External IdentitiesMicrosoft Entra ID

Cross-tenant collaboration with b2b guest access

March 1, 2026
How it actually works, what breaks in the real world, and how to design it like an engineer Cross-tenant collaboration with Microsoft Entra b2b guest access is the modern answer to an old problem: “How do we let partner users access our apps and data without creating accounts for them?” In plain terms: you grant access to resources in your tenant to external users who authenticate using their…
Read more
Identity GovernanceIdentity Protection & RiskMicrosoft Entra IDTenant & Directory Administration

Auditing azure ad app permissions

March 1, 2026
How to see what apps can really do in your tenant If you’ve ever opened microsoft entra id (azure ad) and clicked through enterprise applications → permissions, you’ve seen the comforting illusion of control: a list of “api permissions” that looks finite, reviewable, and mostly harmless. In real incidents, that list is rarely the whole story. The permissions you see (requested…
Read more
Identity GovernanceIdentity Protection & RiskMicrosoft Entra ID

Using access reviews to reduce privilege creep

March 1, 2026
Privilege creep is what happens when access accumulates faster than it is removed. A contractor is added to a “temporary” admin group. A developer gets an exception role “just for this sprint.” A helpdesk tech inherits access from a past incident. Months later, nobody remembers why those permissions still exist. In security terms, this is not a “bad admin” problem. It is a systems…
Read more
Authentication MethodsMicrosoft Entra ID

How Entra handles token lifetimes

March 1, 2026
and why “expiry time” is the wrong mental model… If you’ve ever tried to “set Entra token lifetime to 8 hours” and walked away confused, you’re not alone. Microsoft Entra ID (formerly Azure AD) absolutely issues tokens with expiry timestamps. But in real-world Entra, “how long a user stays signed in” is governed by a stack of mechanisms: OAuth token lifetimes, refresh token…
Read more
External IdentitiesIdentity GovernanceMicrosoft Entra ID

Handling Rehires: The ‘Duplicate Identity’ Nightmare in HR-Driven Provisioning  

February 20, 2026
The modern enterprise identity landscape balances fluidity with permanence, yet “boomerang” hiring strains the systems built to manage it. HR-driven provisioning, designed to automate the worker lifecycle, often falters during rehire events. When a former employee returns, workflows must reconcile an existing digital footprint or create a new one. Failed correlation results in the “duplicate…
Read more
Identity GovernanceMicrosoft Entra ID

Rescinded Hire Architecture

February 20, 2026
The modern enterprise identity landscape relies on a delicate synchronization between Human Resources Information Systems (HRIS) and technical directories. While the industry standard is the “Joiner, Mover, Leaver” (JML) framework, an increasingly dangerous edge case is emerging: the Rescinded Hire. This situation arises when a future start date is entered into an HR system such as…
Read more
External IdentitiesMicrosoft Entra ID

Integrating Entra with third-party apps

February 20, 2026
At 9:07 AM, your helpdesk phone lights up. “Users can’t log into the CRM anymore. It says something about SAML.” The CRM vendor insists nothing changed. Your network team swears the firewall is fine. Meanwhile, executives can’t access customer data. In most modern Windows environments, this failure sits at the intersection of Microsoft Entra ID (formerly Azure AD), third-party SaaS apps…
Read more
Identity GovernanceIdentity Protection & RiskMicrosoft Entra ID

Understanding Microsoft Entra Verified ID for real-world identity engineering

February 20, 2026
Picture a familiar Windows/AD problem, just wearing 2026 clothes. You hire a contractor in a different country. They need access to a handful of internal apps, maybe a helpdesk portal, maybe a privileged request workflow. You don’t want to create a full AD account yet. You don’t want a permanent Entra B2B guest either. HR wants “proof of employment” and “proof of training completion.”…
Read more
Identity GovernanceMicrosoft Entra ID

Creating Automation Workflows Using Entra ID

February 20, 2026
Automation is the difference between an identity platform that scales and one that collapses under its own operational weight. In most environments, identity changes outpace everything else. Users join, move, leave. Devices enroll and retire. Applications appear, proliferate, and demand access. Compliance rules evolve. If each of these events requires a ticket and a human click path through the…
Read more
Microsoft Entra IDTenant & Directory Administration

Role-based access control (RBAC) in Azure

December 19, 2025
Azure RBAC is the authorization system used to control who can do what across Azure resources. It is designed to keep access granular, auditable, and aligned to real operational responsibilities—without turning permissions into a messy pile of one-off exceptions. In practice, Azure RBAC works best when it is treated as an operating model, not a one-time configuration task: define roles clearly…
Read more