Entra Chat 🎙️ → A master class with Entra’s Identity Provisioning Wizard!
In this episode, I sit down with Chetan Desai, a Principal Product Manager on the Microsoft Identity Governance team. We dive deep into a side of Entra that many admins never see: the critical "first mile problem" of getting identities into your system in the first place.We talk about the evolution from on-prem scripts and MIM to specific connectors for Workday and SuccessFactors and then to the new powerful, generic API-driven approach that can handle any HR system and the architectural decisions behind it. Chetan also gives us a masterclass on how the provisioning engine differs from the Graph API and provides advice for anyone looking to migrate from a legacy Identity Governance and Administration (IGA) solution.Subscribe with your favorite podcast player or watch on YouTube 👇About Chetan DesaiChetan Desai is a Principal Product Manager at Microsoft on the Entra team. For the past seven years, he has been a core part of the Entra Identity Governance and Provisioning team. Before his time at Microsoft, Chetan spent 17 years in consulting within the identity and access management domain , bringing a wealth of real-world deployment and integration experience to his product management role.🔗 Related Links* Application and HR provisioning documentation* Provisioning with SCIM* API-driven inbound provisioning concepts📗 Chapters00:34 The "First Mile Problem" in Identity 04:51 From AD Sync to HR-Driven Provisioning 09:52 The Entra Provisioning Service Architecture 16:17 Hybrid vs. Cloud-Only Identity Flows 19:17 Beyond Workday: The Need for a Generic Connector 27:43 The Great Debate: CSV vs. SQL vs. API 35:34 Provisioning API vs. Graph API: What's the Difference? 43:24 The Latest Evolution: Custom Security Attributes 49:26 Advice for Migrating to Modern IGAPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill's socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
--------
55:01
--------
55:01
The Secret to Great Tech Content? A Masterclass in Storytelling
In this episode, I chat with the legendary Tony Redmond, a prolific writer and author of "Office 365 for IT Pros". Tony shares unfiltered insights from his career, critiques the state of technical writing and AI, and discusses the challenges with PowerShell and the future of AI agents in the Microsoft ecosystem.Subscribe with your favorite podcast player or watch on YouTube 👇About Tony RedmondTony Redmond is a well-known and prolific writer in the Microsoft 365 space. After a long career in large tech companies like Digital, Compaq, and HP, where he rose to the level of Vice President, he became an independent consultant and author in 2010. He is the lead author of the widely respected and continuously updated e-book, "Office 365 for IT Pros," and "Automating Microsoft 365 with PowerShell."LinkedIn - https://www.linkedin.com/in/tonyredmond/ 🔗 Related Links* Office 365 for IT Pros (Book) - https://office365itpros.com * Practical 365 - https://practical365.com📗 Chapters00:00 Intro 03:50 Tony's career and lessons from corporate life 09:06 The story behind the "Office 365 for IT Pros" book 21:35 Tony's rules for great technical writing 25:31 The problem with duplicate content and AI summaries 36:31 A critique of the Graph PowerShell SDK 45:15 The dangers of AI and the need for guardrails 50:57 Microsoft's mistake: Rushing tech without guardrails 55:04 The cyclical nature of technology and IT challengesPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill's socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
--------
1:03:01
--------
1:03:01
The Ultimate Guide to App Consent in Microsoft Entra
In this episode, I sit down with Erin Greenlee, the Product Manager for App Consent on Microsoft’s App Platform Team. We dive into the critical world of app consent and the upcoming Microsoft 365 secure-by-default changes. We explore the nuances of user and admin consent, the impact of the mid-July 2025, policy shift, and how admins can prepare for a more secure Entra environment.Subscribe with your favorite podcast player or watch on YouTube 👇About Erin GreenleeErin Greenlee is a Product Manager at Microsoft, specializing in the App Platform Team within the Identity and Network Access division. With a decade of experience at Microsoft, including roles in B2C and domain services, Erin now focuses on consent, authorization, and app roles, helping organizations secure their applications while enabling productivity.LinkedIn - https://www.linkedin.com/in/eringreenlee/🔗 Related Links* MC1097272 - Microsoft 365 Upcoming Secure by Default Settings Changes - https://mc.merill.net/message/MC1097272 * Entra Admin Consent Workflow - https://docs.microsoft.com/en-us/entra/identity/enterprise-apps/configure-admin-consent-workflow * Configure how users consent to applications - https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/configure-user-consent* Manage app consent policies - https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/manage-app-consent-policies* Review App Consent audit logs - https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/app-perms-audit-logs📗 Chapters02:15 What is App Consent?03:22 Delegated vs. Application Permissions07:45 The User Consent Balancing Act13:58 How Consent is Evaluated17:33 Understanding Tenant Consent Policies22:28 The Admin Consent Workflow31:18 The Big Change: Microsoft's Secure-by-Default Update41:35 How to Prepare for the Change49:05 Advanced Delegation with Custom PoliciesPodcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill's socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
