Identity GovernanceIdentity Protection & RiskMicrosoft Entra ID

Secure guest access in Azure AD (Microsoft Entra id)

March 3, 2026
How to collaborate without creating a shadow tenant Guest access in Azure AD (now Microsoft Entra ID) is one of those features that looks simple on the surface: invite someone, they show up in your directory, and they can access Teams, SharePoint, and apps. The security reality is harsher. A guest is an identity you don’t fully control, operating inside a tenant boundary you do control. That…
Read more
Authentication MethodsIdentity GovernanceMicrosoft Entra ID

Monitoring risky sign-ins with identity protection in entra id

March 2, 2026
Picture this: a perfectly valid user signs in to Microsoft 365 at 9:02 AM. Same username. Correct password. Same app. Nothing “fails.” Yet the session originates from an anonymizing network, from a geography your tenant has never seen for that user, using an unfamiliar device and browser fingerprint. If you only watch failed sign-ins, you’ll miss it. That gap is exactly what monitoring risky…
Read more
External IdentitiesIdentity GovernanceMicrosoft Entra ID

Enabling cloud SSO for on-prem AD users

March 1, 2026
Most teams think “cloud SSO for on-prem AD users” is a single checkbox: sync identities to the cloud, and users magically stop seeing prompts. In reality, you’re stitching together two different security worlds: On-prem AD is built around Kerberos, NTLM, LDAP, domain-joined devices, and network locality. Cloud identity (Microsoft Entra ID / Azure AD) is built around OAuth 2.0, OpenID…
Read more
Identity GovernanceMicrosoft Entra ID

Deploying identity governance policies in Entra

March 1, 2026
How to build something that survives audits, outages, and “we’ll just script it” Identity governance is the part of identity management that answers a blunt question: who has access to what, why do they still have it, and what’s the process for removing it without breaking the business? In Microsoft Entra, “deploying identity governance policies” is not a single switch you flip. It’s…
Read more
Authentication MethodsIdentity GovernanceMicrosoft Entra ID

Detecting stale accounts in azure ad

March 1, 2026
A stale account is not “a user who hasn’t logged in for 90 days.” That definition is convenient, but it’s incomplete—and in Entra ID it can be dangerously misleading. A stale account is an identity object whose continued existence creates risk or cost without delivering current business value. Login inactivity is just one signal. The real question is: does this identity still have an…
Read more
Identity GovernanceIdentity Protection & RiskMicrosoft Entra IDTenant & Directory Administration

Auditing azure ad app permissions

March 1, 2026
How to see what apps can really do in your tenant If you’ve ever opened microsoft entra id (azure ad) and clicked through enterprise applications → permissions, you’ve seen the comforting illusion of control: a list of “api permissions” that looks finite, reviewable, and mostly harmless. In real incidents, that list is rarely the whole story. The permissions you see (requested…
Read more
Identity GovernanceIdentity Protection & RiskMicrosoft Entra ID

Using access reviews to reduce privilege creep

March 1, 2026
Privilege creep is what happens when access accumulates faster than it is removed. A contractor is added to a “temporary” admin group. A developer gets an exception role “just for this sprint.” A helpdesk tech inherits access from a past incident. Months later, nobody remembers why those permissions still exist. In security terms, this is not a “bad admin” problem. It is a systems…
Read more
External IdentitiesIdentity GovernanceMicrosoft Entra ID

Handling Rehires: The ‘Duplicate Identity’ Nightmare in HR-Driven Provisioning  

February 20, 2026
The modern enterprise identity landscape balances fluidity with permanence, yet “boomerang” hiring strains the systems built to manage it. HR-driven provisioning, designed to automate the worker lifecycle, often falters during rehire events. When a former employee returns, workflows must reconcile an existing digital footprint or create a new one. Failed correlation results in the “duplicate…
Read more
Identity GovernanceMicrosoft Entra ID

Rescinded Hire Architecture

February 20, 2026
The modern enterprise identity landscape relies on a delicate synchronization between Human Resources Information Systems (HRIS) and technical directories. While the industry standard is the “Joiner, Mover, Leaver” (JML) framework, an increasingly dangerous edge case is emerging: the Rescinded Hire. This situation arises when a future start date is entered into an HR system such as…
Read more
Identity GovernanceIdentity Protection & RiskMicrosoft Entra ID

Understanding Microsoft Entra Verified ID for real-world identity engineering

February 20, 2026
Picture a familiar Windows/AD problem, just wearing 2026 clothes. You hire a contractor in a different country. They need access to a handful of internal apps, maybe a helpdesk portal, maybe a privileged request workflow. You don’t want to create a full AD account yet. You don’t want a permanent Entra B2B guest either. HR wants “proof of employment” and “proof of training completion.”…
Read more