Why AI Is Breaking Identity Security – Experts Spill the Truth!
Welcome back to Entra.Chat! In this rapid-fire Q&A, I’m joined by a team of brilliant CXE Identity Architects from Microsoft, and they’re answering the toughest questions on the future of identity. We dive deep into the security challenge posed by agentic AI that can spawn self-replicating identities and how Microsoft is creating tailored behavioral analytics to protect your environment. The team also spills the details on the shift to phishing-resistant MFA through authentication strengths and gives us a major sneak peek into the highly anticipated tenant recovery capabilities for Entra ID tenants—you’ll definitely want to listen before your next audit!Subscribe with your favorite podcast player or watch on YouTube 👇About The PanelThis episode features an incredible panel of experts from Microsoft’s Identity team:* Tarek Dawoud: Lead Architect of the Architecture Team, focusing on AI for Security and Entra Resilience → https://www.linkedin.com/in/tarekdawoud/* Tyler Chan: Architect focusing on the Zero Trust Workshop and the healthcare vertical → https://www.linkedin.com/in/chantylert/* Ramiro Calderon: Architect on the team focusing on Identity and Access Management and helping customers move to the cloud → https://www.linkedin.com/in/ramirocalderon/* Jas Suri: Architect for Customer Identity and Access Management (CIAM), including Entra External ID as well as passwordless technologies → https://www.linkedin.com/in/jas-suri-aa644a7b/* Ehud Itshaki: Identity Architect focusing on AI’s impact on identity systems and government customers → https://www.linkedin.com/in/ehudi/* Thomas Detzner: Architect focusing on Global Secure Access (GSA) and the network pillar of Zero Trust. → https://www.linkedin.com/in/thomasdetzner/* Travis Gross: Manager and lead of the overall Identity CxE team at Microsoft → https://www.linkedin.com/in/travis-gross-536b3b9b/* Keith Brewer: Architect for Entra authentication, identity security, and U.S. government customers → https://www.linkedin.com/in/keith-b-145519174/🔗 Related Links* The future of AI agents—and why OAuth must evolve - https://techcommunity.microsoft.com/blog/microsoft-entra-blog/the-future-of-ai-agents%E2%80%94and-why-oauth-must-evolve/3827391* Beyond OAuth: Why SCIM must evolve for the AI agent revolution - https://techcommunity.microsoft.com/blog/microsoft-entra-blog/beyond-oauth-why-scim-must-evolve-for-the-ai-agent-revolution/4433036* Use Kerberos for single sign-on (SSO) to your resources with Microsoft Entra Private Access - https://learn.microsoft.com/en-us/entra/global-secure-access/how-to-configure-kerberos-sso* Bulk operations in Microsoft Entra ID (Preview) - https://learn.microsoft.com/en-us/entra/fundamentals/bulk-operations* Road to the cloud: AD to Entra ID - aka.ms/AD2AAD* Microsoft Entra security operations guide - Incident Response Playbooks - https://learn.microsoft.com/en-us/entra/architecture/security-operations-introduction* Incident response playbooks - https://learn.microsoft.com/en-us/security/operations/incident-response-playbooks* Review permissions granted to enterprise applications - https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/manage-application-permissions?pivots=portal* Multi-factor unlock - https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/multifactor-unlock?tabs=intune* API-driven Inbound Provisioning - Integration scenarios - https://learn.microsoft.com/en-au/entra/identity/app-provisioning/inbound-provisioning-api-logic-apps#integration-scenario-variations📗 Chapters03:57 The Challenge of Agentic AI and Identity 06:35 Top Identity Security Enhancements You Can Use Today 09:42 Entra External ID: Syncing Tenants and B2C Migration 11:41 Restoring Compromised Tenants: New Backup Features Coming! 15:01 Verifying Real Humans: Identity Assurance Levels (IAL) Explained 17:01 Rethinking App Consent and Granular Admin Roles 18:28 Clearing Up Confusion: Passkeys vs Phishing-Resistant MFA 20:33 Ditching On-Prem: Moving Legacy Apps with Private Access 23:14 How AI Will Change IAM Admins & Permissions Forever 30:31 Is Entra ID Governance the End of MIM?Podcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill’s socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
--------
32:22
--------
32:22
Azure AD B2C to Entra External ID: Migration Strategies You Need to Know
In this episode, I sit down with my longtime friends and colleagues, Jas Suri and Gayan Randeny, at Microsoft’s campus to unpack the biggest Microsoft consumer identity shift in years—Azure AD B2C’s sunset and the rise of Entra External ID. We talk about why B2C is going away, the crazy scale of tenants with 100M+ identities, the migration paths and what the future looks like for customer identity. Plus, stick around until the end because Gayan and Jas share a world premiere on the podcast about a groundbreaking new Just-In-Time migration approach that will make moving millions of users to Entra External ID simpler than you think. You don’t want to miss this scoop!If you want to stay ahead of this massive transition, this is a must-listen.Subscribe with your favorite podcast player or watch on YouTube 👇About Jas SuriJas Suri is the CxE Architect PM for Microsoft Entra External ID and has a wealth of knowledge and experience in helping Microsoft customers deploy Azure AD B2C and Entra External ID. With extensive experience in Azure AD B2C and Entra External ID migrations, Jas has now taken on the CxE architect role for passkeys across both Entra ID and Entra External ID..LinkedIn - https://www.linkedin.com/in/jas-suri-aa644a7b/About Gayan RandenyGayan Randeny is a seasoned expert in customer identity and access management at Microsoft, with years of experience helping customers deploy Azure AD B2C and now leading efforts to migrate to Entra External ID. In addition to his work on Entra External ID, Gayan is now turning his attention to help enterprise customers deploy Global Secure Access.LinkedIn - https://linkedin.com/in/gyanrandhani🔗 Related Links* Migrating users to Microsoft Entra External ID - https://learn.microsoft.com/en-us/entra/external-id/customers/how-to-migrate-users* Microsoft Entra External ID deployment architectures with Microsoft Entra - https://learn.microsoft.com/en-us/entra/architecture/external-identity-deployment-architectures* Azure Active Directory B2C: Custom CIAM User Journeys - https://github.com/azure-ad-b2c/samples📗 Chapters00:00 Intro00:57 What is B2C and why it mattered03:44 The insane scale of B2C (100M+ identities)05:02 Why B2C is going away07:20 Converging enterprise and customer identity12:01 Migration differences: B2C vs Entra External ID18:24 Just-in-time and passwordless migration23:09 Hybrid tenant approach explained29:15 Migration strategies and best practices33:29 New features, partners, and what’s next36:44 Closing thoughtsPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill’s socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
--------
38:47
--------
38:47
Microsoft's Secret Weapon for M365 Admins: A 10x Faster Bulk Operations Tool
On this episode of Entra Chat, I was thrilled to sit down with Yanyan and Sweta from the Entra UI experience team to dive deep into a feature that many of us have used but is now getting a massive refresh: Bulk Operations. We talked about how they took a critical legacy tool and completely re-engineered it for insane performance and scale, making it more reliable than ever. You’ll hear about some amazing new capabilities, like customizing the columns in your CSV exports and using UPNs instead of just Object IDs to add users, which is a huge time-saver. We even get a behind-the-scenes look at the engineering that makes it possible to export over a million groups in just 10 minutes!Subscribe with your favorite podcast player or watch on YouTube 👇About Yanyan JuYanyan Ju is a Principal Engineer Manager at Microsoft, where she is dedicated to delivering the best administrative experience for Microsoft customers. She focuses on creating value through user-friendly and consistent admin interfaces, shaping the future of AI-powered Entra Admin UX, and leading as part of a UX Engineering Center of Excellence.* LinkedIn: https://www.linkedin.com/in/yanyan-ju-194545239/About Sweta KumariSweta Kumari is a Product Manager at Microsoft, focusing on identity and access management within Microsoft Entra. Sweta leads initiatives around Entra Admin feature enhancements, Customer feedback integration and Privileged Identity Management (PIM). Her work emphasizes improving user experience, and ensuring secure, compliant access for customers.* LinkedIn: https://www.linkedin.com/in/sweta-kumari-557478127/🔗 Related Links* Bulk operations in Microsoft Entra ID (Preview) - https://learn.microsoft.com/en-us/entra/fundamentals/bulk-operations📗 Chapters00:01:20 What is Bulk Operations? 00:03:40 Supported Bulk Operations 00:06:34 Customizing Your Exports 00:08:45 How is it different from PowerShell? 00:11:29 Adding Members in Bulk (The Easy Way) 00:13:56 Bulk Deleting Safely 00:16:12 Why Was The Feature Rebuilt? 00:19:05 The Engineering Overhaul 00:23:02 Insane Performance Gains 00:25:19 How to Share Your FeedbackPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill’s socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
--------
31:35
--------
31:35
