I am back home in Melbourne today, and joining me are Nathan McNulty from Alaska and Daniel Bradley from the UK as we dive into all the massive Entra updates that dropped last month. We are breaking down the controversial shift to syncable passkeys , why your Conditional Access policies might suddenly start blocking apps , and the absolute necessity of moving privileged accounts away from on-prem AD. We’re also geeking out over some incredible new Global Secure Access (GSA) features and how AI is completely transforming the way we work with Graph API. You won’t want to miss the under-the-radar changes that could impact your tenant’s security architecture overnight.
Here’s a quick overview of all the topics we covered in this episode (links below).
Sponsored by:
Scan, Score, and Secure Your Applications in Entra
Application identities represent one of the largest attack surfaces in Entra and are often among the least consistently governed. AppGov Score helps IT and Security teams understand where risk exists. The 24-check assessment evaluates Entra ID application integrations against Microsoft-recommended governance practices, analyzing:
App registrations and enterprise apps for excessive permissions
Expired or unmanaged secrets
Ownerless apps
Risky consent grants, and
Privileged service principals
Results are delivered as a clear, defensible risk score with actionable findings. No scripts. No manual inventory. Just a fast, read-only scan that reveals app sprawl, identity misconfigurations, and blast radius so you can prioritize remediation and strengthen your security posture with confidence.
Subscribe with your favorite podcast player or watch on YouTube 👇
About Nathan McNulty
Senior Security Solutions Architect at Patriot Consulting and Microsoft MVP in security. Nathan is the practice lead for identity and has extensive experience with endpoint deployments and everything Entra.
LinkedIn - https://www.linkedin.com/in/nathanmcnulty/
About Daniel Bradley
Senior Solution Architect for CDW down in the UK and an MVP in Identity Security and M365 for Graph API. Daniel specializes in pre-sales, mergers, acquisitions, and the highly technical migration space.
LinkedIn - https://www.linkedin.com/in/danielbradley2/
🔗 Related Links
Entra What's New - https://learn.microsoft.com/en-us/entra/fundamentals/whats-new
Upcoming Conditional Access change: Improved enforcement for policies with resource exclusions - https://techcommunity.microsoft.com/blog/microsoft-entra-blog/upcoming-conditional-access-change-improved-enforcement-for-policies-with-resour/4488925
XDRInternals - https://github.com/MSCloudInternals/XDRInternals
Passkey Login - https://github.com/nathanmcnulty/nathanmcnulty/blob/main/Entra/passkeys/PasskeyLogin.ps1
Graph PM - https://graph.pm
📗 Chapters
03:01 Syncable Passkeys & Registration Changes
18:10 Conditional Access Policy Updates
26:35 Blocking Hard Match for Privileged Roles
35:42 External Authentication Methods GA
43:04 Lifecycle Workflows & Admin Units
48:01 Global Secure Access (GSA) BYOD Preview
53:06 New My Account Portal & Authenticator Updates
58:43 AI Skills & Automating Graph API
Podcast Apps
🎙️ Entra.Chat - https://entra.chat
🎧 Apple Podcast → https://entra.chat/apple
📺 YouTube → https://entra.chat/youtube
📺 Spotify → https://entra.chat/spotify
🎧 Overcast → https://entra.chat/overcast
🎧 Pocketcast → https://entra.chat/pocketcast
🎧 Others → https://entra.chat/rss
Merill’s socials
📺 YouTube → youtube.com/@merillx
👔 LinkedIn → linkedin.com/in/merill
🐤 Twitter → twitter.com/merill
🕺 TikTok → tiktok.com/@merillf
🦋 Bluesky → bsky.app/profile/merill.net
🐘 Mastodon → infosec.exchange/@merill
🧵 Threads → threads.net/@merillf
🤖 GitHub → github.com/merill
