
Sign up to save your podcasts
Or


AI agents can make decisions and act faster than any human — which means your old identity security playbook no longer holds. In this episode of Entra Chat, [host name] sits down with Nikhil, a 10+ year Microsoft identity veteran from the Authentication Stack and Identity Protection team, to break down how Microsoft Entra, Conditional Access, Defender, and Purview are evolving to secure agentic AI.
We get into why “security = MFA” is dead, why the only recommended Conditional Access control for agents today is block (and why that’s actually good for your users), the missing “challenge” state in agent access, indirect prompt injection, and the unified risk model spanning identity, endpoint, and data layers. If you manage Microsoft Entra ID, run Zero Trust, or are figuring out how to govern AI agents in your tenant, this one’s for you.
🔎 What you’ll learn:
* Why agents are the new insider threat and why latency no longer protects you
* How Conditional Access now targets agentic users and agents
* Why “block” is the default control for agents (allow / block / challenge explained)
* How unified risk works across Entra, Microsoft Defender & Microsoft Purview
* Continuous Access Evaluation interrupting in-motion agent sessions
* Why LLMs recommend insecure defaults (the device code flow problem)
* The Conditional Access optimization agent, report-only mode & phased rollout
* The #1 thing Entra admins and CISOs should do in the next 3–6 months
Subscribe with your favorite podcast player or watch on YouTube 👇
About Nikhil
Nikhil Boreddy has spent over a decade at Microsoft, from the early Authentication Stack and Identity Protection team to the birth of Conditional Access. Today he works across Entra and Microsoft Security on one of the toughest challenges in the field: securing AI agents in the enterprise.
LinkedIn - https://www.linkedin.com/in/nikhilboreddy/
🔗 Related Links
* Microsoft Entra - https://learn.microsoft.com/en-us/entra/id-protection/concept-risky-agents
* Microsoft Zero Trust - https://aka.ms/ztworkshop
📗 Chapters
00:01:49 The Shift from MFA to Zero Trust
00:02:43 The Rise of AI Agents in Enterprise Security
00:04:40 Vulnerabilities in AI Workflows
00:08:09 Microsoft Security and Agent ID
00:10:41 Using the Conditional Access Optimization Agent
00:11:44 Breaking Silos: Entra, Purview, and Defender
00:20:01 Expanding Conditional Access for Agentic Users
00:26:36 Why Block is the Recommended Control for Agents
00:33:38 The Power of the Microsoft Security Stack
00:38:31 Advice for CISOs: Embracing AI in Security
Podcast Apps
🎙️ Entra.Chat - https://entra.chat
🎧 Apple Podcast → https://entra.chat/apple
📺 YouTube → https://entra.chat/youtube
📺 Spotify → https://entra.chat/spotify
🎧 Overcast → https://entra.chat/overcast
🎧 Pocketcast → https://entra.chat/pocketcast
🎧 Others → https://entra.chat/rss
Merill’s socials
📺 YouTube → youtube.com/@merillx
👔 LinkedIn → linkedin.com/in/merill
🐤 Twitter → twitter.com/merill
🕺 TikTok → tiktok.com/@merillf
🦋 Bluesky → bsky.app/profile/merill.net
🐘 Mastodon → infosec.exchange/@merill
🧵 Threads → threads.net/@merillf
🤖 GitHub → github.com/merill
By Merill Fernando5
55 ratings
AI agents can make decisions and act faster than any human — which means your old identity security playbook no longer holds. In this episode of Entra Chat, [host name] sits down with Nikhil, a 10+ year Microsoft identity veteran from the Authentication Stack and Identity Protection team, to break down how Microsoft Entra, Conditional Access, Defender, and Purview are evolving to secure agentic AI.
We get into why “security = MFA” is dead, why the only recommended Conditional Access control for agents today is block (and why that’s actually good for your users), the missing “challenge” state in agent access, indirect prompt injection, and the unified risk model spanning identity, endpoint, and data layers. If you manage Microsoft Entra ID, run Zero Trust, or are figuring out how to govern AI agents in your tenant, this one’s for you.
🔎 What you’ll learn:
* Why agents are the new insider threat and why latency no longer protects you
* How Conditional Access now targets agentic users and agents
* Why “block” is the default control for agents (allow / block / challenge explained)
* How unified risk works across Entra, Microsoft Defender & Microsoft Purview
* Continuous Access Evaluation interrupting in-motion agent sessions
* Why LLMs recommend insecure defaults (the device code flow problem)
* The Conditional Access optimization agent, report-only mode & phased rollout
* The #1 thing Entra admins and CISOs should do in the next 3–6 months
Subscribe with your favorite podcast player or watch on YouTube 👇
About Nikhil
Nikhil Boreddy has spent over a decade at Microsoft, from the early Authentication Stack and Identity Protection team to the birth of Conditional Access. Today he works across Entra and Microsoft Security on one of the toughest challenges in the field: securing AI agents in the enterprise.
LinkedIn - https://www.linkedin.com/in/nikhilboreddy/
🔗 Related Links
* Microsoft Entra - https://learn.microsoft.com/en-us/entra/id-protection/concept-risky-agents
* Microsoft Zero Trust - https://aka.ms/ztworkshop
📗 Chapters
00:01:49 The Shift from MFA to Zero Trust
00:02:43 The Rise of AI Agents in Enterprise Security
00:04:40 Vulnerabilities in AI Workflows
00:08:09 Microsoft Security and Agent ID
00:10:41 Using the Conditional Access Optimization Agent
00:11:44 Breaking Silos: Entra, Purview, and Defender
00:20:01 Expanding Conditional Access for Agentic Users
00:26:36 Why Block is the Recommended Control for Agents
00:33:38 The Power of the Microsoft Security Stack
00:38:31 Advice for CISOs: Embracing AI in Security
Podcast Apps
🎙️ Entra.Chat - https://entra.chat
🎧 Apple Podcast → https://entra.chat/apple
📺 YouTube → https://entra.chat/youtube
📺 Spotify → https://entra.chat/spotify
🎧 Overcast → https://entra.chat/overcast
🎧 Pocketcast → https://entra.chat/pocketcast
🎧 Others → https://entra.chat/rss
Merill’s socials
📺 YouTube → youtube.com/@merillx
👔 LinkedIn → linkedin.com/in/merill
🐤 Twitter → twitter.com/merill
🕺 TikTok → tiktok.com/@merillf
🦋 Bluesky → bsky.app/profile/merill.net
🐘 Mastodon → infosec.exchange/@merill
🧵 Threads → threads.net/@merillf
🤖 GitHub → github.com/merill

14,379 Listeners

1,919 Listeners

1,657 Listeners

376 Listeners

98 Listeners

648 Listeners

421 Listeners

65 Listeners

8,059 Listeners

313 Listeners

61 Listeners

3 Listeners

48 Listeners

45 Listeners

55 Listeners