AI Agents Need Their Own Identity: A Zero Trust Playbook
Stop wiring AI agents to shared secrets and borrowed service accounts. Treat every agent as a governed non-human identity with the controls you already run.
Stop wiring AI agents to shared secrets and borrowed service accounts. Treat every agent as a governed non-human identity with the controls you already run.
Lifecycle Workflows can now test an Update user attributes task for joiner, mover, and leaver automation.
Microsoft Entra now lets you apply Purview sensitivity labels to cloud security groups in public preview — here’s why it matters and how to test it.
SAP SuccessFactors HR provisioning can now use short-lived federated OIDC tokens instead of stored basic-auth passwords. Here’s how the Public Preview works.
Passkeys on Windows Hello let users register device-bound FIDO2 credentials in the local Windows Hello container.
Microsoft Entra registration campaigns can now nudge eligible users to register passkeys during sign-in.
Access packages can now govern active and eligible Azure RBAC assignments at key Azure scopes in Public Preview.
Domainless SAML federation lets external users sign in with their own IdP even when email domains do not map cleanly.
Device soft delete moves deleted Entra device objects into a recoverable state instead of removing them immediately.
App Deactivation lets admins stop new token issuance while preserving app registration metadata and configuration.
Agent Identity Sponsorship Transitions help lifecycle workflows notify and transfer ownership when an agent sponsor changes.
Prompt injection is one of the first risks security teams run into once AI pilots turn into production workloads. Attackers craft inputs that trick a large...
Mobile access is always where policy consistency gets tested. People live in Microsoft 365 on iPhones and iPads, and if your Zero Trust controls stop at th...
When an account is compromised, every minute spent escalating to an IAM admin is a minute the attacker keeps working. Privileged Identity Response for SOCs...
Partner access usually breaks down at the handoff between identity and connectivity. You can invite a guest, but getting them to the right private app — wi...
Access delays are often communication problems, not policy problems. A request sits pending, nobody knows who’s responsible, and the requestor opens a tick...
If you build on Microsoft Entra sign-in data, this is a quietly important update. Microsoft Graph now supports $count in sign-in API requests, so your quer...
Privileged access should never ride on stale trust. A user who signed in hours ago and now wants to step into an admin role is a different risk than they w...
Most teams know exactly what licenses they bought. Far fewer can show how much of that capability is actually being used. That gap costs money at renewal a...
If you build customer-facing apps, you know the tension: users expect to sign in with the accounts they already have, but you don’t want to hand the whole ...
Connecting workforce identity to customer-facing applications has long meant duplicate accounts — and duplicate accounts mean extra lifecycle work, inconsi...
Even in a cloud-first architecture, branch traffic still needs old-school network control. The problem is that maintaining that control usually means rule ...
A lot of branch and remote-site traffic still comes from devices that will never run a client — printers, kiosks, IoT gear, shared workstations, and the li...
Plenty of internet traffic still originates from places where installing the Global Secure Access client just isn’t realistic — multi-session VDI, kiosks, ...
Token lifetime settings look minor on paper, but they shape how long access persists after it’s granted — and not every application deserves the same behav...
Offboarding delays are more than an HR annoyance — they’re an identity risk. Every hour an account stays active past someone’s last day is an hour of unnec...
A lot of modern data loss looks completely ordinary. Someone uploads a spreadsheet to a generative AI tool, drags a PDF into personal mail, or pushes a con...
Most organizations get phishing-resistant authentication working on the desktop and then stall at mobile. iPhones and iPads are where people actually do a ...
For years, Microsoft Entra branding has been a tenant-wide decision. That’s fine when one identity maps to one audience — but most tenants don’t work that ...
For hybrid identity teams, stability work matters just as much as new features. Microsoft Identity Manager 2016 Service Pack 3 is now Generally Available, ...
In PKI-heavy environments, broad certificate trust gets messy fast. If every trusted certificate authority is valid for every user, you lose the ability to...
The hardest part of bringing an application into governance usually isn’t wiring up the connector — it’s answering a deceptively simple question: who alrea...
