If you can’t immediately name your break glass accounts and the last time you tested them → you’re already at risk.
In this episode of Entra Chat, Microsoft MVP Per Torben walks through the conditional access mistakes he sees even large enterprises making, and the practical framework he actually uses with customers.
You’ll learn how to set up emergency access accounts the right way, why your CA policies should be built more like a firewall than a checklist, and the one naming convention that makes managing dozens of policies actually manageable.
🎧 Hit play, your tenant will thank you.
Sponsored by:
Entra ID Gaps That Cause Outages
In Microsoft Entra ID, outages often start small: an expired client secret, a lapsed certificate, or a suddenly failing integration. Traditional controls don’t track credential expiry or enforce application ownership, so issues appear only after something breaks.
Teams are left asking:
Which applications can access Microsoft 365 data?
Is that access still appropriate?
Who owns the app?
Unclear answers stall reviews, weaken accountability, and slow delivery.
ENow App Governance Accelerator closes these gaps by highlighting expiring credentials, surfacing permission risks, and identifying ownership gaps before they disrupt operations. New Standard Tier pricing makes it accessible for organizations under 10,000 users, typically $3,500–$9,500 annually.
Subscribe with your favorite podcast player or watch on YouTube 👇
About Per Torben
Per Torben is a Senior Architect at Crayon and a Microsoft MVP for Identity and Access. Based in Norway, he frequently writes highly-read posts featured on Entra.News and runs the collaborative tech blog “Agder in the Cloud”.
LinkedIn - https://www.linkedin.com/in/pertorbensorensen/
🔗 Related Links
Agder in the Cloud - https://agder.cloud
I.D.E.A. for creating/configuring break-glass accounts
Protected actions: https://agderinthe.cloud/2025/02/12/protected-actions-adding-extra-guards-to-your-entra-id-gate/
Conditional Access hardeing (series): https://agderinthe.cloud/2024/12/05/how-to-fix-the-fundamental-flaw-in-conditional-access-part-1-introduction-and-coverage-gaps
CA geo filter (series): https://agderinthe.cloud/2025/11/06/diving-into-geo-filter-with-entra-conditional-access-part-1Entra Backup - https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/backup-restore
📗 Chapters
06:22 The importance of Break Glass accounts
09:02 Securing emergency access with FIDO2 and RMAUs
18:10 Configuring Conditional Access: The “Block by Default” strategy
27:26 Managing scope and preventing accidental lockouts
29:31 Persona-based naming conventions for CA policies
35:38 Grouping settings and avoiding bloated policies
41:54 Handling exceptions and travel access with Access Packages
44:55 The flaw in Protected Actions for Conditional Access
53:38 Using the new Entra Backup feature for quick restores
Podcast Apps
🎙️ Entra.Chat - https://entra.chat
🎧 Apple Podcast → https://entra.chat/apple
📺 YouTube → https://entra.chat/youtube
📺 Spotify → https://entra.chat/spotify
🎧 Overcast → https://entra.chat/overcast
🎧 Pocketcast → https://entra.chat/pocketcast
🎧 Others → https://entra.chat/rss
Merill’s socials
📺 YouTube → youtube.com/@merillx
👔 LinkedIn → linkedin.com/in/merill
🐤 Twitter → twitter.com/merill
🕺 TikTok → tiktok.com/@merillf
🦋 Bluesky → bsky.app/profile/merill.net
🐘 Mastodon → infosec.exchange/@merill
🧵 Threads → threads.net/@merillf
🤖 GitHub → github.com/merill
