Entra 🆔 News #88 → This week in Microsoft Entra
Learn about our new podcast Entra.Chat 🎙️🎧, Conditional Access policy impact preview 🔮📊, Microsoft Entra Health alerts 🚨💻, External ID deployment guide 📝🔑 and more! ✨🚀
Hi, Merill and Joshua here with this week’s roundup of the latest news on Microsoft Entra from around the globe 🌍.
This week’s newsletter is packed with so much great content your bookmarks are going to get a real working.
Plus quick reminder that Entra.News now has its very own weekly podcast Entra.Chat! Subscribe today on your favorite podcast app (Apple Podcast, Spotify, YouTube, Overcast, PocketCast) and join us for fascinating chats on Entra with an amazing lineup of guests.
Enjoy!
Sponsored by:
EasyEntra: Consolidated Hybrid Microsoft 365 Management
Managing Microsoft 365 and hybrid AD doesn’t have to be slow and complex. EasyEntra streamlines user administration into a single, intuitive console and enables first-level IT support to resolve tickets quickly, consistently, and without escalating to senior IT. With EasyEntra, you can save time, reduce complexity, and improve service delivery.
✅ Unified Hybrid Management – Seamlessly manage Entra ID and on-prem AD in one console.
✅ Fast & Responsive UI – Perform user admin tasks at the speed of your thought.
✅ User Lifecycle Automation – Streamline user onboarding and offboarding with consistent automation.
✅ Freemium Version – Manage any number of small tenants (< 25 licensed users) side-by-side completely free.
✅ No Infrastructure Changes – Install and configure in less than one minute.
⚡️ Microsoft
🔥 Public Preview
Introducing Microsoft Entra Health alerts: An enhancement to tenant health monitoring • Shobhit Sahay
Conditional Access - Policy Impact Preview • Microsoft Learn
📖 Read
Hardening update to Microsoft Entra Connect Sync from April 7, 2025 • Microsoft Learn
Microsoft Entra External ID deployment guide • Microsoft Learn
📺 Watch
Configure auto-assignment policies in Microsoft Entra ID Governance using Entitlement Management (4 min) • Jorge Lopez
Implementing managed identities | Protect identities and secrets (22 min) • Sarah Young, Nick Wryter, Michael Howard
Secure access to internet resources with Microsoft Entra Suite (44 min) • Amelie Darchicourt, Pramiti Bhatnagar
From the community…
🚀 Most popular posts from last week
Create a Free Interactive License Usage Report for Microsoft 365 • Daniel Bradley
Passkeys for macOS and addressing the phishing resistant authentication registration loop • Rahul Jindal
Evilginx loves Temporary Access Passes too • Jan Bakker
Sponsored by:
How much is Autopilot FreshStart really costing you?
Manual workstation migrations can drain your time and budget. Fresh-starting devices, IT tickets, and user downtime all add hidden costs. But what if you could cut migration costs by over half?
PowerSyncPro Migration Agent automates the entire process, eliminating manual effort and reducing disruptions.
Keep user profiles, settings, and applications intact - no reconfiguration needed. Complete migrations in minutes, not hours, with minimal downtime. Go Entra-Joined seamlessly, with user initiated migrations, at a convenient time for them.
Check how much you can save with PowerSyncPro Migration Agent today.