Anyone who has rolled out certificate-based authentication has seen it: a user opens the certificate picker, finds a long list of options, and guesses. The...
Strong authentication only helps if the platform actually steers people toward it. Users tend to pick whatever is fastest at the prompt, and on iOS certifi...
Stop wiring AI agents to shared secrets and borrowed service accounts. Treat every agent as a governed non-human identity with the controls you already run.
App Deactivation lets admins stop new token issuance while preserving app registration metadata and configuration.
Prompt injection is one of the first risks security teams run into once AI pilots turn into production workloads. Attackers craft inputs that trick a large...
Mobile access is always where policy consistency gets tested. People live in Microsoft 365 on iPhones and iPads, and if your Zero Trust controls stop at th...
Partner access usually breaks down at the handoff between identity and connectivity. You can invite a guest, but getting them to the right private app — wi...
Access delays are often communication problems, not policy problems. A request sits pending, nobody knows who’s responsible, and the requestor opens a tick...
Privileged access should never ride on stale trust. A user who signed in hours ago and now wants to step into an admin role is a different risk than they w...
Even in a cloud-first architecture, branch traffic still needs old-school network control. The problem is that maintaining that control usually means rule ...
A lot of branch and remote-site traffic still comes from devices that will never run a client — printers, kiosks, IoT gear, shared workstations, and the li...
Token lifetime settings look minor on paper, but they shape how long access persists after it’s granted — and not every application deserves the same behav...
Offboarding delays are more than an HR annoyance — they’re an identity risk. Every hour an account stays active past someone’s last day is an hour of unnec...
A lot of modern data loss looks completely ordinary. Someone uploads a spreadsheet to a generative AI tool, drags a PDF into personal mail, or pushes a con...
Most organizations get phishing-resistant authentication working on the desktop and then stall at mobile. iPhones and iPads are where people actually do a ...
In PKI-heavy environments, broad certificate trust gets messy fast. If every trusted certificate authority is valid for every user, you lose the ability to...
Anyone who has rolled out certificate-based authentication has seen it: a user opens the certificate picker, finds a long list of options, and guesses. The...
Strong authentication only helps if the platform actually steers people toward it. Users tend to pick whatever is fastest at the prompt, and on iOS certifi...
Modernized My Account pages are generally available, giving users clearer self-service paths for account and device tasks.
In today’s digital landscape, securing devices and ensuring seamless access to corporate resources is paramount. As an Identity & Security expert, it’...
We have observed recently many customers are asking why they do see the same device has two device objects on Azure AD, and connected twice to Azure AD as Az...
Responding to COVID-19 (aka. coronavirus) crisis, employees started working from home, and we start receiving many queries about Azure AD Devices. In this ar...
The number of users working from home (WFH) increases in the response of COVID-19 (aka. coronavirus) outbreak, and we need to make sure that identities and t...
The number of users working from home (WFH) increases in response of COVID-19 (aka. coronavirus) outbreak, and we need to make sure that identities and their...
Lots of customers are asking if it is important to connect their devices to Azure AD, and what are the benefits of doing this.
Do you have pending devices in your Azure AD tenant? If so, then this article is definitely for you 🙂
In this article, I am discussing device registration for hybrid Azure AD joined devices. First of all, let’s go through device registration steps: The dev...
When configuring Hybrid Azure AD joined devices with non-persistent Virtual Desktop Infrastructure (VDI) we face the following challenges: Non-persistent ...
In a previous article I described why Do I really need to connect my device to Azure AD. In this article I will describe the available types of having device...
When the user login successfully to Hybrid Azure AD device or Azure AD joined device, he acquires AzureAD PRT which is extremely important to enable Single S...
In today’s digital landscape, securing devices and ensuring seamless access to corporate resources is paramount. As an Identity & Security expert, it’...
We have observed recently many customers are asking why they do see the same device has two device objects on Azure AD, and connected twice to Azure AD as Az...
