The Unpopular Opinion: Why I Actually LIKE Hybrid Join
In this exciting episode of Entra Chat, I dive into the world of Entra + Windows devices with the passionate and knowledgeable John Towles, a solution architect and MVP for Windows 365 and more. We unpack why Entra hybrid join is still relevant for some organizations, explore the ins and outs of Windows Autopilot, and reveal practical tips for navigating the complexities of modern device management. Plus, we share a sneak peek into the upcoming Workplace Ninjas US event and get a special announcement about the Workplace Ninjas US "Golden Clippy Awards", including the finalists for the "Entra IDol of the Year."Subscribe with your favorite podcast player or watch on YouTube 👇About John TowlesJohn Towles is a Solutions Architect at WEI, a multi-award MVP (Windows 365, Intune), President of Workplace Ninjas US, and the proprietor of Mobile-John.com. With over a decade of experience as the face of VMware's Workplace One, John has a deep and unique perspective on endpoint management and cloud migration. He is passionate about helping organizations navigate complex technical challenges with pragmatic, real-world solutions.LinkedIn🔗 Related Links* Microsoft Entra Hybrid Join: Not Dead Yet! (Jon’s blog)* Workplace Ninjas US* Microsoft's Entra Kerberos: Bridging Legacy AD to Cloud Auth + MAM on Edge with PM Jordan Gross📗 Chapters00:23 Entra Hybrid Join: To Do or Not to Do? 03:13 The Great Migration from VMware to Intune 06:23 Entra Join vs. Hybrid Join Explained 12:52 The Magic of Cloud Kerberos Trust 15:53 Demystifying Windows Autopilot 25:23 Making the Case for Hybrid Join with Autopilot 30:57 Why Cloud-Native is the Future 36:16 Introducing Workplace Ninjas US 39:06 The "Golden Clippy Awards" 41:31 Announcing the Entra IDol of the Year FinalistsPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill's socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
--------
55:14
--------
55:14
Entra Chat 🎙️ → A master class with Entra’s Identity Provisioning Wizard!
In this episode, I sit down with Chetan Desai, a Principal Product Manager on the Microsoft Identity Governance team. We dive deep into a side of Entra that many admins never see: the critical "first mile problem" of getting identities into your system in the first place.We talk about the evolution from on-prem scripts and MIM to specific connectors for Workday and SuccessFactors and then to the new powerful, generic API-driven approach that can handle any HR system and the architectural decisions behind it. Chetan also gives us a masterclass on how the provisioning engine differs from the Graph API and provides advice for anyone looking to migrate from a legacy Identity Governance and Administration (IGA) solution.Subscribe with your favorite podcast player or watch on YouTube 👇About Chetan DesaiChetan Desai is a Principal Product Manager at Microsoft on the Entra team. For the past seven years, he has been a core part of the Entra Identity Governance and Provisioning team. Before his time at Microsoft, Chetan spent 17 years in consulting within the identity and access management domain , bringing a wealth of real-world deployment and integration experience to his product management role.🔗 Related Links* Application and HR provisioning documentation* Provisioning with SCIM* API-driven inbound provisioning concepts📗 Chapters00:34 The "First Mile Problem" in Identity 04:51 From AD Sync to HR-Driven Provisioning 09:52 The Entra Provisioning Service Architecture 16:17 Hybrid vs. Cloud-Only Identity Flows 19:17 Beyond Workday: The Need for a Generic Connector 27:43 The Great Debate: CSV vs. SQL vs. API 35:34 Provisioning API vs. Graph API: What's the Difference? 43:24 The Latest Evolution: Custom Security Attributes 49:26 Advice for Migrating to Modern IGAPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill's socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
--------
55:01
--------
55:01
The Secret to Great Tech Content? A Masterclass in Storytelling
In this episode, I chat with the legendary Tony Redmond, a prolific writer and author of "Office 365 for IT Pros". Tony shares unfiltered insights from his career, critiques the state of technical writing and AI, and discusses the challenges with PowerShell and the future of AI agents in the Microsoft ecosystem.Subscribe with your favorite podcast player or watch on YouTube 👇About Tony RedmondTony Redmond is a well-known and prolific writer in the Microsoft 365 space. After a long career in large tech companies like Digital, Compaq, and HP, where he rose to the level of Vice President, he became an independent consultant and author in 2010. He is the lead author of the widely respected and continuously updated e-book, "Office 365 for IT Pros," and "Automating Microsoft 365 with PowerShell."LinkedIn - https://www.linkedin.com/in/tonyredmond/ 🔗 Related Links* Office 365 for IT Pros (Book) - https://office365itpros.com * Practical 365 - https://practical365.com📗 Chapters00:00 Intro 03:50 Tony's career and lessons from corporate life 09:06 The story behind the "Office 365 for IT Pros" book 21:35 Tony's rules for great technical writing 25:31 The problem with duplicate content and AI summaries 36:31 A critique of the Graph PowerShell SDK 45:15 The dangers of AI and the need for guardrails 50:57 Microsoft's mistake: Rushing tech without guardrails 55:04 The cyclical nature of technology and IT challengesPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill's socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