☀️ Learn
👮♂️ ID Governance
Lifecycle Workflows and Custom Extensions - step-by-step-guide • Klaus Bierschenk
🌐 Private Access & Internet Access (GSA)
📦 Apps
Entra tenant policy to forbid long-lived secrets for Applications and Service Principals • Peter Lorenzen
Using Microsoft Entra ID To Authenticate With Model Context Protocol Servers • Den Delimarsky
🔑 Authentication
Playing with Time Drift Tolerances in Entra ID: A Hands-On Experiment • Dr. Emin Huseynov
QR Code Authentication for Front Line Workers – Setting Security Controls From the Get Go! • Shehan Perera
You shall not pass(key)! • Jan Bakker
Why Are Some FIDO2 Credentials Visible as Passkeys and Others Not? • Dr. Emin Huseynov
Authentication best practices for Teams phones • Microsoft Learn
👥 User & Group Management
🤖 DevOps & PowerShell
Easily add login to your Azure app with Bicep • Pamela Fox
Automate Microsoft Graph PowerShell Scripts for Unattended Execution • Thiraviam
Authenticate to Graph in Azure Functions With Managed Identites (Part 2) • Ben Reader
SharePoint Online PowerShell Module Gets Modern Authentication • Tony Redmond
🚦 Conditional Access
Entra: Integrate Passkey registration with your Conditional Access Framework • Will Francillette
Managed Conditional Access Policy • Stefan Wey
🔐 Credential Management
🖥️ Devices
Windows LAPS and Legacy LAPS – Key Differences • Andreas Hartig
Reporting on group membership for Entra ID devices (including assigned licenses) • Vasil Michev
Enforcing Tenant Restrictions v2 on Windows Devices – Strengthening Microsoft Entra Security • Sreejith Reghunathan Pillai
🏙️ External ID - Guests & Multi-Tenant Organizations
ADSS TSync vs Entra Cross-Tenant Sync: A Comprehensive Comparison • Sankara Narayanan
Entra ID Guest Expiration Automation • Chris Greenacre
📈 Reporting and Insights
Create a free interactive Entra Authentication methods report • Daniel Bradley
🥷 Security
Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD • Cymulate Research Lab
Your MFA Is No Match for Sneaky2FA • eSentire Threat Response
Adversarial lateral motion in Azure PaaS: are we prepared? • Christophe Parisel
🛍️ External ID - Customers
Connecting Entra External ID as an SP to Azure AD B2C via SAML • Rory Braybrook
⚒️ Toolkit
Monitor Your Break Glass Account CA Policy Exclusions: Introducing Invoke-CAIQBreakGlassAssessment; Another ConditionalAccessIQ Tool • Gabriel Delaney
glueckkanja/MyWorkID - MyWorkID enables secure self-service solutions for handling compromised accounts, generating Temporary Access Passes (TAP), resetting passwords, and verifying user identities.
🎙️ Podcasts
Maester, Intro to Zero Trust & Conditional Access Policies & Oversharing Controls in M365 - Cloudy with a Chance of Insights (43 min) • Richard Hogan, David Rowley, Cyrus Irandoust
Securing Microsoft Entra - Ctrl+Alt+Azure • Tobias Zimmergren, Jussi Roine
Chronicles of a Rogue Device - Out of Band • Shehan Perera, Anthony 'Anto' Porter, Andrew 'Abe' O'Young
📺 Watch
UnOAuthorized: A Technique to Privilege Escalation to Global Administrator- Black Hat (28 min) • Eric Woodruff
Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD (5 min) • Ilan Kalendarov, Elad Beber, Avigayil Stein
Microsoft Entra ID: Gateway to Supply Chain Attacks on a Global Scale - Disobey (41 min) • Martin Haller
Exploiting Token Based Authentication - Disobey (45 min) • Dr Nestori Syynimaa
Staying Sneaky in Microsoft Azure - Disobey (28 min) • Christian Philipov
AME 2024 session - You can't do Zero Trust with AD FS (48 min) • Sander Berkouwer, Raymond Comvalius
Why Microsoft 365 Business Premium is a Game Changer in 2025? (13 min) • Peter Rising
Every Small Business MUST Know These E5 Security Features Now! (11 min) • Jonathan Edwards
Difference between Microsoft Entra ID Enterprise Apps and App Registrations | Cybersecurity World (12 min) • Cybersecurity World
Block User Consent in ChatGPT & Third-Party Apps using Entra ID (3 min) • Rio Hindle
Secure Application Management | Getting Started (9 min) • Nick Ross
Azure App Registration Simple Explanation and Demo with PowerShell (33 min) • Mike in the Cloud
Migrating from MIM Sync: User Provisioning with Microsoft Entra ID (35 min) • Oxford Computer Group US
🔥 Maester
Maester Adds Support for GitLab • Stefan Wey
👨🏽💻 Merill’s corner
Want to get featured on Entra.News? → Submit your content 😎
Want us to say nice things about your company? Sponsor entra.news 🤩
🪃 Acknowledgement of Country
Entra.News is created on Wurundjeri land and acknowledges the traditional owners of country throughout Australia, recognising their continuing connection to land, water and community. I pay my respect to them and their cultures and to elders both past and present.