Identity GovernanceIdentity Protection & RiskMicrosoft Entra ID

Secure guest access in Azure AD (Microsoft Entra id)

March 3, 2026
How to collaborate without creating a shadow tenant Guest access in Azure AD (now Microsoft Entra ID) is one of those features that looks simple on the surface: invite someone, they show up in your directory, and they can access Teams, SharePoint, and apps. The security reality is harsher. A guest is an identity you don’t fully control, operating inside a tenant boundary you do control. That…
Read more
Authentication MethodsIdentity GovernanceMicrosoft Entra ID

Monitoring risky sign-ins with identity protection in entra id

March 2, 2026
Picture this: a perfectly valid user signs in to Microsoft 365 at 9:02 AM. Same username. Correct password. Same app. Nothing “fails.” Yet the session originates from an anonymizing network, from a geography your tenant has never seen for that user, using an unfamiliar device and browser fingerprint. If you only watch failed sign-ins, you’ll miss it. That gap is exactly what monitoring risky…
Read more
Conditional AccessMicrosoft Entra ID

Entra conditional access templates for hybrid identity

March 2, 2026
If you run a hybrid identity estate, you already know the uncomfortable truth: the same user can “look trusted” in one place and “untrusted” in another. On-premises active directory gives you strong control over devices and network boundaries. Microsoft entra id (formerly azure ad) gives you strong control over cloud sessions, sign-in risk, and app access. The hard part is building a…
Read more
External IdentitiesIdentity GovernanceMicrosoft Entra ID

Enabling cloud SSO for on-prem AD users

March 1, 2026
Most teams think “cloud SSO for on-prem AD users” is a single checkbox: sync identities to the cloud, and users magically stop seeing prompts. In reality, you’re stitching together two different security worlds: On-prem AD is built around Kerberos, NTLM, LDAP, domain-joined devices, and network locality. Cloud identity (Microsoft Entra ID / Azure AD) is built around OAuth 2.0, OpenID…
Read more
Authentication MethodsIdentity Protection & RiskMicrosoft Entra IDTenant & Directory Administration

How to manage devices in azure ad and intune

March 1, 2026
The identity-to-control pipeline that actually matters If you have ever stared at a “compliant” device that still cannot access Microsoft 365, or an “azure ad joined” laptop that refuses to enroll into intune, you have already learned the uncomfortable truth: device management in microsoft entra id (formerly azure ad) and microsoft intune is not a single feature. It is a pipeline. At a…
Read more
Authentication MethodsExternal IdentitiesMicrosoft Entra IDTenant & Directory Administration

How to setup entra connect and cloud sync with the right sync engine

March 1, 2026
Hybrid identity is no longer a “maybe later” project. It is now the default state for most enterprises: on-premises active directory still runs many core workloads, while microsoft entra id is the control plane for modern access, conditional access, and saas. The connector you choose between those worlds determines whether sign-ins are boring (good) or chaotic (bad). When people say “set up…
Read more
Authentication MethodsConditional AccessExternal IdentitiesMicrosoft Entra ID

Using custom roles and pim in entra id

March 1, 2026
Least privilege that actually survives real life Imagine you’re the person who gets paged when “someone needs admin access right now.” The request is always urgent. The blast radius is always unclear. And the only role that “just works” is usually global administrator. That is the default failure mode of identity governance: not because people love risk, but because granularity is hard…
Read more
Identity GovernanceMicrosoft Entra ID

Deploying identity governance policies in Entra

March 1, 2026
How to build something that survives audits, outages, and “we’ll just script it” Identity governance is the part of identity management that answers a blunt question: who has access to what, why do they still have it, and what’s the process for removing it without breaking the business? In Microsoft Entra, “deploying identity governance policies” is not a single switch you flip. It’s…
Read more
Authentication MethodsIdentity GovernanceMicrosoft Entra ID

Detecting stale accounts in azure ad

March 1, 2026
A stale account is not “a user who hasn’t logged in for 90 days.” That definition is convenient, but it’s incomplete—and in Entra ID it can be dangerously misleading. A stale account is an identity object whose continued existence creates risk or cost without delivering current business value. Login inactivity is just one signal. The real question is: does this identity still have an…
Read more
External IdentitiesMicrosoft Entra ID

Cross-tenant collaboration with b2b guest access

March 1, 2026
How it actually works, what breaks in the real world, and how to design it like an engineer Cross-tenant collaboration with Microsoft Entra b2b guest access is the modern answer to an old problem: “How do we let partner users access our apps and data without creating accounts for them?” In plain terms: you grant access to resources in your tenant to external users who authenticate using their…
Read more