Responding to COVID-19 (aka. coronavirus) crisis, employees started working from home, and we start receiving many queries about Azure AD Devices. In this ar...
The number of users working from home (WFH) increases in the response of COVID-19 (aka. coronavirus) outbreak, and we need to make sure that identities and t...
The number of users working from home (WFH) increases in response of COVID-19 (aka. coronavirus) outbreak, and we need to make sure that identities and their...
Lots of customers are asking if it is important to connect their devices to Azure AD, and what are the benefits of doing this.
Do you have pending devices in your Azure AD tenant? If so, then this article is definitely for you 🙂
In this article, I am discussing device registration for hybrid Azure AD joined devices. First of all, let’s go through device registration steps: The dev...
When configuring Hybrid Azure AD joined devices with non-persistent Virtual Desktop Infrastructure (VDI) we face the following challenges: Non-persistent ...
In a previous article I described why Do I really need to connect my device to Azure AD. In this article I will describe the available types of having device...
When the user login successfully to Hybrid Azure AD device or Azure AD joined device, he acquires AzureAD PRT which is extremely important to enable Single S...
In today’s digital landscape, securing devices and ensuring seamless access to corporate resources is paramount. As an Identity & Security expert, it’...
We have observed recently many customers are asking why they do see the same device has two device objects on Azure AD, and connected twice to Azure AD as Az...
Responding to COVID-19 (aka. coronavirus) crisis, employees started working from home, and we start receiving many queries about Azure AD Devices. In this ar...
The number of users working from home (WFH) increases in the response of COVID-19 (aka. coronavirus) outbreak, and we need to make sure that identities and t...
The number of users working from home (WFH) increases in response of COVID-19 (aka. coronavirus) outbreak, and we need to make sure that identities and their...
Lots of customers are asking if it is important to connect their devices to Azure AD, and what are the benefits of doing this.
Do you have pending devices in your Azure AD tenant? If so, then this article is definitely for you 🙂
In this article, I am discussing device registration for hybrid Azure AD joined devices. First of all, let’s go through device registration steps: The dev...
When configuring Hybrid Azure AD joined devices with non-persistent Virtual Desktop Infrastructure (VDI) we face the following challenges: Non-persistent ...
In a previous article I described why Do I really need to connect my device to Azure AD. In this article I will describe the available types of having device...
When the user login successfully to Hybrid Azure AD device or Azure AD joined device, he acquires AzureAD PRT which is extremely important to enable Single S...
In today’s digital landscape, securing devices and ensuring seamless access to corporate resources is paramount. As an Identity & Security expert, it’...
We have observed recently many customers are asking why they do see the same device has two device objects on Azure AD, and connected twice to Azure AD as Az...
Responding to COVID-19 (aka. coronavirus) crisis, employees started working from home, and we start receiving many queries about Azure AD Devices. In this ar...
The number of users working from home (WFH) increases in the response of COVID-19 (aka. coronavirus) outbreak, and we need to make sure that identities and t...
The number of users working from home (WFH) increases in response of COVID-19 (aka. coronavirus) outbreak, and we need to make sure that identities and their...
Lots of customers are asking if it is important to connect their devices to Azure AD, and what are the benefits of doing this.
Do you have pending devices in your Azure AD tenant? If so, then this article is definitely for you 🙂
In this article, I am discussing device registration for hybrid Azure AD joined devices. First of all, let’s go through device registration steps: The dev...
When configuring Hybrid Azure AD joined devices with non-persistent Virtual Desktop Infrastructure (VDI) we face the following challenges: Non-persistent ...
In a previous article I described why Do I really need to connect my device to Azure AD. In this article I will describe the available types of having device...
When the user login successfully to Hybrid Azure AD device or Azure AD joined device, he acquires AzureAD PRT which is extremely important to enable Single S...
In today’s digital landscape, securing devices and ensuring seamless access to corporate resources is paramount. As an Identity & Security expert, it’...
Responding to COVID-19 (aka. coronavirus) crisis, employees started working from home, and we start receiving many queries about Azure AD Devices. In this ar...
