PodcastsNewsEntra.Chat

Entra.Chat

Merill Fernando
Entra.Chat
Latest episode

69 episodes

  • Entra.Chat

    One Compromised Agent ID Blueprint Can Cross Tenant Boundaries

    12/07/2026 | 54 mins.
    Microsoft Entra Agent ID uses familiar application and service-principal objects under the hood, but its one-to-many hierarchy creates a different security boundary. A blueprint can be associated with many agent identities. When that blueprint belongs to a third-party provider and is trusted across customer tenants, the provider’s credential security becomes part of every customer’s risk model.
    In this episode of Entra.Chat, Merill speaks with Katie Knowles, Senior Security Researcher at Datadog, about her three-part security analysis of Microsoft Entra Agent ID. Katie explains the blueprint, blueprint principal, agent identity, and agent-user relationships before walking through a cross-tenant compromise demonstration: compromised blueprint credentials, enumeration of associated agents, token requests in trusting tenants, permission inspection, and selection of a useful target identity.
    That path does not automatically grant Global Administrator access. Its impact depends on what the target agent identity has been permitted to do. The important lesson is the control point: one blueprint can sit upstream of many identities, tenants, and permission sets.
    Katie and Merill also discuss tenant-owned versus vendor-owned blueprints, the Agent ID Administrator role, first-party agent creation through Microsoft platforms, why production client secrets compound the blast radius, workload identity federation, separating blueprints by risk, reusing app-registration detections, and Microsoft Entra ID Protection for agents.
    REGISTER: Hidden Risk of App Permissions in Entra ID
    Many Microsoft Entra ID environments contain third-party and custom applications with permissions that are broader than necessary, and most organizations lack visibility into how those permissions are being used. Excessive Microsoft Graph permissions and unused access increase the risk of OAuth abuse and privilege escalation.
    Join our live session on July 22 to learn how to:
    * Evaluate delegated versus application permissions
    * Build an effective app governance strategy
    * Reduce unnecessary access without disrupting users
    You’ll also see how a free AppGov Score assessment can help identify governance gaps and where unused permissions reporting fit into a least-privilege approach.
    Subscribe with your favorite podcast player or watch on YouTube
    About Katie Knowles
    Katie Knowles is a Senior Security Researcher at Datadog focused on Azure security research, cloud identity, and securing emerging technologies.
    * LinkedIn - https://linkedin.com/in/kaknowles
    * X/Twitter - https://twitter.com/_sigil
    * GitHub - https://github.com/siigil
    * Website - https://kknowl.es/
    * Microsoft MVP profile - https://mvp.microsoft.com/en-US/MVP/profile/a3547b6a-6a4d-4aa0-840f-23b858c43c8b
    Related Links
