Entra.Chat

Merill Fernando

News Technology

Latest episode

Available Episodes

5 of 36

Find Your Tenant's Hidden Flaws in Minutes
This week, I’m so excited to share the inside story of a project I’ve been working on for over a year: the new Zero Trust assessment. I’m joined by some of the key folks from the team: Tarek, who’s leading the charge; Sarah and John, who are crushing docs; and Ravi, who’s owning Intune.We unpack the wild breach that sparked it all, geek out over those Sankey charts that spotlight sneaky unmanaged devices and privileged access landmines, and tease why even “expired” app creds could be your silent killer. If you’re tired of silos between identity and endpoints, this is your wake-up call—tune in to see how to make Zero Trust practical before the next attack hits.Subscribe with your favorite podcast player or watch on YouTube 👇About Our GuestsSarah LipseySarah Lipsey has been with Microsoft for almost four years and writes about monitoring and health, ID Protection, and Security Copilot in Microsoft Entra. Sarah has worked as a technical writer and instructional designer for around 20 years, and for a university, a telecommunications firm, and a railroad. She lives in the woods with her family where she loves to knit, play video games, hike, and ski. Yes, she spends way too much time trying to close out every dot on a video game map. Still working on the Skellige map for The Witcher 3.LinkedIn - https://www.linkedin.com/in/sarah-lipsey-b53b746/John FloresJohn is a Senior Content Developer at Microsoft, where he has worked for over eight years. He specializes in creating high-impact technical content for identity security within Microsoft Entra, focusing on areas like Conditional Access, MFA, ID Protection, and device identity. John also leads the documentation efforts for Zero Trust content across Microsoft 365 and Identity teams. He actively collaborates with engineers and PMs to test pre-release features and engages with customers to refine technical guidance.LinkedIn - https://www.linkedin.com/in/johnbflores/Ravi KalwaniRavi is a Senior Program Manager at Microsoft, based in Sydney, Australia. With over 14 years of IT experience spanning technical training, support, consulting, and program management, his focus for the past five years has been on Enterprise Client and Mobility, specifically Microsoft Configuration Manager and Intune. Ravi is also an experienced public speaker, having presented at numerous technical conferences and delivered a wide range of workshops for both internal teams and enterprise customers.LinkedIn - https://www.linkedin.com/in/rkalwani/Tarek DawoudTarek Dawoud is a long-time veteran at Microsoft, having been with the company for over 18 years. Tarek currently leads the architecture team within the customer engineering (CXE) organization, where he helps customers deploy Entra, gathers insights for the product group, and works to solve the hardest identity problems.LinkedIn - https://www.linkedin.com/in/tarekdawoud/🔗 Related Links* aka.ms/zerotrust/assessment → Microsoft Learn docs page for the assessment* aka.ms/zerotrust/demo → Interactive demo of a sample assessment report* aka.ms/zerotrust/feedback → Share your feedback* aka.ms/zerotrust/issues → Logging bugs & issuesZero Trust Assessment - Five minute walkthroughZero Trust Assessment ReportSample report generated by the Zero Trust Assessment tool. Try aka.ms/zerotrust/demo for an interactive demo.📗 Chapters00:00 Intro 01:11 The Origin Story: A Customer Breach 05:59 A New Way to Write Docs 08:55 Bringing Intune into the Story 11:07 How This Compares to Secure Score 14:46 Uncovering Insights with Sankey Charts 21:55 Behind the Scenes: How a Test is Built 36:18 Why We Target Privileged Access (AI Attackers) 39:59 The Myth of “Safe” Expired Credentials 42:35 Final Thoughts: “Please Run It”Podcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill’s socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
--------
44:09
--------
44:09
Hacking Entra ID: Bypassing AppLocks & Creating ‘Immortal’ Users