The number of users working from home (WFH) increases in the response of COVID-19 (aka. coronavirus) outbreak, and we need to make sure that identities and t...
The number of users working from home (WFH) increases in response of COVID-19 (aka. coronavirus) outbreak, and we need to make sure that identities and their...
Lots of customers are asking if it is important to connect their devices to Azure AD, and what are the benefits of doing this.
Do you have pending devices in your Azure AD tenant? If so, then this article is definitely for you 🙂
In this article, I am discussing device registration for hybrid Azure AD joined devices. First of all, let’s go through device registration steps: The dev...
When configuring Hybrid Azure AD joined devices with non-persistent Virtual Desktop Infrastructure (VDI) we face the following challenges: Non-persistent ...
In a previous article I described why Do I really need to connect my device to Azure AD. In this article I will describe the available types of having device...
When the user login successfully to Hybrid Azure AD device or Azure AD joined device, he acquires AzureAD PRT which is extremely important to enable Single S...
Prompt injection is one of the first risks security teams run into once AI pilots turn into production workloads. Attackers craft inputs that trick a large...
Mobile access is always where policy consistency gets tested. People live in Microsoft 365 on iPhones and iPads, and if your Zero Trust controls stop at th...
Partner access usually breaks down at the handoff between identity and connectivity. You can invite a guest, but getting them to the right private app — wi...
Even in a cloud-first architecture, branch traffic still needs old-school network control. The problem is that maintaining that control usually means rule ...
A lot of branch and remote-site traffic still comes from devices that will never run a client — printers, kiosks, IoT gear, shared workstations, and the li...
Plenty of internet traffic still originates from places where installing the Global Secure Access client just isn’t realistic — multi-session VDI, kiosks, ...
A lot of modern data loss looks completely ordinary. Someone uploads a spreadsheet to a generative AI tool, drags a PDF into personal mail, or pushes a con...
Lifecycle Workflows can now test an Update user attributes task for joiner, mover, and leaver automation.
Access packages can now govern active and eligible Azure RBAC assignments at key Azure scopes in Public Preview.
Cross-tenant group synchronization is generally available for synchronizing security groups and memberships across Entra tenants.
Agent Identity Sponsorship Transitions help lifecycle workflows notify and transfer ownership when an agent sponsor changes.
Access delays are often communication problems, not policy problems. A request sits pending, nobody knows who’s responsible, and the requestor opens a tick...
Offboarding delays are more than an HR annoyance — they’re an identity risk. Every hour an account stays active past someone’s last day is an hour of unnec...
Most teams know exactly what licenses they bought. Far fewer can show how much of that capability is actually being used. That gap costs money at renewal a...
Connecting workforce identity to customer-facing applications has long meant duplicate accounts — and duplicate accounts mean extra lifecycle work, inconsi...
For years, Microsoft Entra branding has been a tenant-wide decision. That’s fine when one identity maps to one audience — but most tenants don’t work that ...
In PKI-heavy environments, broad certificate trust gets messy fast. If every trusted certificate authority is valid for every user, you lose the ability to...
The hardest part of bringing an application into governance usually isn’t wiring up the connector — it’s answering a deceptively simple question: who alrea...
Most organizations get phishing-resistant authentication working on the desktop and then stall at mobile. iPhones and iPads are where people actually do a ...
In PKI-heavy environments, broad certificate trust gets messy fast. If every trusted certificate authority is valid for every user, you lose the ability to...
Anyone who has rolled out certificate-based authentication has seen it: a user opens the certificate picker, finds a long list of options, and guesses. The...
Strong authentication only helps if the platform actually steers people toward it. Users tend to pick whatever is fastest at the prompt, and on iOS certifi...
SAP SuccessFactors HR provisioning can now use short-lived federated OIDC tokens instead of stored basic-auth passwords. Here’s how the Public Preview works.
Cross-tenant group synchronization is generally available for synchronizing security groups and memberships across Entra tenants.
Offboarding delays are more than an HR annoyance — they’re an identity risk. Every hour an account stays active past someone’s last day is an hour of unnec...
