External IdentitiesIdentity GovernanceMicrosoft Entra ID

Enabling cloud SSO for on-prem AD users

March 1, 2026
Most teams think “cloud SSO for on-prem AD users” is a single checkbox: sync identities to the cloud, and users magically stop seeing prompts. In reality, you’re stitching together two different security worlds: On-prem AD is built around Kerberos, NTLM, LDAP, domain-joined devices, and network locality. Cloud identity (Microsoft Entra ID / Azure AD) is built around OAuth 2.0, OpenID…
Read more
Authentication MethodsIdentity Protection & RiskMicrosoft Entra IDTenant & Directory Administration

How to manage devices in azure ad and intune

March 1, 2026
The identity-to-control pipeline that actually matters If you have ever stared at a “compliant” device that still cannot access Microsoft 365, or an “azure ad joined” laptop that refuses to enroll into intune, you have already learned the uncomfortable truth: device management in microsoft entra id (formerly azure ad) and microsoft intune is not a single feature. It is a pipeline. At a…
Read more
Authentication MethodsExternal IdentitiesMicrosoft Entra IDTenant & Directory Administration

How to setup entra connect and cloud sync with the right sync engine

March 1, 2026
Hybrid identity is no longer a “maybe later” project. It is now the default state for most enterprises: on-premises active directory still runs many core workloads, while microsoft entra id is the control plane for modern access, conditional access, and saas. The connector you choose between those worlds determines whether sign-ins are boring (good) or chaotic (bad). When people say “set up…
Read more
Authentication MethodsConditional AccessExternal IdentitiesMicrosoft Entra ID

Using custom roles and pim in entra id

March 1, 2026
Least privilege that actually survives real life Imagine you’re the person who gets paged when “someone needs admin access right now.” The request is always urgent. The blast radius is always unclear. And the only role that “just works” is usually global administrator. That is the default failure mode of identity governance: not because people love risk, but because granularity is hard…
Read more
Identity GovernanceMicrosoft Entra ID

Deploying identity governance policies in Entra

March 1, 2026
How to build something that survives audits, outages, and “we’ll just script it” Identity governance is the part of identity management that answers a blunt question: who has access to what, why do they still have it, and what’s the process for removing it without breaking the business? In Microsoft Entra, “deploying identity governance policies” is not a single switch you flip. It’s…
Read more
Authentication MethodsIdentity GovernanceMicrosoft Entra ID

Detecting stale accounts in azure ad

March 1, 2026
A stale account is not “a user who hasn’t logged in for 90 days.” That definition is convenient, but it’s incomplete—and in Entra ID it can be dangerously misleading. A stale account is an identity object whose continued existence creates risk or cost without delivering current business value. Login inactivity is just one signal. The real question is: does this identity still have an…
Read more
External IdentitiesMicrosoft Entra ID

Cross-tenant collaboration with b2b guest access

March 1, 2026
How it actually works, what breaks in the real world, and how to design it like an engineer Cross-tenant collaboration with Microsoft Entra b2b guest access is the modern answer to an old problem: “How do we let partner users access our apps and data without creating accounts for them?” In plain terms: you grant access to resources in your tenant to external users who authenticate using their…
Read more
Identity GovernanceIdentity Protection & RiskMicrosoft Entra IDTenant & Directory Administration

Auditing azure ad app permissions

March 1, 2026
How to see what apps can really do in your tenant If you’ve ever opened microsoft entra id (azure ad) and clicked through enterprise applications → permissions, you’ve seen the comforting illusion of control: a list of “api permissions” that looks finite, reviewable, and mostly harmless. In real incidents, that list is rarely the whole story. The permissions you see (requested…
Read more
Identity GovernanceIdentity Protection & RiskMicrosoft Entra ID

Using access reviews to reduce privilege creep

March 1, 2026
Privilege creep is what happens when access accumulates faster than it is removed. A contractor is added to a “temporary” admin group. A developer gets an exception role “just for this sprint.” A helpdesk tech inherits access from a past incident. Months later, nobody remembers why those permissions still exist. In security terms, this is not a “bad admin” problem. It is a systems…
Read more
Authentication MethodsMicrosoft Entra ID

How Entra handles token lifetimes

March 1, 2026
and why “expiry time” is the wrong mental model… If you’ve ever tried to “set Entra token lifetime to 8 hours” and walked away confused, you’re not alone. Microsoft Entra ID (formerly Azure AD) absolutely issues tokens with expiry timestamps. But in real-world Entra, “how long a user stays signed in” is governed by a stack of mechanisms: OAuth token lifetimes, refresh token…
Read more