--------
1:03:01
--------
1:03:01
The Ultimate Guide to App Consent in Microsoft Entra
In this episode, I sit down with Erin Greenlee, the Product Manager for App Consent on Microsoft’s App Platform Team. We dive into the critical world of app consent and the upcoming Microsoft 365 secure-by-default changes. We explore the nuances of user and admin consent, the impact of the mid-July 2025, policy shift, and how admins can prepare for a more secure Entra environment.Subscribe with your favorite podcast player or watch on YouTube 👇About Erin GreenleeErin Greenlee is a Product Manager at Microsoft, specializing in the App Platform Team within the Identity and Network Access division. With a decade of experience at Microsoft, including roles in B2C and domain services, Erin now focuses on consent, authorization, and app roles, helping organizations secure their applications while enabling productivity.LinkedIn - https://www.linkedin.com/in/eringreenlee/🔗 Related Links* MC1097272 - Microsoft 365 Upcoming Secure by Default Settings Changes - https://mc.merill.net/message/MC1097272 * Entra Admin Consent Workflow - https://docs.microsoft.com/en-us/entra/identity/enterprise-apps/configure-admin-consent-workflow * Configure how users consent to applications - https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/configure-user-consent* Manage app consent policies - https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/manage-app-consent-policies* Review App Consent audit logs - https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/app-perms-audit-logs📗 Chapters02:15 What is App Consent?03:22 Delegated vs. Application Permissions07:45 The User Consent Balancing Act13:58 How Consent is Evaluated17:33 Understanding Tenant Consent Policies22:28 The Admin Consent Workflow31:18 The Big Change: Microsoft's Secure-by-Default Update41:35 How to Prepare for the Change49:05 Advanced Delegation with Custom PoliciesPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill's socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
--------
1:12:14
--------
1:12:14
Pushing Microsoft Entra to its Limits to Secure On-Prem AD
In this episode, we talk with an identity expert, ex-Microsoftie and Principal Domain Architect, Mark Renoden, about creating a modern Privileged Access Management (PAM) solution for on-premises Active Directory. Discover how to build a secure "Bastion Forest" architecture using Microsoft Entra. We talk about PIM for Groups, group write-back, phish-resistant credentials, Privileged Access Workstations (PAW), securing an Entra tenant from the ground up, and navigating challenges with Cloud Solution Provider (CSP) permissions.Watch on YouTubePS. Can I ask a favor? If you enjoyed this episode please leave a review and rating! Thank you 🙏 - MerillAbout MarkAs Principal Domain Architect for Identity at Increment, Mark leads the design and delivery of secure, scalable identity architectures grounded in Microsoft Entra ID and aligned with Zero Trust principles. He specializes in helping organisations modernise their infrastructure and navigate complex identity transformations.Previous to Increment, Mark spent over 20 years at Microsoft in support, field engineering, mission critical and customer experience roles focused on Identity across a wide spectrum of industries in Australia and New Zealand, including Finance, Healthcare, Government, Education and Retail.LinkedIn - https://www.linkedin.com/in/markrenoden/🔗 Related Links* DirectoryShield | Increment - https://www.increment.inc/directoryshield* Entra Security Recommendations - https://aka.ms/EntraSecurityRecommendations* Securing privileged access overview - https://learn.microsoft.com/en-us/security/privileged-access-workstations/privileged-access-overview* MIM - Bastion environment - https://learn.microsoft.com/en-us/microsoft-identity-manager/pam/planning-bastion-environment📗 Chapters00:46 Securing Your Entra Tenant02:09 The Quest for a Microsoft-Only PAM Solution04:21 What is a "Bastion Forest"?07:50 Reimagining the Bastion Forest for the Cloud12:53 Architecting a "Secure-by-Default" Tenant17:41 Phish-Resistant On-Prem Admins19:50 The Modern Privileged Access Workstation (PAW)27:04 The Tiered Administration Model Explained29:51 The Hidden Dangers of CSP Admin Access34:29 How Fast is PIM for Groups?Podcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill's socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
Entra Chat is a weekly podcast hosted by Merill Fernando and delivers practical insights for Microsoft administrators and security professionals through conversations with identity experts who've been in the trenches.
Episodes feature seasoned Entra practitioners sharing real-world deployment experiences and Microsoft Entra team members who build the features you use daily.
Get the inside track on best practices, implementation strategies, and upcoming capabilities directly from those who design and deploy Microsoft identity solutions.
Join us for actionable takeaways you can apply immediately in your Microsoft 365, Azure, and Entra environments.
---
Entra.Chat, its content and opinions are my (Merill Fernando) own and do not reflect the views of my employer (Microsoft). All postings are provided “AS IS” with no warranties and is not supported by the author. All trademarks and copyrights belong to their owners and are used for identification only. entra.news