The hardest part of bringing an application into governance usually isn’t wiring up the connector — it’s answering a deceptively simple question: who alrea...
Microsoft single sign-on for Linux is generally available, bringing Entra registration, brokered SSO, and device-based controls to Linux desktops.
Privileged access should never ride on stale trust. A user who signed in hours ago and now wants to step into an admin role is a different risk than they w...
Most teams know exactly what licenses they bought. Far fewer can show how much of that capability is actually being used. That gap costs money at renewal a...
Plenty of internet traffic still originates from places where installing the Global Secure Access client just isn’t realistic — multi-session VDI, kiosks, ...
Modernized My Account pages are generally available, giving users clearer self-service paths for account and device tasks.
Microsoft single sign-on for Linux is generally available, bringing Entra registration, brokered SSO, and device-based controls to Linux desktops.
Cross-tenant group synchronization is generally available for synchronizing security groups and memberships across Entra tenants.
System-preferred authentication now applies to first-factor and second-factor sign-in when Microsoft managed settings are used.
Mobile access is always where policy consistency gets tested. People live in Microsoft 365 on iPhones and iPads, and if your Zero Trust controls stop at th...
Most organizations get phishing-resistant authentication working on the desktop and then stall at mobile. iPhones and iPads are where people actually do a ...
Strong authentication only helps if the platform actually steers people toward it. Users tend to pick whatever is fastest at the prompt, and on iOS certifi...
Stop wiring AI agents to shared secrets and borrowed service accounts. Treat every agent as a governed non-human identity with the controls you already run.
Prompt injection is one of the first risks security teams run into once AI pilots turn into production workloads. Attackers craft inputs that trick a large...
A lot of modern data loss looks completely ordinary. Someone uploads a spreadsheet to a generative AI tool, drags a PDF into personal mail, or pushes a con...
Domainless SAML federation lets external users sign in with their own IdP even when email domains do not map cleanly.
If you build customer-facing apps, you know the tension: users expect to sign in with the accounts they already have, but you don’t want to hand the whole ...
Connecting workforce identity to customer-facing applications has long meant duplicate accounts — and duplicate accounts mean extra lifecycle work, inconsi...
Device soft delete moves deleted Entra device objects into a recoverable state instead of removing them immediately.
High Scale Compatibility mode is generally available for phased Azure AD B2C migrations to Microsoft Entra External ID.
If you build on Microsoft Entra sign-in data, this is a quietly important update. Microsoft Graph now supports $count in sign-in API requests, so your quer...
Passkeys on Windows Hello let users register device-bound FIDO2 credentials in the local Windows Hello container.
Microsoft Entra registration campaigns can now nudge eligible users to register passkeys during sign-in.
System-preferred authentication now applies to first-factor and second-factor sign-in when Microsoft managed settings are used.
Passkeys on Windows Hello let users register device-bound FIDO2 credentials in the local Windows Hello container.
Microsoft Entra registration campaigns can now nudge eligible users to register passkeys during sign-in.
System-preferred authentication now applies to first-factor and second-factor sign-in when Microsoft managed settings are used.
Most organizations get phishing-resistant authentication working on the desktop and then stall at mobile. iPhones and iPads are where people actually do a ...
Strong authentication only helps if the platform actually steers people toward it. Users tend to pick whatever is fastest at the prompt, and on iOS certifi...
In PKI-heavy environments, broad certificate trust gets messy fast. If every trusted certificate authority is valid for every user, you lose the ability to...
Anyone who has rolled out certificate-based authentication has seen it: a user opens the certificate picker, finds a long list of options, and guesses. The...
Domainless SAML federation lets external users sign in with their own IdP even when email domains do not map cleanly.
Token lifetime settings look minor on paper, but they shape how long access persists after it’s granted — and not every application deserves the same behav...
Even in a cloud-first architecture, branch traffic still needs old-school network control. The problem is that maintaining that control usually means rule ...
