Category: Entra & Identity
-
Microsoft Entra Backup and Recovery: A Practitioner’s Guide to What it Does and Does Not Solve
On 19 March 2026, Microsoft quietly released one of the most requested enterprise identity features to Public Preview: a native, platform-managed backup and point-in-time recovery capability for Entra ID tenant configuration. No big announcement, no Message Centre notification. Just a new blade in the Entra admin centre. This post cuts through the surface-level excitement, maps…
-
Entra Tenant Governance: How It Works in Practice
Entra Tenant Governance extends UTCM into a multi-tenant governance model, adding tenant discovery, governance relationships and policy templates on top of Microsoft’s native monitoring and snapshot engine. This post breaks down how it works mechanically, what each licensing tier unlocks, where the control-plane risks sit, and when native governance makes sense versus third-party tooling.
-
Administrative Boundary Design in Microsoft Entra: From Flat Tenants to Defensible Governance
Many Microsoft Entra tenants are technically secure but structurally fragile. This article explains why administrative boundary design — using Administrative Units, scoped delegation and governance segmentation — is essential for defensible enterprise tenant governance.
-
Microsoft is auto-enabling passkeys in Entra: configuration, sync and deployment best practices
Microsoft is automatically enabling passkeys in Entra, accelerating the shift to passwordless authentication. This technical deep dive explains configuration, device sync behaviour and best practices for deploying passkeys securely with Conditional Access.
-
Exploring Conditional Access Bypasses in Microsoft Entra ID
Conditional Access is the backbone of Zero Trust in Microsoft Entra ID, yet real world attacks increasingly demonstrate how it can be bypassed. From device and token abuse to built in exclusions and misunderstood session controls, attackers exploit gaps that many organisations assume are protected. Triggered by Microsoft’s upcoming change in February 2026, where session…
-
Require Risk Remediation: The Game-Changer for Conditional Access Policies
Discover the game-changing ‘Require Risk Remediation’ control in Microsoft Entra Conditional Access. This preview feature simplifies risk management by handling both password and passwordless users in one policy, reducing complexity and misconfigurations. Get a step-by-step guide, real-world benefits, and pragmatic insights into its limitations for enhanced security.
-
Is Your Guest Access in Entra Putting Your Organisation at Risk?
Many organisations assume Microsoft Entra ID handles guest users securely by default—but it doesn’t. In this post, we uncover the top 5 common mistakes in guest access management, from excessive directory visibility to perpetual access without lifecycle controls. Learn how to lock down your tenant with practical fixes, ensuring secure B2B collaboration without the risks.
-
Unlocking Stronger Security: A 2025 Guide to Microsoft’s Baseline Security Mode for Microsoft 365
A practical look at Microsoft’s Baseline Security Mode: what it does, where it helps, and how it supports essential cyber hygiene under standards like Cyber Essentials and NIS2.
-
Microsoft Entra Consent Changes Coming July 2025: A Guide for Admins
Get ready for Microsoft Entra ID’s app consent changes starting 16 July 2025! This guide explains the new Microsoft-managed policy, how it impacts admins, and steps to avoid disruptions, including enabling the Admin Consent Workflow and auditing app permissions. Stay ahead with key dates and tips to ensure compliance and security.
-
Microsoft Dumps OTP Authentication for SharePoint Online Sharing with Entra ID B2B
Microsoft is phasing out One-Time Passcode (OTP) authentication for SharePoint Online and OneDrive external sharing, replacing it with Entra ID B2B Collaboration, effective July 1, 2025 (MC1089315). Legacy OTP links will stop working, requiring users to re-share content to restore access for external collaborators, who must also register for mandatory MFA. Prepare now by notifying…