--------
1:12:14
--------
1:12:14
Pushing Microsoft Entra to its Limits to Secure On-Prem AD
In this episode, we talk with an identity expert, ex-Microsoftie and Principal Domain Architect, Mark Renoden, about creating a modern Privileged Access Management (PAM) solution for on-premises Active Directory. Discover how to build a secure "Bastion Forest" architecture using Microsoft Entra. We talk about PIM for Groups, group write-back, phish-resistant credentials, Privileged Access Workstations (PAW), securing an Entra tenant from the ground up, and navigating challenges with Cloud Solution Provider (CSP) permissions.Watch on YouTubePS. Can I ask a favor? If you enjoyed this episode please leave a review and rating! Thank you 🙏 - MerillAbout MarkAs Principal Domain Architect for Identity at Increment, Mark leads the design and delivery of secure, scalable identity architectures grounded in Microsoft Entra ID and aligned with Zero Trust principles. He specializes in helping organisations modernise their infrastructure and navigate complex identity transformations.Previous to Increment, Mark spent over 20 years at Microsoft in support, field engineering, mission critical and customer experience roles focused on Identity across a wide spectrum of industries in Australia and New Zealand, including Finance, Healthcare, Government, Education and Retail.LinkedIn - https://www.linkedin.com/in/markrenoden/🔗 Related Links* DirectoryShield | Increment - https://www.increment.inc/directoryshield* Entra Security Recommendations - https://aka.ms/EntraSecurityRecommendations* Securing privileged access overview - https://learn.microsoft.com/en-us/security/privileged-access-workstations/privileged-access-overview* MIM - Bastion environment - https://learn.microsoft.com/en-us/microsoft-identity-manager/pam/planning-bastion-environment📗 Chapters00:46 Securing Your Entra Tenant02:09 The Quest for a Microsoft-Only PAM Solution04:21 What is a "Bastion Forest"?07:50 Reimagining the Bastion Forest for the Cloud12:53 Architecting a "Secure-by-Default" Tenant17:41 Phish-Resistant On-Prem Admins19:50 The Modern Privileged Access Workstation (PAW)27:04 The Tiered Administration Model Explained29:51 The Hidden Dangers of CSP Admin Access34:29 How Fast is PIM for Groups?Podcast Apps🎙️ Entra.Chat - https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill's socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
--------
47:37
--------
47:37
From Active Directory to AI Agents: The 25-Year Saga of Microsoft's Identity
In this very special episode, I sit down with the "Yoda of Entra" himself, Tarek Dawoud, who also happens to be my manager!We dig deep into the fascinating and often surprising history of Microsoft's identity platforms. Tarek, who has been on the team since 2007, takes us on a journey from the revolutionary launch of Active Directory in 1999, through the creation of the cloud services that battled Google Apps, to the formation of the identity division and the eventual rebrand to Entra.You'll hear the inside story on how our customer experience team became a "secret weapon" and, most excitingly, we'll look at what the future holds for Identity and Access Management in the new age of AI agents.Watch on YouTubePS. Can I ask a favor? If you enjoyed this episode please leave a review and rating! Thank you 🙏 - MerillAbout Tarek DawoudTarek Dawoud is a long-time veteran at Microsoft, having been with the company for over 18 years. Tarek currently leads the architecture team within the customer engineering (CXE) organization, where he helps customers deploy Entra, gathers insights for the product group, and works to solve the hardest identity problems.LinkedIn - https://www.linkedin.com/in/tarekdawoud/🔗 Related Links📗 Chapters00:00 Intro08:58 The Beginning: The Vision of Active Directory (AD)14:51 The Consumer Side: Microsoft Passport & The Standards Debate18:29 A Defensive Play: How Google Apps Sparked Microsoft's Cloud Identity27:21 The First Merger: Active Directory & Cloud Teams Unite32:03 The Birth of Conditional Access & The Authenticator App42:52 The Security Re-org: Identity Moves to a New Home45:30 A New Era: Rebranding to Entra48:52 The Future is Now: AI, Agentic Identities, and the End of PowerShell?Podcast Apps🎙️ Entra.Chat → https://entra.chat🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill's socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
Entra Chat is a weekly podcast hosted by Merill Fernando and delivers practical insights for Microsoft administrators and security professionals through conversations with identity experts who've been in the trenches.
Episodes feature seasoned Entra practitioners sharing real-world deployment experiences and Microsoft Entra team members who build the features you use daily.
Get the inside track on best practices, implementation strategies, and upcoming capabilities directly from those who design and deploy Microsoft identity solutions.
Join us for actionable takeaways you can apply immediately in your Microsoft 365, Azure, and Entra environments.
---
Entra.Chat, its content and opinions are my (Merill Fernando) own and do not reflect the views of my employer (Microsoft). All postings are provided “AS IS” with no warranties and is not supported by the author. All trademarks and copyrights belong to their owners and are used for identification only. entra.news
USA