Entra.Chat cover art

Entra.Chat

Entra.Chat

By: Merill Fernando
Listen for free

About this listen

 Entra Chat is a weekly podcast hosted by Merill Fernando and delivers practical insights for Microsoft administrators and security professionals through conversations with identity experts who've been in the trenches. Episodes feature seasoned Entra practitioners sharing real-world deployment experiences and Microsoft Entra team members who build the features you use daily. Get the inside track on best practices, implementation strategies, and upcoming capabilities directly from those who design and deploy Microsoft identity solutions. Join us for actionable takeaways you can apply immediately in your Microsoft 365, Azure, and Entra environments. --- Entra.Chat, its content and opinions are my (Merill Fernando) own and do not reflect the views of my employer (Microsoft). All postings are provided “AS IS” with no warranties and is not supported by the author. All trademarks and copyrights belong to their owners and are used for identification only.

entra.newsMerill & Joshua Fernando Politics & Government
Episodes
  • What an ID Governance Consultant Wishes You Knew About Entra

    What an ID Governance Consultant Wishes You Knew About Entra
    Apr 25 2026
    Identity Governance is often treated as a “nice-to-have” compliance checkbox, but as ID Governance expert Sandra Saluti reveals, it is actually the foundation of a secure, scalable environment. In this technical deep dive, we move past the marketing slides to discuss some of the common real-world “gotchas” that break Entra ID deployments.In this episode, you will learn:* The Golden Rule of Automation: Why you must stop using “presentation data” (like UPNs or Email addresses) as your anchor. We explain why the Object ID is the only immutable truth for your automation.* The “Marriage Bug”: A cautionary tale of how a simple name change can break hybrid joins and lead to accidental laptop wipes and how to prevent it.* The “Unsexy” Side of Governance: Why the most important part of your job isn’t writing PowerShell, but interviewing HR and stakeholders to map out process flow diagrams before you ever touch the portal.* Closing the “Rehire Gap”: How to solve the common crisis where contractors lose access for 48 hours during a renewal because of lifecycle synchronization delays.* Directory Extensions vs. Exchange Attributes: Technical advice on where to store your identity metadata for the most reliable governance.Sponsored by:Entra ID Gaps That Cause OutagesIn Microsoft Entra ID, outages often start small: an expired client secret, a lapsed certificate, or a suddenly failing integration. Traditional controls don’t track credential expiry or enforce application ownership, so issues appear only after something breaks.Teams are left asking:* Which applications can access Microsoft 365 data?* Is that access still appropriate?* Who owns the app?Unclear answers stall reviews, weaken accountability, and slow delivery.ENow App Governance Accelerator closes these gaps by highlighting expiring credentials, surfacing permission risks, and identifying ownership gaps before they disrupt operations. New Standard Tier pricing makes it accessible for organizations under 10,000 users, typically $3,500–$9,500 annually.Subscribe with your favorite podcast player or watch on YouTube 👇About Sandra SalutiSandra Saluti is a consultant at Epical working with Microsoft Entra ID and identity governance. She helps organisations design secure and practical identity solutions with a focus on governance, access management, and Zero Trust.LinkedIn - https://www.linkedin.com/in/sandra-saluti-6866a686/🔗 Related Links* Sandra’s Blog - https://agderinthe.cloud/author/sandra/ 📗 Chapters00:00 Welcome to Entra Chat 03:18 Explaining Identity Governance 08:51 Handling Late Hires and Rehires 11:25 Using Directory Extensions Effectively 18:50 Stop Targeting UPNs for Automation 25:18 Managing Chaos with Guest Access Reviews 30:56 Deciding Who Approves App Access 33:51 Replacing Nested Groups with Access Packages 39:29 Closing Thoughts and CommunityPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill’s socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
    Show More Show Less
    47 mins
  • Stop Leaving the Door Open: The Entra ID Hardening Checklist Security Experts Actually Use

    Stop Leaving the Door Open: The Entra ID Hardening Checklist Security Experts Actually Use
    Apr 18 2026

    Microsoft Entra security is evolving and the way organizations think about identity protection needs to evolve with it. In this episode, I’m joined by Sean Metcalf, one of the foremost identity security experts in the industry, whose work has helped shape how many organizations approach securing both Active Directory and Microsoft Entra.Sean shares the hardening steps many teams still overlook, and why advances in AI are making it easier for both defenders and attackers to work faster than ever before. From MFA and application controls to protecting privileged accounts and reducing unnecessary exposure, this conversation offers a practical look at where strong identity security starts and why getting the fundamentals right matters more than ever.

    Subscribe with your favorite podcast player or watch on YouTube 👇

    About Sean Metcalf

    Sean Metcalf is the Identity Security Architect at TrustedSec and a renowned expert in Microsoft identity security. He holds the rare Certified Master in Active Directory certification and has spoken at major security conferences including Black Hat, DEF CON, and BlueHat on how to defend cloud and hybrid environments.

