In this insightful episode, Nathan McNulty, Senior Security Solutions Architect at Patriot Consulting, shares his extensive experience deploying and securing Microsoft Entra environments. With a background spanning civil engineering, education, and critical infrastructure, Nathan brings practical wisdom from managing environments with 50,000+ users and 90,000+ devices.
Subscribe with your favorite podcast player or watch on YouTube 👇
The conversation explores realistic approaches to securing BYOD, building effective conditional access policies using a "castle" framework, and leveraging administrative units to partition permissions efficiently. Nathan reveals his innovative "operational groups" automation technique that helps classify users by authentication methods, enabling granular security controls without manual effort. The episode also covers authentication methods migration strategies, extension attributes, and modern cloud automation approaches that replace traditional server-based scripts.
Whether you're looking to improve your conditional access strategy, smoothly migrate authentication methods, or automate Entra management tasks, Nathan's field-tested insights will help you secure your environment more effectively while reducing administrative overhead.
Nathan McNulty
LinkedIn - https://www.linkedin.com/in/nathanmcnulty/
Related Links
Operational Groups scripts - https://github.com/nathanmcnulty/nathanmcnulty/tree/master/Entra/operational-groups
Maester DevOps - https://maester.dev/docs/monitoring/github
Authentication Methods Migration - https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-authentication-methods-manage
Administrative units - https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/administrative-units
Restricted management administrative units - https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/admin-units-restricted-management
Chapters
(00:00) Securing BYOD: Limitations and Realities
(09:34) Conditional Access Policy Approach: Building the Castle
(12:51) Administrative Units: Partitioning the Entra Kingdom
(19:10) Operational Groups: Automating User Classification
(26:02) Authentication Methods Migration: Avoiding User Disruption
(34:20) Managing SMS & Legacy Authentication Methods
(40:33) Extension Attributes vs. Group Membership
(43:39) Cloud Automation: Moving Beyond Server-Based Scripts
Share this post