In this episode, we talk with an identity expert, ex-Microsoftie and Principal Domain Architect, Mark Renoden, about creating a modern Privileged Access Management (PAM) solution for on-premises Active Directory. Discover how to build a secure "Bastion Forest" architecture using Microsoft Entra. We talk about PIM for Groups, group write-back, phish-resistant credentials, Privileged Access Workstations (PAW), securing an Entra tenant from the ground up, and navigating challenges with Cloud Solution Provider (CSP) permissions.
Watch on YouTube
PS. Can I ask a favor? If you enjoyed this episode please leave a review and rating! Thank you 🙏 - Merill
About Mark
As Principal Domain Architect for Identity at Increment, Mark leads the design and delivery of secure, scalable identity architectures grounded in Microsoft Entra ID and aligned with Zero Trust principles. He specializes in helping organisations modernise their infrastructure and navigate complex identity transformations.
Previous to Increment, Mark spent over 20 years at Microsoft in support, field engineering, mission critical and customer experience roles focused on Identity across a wide spectrum of industries in Australia and New Zealand, including Finance, Healthcare, Government, Education and Retail.
LinkedIn - https://www.linkedin.com/in/markrenoden/
🔗 Related Links
DirectoryShield | Increment - https://www.increment.inc/directoryshield
Entra Security Recommendations - https://aka.ms/EntraSecurityRecommendations
Securing privileged access overview - https://learn.microsoft.com/en-us/security/privileged-access-workstations/privileged-access-overview
MIM - Bastion environment - https://learn.microsoft.com/en-us/microsoft-identity-manager/pam/planning-bastion-environment
📗 Chapters
00:46 Securing Your Entra Tenant
02:09 The Quest for a Microsoft-Only PAM Solution
04:21 What is a "Bastion Forest"?
07:50 Reimagining the Bastion Forest for the Cloud
12:53 Architecting a "Secure-by-Default" Tenant
17:41 Phish-Resistant On-Prem Admins
19:50 The Modern Privileged Access Workstation (PAW)
27:04 The Tiered Administration Model Explained
29:51 The Hidden Dangers of CSP Admin Access
34:29 How Fast is PIM for Groups?
Podcast Apps
🎙️ Entra.Chat - https://entra.chat
🎧 Apple Podcast → https://entra.chat/apple
📺 YouTube → https://entra.chat/youtube
📺 Spotify → https://entra.chat/spotify
🎧 Overcast → https://entra.chat/overcast
🎧 Pocketcast → https://entra.chat/pocketcast
🎧 Others → https://entra.chat/rss
Merill's socials
📺 YouTube → youtube.com/@merillx
👔 LinkedIn → linkedin.com/in/merill
🐤 Twitter → twitter.com/merill
🕺 TikTok → tiktok.com/@merillf
🦋 Bluesky → bsky.app/profile/merill.net
🐘 Mastodon → infosec.exchange/@merill
🧵 Threads → threads.net/@merillf
🤖 GitHub → github.com/merill
Share this post