A lot of branch and remote-site traffic still comes from devices that will never run a client — printers, kiosks, IoT gear, shared workstations, and the li...
SAP SuccessFactors HR provisioning can now use short-lived federated OIDC tokens instead of stored basic-auth passwords. Here’s how the Public Preview works.
Connecting workforce identity to customer-facing applications has long meant duplicate accounts — and duplicate accounts mean extra lifecycle work, inconsi...
Domainless SAML federation lets external users sign in with their own IdP even when email domains do not map cleanly.
Connecting workforce identity to customer-facing applications has long meant duplicate accounts — and duplicate accounts mean extra lifecycle work, inconsi...
Microsoft Entra now lets you apply Purview sensitivity labels to cloud security groups in public preview — here’s why it matters and how to test it.
Most teams know exactly what licenses they bought. Far fewer can show how much of that capability is actually being used. That gap costs money at renewal a...
When an account is compromised, every minute spent escalating to an IAM admin is a minute the attacker keeps working. Privileged Identity Response for SOCs...
Privileged access should never ride on stale trust. A user who signed in hours ago and now wants to step into an admin role is a different risk than they w...
Access packages can now govern active and eligible Azure RBAC assignments at key Azure scopes in Public Preview.
Access delays are often communication problems, not policy problems. A request sits pending, nobody knows who’s responsible, and the requestor opens a tick...
App Deactivation lets admins stop new token issuance while preserving app registration metadata and configuration.
When an account is compromised, every minute spent escalating to an IAM admin is a minute the attacker keeps working. Privileged Identity Response for SOCs...
Microsoft Entra registration campaigns can now nudge eligible users to register passkeys during sign-in.
System-preferred authentication now applies to first-factor and second-factor sign-in when Microsoft managed settings are used.
Stop wiring AI agents to shared secrets and borrowed service accounts. Treat every agent as a governed non-human identity with the controls you already run.
Agent Identity Sponsorship Transitions help lifecycle workflows notify and transfer ownership when an agent sponsor changes.
Lifecycle Workflows can now test an Update user attributes task for joiner, mover, and leaver automation.
Agent Identity Sponsorship Transitions help lifecycle workflows notify and transfer ownership when an agent sponsor changes.
Stop wiring AI agents to shared secrets and borrowed service accounts. Treat every agent as a governed non-human identity with the controls you already run.
Agent Identity Sponsorship Transitions help lifecycle workflows notify and transfer ownership when an agent sponsor changes.
Passkeys on Windows Hello let users register device-bound FIDO2 credentials in the local Windows Hello container.
Microsoft Entra registration campaigns can now nudge eligible users to register passkeys during sign-in.
A notice displays information that explains nearby content. Often used to call attention to a particular detail.
A notice displays information that explains nearby content. Often used to call attention to a particular detail.
Strong authentication only helps if the platform actually steers people toward it. Users tend to pick whatever is fastest at the prompt, and on iOS certifi...
Anyone who has rolled out certificate-based authentication has seen it: a user opens the certificate picker, finds a long list of options, and guesses. The...
The hardest part of bringing an application into governance usually isn’t wiring up the connector — it’s answering a deceptively simple question: who alrea...
The hardest part of bringing an application into governance usually isn’t wiring up the connector — it’s answering a deceptively simple question: who alrea...
For hybrid identity teams, stability work matters just as much as new features. Microsoft Identity Manager 2016 Service Pack 3 is now Generally Available, ...
For hybrid identity teams, stability work matters just as much as new features. Microsoft Identity Manager 2016 Service Pack 3 is now Generally Available, ...
For hybrid identity teams, stability work matters just as much as new features. Microsoft Identity Manager 2016 Service Pack 3 is now Generally Available, ...
For hybrid identity teams, stability work matters just as much as new features. Microsoft Identity Manager 2016 Service Pack 3 is now Generally Available, ...
For hybrid identity teams, stability work matters just as much as new features. Microsoft Identity Manager 2016 Service Pack 3 is now Generally Available, ...
