Entra.Chat

• The Ultimate Guide to App Consent in Microsoft Entra

  In this episode, I sit down with Erin Greenlee, the Product Manager for App Consent on Microsoft’s App Platform Team. We dive into the critical world of app consent and the upcoming Microsoft 365 secure-by-default changes. We explore the nuances of user and admin consent, the impact of the mid-July 2025, policy shift, and how admins can prepare for a more secure Entra environment.Subscribe with your favorite podcast player or watch on YouTube 👇About Erin GreenleeErin Greenlee is a Product Manager at Microsoft, specializing in the App Platform Team within the Identity and Network Access division. With a decade of experience at Microsoft, including roles in B2C and domain services, Erin now focuses on consent, authorization, and app roles, helping organizations secure their applications while enabling productivity.LinkedIn - https://www.linkedin.com/in/eringreenlee/🔗 Related Links* MC1097272 - Microsoft 365 Upcoming Secure by Default Settings Changes - https://mc.merill.net/message/MC1097272 * Entra Admin Consent Workflow - https://docs.microsoft.com/en-us/entra/identity/enterprise-apps/configure-admin-consent-workflow * Configure how users consent to applications - https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/configure-user-consent* Manage app consent policies - https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/manage-app-consent-policies* Review App Consent audit logs - https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/app-perms-audit-logs📗 Chapters02:15 What is App Consent?03:22 Delegated vs. Application Permissions07:45 The User Consent Balancing Act13:58 How Consent is Evaluated17:33 Understanding Tenant Consent Policies22:28 The Admin Consent Workflow31:18 The Big Change: Microsoft's Secure-by-Default Update41:35 How to Prepare for the Change49:05 Advanced Delegation with Custom PoliciesPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill's socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe

  --------  

  1:12:14
• Pushing Microsoft Entra to its Limits to Secure On-Prem AD

  In this episode, we talk with an identity expert, ex-Microsoftie and Principal Domain Architect, Mark Renoden, about creating a modern Privileged Access Management (PAM) solution for on-premises Active Directory. Discover how to build a secure "Bastion Forest" architecture using Microsoft Entra. We talk about PIM for Groups, group write-back, phish-resistant credentials, Privileged Access Workstations (PAW), securing an Entra tenant from the ground up, and navigating challenges with Cloud Solution Provider (CSP) permissions.Watch on YouTubePS. Can I ask a favor? If you enjoyed this episode please leave a review and rating! Thank you 🙏 - MerillAbout MarkAs Principal Domain Architect for Identity at Increment, Mark leads the design and delivery of secure, scalable identity architectures grounded in Microsoft Entra ID and aligned with Zero Trust principles. He specializes in helping organisations modernise their infrastructure and navigate complex identity transformations.Previous to Increment, Mark spent over 20 years at Microsoft in support, field engineering, mission critical and customer experience roles focused on Identity across a wide spectrum of industries in Australia and New Zealand, including Finance, Healthcare, Government, Education and Retail.LinkedIn - https://www.linkedin.com/in/markrenoden/🔗 Related Links* DirectoryShield | Increment - https://www.increment.inc/directoryshield* Entra Security Recommendations - https://aka.ms/EntraSecurityRecommendations* Securing privileged access overview - https://learn.microsoft.com/en-us/security/privileged-access-workstations/privileged-access-overview* MIM - Bastion environment - https://learn.microsoft.com/en-us/microsoft-identity-manager/pam/planning-bastion-environment📗 Chapters00:46 Securing Your Entra Tenant02:09 The Quest for a Microsoft-Only PAM Solution04:21 What is a "Bastion Forest"?07:50 Reimagining the Bastion Forest for the Cloud12:53 Architecting a "Secure-by-Default" Tenant17:41 Phish-Resistant On-Prem Admins19:50 The Modern Privileged Access Workstation (PAW)27:04 The Tiered Administration Model Explained29:51 The Hidden Dangers of CSP Admin Access34:29 How Fast is PIM for Groups?Podcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill's socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe

  --------  

  47:37
• From Active Directory to AI Agents: The 25-Year Saga of Microsoft's Identity

  In this very special episode, I sit down with the "Yoda of Entra" himself, Tarek Dawoud, who also happens to be my manager!We dig deep into the fascinating and often surprising history of Microsoft's identity platforms. Tarek, who has been on the team since 2007, takes us on a journey from the revolutionary launch of Active Directory in 1999, through the creation of the cloud services that battled Google Apps, to the formation of the identity division and the eventual rebrand to Entra.You'll hear the inside story on how our customer experience team became a "secret weapon" and, most excitingly, we'll look at what the future holds for Identity and Access Management in the new age of AI agents.Watch on YouTubePS. Can I ask a favor? If you enjoyed this episode please leave a review and rating! Thank you 🙏 - MerillAbout Tarek DawoudTarek Dawoud is a long-time veteran at Microsoft, having been with the company for over 18 years. Tarek currently leads the architecture team within the customer engineering (CXE) organization, where he helps customers deploy Entra, gathers insights for the product group, and works to solve the hardest identity problems.LinkedIn - https://www.linkedin.com/in/tarekdawoud/🔗 Related Links📗 Chapters00:00 Intro08:58 The Beginning: The Vision of Active Directory (AD)14:51 The Consumer Side: Microsoft Passport & The Standards Debate18:29 A Defensive Play: How Google Apps Sparked Microsoft's Cloud Identity27:21 The First Merger: Active Directory & Cloud Teams Unite32:03 The Birth of Conditional Access & The Authenticator App42:52 The Security Re-org: Identity Moves to a New Home45:30 A New Era: Rebranding to Entra48:52 The Future is Now: AI, Agentic Identities, and the End of PowerShell?Podcast Apps🎙️ Entra.Chat → https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill's socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe

