PodcastsNewsEntra.Chat

Entra.Chat

Merill Fernando
Entra.Chat
Latest episode

68 episodes

  • Entra.Chat

    Attackers Are Targeting The AI Ecosystem You Cannot See

    04/07/2026 | 44 mins.
    AI agent security is not just about attackers using AI.
    It is also about attackers targeting the agent ecosystem most organizations cannot see clearly yet: MCP servers, agent skills, packages, API keys, prompts, tools, and the identity layer underneath all of it.
    In this episode, I sit down with Thomas Roccia, founder of Security Break and a former Microsoft threat researcher, to look at AI agents from the threat-intelligence side. Thomas explains why the easiest path for attackers may not be futuristic autonomous hacking. It may be the boring weak spots that already exist: malicious packages, untrusted MCP servers, hostile agent skills, leaked API keys, and AI-generated code that chooses the fastest path instead of the safest one.
    For Entra admins and security teams, this is where Agent ID, non-human identity, workload identity, logging, sponsorship, and governance start to matter. Entra Agent ID gives teams a way to identify and govern agents, but identity is only one part of the picture. You still need to understand what agents can discover, what tools they can call, what context they consume, and whether you can replay what they actually did.
    Thomas also breaks down his practical AI threat-intelligence work, including how teams can use agents for CTI, how adversarial prompts and context flooding change the risk model, and why defenders need to understand the attacker side of agent security before these systems become invisible production infrastructure.
    Sponsored by
    Secure BYOD Wi‑Fi Without MDM enrollment
    Keytos Connect is a new mobile and desktop app that makes it easy for users to connect personal and BYOD devices to enterprise and campus Wi‑Fi without shared passwords, manual certificate installs, or traditional MDM enrollment. Users simply download the app, sign in with their work or school account, and Keytos handles the rest. It also works alongside Intune, allowing organizations to continue managing corporate-owned devices while simplifying connectivity for personal devices.
    * Connect in minutes: users download the app, sign in, and get securely onboarded to Wi‑Fi
    * No MDM required: enable secure access for personal devices without giving IT full control of them
    * Works alongside Intune: keep your existing management workflows for corporate devices while enabling secure BYOD access
    * Automatic certificate management: certificate issuance and renewal happen behind the scenes
    * Secure by default: EAP-TLS authentication eliminates shared Wi‑Fi passwords and provides unique credentials for every user
    * Multi-OS: Available across iOS, Android, Windows, and macOS devices
    * Included at no additional cost with existing EZRADIUS and EZCA subscriptions
    Learn more about Keytos Connect and see how easy secure BYOD connectivity can be.
    About Thomas Roccia
    Thomas Roccia is a threat researcher and founder of SecurityBreak, focused on AI threat intelligence, malware analysis, and AI agent security. He previously worked in incident response, malware analysis, threat intelligence, Microsoft Defender, and AI threat research. He is also the author of Visual Threat Intelligence and teaches practical AI for threat intelligence and agentic workflows.
    LinkedIn - https://au.linkedin.com/in/thomas-roccia
    Subscribe with your favorite podcast player or watch on YouTube 👇
    Related Links
    * Thomas Roccia on LinkedIn - https://au.linkedin.com/in/thomas-roccia
    * SecurityBreak - https://securitybreak.io/
    * Practical AI for Threat Intelligence training - https://securitybreak.io/training-genai
    * SHIELD.md: A Security Standard for OpenClaw and AI Agents - https://blog.securitybreak.io/shield-md-a-security-standard-for-openclaw-and-ai-agents-b38637031460
    * Microsoft Entra Agent ID - https://learn.microsoft.com/en-us/entra/agent-id/what-is-microsoft-entra-agent-id
    * Microsoft Entra Agent ID key concepts - https://learn.microsoft.com/en-us/entra/agent-id/key-concepts
    * Agentic Resource Discovery specification - https://agenticresourcediscovery.org/
    * GitHub Agent Finder - https://github.blog/changelog/2026-06-17-agent-finder-for-github-copilot-now-available/
    Chapters
    00:00 Intro
    00:33 Meet Thomas Roccia
    01:48 From Malware Analysis to AI Threat Intel
    03:30 Why AI Security Is Moving So Fast
    05:49 Agentic Resource Discovery and New Standards
    09:25 Attackers Are Already Using AI Agents
    11:47 The AI Ecosystem Is The Target
    15:26 Prompt Injection, MCP, Skills, and API Keys
    20:28 Vibe Coding vs Production Security
    23:47 Agent ID and Identity for AI Agents
    32:30 Practical AI for Threat Intelligence
    39:13 Monitoring Agents Like Threat Actors Do
    42:28 Context Flooding and What’s Next
    Podcast Apps
    Apple Podcast - https://entra.chat/apple
    YouTube - https://entra.chat/youtube
    Spotify - https://entra.chat/spotify
    Overcast - https://entra.chat/overcast
    Pocketcast - https://entra.chat/pocketcast
    Others - https://entra.chat/rss
    Merill’s socials
    YouTube - youtube.com/@merillx
    LinkedIn - linkedin.com/in/merill
    Twitter - twitter.com/merill
    TikTok - tiktok.com/@merillf
    Bluesky - bsky.app/profile/merill.net
    Mastodon - infosec.exchange/@merill
    Threads - threads.net/@merillf
    GitHub - github.com/merill


    Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
  • Entra.Chat

    From Windows Core to Leading Agent ID: Vince Smith’s Microsoft Story

    28/06/2026 | 47 mins.
    Folks, every big thing in identity started as somebody’s late-night side quest and Vince Smith has been in the room for a lot of them.
    In this episode of Entra Chat, Vince (the PM lead driving Microsoft Entra Agent ID) walks us back through a 25-year run at Microsoft: shipping beta products off a machine wired straight to the internet under a neighbor’s desk, owning the early RBAC and custom roles work that shaped Entra, surviving a couple of security incidents he mostly can’t talk about, and finally landing on the team building identity for AI agents.
    Along the way he owns up to the one feature name he’d take back if he could, and shares the dead-simple trick he used as a junior dev to get senior engineers to answer his questions every single time.
    But this isn’t just a war-stories episode. Vince breaks down why agents needed a brand-new kind of identity in the first place. An agent is a strange beast ‘as clumsy and unpredictable as a human, and as fast as a machine’ which means traditional anomaly detection looks at one and basically can’t tell if it’s a user or a workload gone rogue. His answer is the blueprint-and-instance model: one blueprint (think app registration) spinning up many scoped, least-privilege instances, instead of a bazillion app registrations or one over-permissioned service principal that can read everyone’s mailbox. And if you’re wondering why this matters now, Vince makes the case that as users move to passkeys, attackers just slide to the other end of the balloon: non-human identities and workloads. That’s the new frontier.
    So what should you actually do Monday morning? His advice is refreshingly un-precious: don’t wait for the perfect plan. Start green, set a standard for every new agent so you stop the bleeding from shadow AI, then stay green and slowly get green by cleaning up the mess behind you. Even just stamping a unique identifier on your agents today buys you the observability you’ll desperately want later.
    Be the river that flows around the rocks.
    There’s a lot more in the full conversation including how Agent ID and Agent 365 actually fit together, and how Vince came up to speed on a space that’s moving too fast to write a book about. Give it a watch.
    Subscribe with your favorite podcast player or watch on YouTube 👇

    About Vince Smith
    Vince Smith is the PM Lead for Agent ID at Microsoft. A self-described computer nerd and Gen Xer, Vince has been with Microsoft since late 1999, working on everything from Windows Core and GDPR to multi-tenant collaboration and identity protection.
    LinkedIn - https://www.linkedin.com/in/vincecsmith/
    🔗 Related Links
    * Entra Agent ID - https://learn.microsoft.com/en-us/entra/agent-id/what-is-microsoft-entra-agent-id
    * Agent 365 - https://www.microsoft.com/en-us/microsoft-agent-365
    📗 Chapters
    06:23 Provisioning vs. Federation
    10:25 The Need for Agent ID
    17:28 Blueprints and Multi-Instancing
    23:55 Demystifying Agent 365
    26:56 The Threat of Non-Human Identities (NHI)
    33:08 Planning Your Enterprise AI Strategy
    36:14 Defining a “Start Green” AI Plan
    40:45 The Best Way to Learn Complex Tech
    45:13 The Wild World of CIAM
    Podcast Apps
    🎙️ Entra.Chat - https://entra.chat
    🎧 Apple Podcast → https://entra.chat/apple
    📺 YouTube → https://entra.chat/youtube
    📺 Spotify → https://entra.chat/spotify
    🎧 Overcast → https://entra.chat/overcast
    🎧 Pocketcast → https://entra.chat/pocketcast
    🎧 Others → https://entra.chat/rss
    Merill’s socials
    📺 YouTube → youtube.com/@merillx
    👔 LinkedIn → linkedin.com/in/merill
    🐤 Twitter → twitter.com/merill
    🕺 TikTok → tiktok.com/@merillf
    🦋 Bluesky → bsky.app/profile/merill.net
    🐘 Mastodon → infosec.exchange/@merill
    🧵 Threads → threads.net/@merillf
    🤖 GitHub → github.com/merill


    Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
  • Entra.Chat

    Shadow Admins: The Non-Human Identities Hiding in Your Entra Tenant

    20/06/2026 | 1h 8 mins.
    Not every admin in your tenant is a person. Service principals, app registrations, and the new wave of agent identities can quietly hold permissions powerful enough to own your entire environment and most orgs can’t even see them. In this episode of Entra Chat, we sits down again with Erika Zellig to expose the “shadow admins” hiding in your Entra tenant, and what to do about them.
    What we get into:
    * Application vs. delegated API permissions and why both can be shadow admins
    * The most dangerous permissions to hunt for: Files.ReadWrite.All, Sites.FullControl.All and more.
    * How Midnight Blizzard turned secrets buried in email into full tenant compromise
    * Credential and secret sprawl why you should vault everything and move to managed identities
    * Agent identities explained, and why a “sponsor” is safer than an “owner”
    * App ownership as an attack path: lateral movement and privilege escalation
    * Locking down workload identities with conditional access
    * Deadlines that bite: EWS retirement and the ID CRL protocol retirement
    * Managed devices, and going from Zero Trust to “hero trust” without burying your help desk
    Subscribe with your favorite podcast player or watch on YouTube 👇

    Sponsored by:
    Avoiding Entra Credential Outages & Security Risks June 24 | Live Webinar | Register
    An expired client secret or certificate can break SSO, automation, integrations, and business-critical applications without warning.
    Do you know:
    ✔️ Which credentials have already expired?
    ✔️ Which applications depend on them?✔️Which credentials will expire next? ✔️Who owns those applications, and are they still used?
    Which applications should use Managed Identities instead of secrets?
    As organizations deploy more apps, automations, and AI-powered services, credential sprawl continues to grow across Entra. Join MVPs Alistair Pugin and Nicolas Blank as they walk through real-world credential failures, hidden risks, and practical strategies for identifying and remediating Entra credential issues before they lead to outages, security exposures, or audit findings.
    About Erika Zelic
    Erika Zelic is a well-known voice in the Microsoft security and identity community, bringing years of offensive security experience to help admins secure their cloud infrastructure.
    With roots in offensive security and consulting, she now works on remediating configuration-based vulnerabilities and is known for sharing practical, no-nonsense security insights with the Entra community.
    LinkedIn - https://www.linkedin.com/in/erica-z-b4169598/
    🔗 Related Links
    • MS Identity Tools - https://aka.ms/msid
    📗 Chapters
    * 02:05 The High Cost of DIY AI & Small Language Models
    * 06:17 Why AI is Forcing Everyone to Harden Their Infrastructure
    * 14:12 The Hidden Dangers of API Permissions
    * 20:59 How Midnight Blizzard Exploited App Secrets
    * 27:21 The Magic of Managed Identities & Azure Arc
    * 33:38 The Nightmare of Multiple App Owners
    * 43:32 Sneaky API Permissions You Need to Monitor
    * 51:48 Crucial Protocol Retirements: EWS & ID CRL
    * 55:24 Zero Trust: Why You MUST Enforce Managed Devices
    Podcast Apps
    🎙️ Entra.Chat - https://entra.chat
    🎧 Apple Podcast → https://entra.chat/apple
    📺 YouTube → https://entra.chat/youtube
    📺 Spotify → https://entra.chat/spotify
    🎧 Overcast → https://entra.chat/overcast
    🎧 Pocketcast → https://entra.chat/pocketcast
    🎧 Others → https://entra.chat/rss
    Merill’s socials
    📺 YouTube → youtube.com/@merillx
    👔 LinkedIn → linkedin.com/in/merill
    🐤 Twitter → twitter.com/merill
    🕺 TikTok → tiktok.com/@merillf
    🦋 Bluesky → bsky.app/profile/merill.net
    🐘 Mastodon → infosec.exchange/@merill
    🧵 Threads → threads.net/@merillf
    🤖 GitHub → github.com/merill


    Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
  • Entra.Chat

    How Microsoft Is Securing AI Agents in Entra - Conditional Access, Zero Trust & the "Block" Debate

    13/06/2026 | 43 mins.
    AI agents can make decisions and act faster than any human — which means your old identity security playbook no longer holds. In this episode of Entra Chat, [host name] sits down with Nikhil, a 10+ year Microsoft identity veteran from the Authentication Stack and Identity Protection team, to break down how Microsoft Entra, Conditional Access, Defender, and Purview are evolving to secure agentic AI.
    We get into why “security = MFA” is dead, why the only recommended Conditional Access control for agents today is block (and why that’s actually good for your users), the missing “challenge” state in agent access, indirect prompt injection, and the unified risk model spanning identity, endpoint, and data layers. If you manage Microsoft Entra ID, run Zero Trust, or are figuring out how to govern AI agents in your tenant, this one’s for you.
    🔎 What you’ll learn:
    * Why agents are the new insider threat and why latency no longer protects you
    * How Conditional Access now targets agentic users and agents
    * Why “block” is the default control for agents (allow / block / challenge explained)
    * How unified risk works across Entra, Microsoft Defender & Microsoft Purview
    * Continuous Access Evaluation interrupting in-motion agent sessions
    * Why LLMs recommend insecure defaults (the device code flow problem)
    * The Conditional Access optimization agent, report-only mode & phased rollout
    * The #1 thing Entra admins and CISOs should do in the next 3–6 months

    Subscribe with your favorite podcast player or watch on YouTube 👇

    About Nikhil
    Nikhil Boreddy has spent over a decade at Microsoft, from the early Authentication Stack and Identity Protection team to the birth of Conditional Access. Today he works across Entra and Microsoft Security on one of the toughest challenges in the field: securing AI agents in the enterprise.
    LinkedIn - https://www.linkedin.com/in/nikhilboreddy/
    🔗 Related Links
    * Microsoft Entra - https://learn.microsoft.com/en-us/entra/id-protection/concept-risky-agents
    * Microsoft Zero Trust - https://aka.ms/ztworkshop
    📗 Chapters
    00:01:49 The Shift from MFA to Zero Trust
    00:02:43 The Rise of AI Agents in Enterprise Security
    00:04:40 Vulnerabilities in AI Workflows
    00:08:09 Microsoft Security and Agent ID
    00:10:41 Using the Conditional Access Optimization Agent
    00:11:44 Breaking Silos: Entra, Purview, and Defender
    00:20:01 Expanding Conditional Access for Agentic Users
    00:26:36 Why Block is the Recommended Control for Agents
    00:33:38 The Power of the Microsoft Security Stack
    00:38:31 Advice for CISOs: Embracing AI in Security
    Podcast Apps
    🎙️ Entra.Chat - https://entra.chat
    🎧 Apple Podcast → https://entra.chat/apple
    📺 YouTube → https://entra.chat/youtube
    📺 Spotify → https://entra.chat/spotify
    🎧 Overcast → https://entra.chat/overcast
    🎧 Pocketcast → https://entra.chat/pocketcast
    🎧 Others → https://entra.chat/rss
    Merill’s socials
    📺 YouTube → youtube.com/@merillx
    👔 LinkedIn → linkedin.com/in/merill
    🐤 Twitter → twitter.com/merill
    🕺 TikTok → tiktok.com/@merillf
    🦋 Bluesky → bsky.app/profile/merill.net
    🐘 Mastodon → infosec.exchange/@merill
    🧵 Threads → threads.net/@merillf
    🤖 GitHub → github.com/merill


    Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
  • Entra.Chat

    The Learn-It-All Career Playbook for Identity and Security Pros

    06/06/2026 | 34 mins.
    In this episode of Entra Chat, we sit down with Christina Morillo, the Senior Director of Information Security for the New York Football Giants, to explore her inspiring transition from an identity specialist to a top-tier security leader. Christina shares her “ground floor” start at a technical help desk and her progression through network administration and specialized identity roles at Microsoft. Her story is a powerful testament to the “learn-it-all” mindset, illustrating how a deep baseline in Active Directory and a genuine curiosity about the broader security landscape paved the way for her current leadership role in a high-profile organization.
    The conversation dives deep into the essential skills required to grow from a niche technical role into a broader Director or CISO position. Christina emphasizes that while technical proficiency is the foundation, “soft skills” such as storytelling and the ability to pitch security solutions as business value are what truly allow a leader to secure executive buy-in. She encourages professionals not to restrict themselves to one domain but to embrace both breadth and depth, leveraging community engagement to understand the shared struggles across different security verticals.
    Subscribe with your favorite podcast player or watch on YouTube 👇

