Darren Robinson, Identity and Zero Trust Strategy and Architecture Capability Lead at Increment, shares his extensive experience in identity governance and administration.
In this episode Merill sits down with Darren “Doc” Robinson – Microsoft MVP since 2017, former SailPoint Ambassador and one of Australia’s most experienced identity architects.
Darren takes us on a 25+ year journey from Novell networks to modern Microsoft Entra ID, reveals why he’s building custom ECMA2 connectors, and shares the exact PowerShell tools he just open-sourced (Granfeldt uplift, ECMA2 Host Tools, Provision On-Demand module).
We also compare Entra ID Governance vs SailPoint and dive into his latest obsession: MCPs for Entra News and personal AI agents.
Whether you’re migrating legacy apps or levelling up your IGA strategy, this episode is pure gold.
Sponsored by CoreView:
Would you bet your reputation on your current Microsoft 365 security posture?Sure, you’ve checked Purview. Maybe tightened Conditional Access. We all do that.
But it’s usually the quiet stuff that bites... permissions that expanded, policies that drifted, exceptions nobody revisited.
You could assume it’s fine.
Or you could run the Microsoft 365 Security Posture Check.
It’s free.
It runs locally.
And no, it doesn’t send your tenant data back to us.
We’ll even help you set it up.
Subscribe with your favorite podcast player or watch on YouTube 👇
About Darren Robinson
Darren is highly accomplished in digital identity and cybersecurity specialising in Identity & Access Management for over three decades. Darren is renowned for driving Digital Identity innovation, building global offerings, and leading high-impact teams to deliver cutting-edge solutions that enhance security posture, operational efficiency, and business value.
🔗 Related Links
In this episode…
1. Understanding the “Metaverse”
The foundation of Microsoft’s identity strategy dates back to the acquisition of Zoomit in 2000. This introduced the Metaverse—not a VR world, but a “hologram” or central representation of a user that exists across multiple systems like SQL databases and LDAP directories. By correlating these identities into one object, organizations can maintain consistency across a fragmented environment.
2. The Modern Bridge: ECMA and SCIM
As organizations move to the cloud, the “heavy” sync engines like MIM (Microsoft Identity Manager) are being replaced by Entra Cloud Sync. The modern approach uses:
A Light Shim: A small on-premises component that acts as a member of the domain.
SCIM Instructions: The Entra provisioning service sends instructions via the SCIM protocol to this shim.
ECMA Connectors: The Extensible Connector Management Agent (ECMA) translates these cloud instructions into a language legacy on-prem apps can understand, such as SQL or Oracle updates.
3. Scaling with PowerShell 7
One of the biggest hurdles in legacy identity management was performance. Darren Robinson recently uplifted the popular Granfeldt PowerShell Management Agent to support PowerShell 7. This update allows for:
64-bit Processing: Handling larger datasets with ease.
Parallelism: Sending multiple identity updates in parallel rather than waiting for individual “gets,” significantly speeding up sync times.
4. Managing the “Cache”
A common pain point for administrators is the lack of visibility into the ECMA host cache. To solve this, Darren developed a new module that allows practitioners to programmatically query the cache, back up configurations, and document every connector and parameter in the system.
Key Takeaway: Whether you are migrating from legacy solutions like Novell or managing a complex hybrid Entra environment, the goal remains the same: automated, secure, and visible identity lifecycles.
📗 Chapters
00:00 Intro
02:22 The Evolution of Directory Services and Synchronization
08:05 Understanding Sync Engines and the Metaverse
14:45 Modern Identity Provisioning with Entra
17:39 Developing Custom PowerShell ECMA Connectors
20:53 Automating Provisioning with New PowerShell Modules
28:53 The Current Landscape of Identity Governance
31:37 Solving the Disconnected Apps Challenge
35:46 Exploring Model Context Protocol (MCP)
45:34 Leveraging Local AI and LLMs for Identity Tasks
Podcast Apps
🎙️ Entra.Chat - https://entra.chat
🎧 Apple Podcast → https://entra.chat/apple
📺 YouTube → https://entra.chat/youtube
📺 Spotify → https://entra.chat/spotify
🎧 Overcast → https://entra.chat/overcast
🎧 Pocketcast → https://entra.chat/pocketcast
🎧 Others → https://entra.chat/rss
Merill’s socials
📺 YouTube → youtube.com/@merillx
👔 LinkedIn → linkedin.com/in/merill
🐤 Twitter → twitter.com/merill
🕺 TikTok → tiktok.com/@merillf
🦋 Bluesky → bsky.app/profile/merill.net
🐘 Mastodon → infosec.exchange/@merill
🧵 Threads → threads.net/@merillf
🤖 GitHub → github.com/merill