    * Entra Agent ID: The blueprint blast radius (mentioned at 51:39) - https://securitylabs.datadoghq.com/articles/agent-id-blueprint-blast-radius/
    * Entra Agent ID: Inside a cross-tenant agent compromise (mentioned at 51:39) - https://securitylabs.datadoghq.com/articles/agent-id-inside-agent-compromise/
    * Entra Agent ID: Protect, detect, respond (mentioned at 51:39) - https://securitylabs.datadoghq.com/articles/agent-id-protect-detect-respond/
    * Disable agent identities in your tenant (mentioned at 04:00 and 49:33) - https://learn.microsoft.com/entra/agent-id/disable-agent-identities
    * Investigating suspicious AI workflows in Microsoft Entra Agent ID: Agent’s user account (mentioned at 05:14) - https://redcanary.com/blog/threat-detection/entra-id-ai-workflows-teams/
    * Entra Agent ID from a Security Perspective (mentioned at 20:38) - https://blog.compass-security.com/2026/06/entra-agent-id-from-a-security-perspective/
    * Spying On Your ISVs Credential Choices (mentioned at 38:11) - https://ericonidentity.com/2025/01/13/spying-on-your-isvs-credential-choices/
    * Who Are the Robots? Uncovering AI Agents Identities (mentioned at 51:39) - https://www.youtube.com/watch?v=mMxACHKIAwY
    * AzTier (mentioned at 51:39) - https://aztier.com/
    * Microsoft Entra Agent ID key concepts - https://learn.microsoft.com/entra/agent-id/key-concepts
    * Workload identity federation - https://learn.microsoft.com/entra/workload-id/workload-identity-federation
    * ID Protection for agents - https://learn.microsoft.com/entra/id-protection/concept-risky-agents
    Related Entra.Chat Episodes
    * If You Manage Entra Permissions, Watch This Before Deploying Agents - https://entra.news/p/if-you-manage-entra-permissions-watch
    * From Windows Core to Leading Agent ID: Vince Smith’s Microsoft Story - https://entra.news/p/from-windows-core-to-leading-agent
    * Attackers Are Targeting the AI Ecosystem You Cannot See - https://entra.news/p/attackers-are-targeting-the-ai-ecosystem
    Chapters
    00:00 Intro
    01:12 Katie’s Three-Part Agent ID Research
    05:40 Agent ID Objects Under the Hood
    06:24 One Blueprint, Many Agent Identities
    08:43 The Multitenant Trust Boundary
    17:33 Cross-Tenant Compromise Walkthrough
    28:29 First-Party and Third-Party Blueprints
    36:56 Stop Using Client Secrets
    38:40 Workload Identity Federation
    46:24 Permissions and Privilege Boundaries
    49:33 Detecting and Responding to Agent Abuse 51:29 What Comes Next for Agent ID
    Podcast Apps
    Apple Podcast - https://entra.chat/apple
    YouTube - https://entra.chat/youtube
    Spotify - https://entra.chat/spotify
    Overcast - https://entra.chat/overcast
    Pocketcast - https://entra.chat/pocketcast
    Others - https://entra.chat/rss
    Merill’s socials
    YouTube - youtube.com/@merillx
    LinkedIn - linkedin.com/in/merill
    Twitter - twitter.com/merill
    TikTok - tiktok.com/@merillf
    Bluesky - bsky.app/profile/merill.net
    Mastodon - infosec.exchange/@merill
    Threads - threads.net/@merillf
    GitHub - github.com/merill


    Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
  • Entra.Chat

    Attackers Are Targeting The AI Ecosystem You Cannot See

    04/07/2026 | 44 mins.
    AI agent security is not just about attackers using AI.
    It is also about attackers targeting the agent ecosystem most organizations cannot see clearly yet: MCP servers, agent skills, packages, API keys, prompts, tools, and the identity layer underneath all of it.
    In this episode, I sit down with Thomas Roccia, founder of Security Break and a former Microsoft threat researcher, to look at AI agents from the threat-intelligence side. Thomas explains why the easiest path for attackers may not be futuristic autonomous hacking. It may be the boring weak spots that already exist: malicious packages, untrusted MCP servers, hostile agent skills, leaked API keys, and AI-generated code that chooses the fastest path instead of the safest one.
    For Entra admins and security teams, this is where Agent ID, non-human identity, workload identity, logging, sponsorship, and governance start to matter. Entra Agent ID gives teams a way to identify and govern agents, but identity is only one part of the picture. You still need to understand what agents can discover, what tools they can call, what context they consume, and whether you can replay what they actually did.
    Thomas also breaks down his practical AI threat-intelligence work, including how teams can use agents for CTI, how adversarial prompts and context flooding change the risk model, and why defenders need to understand the attacker side of agent security before these systems become invisible production infrastructure.
    Sponsored by
    Secure BYOD Wi‑Fi Without MDM enrollment
    Keytos Connect is a new mobile and desktop app that makes it easy for users to connect personal and BYOD devices to enterprise and campus Wi‑Fi without shared passwords, manual certificate installs, or traditional MDM enrollment. Users simply download the app, sign in with their work or school account, and Keytos handles the rest. It also works alongside Intune, allowing organizations to continue managing corporate-owned devices while simplifying connectivity for personal devices.
    * Connect in minutes: users download the app, sign in, and get securely onboarded to Wi‑Fi
    * No MDM required: enable secure access for personal devices without giving IT full control of them
    * Works alongside Intune: keep your existing management workflows for corporate devices while enabling secure BYOD access
    * Automatic certificate management: certificate issuance and renewal happen behind the scenes
    * Secure by default: EAP-TLS authentication eliminates shared Wi‑Fi passwords and provides unique credentials for every user
    * Multi-OS: Available across iOS, Android, Windows, and macOS devices
    * Included at no additional cost with existing EZRADIUS and EZCA subscriptions
    Learn more about Keytos Connect and see how easy secure BYOD connectivity can be.
    About Thomas Roccia
    Thomas Roccia is a threat researcher and founder of SecurityBreak, focused on AI threat intelligence, malware analysis, and AI agent security. He previously worked in incident response, malware analysis, threat intelligence, Microsoft Defender, and AI threat research. He is also the author of Visual Threat Intelligence and teaches practical AI for threat intelligence and agentic workflows.
    LinkedIn - https://au.linkedin.com/in/thomas-roccia
    Subscribe with your favorite podcast player or watch on YouTube 👇
    Related Links
    * Thomas Roccia on LinkedIn - https://au.linkedin.com/in/thomas-roccia
    * SecurityBreak - https://securitybreak.io/
    * Practical AI for Threat Intelligence training - https://securitybreak.io/training-genai
    * SHIELD.md: A Security Standard for OpenClaw and AI Agents - https://blog.securitybreak.io/shield-md-a-security-standard-for-openclaw-and-ai-agents-b38637031460
    * Microsoft Entra Agent ID - https://learn.microsoft.com/en-us/entra/agent-id/what-is-microsoft-entra-agent-id
    * Microsoft Entra Agent ID key concepts - https://learn.microsoft.com/en-us/entra/agent-id/key-concepts
    * Agentic Resource Discovery specification - https://agenticresourcediscovery.org/
    * GitHub Agent Finder - https://github.blog/changelog/2026-06-17-agent-finder-for-github-copilot-now-available/
    Chapters
    00:00 Intro
    00:33 Meet Thomas Roccia
    01:48 From Malware Analysis to AI Threat Intel
    03:30 Why AI Security Is Moving So Fast
    05:49 Agentic Resource Discovery and New Standards
    09:25 Attackers Are Already Using AI Agents
    11:47 The AI Ecosystem Is The Target
    15:26 Prompt Injection, MCP, Skills, and API Keys
    20:28 Vibe Coding vs Production Security
    23:47 Agent ID and Identity for AI Agents
    32:30 Practical AI for Threat Intelligence
    39:13 Monitoring Agents Like Threat Actors Do
    42:28 Context Flooding and What’s Next
    Podcast Apps
    Apple Podcast - https://entra.chat/apple
    YouTube - https://entra.chat/youtube
    Spotify - https://entra.chat/spotify
    Overcast - https://entra.chat/overcast
    Pocketcast - https://entra.chat/pocketcast
    Others - https://entra.chat/rss
    Merill’s socials
    YouTube - youtube.com/@merillx
    LinkedIn - linkedin.com/in/merill
    Twitter - twitter.com/merill
    TikTok - tiktok.com/@merillf
    Bluesky - bsky.app/profile/merill.net
    Mastodon - infosec.exchange/@merill
    Threads - threads.net/@merillf
    GitHub - github.com/merill


    Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
  • Entra.Chat

    From Windows Core to Leading Agent ID: Vince Smith’s Microsoft Story

    28/06/2026 | 47 mins.
    Folks, every big thing in identity started as somebody’s late-night side quest and Vince Smith has been in the room for a lot of them.
    In this episode of Entra Chat, Vince (the PM lead driving Microsoft Entra Agent ID) walks us back through a 25-year run at Microsoft: shipping beta products off a machine wired straight to the internet under a neighbor’s desk, owning the early RBAC and custom roles work that shaped Entra, surviving a couple of security incidents he mostly can’t talk about, and finally landing on the team building identity for AI agents.
    Along the way he owns up to the one feature name he’d take back if he could, and shares the dead-simple trick he used as a junior dev to get senior engineers to answer his questions every single time.
    But this isn’t just a war-stories episode. Vince breaks down why agents needed a brand-new kind of identity in the first place. An agent is a strange beast ‘as clumsy and unpredictable as a human, and as fast as a machine’ which means traditional anomaly detection looks at one and basically can’t tell if it’s a user or a workload gone rogue. His answer is the blueprint-and-instance model: one blueprint (think app registration) spinning up many scoped, least-privilege instances, instead of a bazillion app registrations or one over-permissioned service principal that can read everyone’s mailbox. And if you’re wondering why this matters now, Vince makes the case that as users move to passkeys, attackers just slide to the other end of the balloon: non-human identities and workloads. That’s the new frontier.
    So what should you actually do Monday morning? His advice is refreshingly un-precious: don’t wait for the perfect plan. Start green, set a standard for every new agent so you stop the bleeding from shadow AI, then stay green and slowly get green by cleaning up the mess behind you. Even just stamping a unique identifier on your agents today buys you the observability you’ll desperately want later.
    Be the river that flows around the rocks.
    There’s a lot more in the full conversation including how Agent ID and Agent 365 actually fit together, and how Vince came up to speed on a space that’s moving too fast to write a book about. Give it a watch.
    Subscribe with your favorite podcast player or watch on YouTube 👇

    About Vince Smith
    Vince Smith is the PM Lead for Agent ID at Microsoft. A self-described computer nerd and Gen Xer, Vince has been with Microsoft since late 1999, working on everything from Windows Core and GDPR to multi-tenant collaboration and identity protection.
    LinkedIn - https://www.linkedin.com/in/vincecsmith/
    🔗 Related Links
    * Entra Agent ID - https://learn.microsoft.com/en-us/entra/agent-id/what-is-microsoft-entra-agent-id
    * Agent 365 - https://www.microsoft.com/en-us/microsoft-agent-365
    📗 Chapters
    06:23 Provisioning vs. Federation
    10:25 The Need for Agent ID
    17:28 Blueprints and Multi-Instancing
    23:55 Demystifying Agent 365
    26:56 The Threat of Non-Human Identities (NHI)
    33:08 Planning Your Enterprise AI Strategy
    36:14 Defining a “Start Green” AI Plan
    40:45 The Best Way to Learn Complex Tech
    45:13 The Wild World of CIAM
    Podcast Apps
    🎙️ Entra.Chat - https://entra.chat
    🎧 Apple Podcast → https://entra.chat/apple
    📺 YouTube → https://entra.chat/youtube
    📺 Spotify → https://entra.chat/spotify
    🎧 Overcast → https://entra.chat/overcast
    🎧 Pocketcast → https://entra.chat/pocketcast
    🎧 Others → https://entra.chat/rss
    Merill’s socials
    📺 YouTube → youtube.com/@merillx
    👔 LinkedIn → linkedin.com/in/merill
    🐤 Twitter → twitter.com/merill
    🕺 TikTok → tiktok.com/@merillf
    🦋 Bluesky → bsky.app/profile/merill.net
    🐘 Mastodon → infosec.exchange/@merill
    🧵 Threads → threads.net/@merillf
    🤖 GitHub → github.com/merill


    Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
  • Entra.Chat

    Shadow Admins: The Non-Human Identities Hiding in Your Entra Tenant

    20/06/2026 | 1h 8 mins.
    Not every admin in your tenant is a person. Service principals, app registrations, and the new wave of agent identities can quietly hold permissions powerful enough to own your entire environment and most orgs can’t even see them. In this episode of Entra Chat, we sits down again with Erika Zellig to expose the “shadow admins” hiding in your Entra tenant, and what to do about them.
    What we get into:
    * Application vs. delegated API permissions and why both can be shadow admins
    * The most dangerous permissions to hunt for: Files.ReadWrite.All, Sites.FullControl.All and more.
    * How Midnight Blizzard turned secrets buried in email into full tenant compromise
    * Credential and secret sprawl why you should vault everything and move to managed identities
    * Agent identities explained, and why a “sponsor” is safer than an “owner”
    * App ownership as an attack path: lateral movement and privilege escalation
    * Locking down workload identities with conditional access
    * Deadlines that bite: EWS retirement and the ID CRL protocol retirement
    * Managed devices, and going from Zero Trust to “hero trust” without burying your help desk
    Subscribe with your favorite podcast player or watch on YouTube 👇

    Sponsored by:
    Avoiding Entra Credential Outages & Security Risks June 24 | Live Webinar | Register
    An expired client secret or certificate can break SSO, automation, integrations, and business-critical applications without warning.
    Do you know:
    ✔️ Which credentials have already expired?
    ✔️ Which applications depend on them?✔️Which credentials will expire next? ✔️Who owns those applications, and are they still used?
    Which applications should use Managed Identities instead of secrets?
    As organizations deploy more apps, automations, and AI-powered services, credential sprawl continues to grow across Entra. Join MVPs Alistair Pugin and Nicolas Blank as they walk through real-world credential failures, hidden risks, and practical strategies for identifying and remediating Entra credential issues before they lead to outages, security exposures, or audit findings.
    About Erika Zelic
    Erika Zelic is a well-known voice in the Microsoft security and identity community, bringing years of offensive security experience to help admins secure their cloud infrastructure.
    With roots in offensive security and consulting, she now works on remediating configuration-based vulnerabilities and is known for sharing practical, no-nonsense security insights with the Entra community.
    LinkedIn - https://www.linkedin.com/in/erica-z-b4169598/
    🔗 Related Links
    • MS Identity Tools - https://aka.ms/msid
    📗 Chapters
    * 02:05 The High Cost of DIY AI & Small Language Models
    * 06:17 Why AI is Forcing Everyone to Harden Their Infrastructure
    * 14:12 The Hidden Dangers of API Permissions
    * 20:59 How Midnight Blizzard Exploited App Secrets
    * 27:21 The Magic of Managed Identities & Azure Arc
    * 33:38 The Nightmare of Multiple App Owners
    * 43:32 Sneaky API Permissions You Need to Monitor
    * 51:48 Crucial Protocol Retirements: EWS & ID CRL
    * 55:24 Zero Trust: Why You MUST Enforce Managed Devices
    Podcast Apps
    🎙️ Entra.Chat - https://entra.chat
    🎧 Apple Podcast → https://entra.chat/apple
    📺 YouTube → https://entra.chat/youtube
    📺 Spotify → https://entra.chat/spotify
    🎧 Overcast → https://entra.chat/overcast
    🎧 Pocketcast → https://entra.chat/pocketcast
    🎧 Others → https://entra.chat/rss
    Merill’s socials
    📺 YouTube → youtube.com/@merillx
    👔 LinkedIn → linkedin.com/in/merill
    🐤 Twitter → twitter.com/merill
    🕺 TikTok → tiktok.com/@merillf
    🦋 Bluesky → bsky.app/profile/merill.net
    🐘 Mastodon → infosec.exchange/@merill
    🧵 Threads → threads.net/@merillf
    🤖 GitHub → github.com/merill


    Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
  • Entra.Chat

    How Microsoft Is Securing AI Agents in Entra - Conditional Access, Zero Trust & the "Block" Debate

