vianet, GCC & GCC High
ü Syncs users, groups, and contacts across AD, Entra ID, and Google Workspace
ü Handles complex AD ↔ Entra ID workstation migrations
ü Entra ID extension attribute support (1–15)
ü Microsoft-signed password filter integration
Whether you’re managing complex coexistence, workstation migrations, or identity transformations, PowerSyncPro provides more control for you and less disruption for your end user.
☀️ Learn
👩✈️ AI & Copilot
Microsoft Agent 365 License Enforcement — July 1, 2026 Security Impact Summary • Derk van der Woude
Service Plans for Agent Conditional Access and Identity Protection • Blesslin Rinu
📺 Connect Declarative Agent to OAuth-Protected MCP Server • Paolo Pialorsi
🧰 Workload ID
Why graph matters for workload identity hunting in Microsoft Sentinel • David Alonso Dominguez
Using Microsoft Entra ID Workload Identity Federation (WIF) to Deploy from GitHub Actions to Azure • Jaliya Udagedara
⛑️ ID Protection
👮♂️ ID Governance
🌐 Private Access & Internet Access (GSA)
Entra Internet Access TLS Inspection Fails with ERR_CERT_INVALID • Richard Hicks
What’s New in Entra Private Network Connector v1.5.4892.0 | Richard M. Hicks Consulting, Inc. • Richard Hicks
Entra Global Secure Access❤️ External User Access • Brian Veldman
Authentication
Entra Passkey Registration Campaign • Jay Kerai
Microsoft Tightens SSPR Security in September 2026 • Tony Redmond
🚦 Conditional Access
Baseline Scopes Will Now Be Processed by Conditional Access • Tony Redmond
How to Enable Baseline Scope Settings in Conditional Access • Daniel Bradley
🖥️ Devices
📺 Azure Files Identity Update • John Savill’s Technical Training
📺 How to Setup Intune App Protection Policies, Without Enrollment • Get Rubix
🏙️ External ID - Guests & Multi-Tenant Organizations
Who Did You Let Into Your House? • Jonathan Hope
🥷 Security
Entra Agent ID: Inside a cross-tenant agent compromise • Katie Knowles
Choosing the Right Extension Type in Microsoft Entra • Sebastian Flaeng Markdanner
📒 Tenant Configuration
One Person One License philosophy for Microsoft Entra Update • Daniel Bradley
Naming Entra ID so it actually makes sense • Sandra Saluti
Calculating the Monthly License Increase for a M365 Tenant • Tony Redmond
👨🏽💻 Merill’s corner
Want to get featured on Entra.News? → Submit your content 😎
Want us to say nice things about your company? Sponsor entra.news 🤩
Love the newsletter? Tell us 💚❤️💜
🪃 Acknowledgement of Country
Entra.News is created on Wurundjeri land and acknowledges the traditional owners of country throughout Australia, recognising their continuing connection to land, water and community. We pay our respect to them and their cultures and to elders both past and present.