    LinkedIn - https://www.linkedin.com/in/seanmmetcalf/

    🔗 Related Links

    * Securing Entra ID Administration: Tier 0 - https://trustedsec.com/blog/securing-entra-id-administration-tier-0

    * Managing Privileged Roles in Microsoft Entra ID: A Pragmatic Approach - https://trustedsec.com/blog/managing-privileged-roles-in-microsoft-entra-id-a-pragmatic-approach

    * Improve Entra ID Security More Quickly - https://adsecurity.org/?p=4825

    * Microsoft Graph Skill - https://graph.pm

    📗 Chapters

    00:04:05 AI and the Evolution of Attacks

    00:06:42 The Importance of Hardening Fundamentals

    00:12:03 Securing Entra ID Quickly

    00:16:24 Protecting Tokens with VBS and TPM

    00:19:58 Restricting Consent and Guest Users

    00:23:40 Managing Rogue Tenants

    00:27:36 Cloud Admin Workstation Strategies

    00:34:14 Delegated Admin Privileges

    00:44:32 The Danger of Application Permissions

    00:57:06 Artemis Mission Trivia

    Podcast Apps

    🎙️ Entra.Chat - https://entra.chat

    🎧 Apple Podcast → https://entra.chat/apple

    📺 YouTube → https://entra.chat/youtube

    📺 Spotify → https://entra.chat/spotify

    🎧 Overcast → https://entra.chat/overcast

    🎧 Pocketcast → https://entra.chat/pocketcast

    🎧 Others → https://entra.chat/rss

    Merill’s socials

    📺 YouTube → youtube.com/@merillx

    👔 LinkedIn → linkedin.com/in/merill

    🐤 Twitter → twitter.com/merill

    🕺 TikTok → tiktok.com/@merillf

    🦋 Bluesky → bsky.app/profile/merill.net

    🐘 Mastodon → infosec.exchange/@merill

    🧵 Threads → threads.net/@merillf

    🤖 GitHub → github.com/merill



    Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
    Show More Show Less
    1 hr
  • How to Design Bullet-Proof Conditional Access Policies in Microsoft Entra ID

    How to Design Bullet-Proof Conditional Access Policies in Microsoft Entra ID
    Apr 11 2026
    If you can’t immediately name your break glass accounts and the last time you tested them → you’re already at risk.In this episode of Entra Chat, Microsoft MVP Per Torben walks through the conditional access mistakes he sees even large enterprises making, and the practical framework he actually uses with customers.You’ll learn how to set up emergency access accounts the right way, why your CA policies should be built more like a firewall than a checklist, and the one naming convention that makes managing dozens of policies actually manageable.🎧 Hit play, your tenant will thank you.Sponsored by:Entra ID Gaps That Cause OutagesIn Microsoft Entra ID, outages often start small: an expired client secret, a lapsed certificate, or a suddenly failing integration. Traditional controls don’t track credential expiry or enforce application ownership, so issues appear only after something breaks.Teams are left asking:* Which applications can access Microsoft 365 data?* Is that access still appropriate?* Who owns the app?Unclear answers stall reviews, weaken accountability, and slow delivery.ENow App Governance Accelerator closes these gaps by highlighting expiring credentials, surfacing permission risks, and identifying ownership gaps before they disrupt operations. New Standard Tier pricing makes it accessible for organizations under 10,000 users, typically $3,500–$9,500 annually.Subscribe with your favorite podcast player or watch on YouTube 👇About Per TorbenPer Torben is a Senior Architect at Crayon and a Microsoft MVP for Identity and Access. Based in Norway, he frequently writes highly-read posts featured on Entra.News and runs the collaborative tech blog “Agder in the Cloud”.LinkedIn - https://www.linkedin.com/in/pertorbensorensen/🔗 Related Links* Agder in the Cloud - https://agderinthe.cloud* I.D.E.A. for creating/configuring break-glass accounts* GitHub - https://github.com/Per-Torben/I.D.E.A.* Blog - https://agderinthe.cloud/2026/01/06/introducing-i-d-e-a-and-i-d-e-a-001/* Protected actions: https://agderinthe.cloud/2025/02/12/protected-actions-adding-extra-guards-to-your-entra-id-gate/* Conditional Access hardeing (series): https://agderinthe.cloud/2024/12/05/how-to-fix-the-fundamental-flaw-in-conditional-access-part-1-introduction-and-coverage-gapsCA geo filter (series): https://agderinthe.cloud/2025/11/06/diving-into-geo-filter-with-entra-conditional-access-part-1* Entra Backup - https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/backup-restore📗 Chapters06:22 The importance of Break Glass accounts09:02 Securing emergency access with FIDO2 and RMAUs18:10 Configuring Conditional Access: The “Block by Default” strategy27:26 Managing scope and preventing accidental lockouts29:31 Persona-based naming conventions for CA policies35:38 Grouping settings and avoiding bloated policies41:54 Handling exceptions and travel access with Access Packages44:55 The flaw in Protected Actions for Conditional Access53:38 Using the new Entra Backup feature for quick restoresPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill’s socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
    Show More Show Less
    57 mins
No reviews yet