I am back home in Melbourne today, and joining me are Nathan McNulty from Alaska and Daniel Bradley from the UK as we dive into all the massive Entra updates that dropped last month. We are breaking down the controversial shift to syncable passkeys , why your Conditional Access policies might suddenly start blocking apps , and the absolute necessity of moving privileged accounts away from on-prem AD. We’re also geeking out over some incredible new Global Secure Access (GSA) features and how AI is completely transforming the way we work with Graph API. You won’t want to miss the under-the-radar changes that could impact your tenant’s security architecture overnight.

Here’s a quick overview of all the topics we covered in this episode (links below).

Sponsored by:

Scan, Score, and Secure Your Applications in Entra

Application identities represent one of the largest attack surfaces in Entra and are often among the least consistently governed. AppGov Score helps IT and Security teams understand where risk exists. The 24-check assessment evaluates Entra ID application integrations against Microsoft-recommended governance practices, analyzing:

* App registrations and enterprise apps for excessive permissions

* Expired or unmanaged secrets

* Ownerless apps

* Risky consent grants, and

* Privileged service principals

Results are delivered as a clear, defensible risk score with actionable findings. No scripts. No manual inventory. Just a fast, read-only scan that reveals app sprawl, identity misconfigurations, and blast radius so you can prioritize remediation and strengthen your security posture with confidence.

Subscribe with your favorite podcast player or watch on YouTube 👇

About Nathan McNulty

Senior Security Solutions Architect at Patriot Consulting and Microsoft MVP in security. Nathan is the practice lead for identity and has extensive experience with endpoint deployments and everything Entra.

LinkedIn - https://www.linkedin.com/in/nathanmcnulty/

About Daniel Bradley

Senior Solution Architect for CDW down in the UK and an MVP in Identity Security and M365 for Graph API. Daniel specializes in pre-sales, mergers, acquisitions, and the highly technical migration space.

LinkedIn - https://www.linkedin.com/in/danielbradley2/

🔗 Related Links

* Entra What's New - https://learn.microsoft.com/en-us/entra/fundamentals/whats-new

* Upcoming Conditional Access change: Improved enforcement for policies with resource exclusions - https://techcommunity.microsoft.com/blog/microsoft-entra-blog/upcoming-conditional-access-change-improved-enforcement-for-policies-with-resour/4488925

* XDRInternals - https://github.com/MSCloudInternals/XDRInternals

* Passkey Login - https://github.com/nathanmcnulty/nathanmcnulty/blob/main/Entra/passkeys/PasskeyLogin.ps1

* Graph PM - https://graph.pm

📗 Chapters

03:01 Syncable Passkeys & Registration Changes

18:10 Conditional Access Policy Updates

26:35 Blocking Hard Match for Privileged Roles

35:42 External Authentication Methods GA

43:04 Lifecycle Workflows & Admin Units

48:01 Global Secure Access (GSA) BYOD Preview

53:06 New My Account Portal & Authenticator Updates

58:43 AI Skills & Automating Graph API

Podcast Apps

🎙️ Entra.Chat - https://entra.chat

🎧 Apple Podcast → https://entra.chat/apple

📺 YouTube → https://entra.chat/youtube

📺 Spotify → https://entra.chat/spotify

🎧 Overcast → https://entra.chat/overcast

🎧 Pocketcast → https://entra.chat/pocketcast

🎧 Others → https://entra.chat/rss

Merill’s socials

📺 YouTube → youtube.com/@merillx

👔 LinkedIn → linkedin.com/in/merill

🐤 Twitter → twitter.com/merill

🕺 TikTok → tiktok.com/@merillf

🦋 Bluesky → bsky.app/profile/merill.net

🐘 Mastodon → infosec.exchange/@merill

🧵 Threads → threads.net/@merillf

🤖 GitHub → github.com/merill

Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe