Hi everyone,

Merill and Joshua here with this week's Microsoft Entra news roundup.

Important Security Alert: Microsoft Threat Intelligence has issued a warning about cyberattacks from the Storm-2372 group. They are targeting governments, NGOs, and various industries globally. Check out the Microsoft post for full details.

We've also re-shared a post from last year explaining device code flow and how to use conditional access policies to block them.

Enjoy!

Sponsored by:

EasyEntra: Consolidated Hybrid Microsoft 365 Management

Managing Microsoft 365 and hybrid AD doesn’t have to be slow and complex. EasyEntra streamlines user administration into a single, intuitive console and enables first-level IT support to resolve tickets quickly, consistently, and without escalating to senior IT. With EasyEntra, you can save time, reduce complexity, and improve service delivery.

✅ Unified Hybrid Management – Seamlessly manage Entra ID and on-prem AD in one console.
✅ Fast & Responsive UI – Perform user admin tasks at the speed of your thought.
✅ User Lifecycle Automation – Streamline user onboarding and offboarding with consistent automation.
✅ Freemium Version – Manage any number of small tenants (< 25 licensed users) side-by-side completely free.
✅ No Infrastructure Changes – Install and configure in less than one minute.

Download Free Trial!

⚡️ Microsoft

📖 Read

• Storm-2372 conducts device code phishing campaign • Microsoft Threat Intelligence

📺 Watch

• Microsoft Entra Health Monitoring Introduction (18 min) • Sarah Baranowski, Shreyes Nama Shankar

• 425 Show | Onboarding to Intune macOS and Protecting with Entra Solutions (62 min) • Neil Johnson, Iris Yuning Ye

📆 Upcoming Events

• New webinar series: How to secure access for your employees with the Microsoft Entra Suite • Amelie Darchicourt

From the community…

🚀 Most popular posts from last week

• Entra configurations you MUST do! • Julian Rasmussen

• Automating Azure PIM Role Elevation with PowerShell • Øystein

• Windows Hello for Business: Enhanced Sign-in Security • Nicklas Ahlberg

☀️ Learn

⛑️ ID Protection

• Protected: Conditional Access risk policies. Don’t get fooled! • Jan Bakker

👮‍♂️ ID Governance

• Now You See It, Now You Don’t: Secure Access with Entra ID Governance • Dustin Gullett

🌐 Private Access & Internet Access (GSA)

• Secure Remote Desktop Services with Microsoft Entra Application Proxy • Liam Robinson

• Self-Service for Web Content Filtering Exceptions in Global Secure Access • Christian Frohn

📦 Apps

• Microsoft Graph Bicep – Part 1 • Michele Blum

• Practical Graph: Controlling App Access to SharePoint Online Sites • Tony Redmond

• Introduction to Entra ID multi-tenant applications • Twan van Beers

• Bicep for graph resources • Maik van der Gaag

• Securing API to API calls in Azure with Entra and API Management • Dan Rios

🔑 Authentication

• Passkey Implementations: How to Do It Right • Dr. Emin Huseynov

👥 User & Group Management

• Build your own user onboarding automation – Entra ID user account creation • Peter Klapwijk

• How to Use Bulk User Operations in Entra Admin Center • Tony Redmond

• New bulk edit features for users in Microsoft Entra ID • Daniel Bradley

• Use Protected Actions to Stop Attackers Hard-Deleting Entra ID Accounts • Tony Redmond

🤖 DevOps & PowerShell

• Microsoft Graph PowerShell SDK Needs to Fix Its Password Problem • Tony Redmond

• Manage Guest Users in Microsoft 365 with PowerShell • Ali Tajran

• A Mini Dive into the Microsoft Entra PowerShell Module: An Intune Administrator’s Perspective • Ben Whitemore

🚦 Conditional Access

• The Main Reason You Shouldn't Exclude Break Glass By Group in Conditional Access • Jay Kerai

• Conditional Access Framework (2025.2.3) • Joey Verlinden

• Always On VPN and Entra Conditional Access • Richard M. Hicks

• Protected Actions: Adding Extra Guards to Your Entra ID Gate! • Per-Torben Sørensen

• Protected Actions – Protect Hard Deletions of Objects • Rudy Mens

🖥️ Devices

• Configuring Windows LAPS – Niklas Blog • Niklas Rast

🥷 Security

• Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication • Charlie Gardner, Steven Adair, Tom Lancaster

• Microsoft Graph Activity to Basic Logs • Debac Manikandan

• Monitor Elevated Access in Microsoft Entra with Sentinel • Charbel Nemnom

• How to Set Up an Emergency Access App in Entra ID for Admin Recovery • Sreejith Reghunathan Pillai

♻️ Sync

• From the field: You receive error ‘AADSTS9090561 The endpoint only accepts POST requests. Received a GET request’ when signing in • Sander Berkouwer

⚒️ Toolkit

• zh54321/GraphPreConsentExplorer - A comprehensive list of usable Entra ID first-party clients with pre-consented Microsoft Graph scopes, in a simple YAML-file explorable with a simple HTML GUI • zh54321

• migrate-per-user-mfa-to-ca.ps1 - Script to migrate from Per user MFA to Conditional Access • Nathan McNulty

🎙️ Podcasts

• TrustedSec: Security Noise Podcast - Authentication in 2025 • Geoff Walton, Skyler Tuter, Edwin David, Justin Bollinger

• Identity at the Center Podcast: Mastering Group Management with Microsoft's David Johnson (51 min) • Jim McDonald, Jeff Steadman, David Johnson

• Cloudfirst Podcast: Using managed identities and federated credentials to eliminate secrets • Marius Sandbu

📺 Watch

• FIDO Alliance: Stop Counting Factors... Start Describing Authentication Events (32 min) • Pamela Dingle, Dean Saxe

• Black Hat: Hook, Line and Sinker: Phishing Windows Hello for Business (25 min) • Yehuda Smirnov

• Azure Super Mode with Entra ID User Access Administrator and NEW Logging Ability (18 min) • John Savill

• Microsoft Entra ID 5 New Killer Features that you Have to Know! (17 min) • Andy Malone

• Entra ID - Must-Do configuration changes (9 min) • Julian Rasmussen MVP

• 'Edit Users' option in Entra ID (Public Preview) (3 min) • Rio Hindle

• Difference between delegated and application permissions in Microsoft Entra ID (16 min) • Lukas Beran

• How to Retain Sign in logs in Entra beyond 30 days (20 min) • Nick Ross

🔥 Maester

👨🏽‍💻 Merill’s corner

🪃 Acknowledgement of Country

Entra.News is created on Wurundjeri land and acknowledges the traditional owners of country throughout Australia, recognising their continuing connection to land, water and community. I pay my respect to them and their cultures and to elders both past and present.