In this episode, we talk with an identity expert, ex-Microsoftie and Principal Domain Architect, Mark Renoden, about creating a modern Privileged Access Management (PAM) solution for on-premises Active Directory. Discover how to build a secure "Bastion Forest" architecture using Microsoft Entra. We talk about PIM for Groups, group write-back, phish-resistant credentials, Privileged Access Workstations (PAW), securing an Entra tenant from the ground up, and navigating challenges with Cloud Solution Provider (CSP) permissions.

Watch on YouTube

PS. Can I ask a favor? If you enjoyed this episode please leave a review and rating! Thank you 🙏 - Merill

About Mark

As Principal Domain Architect for Identity at Increment, Mark leads the design and delivery of secure, scalable identity architectures grounded in Microsoft Entra ID and aligned with Zero Trust principles. He specializes in helping organisations modernise their infrastructure and navigate complex identity transformations.

Previous to Increment, Mark spent over 20 years at Microsoft in support, field engineering, mission critical and customer experience roles focused on Identity across a wide spectrum of industries in Australia and New Zealand, including Finance, Healthcare, Government, Education and Retail.

LinkedIn - https://www.linkedin.com/in/markrenoden/

🔗 Related Links

* DirectoryShield | Increment - https://www.increment.inc/directoryshield

* Entra Security Recommendations - https://aka.ms/EntraSecurityRecommendations

* Securing privileged access overview - https://learn.microsoft.com/en-us/security/privileged-access-workstations/privileged-access-overview

* MIM - Bastion environment - https://learn.microsoft.com/en-us/microsoft-identity-manager/pam/planning-bastion-environment

📗 Chapters

00:46 Securing Your Entra Tenant

02:09 The Quest for a Microsoft-Only PAM Solution

04:21 What is a "Bastion Forest"?

07:50 Reimagining the Bastion Forest for the Cloud

12:53 Architecting a "Secure-by-Default" Tenant

17:41 Phish-Resistant On-Prem Admins

19:50 The Modern Privileged Access Workstation (PAW)

27:04 The Tiered Administration Model Explained

29:51 The Hidden Dangers of CSP Admin Access

34:29 How Fast is PIM for Groups?

Podcast Apps

🎙️ Entra.Chat - https://entra.chat

🎧 Apple Podcast → https://entra.chat/apple

📺 YouTube → https://entra.chat/youtube

📺 Spotify → https://entra.chat/spotify

🎧 Overcast → https://entra.chat/overcast

🎧 Pocketcast → https://entra.chat/pocketcast

🎧 Others → https://entra.chat/rss

Merill's socials

📺 YouTube → youtube.com/@merillx

👔 LinkedIn → linkedin.com/in/merill

🐤 Twitter → twitter.com/merill

🕺 TikTok → tiktok.com/@merillf

🦋 Bluesky → bsky.app/profile/merill.net

🐘 Mastodon → infosec.exchange/@merill

🧵 Threads → threads.net/@merillf

🤖 GitHub → github.com/merill

Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe