Authentication MethodsConditional AccessExternal IdentitiesMicrosoft Entra ID

Using custom roles and pim in entra id

March 1, 2026
Least privilege that actually survives real life Imagine you’re the person who gets paged when “someone needs admin access right now.” The request is always urgent. The blast radius is always unclear. And the only role that “just works” is usually global administrator. That is the default failure mode of identity governance: not because people love risk, but because granularity is hard…
Read more
Identity GovernanceMicrosoft Entra ID

Deploying identity governance policies in Entra

March 1, 2026
How to build something that survives audits, outages, and “we’ll just script it” Identity governance is the part of identity management that answers a blunt question: who has access to what, why do they still have it, and what’s the process for removing it without breaking the business? In Microsoft Entra, “deploying identity governance policies” is not a single switch you flip. It’s…
Read more
Authentication MethodsIdentity GovernanceMicrosoft Entra ID

Detecting stale accounts in azure ad

March 1, 2026
A stale account is not “a user who hasn’t logged in for 90 days.” That definition is convenient, but it’s incomplete—and in Entra ID it can be dangerously misleading. A stale account is an identity object whose continued existence creates risk or cost without delivering current business value. Login inactivity is just one signal. The real question is: does this identity still have an…
Read more
External IdentitiesMicrosoft Entra ID

Cross-tenant collaboration with b2b guest access

March 1, 2026
How it actually works, what breaks in the real world, and how to design it like an engineer Cross-tenant collaboration with Microsoft Entra b2b guest access is the modern answer to an old problem: “How do we let partner users access our apps and data without creating accounts for them?” In plain terms: you grant access to resources in your tenant to external users who authenticate using their…
Read more
Identity GovernanceIdentity Protection & RiskMicrosoft Entra IDTenant & Directory Administration

Auditing azure ad app permissions

March 1, 2026
How to see what apps can really do in your tenant If you’ve ever opened microsoft entra id (azure ad) and clicked through enterprise applications → permissions, you’ve seen the comforting illusion of control: a list of “api permissions” that looks finite, reviewable, and mostly harmless. In real incidents, that list is rarely the whole story. The permissions you see (requested…
Read more
Identity GovernanceIdentity Protection & RiskMicrosoft Entra ID

Using access reviews to reduce privilege creep

March 1, 2026
Privilege creep is what happens when access accumulates faster than it is removed. A contractor is added to a “temporary” admin group. A developer gets an exception role “just for this sprint.” A helpdesk tech inherits access from a past incident. Months later, nobody remembers why those permissions still exist. In security terms, this is not a “bad admin” problem. It is a systems…
Read more
Authentication MethodsMicrosoft Entra ID

How Entra handles token lifetimes

March 1, 2026
and why “expiry time” is the wrong mental model… If you’ve ever tried to “set Entra token lifetime to 8 hours” and walked away confused, you’re not alone. Microsoft Entra ID (formerly Azure AD) absolutely issues tokens with expiry timestamps. But in real-world Entra, “how long a user stays signed in” is governed by a stack of mechanisms: OAuth token lifetimes, refresh token…
Read more
External IdentitiesMicrosoft Entra ID

Integrating Entra with third-party apps

February 20, 2026
At 9:07 AM, your helpdesk phone lights up. “Users can’t log into the CRM anymore. It says something about SAML.” The CRM vendor insists nothing changed. Your network team swears the firewall is fine. Meanwhile, executives can’t access customer data. In most modern Windows environments, this failure sits at the intersection of Microsoft Entra ID (formerly Azure AD), third-party SaaS apps…
Read more
Identity GovernanceIdentity Protection & RiskMicrosoft Entra ID

Understanding Microsoft Entra Verified ID for real-world identity engineering

February 20, 2026
Picture a familiar Windows/AD problem, just wearing 2026 clothes. You hire a contractor in a different country. They need access to a handful of internal apps, maybe a helpdesk portal, maybe a privileged request workflow. You don’t want to create a full AD account yet. You don’t want a permanent Entra B2B guest either. HR wants “proof of employment” and “proof of training completion.”…
Read more
Identity GovernanceMicrosoft Entra ID

Creating Automation Workflows Using Entra ID

February 20, 2026
Automation is the difference between an identity platform that scales and one that collapses under its own operational weight. In most environments, identity changes outpace everything else. Users join, move, leave. Devices enroll and retire. Applications appear, proliferate, and demand access. Compliance rules evolve. If each of these events requires a ticket and a human click path through the…
Read more