
Sign up to save your podcasts
Or
In this episode, we talk with an identity expert, ex-Microsoftie and Principal Domain Architect, Mark Renoden, about creating a modern Privileged Access Management (PAM) solution for on-premises Active Directory. Discover how to build a secure "Bastion Forest" architecture using Microsoft Entra. We talk about PIM for Groups, group write-back, phish-resistant credentials, Privileged Access Workstations (PAW), securing an Entra tenant from the ground up, and navigating challenges with Cloud Solution Provider (CSP) permissions.
Watch on YouTube
PS. Can I ask a favor? If you enjoyed this episode please leave a review and rating! Thank you π - Merill
About Mark
As Principal Domain Architect for Identity at Increment, Mark leads the design and delivery of secure, scalable identity architectures grounded in Microsoft Entra ID and aligned with Zero Trust principles. He specializes in helping organisations modernise their infrastructure and navigate complex identity transformations.
Previous to Increment, Mark spent over 20 years at Microsoft in support, field engineering, mission critical and customer experience roles focused on Identity across a wide spectrum of industries in Australia and New Zealand, including Finance, Healthcare, Government, Education and Retail.
LinkedIn - https://www.linkedin.com/in/markrenoden/
π Related Links
* DirectoryShield | Increment - https://www.increment.inc/directoryshield
* Entra Security Recommendations - https://aka.ms/EntraSecurityRecommendations
* Securing privileged access overview - https://learn.microsoft.com/en-us/security/privileged-access-workstations/privileged-access-overview
* MIM - Bastion environment - https://learn.microsoft.com/en-us/microsoft-identity-manager/pam/planning-bastion-environment
π Chapters
00:46 Securing Your Entra Tenant
02:09 The Quest for a Microsoft-Only PAM Solution
04:21 What is a "Bastion Forest"?
07:50 Reimagining the Bastion Forest for the Cloud
12:53 Architecting a "Secure-by-Default" Tenant
17:41 Phish-Resistant On-Prem Admins
19:50 The Modern Privileged Access Workstation (PAW)
27:04 The Tiered Administration Model Explained
29:51 The Hidden Dangers of CSP Admin Access
34:29 How Fast is PIM for Groups?
Podcast Apps
ποΈ Entra.Chat - https://entra.chat
π§ Apple Podcast β https://entra.chat/apple
πΊ YouTube β https://entra.chat/youtube
πΊ Spotify β https://entra.chat/spotify
π§ Overcast β https://entra.chat/overcast
π§ Pocketcast β https://entra.chat/pocketcast
π§ Others β https://entra.chat/rss
Merill's socials
πΊ YouTube β youtube.com/@merillx
π LinkedIn β linkedin.com/in/merill
π€ Twitter β twitter.com/merill
πΊ TikTok β tiktok.com/@merillf
π¦ Bluesky β bsky.app/profile/merill.net
π Mastodon β infosec.exchange/@merill
π§΅ Threads β threads.net/@merillf
π€ GitHub β github.com/merill
5
44 ratings
In this episode, we talk with an identity expert, ex-Microsoftie and Principal Domain Architect, Mark Renoden, about creating a modern Privileged Access Management (PAM) solution for on-premises Active Directory. Discover how to build a secure "Bastion Forest" architecture using Microsoft Entra. We talk about PIM for Groups, group write-back, phish-resistant credentials, Privileged Access Workstations (PAW), securing an Entra tenant from the ground up, and navigating challenges with Cloud Solution Provider (CSP) permissions.
Watch on YouTube
PS. Can I ask a favor? If you enjoyed this episode please leave a review and rating! Thank you π - Merill
About Mark
As Principal Domain Architect for Identity at Increment, Mark leads the design and delivery of secure, scalable identity architectures grounded in Microsoft Entra ID and aligned with Zero Trust principles. He specializes in helping organisations modernise their infrastructure and navigate complex identity transformations.
Previous to Increment, Mark spent over 20 years at Microsoft in support, field engineering, mission critical and customer experience roles focused on Identity across a wide spectrum of industries in Australia and New Zealand, including Finance, Healthcare, Government, Education and Retail.
LinkedIn - https://www.linkedin.com/in/markrenoden/
π Related Links
* DirectoryShield | Increment - https://www.increment.inc/directoryshield
* Entra Security Recommendations - https://aka.ms/EntraSecurityRecommendations
* Securing privileged access overview - https://learn.microsoft.com/en-us/security/privileged-access-workstations/privileged-access-overview
* MIM - Bastion environment - https://learn.microsoft.com/en-us/microsoft-identity-manager/pam/planning-bastion-environment
π Chapters
00:46 Securing Your Entra Tenant
02:09 The Quest for a Microsoft-Only PAM Solution
04:21 What is a "Bastion Forest"?
07:50 Reimagining the Bastion Forest for the Cloud
12:53 Architecting a "Secure-by-Default" Tenant
17:41 Phish-Resistant On-Prem Admins
19:50 The Modern Privileged Access Workstation (PAW)
27:04 The Tiered Administration Model Explained
29:51 The Hidden Dangers of CSP Admin Access
34:29 How Fast is PIM for Groups?
Podcast Apps
ποΈ Entra.Chat - https://entra.chat
π§ Apple Podcast β https://entra.chat/apple
πΊ YouTube β https://entra.chat/youtube
πΊ Spotify β https://entra.chat/spotify
π§ Overcast β https://entra.chat/overcast
π§ Pocketcast β https://entra.chat/pocketcast
π§ Others β https://entra.chat/rss
Merill's socials
πΊ YouTube β youtube.com/@merillx
π LinkedIn β linkedin.com/in/merill
π€ Twitter β twitter.com/merill
πΊ TikTok β tiktok.com/@merillf
π¦ Bluesky β bsky.app/profile/merill.net
π Mastodon β infosec.exchange/@merill
π§΅ Threads β threads.net/@merillf
π€ GitHub β github.com/merill
1,983 Listeners
365 Listeners
636 Listeners
366 Listeners
183 Listeners
1,009 Listeners
312 Listeners
415 Listeners
7,913 Listeners
166 Listeners
189 Listeners
314 Listeners
74 Listeners
127 Listeners
43 Listeners