Entra ID

Latest Articles

Lifeline or Liability: Managing Emergency Accounts in Hybrid Environments

Lifeline or Liability: Managing Emergency Accounts in Hybrid Environments

In this blog, we explore why break-glass accounts are your lifeline when identity systems fail. Microsoft’s updated guidance calls for two cloud-only Entra ID accounts with phishing-resistant MFA and restricted AD Administrator accounts limited to domain controllers. Excluding them from Conditional Access, storing credentials offline, and testing regularly ensures your emergency access is a lifeline — not a liability.

December 3, 2025
Practical Graph: Creating a Service Principal Analysis for a Microsoft 365 Tenant 2 Comments

Practical Graph: Creating a Service Principal Analysis for a Microsoft 365 Tenant

Understanding the set of registered and enterprise apps active in a Microsoft 365 tenant is important. Attackers can sneak in and plant an app to exfiltrate or otherwise steal data. This article explains how to use PowerShell to create a service principal analysis report that highlights common problems and gives tenant administrators the data needed to manage apps.

November 17, 2025
Practical Graph: How to Delegate Device Management in Entra ID

Practical Graph: How to Delegate Device Management in Entra ID

Managing devices across large organizations can be complex. Administrative Units (AUs) help scope admin rights, but what about newly registered devices? In this article, we explain how to automate adding devices to the correct AU using Microsoft Graph and Azure Automation runbooks with managed identities—eliminating manual steps and improving security.

November 12, 2025
Death by Token: Understanding CVE-2025-55241 2 Comments

Death by Token: Understanding CVE-2025-55241

In this blog, we take a closer look at CVE-2025-55241, a critical Entra ID flaw that briefly allowed attackers to impersonate Global Admins across any tenant, no phishing or passwords required. While Microsoft moved fast to patch the issue, it exposed how deeply legacy code can undermine modern security efforts. We’ll break down what happened, why it matters, and what admins should do now to stay protected.

October 14, 2025
Entra Agents are Promising but Could do More

Entra Agents are Promising but Could do More

Microsoft's Alex Simons came to the TEC 2025 conference to talk about the future of Entra ID, a lot of which hangs on the use of AI in components like the Entra agents that are now in preview. The idea of using agents to relieve hard-pressed human administrators is great, but only if those agents do more than a skilled human administrator can do, and that's not the case so far.

October 7, 2025
Controlling Access to Microsoft 365 Entra ID Apps Part #3

Controlling Access to Microsoft 365 Entra ID Apps Part #3

In Part 3 of our Controlling Access in Entra ID Apps series, we explore how combining Administrative Units with RBAC roles enables scoped, secure management of Microsoft 365 resources. Learn how dynamic membership rules and role assignments help enforce least privilege, simplify delegation, and improve operational clarity across your tenant.

August 20, 2025
Practical Graph: Tracking Critical App Actions Through Audit Events

Practical Graph: Tracking Critical App Actions Through Audit Events

App management audit events are captured when changes are made to Entra registered and enterprise apps. Critical app management audit events should be closely monitored to ensure that permissions are used properly and attackers haven't attempted to penetrate the tenant to extract data. This article explains how to find and analyze audit data for some critical app management audit events and run the code as an Azure Automation runbook.

July 8, 2025