Extending Microsoft Entra: Logic Apps, Power Apps, and the Art of Tinkering with Entra ID

Entra.Chat

0:00

-50:34

Extending Microsoft Entra: Logic Apps, Power Apps, and the Art of Tinkering with Entra ID

The gap between "I wish Entra did X" and "I built X in Entra" is smaller than you think.

Joshua Fernando and Merill Fernando

Dec 13, 2025

In this week’s episode Jan Bakker, Microsoft MVP and solution architect from the Netherlands, joins us for a masterclass in extending Microsoft Entra ID beyond out-of-the-box capabilities. This episode is your complete guide to building custom identity governance and lifecycle management using Power Apps, Logic Apps, and Azure automation.

You’ll learn the fundamental building blocks of automation in the Microsoft ecosystem and how to combine them creatively.

Jan’s approach: treat Entra as a platform, not just a product.

The automation stack he teaches:

→ Power Automate (everyday workflows)
→ Logic Apps (enterprise automation)
→ Dynamic Groups (intelligent triggers)
→ Graph API (the foundation of everything)
→ Event Hub (cost-effective event streaming)

Key topics covered:

Understanding Power Automate vs Azure Logic Apps (and when to use each)
Managed identities and least privilege automation
Dynamic groups as automation triggers
Event Hub for cost-effective event-driven workflows
Custom authentication extensions and token augmentation
Real implementation costs ($50/month for enterprise solutions!)

From the conversation:

Step-by-step temporary access pass automation
Automatic refresh token revocation on account disable
MFA method change notifications (like Gmail/Twitter)
Guest lifecycle management and approval flows
Conditional access policy monitoring

Whether you’re new to automation or an experienced architect, you’ll walk away with actionable ideas and a new way of thinking about identity solutions.

Subscribe with your favorite podcast player or watch on YouTube 👇

About Jan Bakker

Jan is a Microsoft MVP and Solution Architect based in the Netherlands. He is known for his ability to make complex DevOps and Entra concepts accessible and publishes extensive guides on his blog about extending Entra capabilities.

LinkedIn: https://www.linkedin.com/in/jan-bakker/

🔗 Related Links

Send an email on a new MFA method registration - https://janbakker.tech/send-an-email-on-a-new-azure-mfa-method-registration/
How to build a PowerApp – Temporary Access Pass Manager - https://janbakker.tech/category/power-platform/
Trigger Logic App on group membership changes in Entra ID - https://janbakker.tech/trigger-logic-app-on-group-membership-changes-in-entra-id/
Poor man’s IGA: Monitor and clean up stale guest accounts - https://janbakker.tech/poor-mans-iga-monitor-and-clean-up-stale-guest-accounts/
Poor man’s IGA: Generate Temporary Access Pass for joiners - https://janbakker.tech/poor-mans-iga-generate-temporary-access-pass-for-joiners/
Unlocking the Power of employeeHireDate in Entra ID Dynamic Groups - https://janbakker.tech/unlocking-the-power-of-employeehiredate-in-entra-id-dynamic-groups/
Temporary exclusions for Conditional Access using PIM for Groups - https://janbakker.tech/temporary-exclusions-for-conditional-access-using-pim-for-groups/

Sponsored by:

Shadow IT and SaaS sprawl are outpacing IT teams
It can feel impossible to tackle these app governance challenges:
📦 Entra ID isn’t secure by default
💥 SaaS adoption & sprawl isn’t slowing down
⌨️ Citizen Development keeps rising (hello, Copilot Studio!)
🗑️ Vendors often don’t remove apps after uninstall
🔃 Offboarding is inconsistent or doesn’t happen at all
🥔 App governance is passed around like a hot potato
ENow AppGov Score shines a light on lurking risks, providing a free App Governance Benchmark Report for your Entra tenant. Reclaim control and protect against breach & disruptions. Free upgrade to Standard Tier for 7 days once you get your score.
Secure & Govern Entra Apps Now