    13/06/2026 | 43 mins.
    AI agents can make decisions and act faster than any human — which means your old identity security playbook no longer holds. In this episode of Entra Chat, [host name] sits down with Nikhil, a 10+ year Microsoft identity veteran from the Authentication Stack and Identity Protection team, to break down how Microsoft Entra, Conditional Access, Defender, and Purview are evolving to secure agentic AI.
    We get into why “security = MFA” is dead, why the only recommended Conditional Access control for agents today is block (and why that’s actually good for your users), the missing “challenge” state in agent access, indirect prompt injection, and the unified risk model spanning identity, endpoint, and data layers. If you manage Microsoft Entra ID, run Zero Trust, or are figuring out how to govern AI agents in your tenant, this one’s for you.
    🔎 What you’ll learn:
    * Why agents are the new insider threat and why latency no longer protects you
    * How Conditional Access now targets agentic users and agents
    * Why “block” is the default control for agents (allow / block / challenge explained)
    * How unified risk works across Entra, Microsoft Defender & Microsoft Purview
    * Continuous Access Evaluation interrupting in-motion agent sessions
    * Why LLMs recommend insecure defaults (the device code flow problem)
    * The Conditional Access optimization agent, report-only mode & phased rollout
    * The #1 thing Entra admins and CISOs should do in the next 3–6 months

    Subscribe with your favorite podcast player or watch on YouTube 👇

    About Nikhil
    Nikhil Boreddy has spent over a decade at Microsoft, from the early Authentication Stack and Identity Protection team to the birth of Conditional Access. Today he works across Entra and Microsoft Security on one of the toughest challenges in the field: securing AI agents in the enterprise.
    LinkedIn - https://www.linkedin.com/in/nikhilboreddy/
    🔗 Related Links
    * Microsoft Entra - https://learn.microsoft.com/en-us/entra/id-protection/concept-risky-agents
    * Microsoft Zero Trust - https://aka.ms/ztworkshop
    📗 Chapters
    00:01:49 The Shift from MFA to Zero Trust
    00:02:43 The Rise of AI Agents in Enterprise Security
    00:04:40 Vulnerabilities in AI Workflows
    00:08:09 Microsoft Security and Agent ID
    00:10:41 Using the Conditional Access Optimization Agent
    00:11:44 Breaking Silos: Entra, Purview, and Defender
    00:20:01 Expanding Conditional Access for Agentic Users
    00:26:36 Why Block is the Recommended Control for Agents
    00:33:38 The Power of the Microsoft Security Stack
    00:38:31 Advice for CISOs: Embracing AI in Security
    Podcast Apps
    🎙️ Entra.Chat - https://entra.chat
    🎧 Apple Podcast → https://entra.chat/apple
    📺 YouTube → https://entra.chat/youtube
    📺 Spotify → https://entra.chat/spotify
    🎧 Overcast → https://entra.chat/overcast
    🎧 Pocketcast → https://entra.chat/pocketcast
    🎧 Others → https://entra.chat/rss
    Merill’s socials
    📺 YouTube → youtube.com/@merillx
    👔 LinkedIn → linkedin.com/in/merill
    🐤 Twitter → twitter.com/merill
    🕺 TikTok → tiktok.com/@merillf
    🦋 Bluesky → bsky.app/profile/merill.net
    🐘 Mastodon → infosec.exchange/@merill
    🧵 Threads → threads.net/@merillf
    🤖 GitHub → github.com/merill


    Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
More News podcasts
About Entra.Chat
Entra Chat is a weekly podcast hosted by Merill Fernando and delivers practical insights for Microsoft administrators and security professionals through conversations with identity experts who've been in the trenches. Episodes feature seasoned Entra practitioners sharing real-world deployment experiences and Microsoft Entra team members who build the features you use daily. Get the inside track on best practices, implementation strategies, and upcoming capabilities directly from those who design and deploy Microsoft identity solutions. Join us for actionable takeaways you can apply immediately in your Microsoft 365, Azure, and Entra environments. --- Entra.Chat, its content and opinions are my (Merill Fernando) own and do not reflect the views of my employer (Microsoft). All postings are provided “AS IS” with no warranties and is not supported by the author. All trademarks and copyrights belong to their owners and are used for identification only. entra.news
Podcast website

Listen to Entra.Chat, The Daily and many other podcasts from around the world with the radio.net app

Get the free radio.net app

  • Stations and podcasts to bookmark
  • Stream via Wi-Fi or Bluetooth
  • Supports Carplay & Android Auto
  • Many other app features