Operational Groups in Entra with Nathan McNulty

Entra.Chat

1×

0:00

Current time: 0:00 / Total time: -46:59

-46:59

Operational Groups in Entra with Nathan McNulty

Nathan McNulty joins us to talk about securing BYOD, deploying Entra's administrative units, operational groups, auth methods migrations and more!

Merill Fernando

Mar 27, 2025

Transcript

In this insightful episode, Nathan McNulty, Senior Security Solutions Architect at Patriot Consulting, shares his extensive experience deploying and securing Microsoft Entra environments. With a background spanning civil engineering, education, and critical infrastructure, Nathan brings practical wisdom from managing environments with 50,000+ users and 90,000+ devices.

Subscribe with your favorite podcast player or watch on YouTube 👇

The conversation explores realistic approaches to securing BYOD, building effective conditional access policies using a "castle" framework, and leveraging administrative units to partition permissions efficiently. Nathan reveals his innovative "operational groups" automation technique that helps classify users by authentication methods, enabling granular security controls without manual effort. The episode also covers authentication methods migration strategies, extension attributes, and modern cloud automation approaches that replace traditional server-based scripts.

Whether you're looking to improve your conditional access strategy, smoothly migrate authentication methods, or automate Entra management tasks, Nathan's field-tested insights will help you secure your environment more effectively while reducing administrative overhead.

Nathan McNulty

Web - https://nathanmcnulty.com/
LinkedIn - https://www.linkedin.com/in/nathanmcnulty/
Bluesky - https://bsky.app/profile/nathanmcnulty.com
X - https://x.com/nathanmcnulty

Related Links

Operational Groups scripts - https://github.com/nathanmcnulty/nathanmcnulty/tree/master/Entra/operational-groups
Maester DevOps - https://maester.dev/docs/monitoring/github
Authentication Methods Migration - https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-authentication-methods-manage
Administrative units - https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/administrative-units
Restricted management administrative units - https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/admin-units-restricted-management

Chapters

(00:00) Securing BYOD: Limitations and Realities

(09:34) Conditional Access Policy Approach: Building the Castle

(12:51) Administrative Units: Partitioning the Entra Kingdom

(19:10) Operational Groups: Automating User Classification

(26:02) Authentication Methods Migration: Avoiding User Disruption

(34:20) Managing SMS & Legacy Authentication Methods

(40:33) Extension Attributes vs. Group Membership

(43:39) Cloud Automation: Moving Beyond Server-Based Scripts

Discussion about this episode

Entra.Chat

Entra Chat is a weekly podcast hosted by Merill Fernando and delivers practical insights for Microsoft administrators and security professionals through conversations with identity experts who've been in the trenches.

Episodes feature seasoned Entra practitioners sharing real-world deployment experiences and Microsoft Entra team members who build the features you use daily.

Get the inside track on best practices, implementation strategies, and upcoming capabilities directly from those who design and deploy Microsoft identity solutions.

Join us for actionable takeaways you can apply immediately in your Microsoft 365, Azure, and Entra environments.

---

Entra.Chat, its content and opinions are my (Merill Fernando) own and do not reflect the views of my employer (Microsoft). All postings are provided “AS IS” with no warranties and is not supported by the author. All trademarks and copyrights belong to their owners and are used for identification only.

Listen on