  --------  

  1:04:12
• From NetIQ to Cloud-Native Entra: A Decade-Long IAM Revolution

  In this episode, we are joined by Maqsood Bhatti, the IAM Principal Engineer at Elkjøp Nordic, who takes us through their incredible journey of migrating from the legacy NetIQ platform to Microsoft Entra. What's fascinating is how they accomplished this years ago, completely bypassing traditional tools like Entra Connect and adopting a "production-only" environment. Maqsood shares how they built a truly cloud-native identity solution from the ground up, leveraging custom connectors, app roles, and automating everything, including moving off the legacy platform entirely.You’ll also hear about their advanced use of Microsoft Identity Governance, Logic Apps for custom provisioning, and a strict modern authentication policy that has shaped their identity and access management (IAM) for nearly a decade.Watch on YouTubePS. Can I ask a favor? If you enjoyed this episode please leave a review and rating! Thank you 🙏 - MerillAbout MaqsoodMaqsood is the IAM Principal Engineer at Elkjøp Nordic, a company that was an early adopter of access automation since 2006. He has been instrumental in their journey from legacy systems like NetIQ to a modern, cloud-native Microsoft Entra infrastructure , championing innovative approaches like custom API integrations and a "prod-only" development environment.LinkedIn - https://www.linkedin.com/in/maqsoodbhatti/🔗 Related Links* Elkjøp Nordic unngår IT-floker med storskala automatisering📗 Chapters00:00 Intro01:10 Early Days & NetIQ Automation03:34 The Journey to Public Cloud & Microsoft 36508:23 Custom Connectors and Real-Time Sync15:08 Embracing Azure, App Roles & Modern Auth19:29 Password Sync & Skipping Entra Connect22:57 Decommissioning NetIQ: Challenges & Motivations27:27 Leveraging Entra ID Domain Services as a Bridge33:28 Mastering App Roles & Guiding Developers44:27 Migrating to Entra ID Governance & Logic Apps52:57 The "Prod-Only" Philosophy & Cloud-Native MindsetPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill's socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe

  --------  

  58:35
• Decommissioning On-Prem AD: Lessons Learned from We Are Era's Successful Migration

  Tobias Binkert, Head of IT at We Are Era, and Yusuke Kodama, Product Manager at Microsoft (who specialises in cloud-first identity, among many other things), join us to discuss We Are Era’s successful migration from on-premises Active Directory to a fully cloud-native Microsoft Entra ID environment.We delve into the motivations behind this significant shift with practical strategies for migrating devices using Microsoft Autopilot, modernizing applications, managing user accounts and groups in the cloud, and overcoming challenges like legacy RADIUS dependencies. Tobias shares the tangible benefits We Are Era experienced, including enhanced security, a superior user experience and increased agility for adopting new technologies.LinkedIn* Tobias Binkert - https://www.linkedin.com/in/tobias-binkert-83844810a/ * Yusuke Kodama - https://www.linkedin.com/in/yusukekodama85/On a related note we ran a poll a few weeks ago asking what your Identity plans were for 2030 and beyond. Nearly 90% of you were looking to go Entra ID first with more than half planning to go full cloud native with Entra ID.So hopefully this episode with Tobias and Yusuke will help shed some light and help you start your journey to going cloud-first/cloud-native.Watch on YouTubePS. Can I ask a favor? If you enjoyed this episode please leave a review and rating! Thank you 🙏 - Merill🔗 Related Links* Road to the cloud: Introduction* Cloud transformation posture* Establish a Microsoft Entra footprint* Implement a cloud-first approach* Transition to the cloud📗 Chapters00:00 Intro03:20 The Motivation: Why Decommission On-Prem Active Directory?06:23 Gaining Buy-In: Negotiating with Business Units09:56 The ROI & Cost Impact: Saving 70% on Infrastructure14:47 Device Migration: Tackling Windows Workstations with Autopilot25:31 Server & Application Challenges: RADIUS, Printing, and More32:06 User Accounts & Groups: The Shift to Cloud-Only Identities44:19 Addressing Security & Availability Concerns of Full Cloud49:43 Life After AD: Next Steps and Future Identity Initiatives51:45 Lessons Learned & Key Advice for Your Cloud MigrationPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill's socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe

  --------  

  58:40

Weitere Nachrichten Podcasts

Trending Nachrichten Podcasts

Über Entra.Chat