In this episode, I sit down with security researcher Katie Knowles to unpack the hidden layers of identity systems inside Microsoft Entra. We get into real-world attack paths like backdooring service principals, restricted administrative units that can accidentally create unstoppable accounts, and OAuth phishing in Copilot Studio. Katie also shares how she approaches deep technical research, what defenders often overlook, and why identity security is only becoming more complex. This is one of those conversations where you walk away thinking differently.Subscribe with your favorite podcast player or watch on YouTube 👇About Katie KnowlesKatie Knowles is a Senior Security Researcher at Datadog specializing in Microsoft Azure and Entra ID security. She has extensive experience across security engineering, penetration testing, and incident response. Katie is known for her thorough research that connects complex technical vulnerabilities to practical defensive guidance, publishing regularly on Datadog Security Labs and speaking at major security conferences.LinkedIn - https://www.linkedin.com/in/kaknowles/🔗 Related Links* Katie’s Datadog security posts - https://securitylabs.datadoghq.com/articles/?author=Katie_Knowles* Katie’s personal blog - https://kknowl.es* Katie’s conference talks - https://kknowl.es/external-content/* Creating immutable users through a bug in Entra ID restricted administrative units - https://securitylabs.datadoghq.com/articles/creating-immutable-users-entra-id-administrative-units/* I SPy: Escalating to Entra ID’s Global Admin with a first-party app - https://securitylabs.datadoghq.com/articles/i-spy-escalating-to-entra-id-global-admin/* CoPhish: Using Microsoft Copilot Studio as a wrapper for OAuth phishing - https://securitylabs.datadoghq.com/articles/cophish-using-microsoft-copilot-studio-as-a-wrapper/📗 Chapters02:08 The Immortal User Bug in Restricted Admin Units04:23 Attacker Impact: The Un-deletable Malicious Account05:59 Hacking First-Party Apps & Bypassing AppLock09:29 How She Found the AppLock Bypass11:16 A Day in the Life of a Security Researcher14:20 Phishing with Copilot Studio & OAuth17:00 Top Tips for App Governance & Security21:45 The Hidden Risk of Azure Key Vault Access Policies28:55 App Registrations vs. Service Principals Explained41:48 The Future: Agent IDs & The New Trust ModelPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill’s socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
--------
52:28
--------
52:28
Hacking Entra ID: Inside the Attack & Defense Playbook with its Creators
Sami Lamppu and Thomas Naunheim, the creators of the Entra ID Attack and Defense Playbook, join me to discuss their incredible 5-year community project.We talk about the most complex attacks they’ve researched, including the “black box” token and PRT attacks, and their shocking findings related to TPM and device compliance. We also dive deep into their brand-new chapter on the new Microsoft Entra Connect Application Based Authentication model and the critical steps you must take to secure it.Subscribe with your favorite podcast player or watch on YouTube 👇About Sami & ThomasSami Lamppu is a Microsoft Security MVP and a Principal Cloud Security Lead at Elisa with a strong focus on the blue team side, helping organizations proactively prevent attacks.Thomas Naunheim is a Cybersecurity Architect at glueckkanja and a Microsoft Security MVP. He specializes in Microsoft Entra, identity and access management, and cloud security posture.* Sami LinkedIn - https://www.linkedin.com/in/sami-lamppu/* Thomas LinkedIn - https://www.linkedin.com/in/thomasnaunheim/🔗 Related Links* Entra ID Attack and Defense Playbook - https://github.com/Cloud-Architekt/AzureAD-Attack-Defense📗 Chapters02:35 Origin Story of the Playbook 07:08 Overview of the Attack Chapters 09:53 Who is the Playbook For? 13:59 The Hardest Chapter to Write: Tokens 21:48 Shocking PRT & TPM Findings 24:43 NEW Chapter: Hacking Entra Connect (ABA) 29:10 How to Secure the New Sync Account 36:53 HSCAR: The Posture Analyzer Tool 45:09 Keeping the Playbook Updated & Community 53:12 What’s Next & Final AdvicePodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill’s socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
--------
58:03
--------
58:03
I found a bug that could hack ANY Microsoft 365 tenant - Here's what happened