For years, Microsoft Entra branding has been a tenant-wide decision. That’s fine when one identity maps to one audience — but most tenants don’t work that ...
For years, Microsoft Entra branding has been a tenant-wide decision. That’s fine when one identity maps to one audience — but most tenants don’t work that ...
For years, Microsoft Entra branding has been a tenant-wide decision. That’s fine when one identity maps to one audience — but most tenants don’t work that ...
Most organizations get phishing-resistant authentication working on the desktop and then stall at mobile. iPhones and iPads are where people actually do a ...
A lot of modern data loss looks completely ordinary. Someone uploads a spreadsheet to a generative AI tool, drags a PDF into personal mail, or pushes a con...
A lot of modern data loss looks completely ordinary. Someone uploads a spreadsheet to a generative AI tool, drags a PDF into personal mail, or pushes a con...
Offboarding delays are more than an HR annoyance — they’re an identity risk. Every hour an account stays active past someone’s last day is an hour of unnec...
Offboarding delays are more than an HR annoyance — they’re an identity risk. Every hour an account stays active past someone’s last day is an hour of unnec...
Token lifetime settings look minor on paper, but they shape how long access persists after it’s granted — and not every application deserves the same behav...
Token lifetime settings look minor on paper, but they shape how long access persists after it’s granted — and not every application deserves the same behav...
Token lifetime settings look minor on paper, but they shape how long access persists after it’s granted — and not every application deserves the same behav...
Plenty of internet traffic still originates from places where installing the Global Secure Access client just isn’t realistic — multi-session VDI, kiosks, ...
Plenty of internet traffic still originates from places where installing the Global Secure Access client just isn’t realistic — multi-session VDI, kiosks, ...
A lot of branch and remote-site traffic still comes from devices that will never run a client — printers, kiosks, IoT gear, shared workstations, and the li...
A lot of branch and remote-site traffic still comes from devices that will never run a client — printers, kiosks, IoT gear, shared workstations, and the li...
Even in a cloud-first architecture, branch traffic still needs old-school network control. The problem is that maintaining that control usually means rule ...
Even in a cloud-first architecture, branch traffic still needs old-school network control. The problem is that maintaining that control usually means rule ...
If you build customer-facing apps, you know the tension: users expect to sign in with the accounts they already have, but you don’t want to hand the whole ...
If you build customer-facing apps, you know the tension: users expect to sign in with the accounts they already have, but you don’t want to hand the whole ...
If you build customer-facing apps, you know the tension: users expect to sign in with the accounts they already have, but you don’t want to hand the whole ...
Most teams know exactly what licenses they bought. Far fewer can show how much of that capability is actually being used. That gap costs money at renewal a...
Most teams know exactly what licenses they bought. Far fewer can show how much of that capability is actually being used. That gap costs money at renewal a...
Privileged access should never ride on stale trust. A user who signed in hours ago and now wants to step into an admin role is a different risk than they w...
Privileged access should never ride on stale trust. A user who signed in hours ago and now wants to step into an admin role is a different risk than they w...
If you build on Microsoft Entra sign-in data, this is a quietly important update. Microsoft Graph now supports $count in sign-in API requests, so your quer...
If you build on Microsoft Entra sign-in data, this is a quietly important update. Microsoft Graph now supports $count in sign-in API requests, so your quer...
If you build on Microsoft Entra sign-in data, this is a quietly important update. Microsoft Graph now supports $count in sign-in API requests, so your quer...
Access delays are often communication problems, not policy problems. A request sits pending, nobody knows who’s responsible, and the requestor opens a tick...
Access delays are often communication problems, not policy problems. A request sits pending, nobody knows who’s responsible, and the requestor opens a tick...
Partner access usually breaks down at the handoff between identity and connectivity. You can invite a guest, but getting them to the right private app — wi...
Partner access usually breaks down at the handoff between identity and connectivity. You can invite a guest, but getting them to the right private app — wi...
Partner access usually breaks down at the handoff between identity and connectivity. You can invite a guest, but getting them to the right private app — wi...