How a Pharmacist Became a Pro Hacker (And What She Found in YOUR Tenant)
Cybersecurity expert Erica shares her incredible journey from pharmacist to becoming a professional hacker. She reveals how attackers are bypassing modern security controls like MFA and what you can do to protect your tenant.We talk about the most common configuration vulnerabilities that exist in almost every organization, the dangers of application onboarding, and the top five phishing vectors threat actors are using to gain initial access, including clever abuses of Microsoft Teams.Subscribe with your favorite podcast player or watch on YouTube 👇About EricaErica has an amazing career arc, starting in pharmacy before pivoting to cybersecurity. With a deep, hands-on understanding of offensive security gained from platforms like Hack the Box and real-world penetration testing, she specializes in protecting and defending Microsoft Cloud tenants. Erica is passionate about sharing her knowledge on how to better protect your tenant and what bad guys are looking for.LinkedIn - https://www.linkedin.com/in/erica-z-b4169598/🔗 Related Links* Blog - https://ericazelic.medium.com/* Hack The Box - https://www.hackthebox.com/* Altered Security - https://www.alteredsecurity.com/📗 Chapters00:00:00 Intro 00:02:14 From Pharmacy to Cybersecurity 00:07:19 Learning to Hack with Hack The Box 00:11:45 The First Cloud Hack: M365 Public Groups 00:17:50 The Hidden Dangers of App Onboarding 00:25:53 The 5 Modern Phishing Attack Vectors 00:30:36 Bypassing MFA with Device Code Phishing 00:34:34 Adversary-in-the-Middle & Auth Downgrade Attacks 00:48:24 The Secret to Mastering Cybersecurity SkillsPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill's socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
--------
1:01:12
--------
1:01:12
The Great Debate: P2 vs. Entra ID Governance for Guests
Jeremy Conley, Product Manager on the Identity Governance team at Microsoft, demystifies the world of guest access in Microsoft Entra. We discuss the hidden security risks that accumulate as guests are invited into a tenant and the governance challenges this creates.We also do a deep dive into the different licensing tiers, from P2 to the new Entra ID Governance for Guests license, and explain the recently GA’d , cost-effective MAU-based billing model for guests. Jeremy provides actionable tips for admins to start cleaning up their tenants and implementing a robust governance strategy today.Subscribe with your favorite podcast player or watch on YouTube 👇About Jeremy ConleyJeremy Conley is a Product Manager at Microsoft, focusing on identity governance. His work is centered on Entitlement Management and the governance of guest and external users within Microsoft Entra, helping customers secure their environments and manage user lifecycles effectively.LinkedIn - https://www.linkedin.com/in/jeremy-conley-99552379/🔗 Related Links* Microsoft Entra ID Governance licensing for guest users • aka.ms/EntraIDGuestGovernance* PowerShell tool to update guest sponsor info • Update-MsIdInvitedUserSponsorsFromInvitedBy📗 Chapters00:51 What are Guests & External Users? 03:51 The Hidden Security Risk of Guests 07:14 Understanding Licensing for Guest Governance 09:10 P2 Features: Entitlement Management & Access Reviews 15:19 Entra ID Governance: Lifecycle Workflows & Automation 20:33 The "Sponsor" Concept for Guest Accountability 25:49 The NEW Guest Licensing Model Explained28:15 Demystifying the 1:5 Ratio vs. MAU Billing35:18 Common Mistakes Admins Make with Guests 37:22 A Simple First Step to Clean Up Your TenantPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill's socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
Entra Chat is a weekly podcast hosted by Merill Fernando and delivers practical insights for Microsoft administrators and security professionals through conversations with identity experts who've been in the trenches.
Episodes feature seasoned Entra practitioners sharing real-world deployment experiences and Microsoft Entra team members who build the features you use daily.
Get the inside track on best practices, implementation strategies, and upcoming capabilities directly from those who design and deploy Microsoft identity solutions.
Join us for actionable takeaways you can apply immediately in your Microsoft 365, Azure, and Entra environments.
---
Entra.Chat, its content and opinions are my (Merill Fernando) own and do not reflect the views of my employer (Microsoft). All postings are provided “AS IS” with no warranties and is not supported by the author. All trademarks and copyrights belong to their owners and are used for identification only. entra.news
New Zealand