In this episode, I chat with Dirk-jan Mollema, the legendary researcher behind some of the most important discoveries in Microsoft identity security. We go deep into how curiosity led him from tinkering with web tools to uncovering one of the biggest Entra ID vulnerabilities ever found. He shares the story behind the CVE that rocked the cloud world, the stress of realizing what he’d uncovered, and the mindset that drives his relentless research. If you’ve ever wondered what it feels like to find a bug that could break the internet—this one’s for you.PS: If you like this episode please leave a review on Apple Podcast or Spotify 🙏Subscribe with your favorite podcast player or watch on YouTube 👇About Dirk-jan MollemaDirk-Jan Mollema is a security researcher and consultant specializing in Microsoft Entra ID (Azure AD) and Active Directory security. He is the creator of popular offensive security tools including ROADtools and ROADrecon. With seven years of Entra research and nearly a decade in AD security, Dirk-Jan has discovered numerous critical vulnerabilities and has played an important role in helping improve Microsoft’s cloud security posture. He provides training and consulting services through his company Outsider Security.Twitter → https://twitter.com/_dirkjanLinkedIn → https://www.linkedin.com/in/dirkjanmContact → https://outsidersecurity.nl🔗 Related Links* One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens - https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens* Dirk-Jan’s Blog - https://dirkjanm.io* ROADtools - https://github.com/dirkjanm/ROADtools📗 Chapters00:00 Intro02:11 Guest Journey into Security07:13 Building ROADtools and ROADrecon09:53 Research Tools & Methods14:05 Top Discoveries Ranked17:01 Windows Hello & PRT Deep Dive26:07 The Cross-Tenant Actor Token Bug35:34 Ethical Dilemmas of Big Finds38:24 Disclosure, Impact & Community45:59 Future Research & Intune Tips53:58 Training, Consulting & ClosingPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill’s socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
--------
1:00:39
--------
1:00:39
AI is Coming to Identity Governance! Meet the Entra Access Review Agent
In this episode, I sit down with Alexander Filipin, a Product Manager at Microsoft, to unpack the essentials of identity governance and why access reviews are a game-changer for security and compliance.We explore the pitfalls like rubber stamping that plague traditional methods and tease how the new AI-driven Access Review Agent is stepping in with smart recommendations and context to make decisions easier and more accurate. Plus, we peek into exciting future possibilities where agents could automate access management entirely—tune in to see how this could reshape your org’s approach!Subscribe with your favorite podcast player or watch on YouTube 👇About Alexander FilipinAlexander Filipin is a Product Manager at Microsoft in the Microsoft Entra ID Governance team. With a background in consulting and identity security, he previously contributed to popular community projects like Conditional Access as Code and now leads features in Microsoft Entra, including the newly released Access Review Agent.LinkedIn - https://www.linkedin.com/in/alexfilipin/🔗 Related Links* Microsoft Entra Access Review Agent Documentation - https://aka.ms/aragent* Conditional Access Optimization Agent - https://learn.microsoft.com/en-us/entra/identity/conditional-access/agent-optimization📗 Chapters00:00 Intro00:48 From Community Code to Microsoft Product Management04:42 The 4 Drivers of Governance: Security, Compliance, & Cost Savings06:45 Why Access Reviews are Critical for Guest and Licensing Cleanup13:46 Licensing: Entra ID P2 vs. Entra Governance Capabilities20:01 The Biggest Problem with Traditional Access Reviews Today20:41 Introducing the Entra Access Review Agent23:18 The Role of AI in Generating Reviewer Context34:04 The Audit Trail and Compliance for AI Decisions44:26 Future Vision: The Next Evolution of Identity GovernancePodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill’s socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
--------
1:07:40
--------
1:07:40

More News podcasts

About Entra.Chat

Entra Chat is a weekly podcast hosted by Merill Fernando and delivers practical insights for Microsoft administrators and security professionals through conversations with identity experts who've been in the trenches. Episodes feature seasoned Entra practitioners sharing real-world deployment experiences and Microsoft Entra team members who build the features you use daily. Get the inside track on best practices, implementation strategies, and upcoming capabilities directly from those who design and deploy Microsoft identity solutions. Join us for actionable takeaways you can apply immediately in your Microsoft 365, Azure, and Entra environments. --- Entra.Chat, its content and opinions are my (Merill Fernando) own and do not reflect the views of my employer (Microsoft). All postings are provided “AS IS” with no warranties and is not supported by the author. All trademarks and copyrights belong to their owners and are used for identification only. entra.news

Podcast website

News Technology Tech News