When an account is compromised, every minute spent escalating to an IAM admin is a minute the attacker keeps working. Privileged Identity Response for SOCs...
When an account is compromised, every minute spent escalating to an IAM admin is a minute the attacker keeps working. Privileged Identity Response for SOCs...
Mobile access is always where policy consistency gets tested. People live in Microsoft 365 on iPhones and iPads, and if your Zero Trust controls stop at th...
Mobile access is always where policy consistency gets tested. People live in Microsoft 365 on iPhones and iPads, and if your Zero Trust controls stop at th...
Prompt injection is one of the first risks security teams run into once AI pilots turn into production workloads. Attackers craft inputs that trick a large...
Prompt injection is one of the first risks security teams run into once AI pilots turn into production workloads. Attackers craft inputs that trick a large...
System-preferred authentication now applies to first-factor and second-factor sign-in when Microsoft managed settings are used.
App Deactivation lets admins stop new token issuance while preserving app registration metadata and configuration.
App Deactivation lets admins stop new token issuance while preserving app registration metadata and configuration.
High Scale Compatibility mode is generally available for phased Azure AD B2C migrations to Microsoft Entra External ID.
High Scale Compatibility mode is generally available for phased Azure AD B2C migrations to Microsoft Entra External ID.
High Scale Compatibility mode is generally available for phased Azure AD B2C migrations to Microsoft Entra External ID.
High Scale Compatibility mode is generally available for phased Azure AD B2C migrations to Microsoft Entra External ID.
Cross-tenant group synchronization is generally available for synchronizing security groups and memberships across Entra tenants.
Cross-tenant group synchronization is generally available for synchronizing security groups and memberships across Entra tenants.
Device soft delete moves deleted Entra device objects into a recoverable state instead of removing them immediately.
Device soft delete moves deleted Entra device objects into a recoverable state instead of removing them immediately.
Device soft delete moves deleted Entra device objects into a recoverable state instead of removing them immediately.
Domainless SAML federation lets external users sign in with their own IdP even when email domains do not map cleanly.
Access packages can now govern active and eligible Azure RBAC assignments at key Azure scopes in Public Preview.
Access packages can now govern active and eligible Azure RBAC assignments at key Azure scopes in Public Preview.
Passkeys on Windows Hello let users register device-bound FIDO2 credentials in the local Windows Hello container.
Microsoft single sign-on for Linux is generally available, bringing Entra registration, brokered SSO, and device-based controls to Linux desktops.
Microsoft single sign-on for Linux is generally available, bringing Entra registration, brokered SSO, and device-based controls to Linux desktops.
Microsoft single sign-on for Linux is generally available, bringing Entra registration, brokered SSO, and device-based controls to Linux desktops.
Modernized My Account pages are generally available, giving users clearer self-service paths for account and device tasks.
Modernized My Account pages are generally available, giving users clearer self-service paths for account and device tasks.
Modernized My Account pages are generally available, giving users clearer self-service paths for account and device tasks.
SAP SuccessFactors HR provisioning can now use short-lived federated OIDC tokens instead of stored basic-auth passwords. Here’s how the Public Preview works.
SAP SuccessFactors HR provisioning can now use short-lived federated OIDC tokens instead of stored basic-auth passwords. Here’s how the Public Preview works.
Microsoft Entra now lets you apply Purview sensitivity labels to cloud security groups in public preview — here’s why it matters and how to test it.
Microsoft Entra now lets you apply Purview sensitivity labels to cloud security groups in public preview — here’s why it matters and how to test it.
Microsoft Entra now lets you apply Purview sensitivity labels to cloud security groups in public preview — here’s why it matters and how to test it.
Lifecycle Workflows can now test an Update user attributes task for joiner, mover, and leaver automation.
Lifecycle Workflows can now test an Update user attributes task for joiner, mover, and leaver automation.
Social Sign-In
Social Identity Provider Support for Native Authentication is Generally Available
1 minute read
If you build customer-facing apps, you know the tension: users expect to sign in with the accounts they already have, but you don’t want to hand the whole ...