    Sponsored by:
    Entra ID Credential Gaps That Cause Outages
    In Microsoft Entra ID, outages often start small: an expired client secret, or a lapsed certificate quietly breaks an integration. Traditional controls don’t easily track credential expiry, so issues surface only after something fails. Teams are left asking:
    * Which app secrets are expiring and when?
    * Which certificates are at risk?
    * How many integrations are we managing?
    Unanswered, these questions lead to avoidable outages, spikes in service desk tickets, and users losing access and bringing projects to a halt. ENow AppGov Credential Monitor continuously tracks expiring secrets and certificates across your Entra ID apps, alerting your team before credentials expire and integrations fail. Get a 7-day free trial to see how it can help you stay ahead.

    About Christina Morillo
    Christina Morillo is a seasoned cybersecurity and technology executive with over two decades of cross-domain experience leading enterprise security, cloud architecture, and identity programs. As an Information Security Officer and trusted advisor, and in her current role as Senior Director of Information Security at The New York Football Giants, she blends technical depth with strategic leadership to drive resilience, regulatory alignment, and business impact.
    Her career spans diverse industries, including financial services, big tech, and professional sports, bringing a unique perspective to every challenge. Christina is also a published O’Reilly author (Zero Trust Networks: Second Edition & 97 Things Every Information Security Professional Should Know) and is passionate about making security and technology accessible, relatable, and actionable for all.
    LinkedIn - https://www.linkedin.com/in/christinamorillo/
    📗 Chapters
    00:00 Intro Chat
    00:21 Meet Christina Murillo
    01:38 From Helpdesk to Identity
    05:40 Discovering the World of Security
    07:26 Transitioning to a Broader Security Role
    11:47 The Power of Curiosity and Collaboration
    19:31 Embracing AI and New Technologies
    22:01 Storytelling and Pitching to Executives
    28:24 Adapting to Constant Industry Change
    32:41 Tailoring Career Advice for Today’s World
    Podcast Apps
    🎙️ Entra.Chat - https://entra.chat
    🎧 Apple Podcast → https://entra.chat/apple
    📺 YouTube → https://entra.chat/youtube
    📺 Spotify → https://entra.chat/spotify
    🎧 Overcast → https://entra.chat/overcast
    🎧 Pocketcast → https://entra.chat/pocketcast
    🎧 Others → https://entra.chat/rss
    Merill’s socials
    📺 YouTube → youtube.com/@merillx
    👔 LinkedIn → linkedin.com/in/merill
    🐤 Twitter → twitter.com/merill
    🕺 TikTok → tiktok.com/@merillf
    🦋 Bluesky → bsky.app/profile/merill.net
    🐘 Mastodon → infosec.exchange/@merill
    🧵 Threads → threads.net/@merillf
    🤖 GitHub → github.com/merill


    Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
More News podcasts
About Entra.Chat
Entra Chat is a weekly podcast hosted by Merill Fernando and delivers practical insights for Microsoft administrators and security professionals through conversations with identity experts who've been in the trenches. Episodes feature seasoned Entra practitioners sharing real-world deployment experiences and Microsoft Entra team members who build the features you use daily. Get the inside track on best practices, implementation strategies, and upcoming capabilities directly from those who design and deploy Microsoft identity solutions. Join us for actionable takeaways you can apply immediately in your Microsoft 365, Azure, and Entra environments. --- Entra.Chat, its content and opinions are my (Merill Fernando) own and do not reflect the views of my employer (Microsoft). All postings are provided “AS IS” with no warranties and is not supported by the author. All trademarks and copyrights belong to their owners and are used for identification only. entra.news
Podcast website

Listen to Entra.Chat, The Rest Is Politics: US and many other podcasts from around the world with the radio.net app

Get the free radio.net app

  • Stations and podcasts to bookmark
  • Stream via Wi-Fi or Bluetooth
  • Supports Carplay & Android Auto
  • Many other app features