
Sign up to save your podcasts
Or
In this episode, we talk with an identity expert, ex-Microsoftie and Principal Domain Architect, Mark Renoden, about creating a modern Privileged Access Management (PAM) solution for on-premises Active Directory. Discover how to build a secure "Bastion Forest" architecture using Microsoft Entra. We talk about PIM for Groups, group write-back, phish-resistant credentials, Privileged Access Workstations (PAW), securing an Entra tenant from the ground up, and navigating challenges with Cloud Solution Provider (CSP) permissions.
Watch on YouTube
PS. Can I ask a favor? If you enjoyed this episode please leave a review and rating! Thank you π - Merill
About Mark
As Principal Domain Architect for Identity at Increment, Mark leads the design and delivery of secure, scalable identity architectures grounded in Microsoft Entra ID and aligned with Zero Trust principles. He specializes in helping organisations modernise their infrastructure and navigate complex identity transformations.
Previous to Increment, Mark spent over 20 years at Microsoft in support, field engineering, mission critical and customer experience roles focused on Identity across a wide spectrum of industries in Australia and New Zealand, including Finance, Healthcare, Government, Education and Retail.
LinkedIn - https://www.linkedin.com/in/markrenoden/
π Related Links
* DirectoryShield | Increment - https://www.increment.inc/directoryshield
* Entra Security Recommendations - https://aka.ms/EntraSecurityRecommendations
* Securing privileged access overview - https://learn.microsoft.com/en-us/security/privileged-access-workstations/privileged-access-overview
* MIM - Bastion environment - https://learn.microsoft.com/en-us/microsoft-identity-manager/pam/planning-bastion-environment
π Chapters
00:46 Securing Your Entra Tenant
02:09 The Quest for a Microsoft-Only PAM Solution
04:21 What is a "Bastion Forest"?
07:50 Reimagining the Bastion Forest for the Cloud
12:53 Architecting a "Secure-by-Default" Tenant
17:41 Phish-Resistant On-Prem Admins
19:50 The Modern Privileged Access Workstation (PAW)
27:04 The Tiered Administration Model Explained
29:51 The Hidden Dangers of CSP Admin Access
34:29 How Fast is PIM for Groups?
Podcast Apps
ποΈ Entra.Chat - https://entra.chat
π§ Apple Podcast β https://entra.chat/apple
πΊ YouTube β https://entra.chat/youtube
πΊ Spotify β https://entra.chat/spotify
π§ Overcast β https://entra.chat/overcast
π§ Pocketcast β https://entra.chat/pocketcast
π§ Others β https://entra.chat/rss
Merill's socials
πΊ YouTube β youtube.com/@merillx
π LinkedIn β linkedin.com/in/merill
π€ Twitter β twitter.com/merill
πΊ TikTok β tiktok.com/@merillf
π¦ Bluesky β bsky.app/profile/merill.net
π Mastodon β infosec.exchange/@merill
π§΅ Threads β threads.net/@merillf
π€ GitHub β github.com/merill
5
44 ratings
In this episode, we talk with an identity expert, ex-Microsoftie and Principal Domain Architect, Mark Renoden, about creating a modern Privileged Access Management (PAM) solution for on-premises Active Directory. Discover how to build a secure "Bastion Forest" architecture using Microsoft Entra. We talk about PIM for Groups, group write-back, phish-resistant credentials, Privileged Access Workstations (PAW), securing an Entra tenant from the ground up, and navigating challenges with Cloud Solution Provider (CSP) permissions.
Watch on YouTube
PS. Can I ask a favor? If you enjoyed this episode please leave a review and rating! Thank you π - Merill
About Mark
As Principal Domain Architect for Identity at Increment, Mark leads the design and delivery of secure, scalable identity architectures grounded in Microsoft Entra ID and aligned with Zero Trust principles. He specializes in helping organisations modernise their infrastructure and navigate complex identity transformations.
Previous to Increment, Mark spent over 20 years at Microsoft in support, field engineering, mission critical and customer experience roles focused on Identity across a wide spectrum of industries in Australia and New Zealand, including Finance, Healthcare, Government, Education and Retail.
LinkedIn - https://www.linkedin.com/in/markrenoden/
π Related Links
* DirectoryShield | Increment - https://www.increment.inc/directoryshield
* Entra Security Recommendations - https://aka.ms/EntraSecurityRecommendations
* Securing privileged access overview - https://learn.microsoft.com/en-us/security/privileged-access-workstations/privileged-access-overview
* MIM - Bastion environment - https://learn.microsoft.com/en-us/microsoft-identity-manager/pam/planning-bastion-environment
π Chapters
00:46 Securing Your Entra Tenant
02:09 The Quest for a Microsoft-Only PAM Solution
04:21 What is a "Bastion Forest"?
07:50 Reimagining the Bastion Forest for the Cloud
12:53 Architecting a "Secure-by-Default" Tenant
17:41 Phish-Resistant On-Prem Admins
19:50 The Modern Privileged Access Workstation (PAW)
27:04 The Tiered Administration Model Explained
29:51 The Hidden Dangers of CSP Admin Access
34:29 How Fast is PIM for Groups?
Podcast Apps
ποΈ Entra.Chat - https://entra.chat
π§ Apple Podcast β https://entra.chat/apple
πΊ YouTube β https://entra.chat/youtube
πΊ Spotify β https://entra.chat/spotify
π§ Overcast β https://entra.chat/overcast
π§ Pocketcast β https://entra.chat/pocketcast
π§ Others β https://entra.chat/rss
Merill's socials
πΊ YouTube β youtube.com/@merillx
π LinkedIn β linkedin.com/in/merill
π€ Twitter β twitter.com/merill
πΊ TikTok β tiktok.com/@merillf
π¦ Bluesky β bsky.app/profile/merill.net
π Mastodon β infosec.exchange/@merill
π§΅ Threads β threads.net/@merillf
π€ GitHub β github.com/merill
361 Listeners
626 Listeners
366 Listeners
176 Listeners
1,006 Listeners
312 Listeners
7,879 Listeners
314 Listeners
74 Listeners
9 Listeners
24 Listeners
441 Listeners
127 Listeners
14 Listeners
43 Listeners