Episodit
-
Join us for a conversation with Dhanyah Krishnamoorthy, Product Manager at Microsoft, as she discusses Microsoft Entra Connect Sync and Cloud Sync solutions for synchronizing on-premises Active Directory identities to Entra ID.
Learn about Microsoft's overall strategy for syncing and what you can do to prepare for the future including security considerations and scaling guidance.
Subscribe with your favorite podcast player or watch on YouTube π
About Dhanyah
Dhanyah Krishnamurthy is a Principal Product Manager in the Microsoft Entra product group. For the past four years, Dhanyah has focused on hybrid identity scenarios, leading the product management for critical services that help organizations manage identities between on-premises Active Directory and the cloud. She specifically owns Microsoft Entra Connect Sync and the newer Microsoft Entra Cloud Sync capabilities, designing solutions to streamline identity provisioning, enhance security, and support complex scenarios like mergers and acquisitions.
LinkedIn - https://www.linkedin.com/in/dhanyah
π Related Links
* Hybrid Identity - https://learn.microsoft.com/en-us/entra/identity/hybrid/
* Comparison between Microsoft Entra Connect and cloud sync - https://learn.microsoft.com/en-us/entra/identity/hybrid/cloud-sync/what-is-cloud-sync
* Topologies for Microsoft Entra Connect - https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/plan-connect-topologies
* Factors influencing the performance of Microsoft Entra Connect - https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/plan-connect-performance-factors
* Group writeback with Microsoft Entra Cloud Sync - https://learn.microsoft.com/en-us/entra/identity/hybrid/group-writeback-cloud-sync
π Chapters
00:00 Intro
03:16 Why Two Sync Solutions? Connect Sync vs Cloud Sync History
05:17 Benefits of Cloud Sync vs Connect Sync
06:23 Cloud Sync Advantage: Mergers & Acquisitions
08:16 Cloud Sync Advantages: Lightweight, High Availability, Simplicity
10:17 Shared Provisioning Agent Benefits
10:59 Future Plans: Investing in Cloud Sync
12:11 Coexistence: Using Cloud Sync & Connect Sync Together
13:25 Getting Started with Cloud Sync: Group Writeback & Acquisitions
15:56 Choosing the Right Tool: When to Use Cloud Sync
16:34 Using the Sync Wizard for Recommendations
18:03 Operational Differences & Admin Roles
19:53 Group Writeback Scaling Considerations
22:31 Common Customer Issues: Topologies & Configuration
25:36 Scaling Guidance: When to Worry About Performance
29:12 Security Considerations: Connect Sync vs Cloud Sync
30:41 Connect Sync Security Hardening & Updates
33:40 Cloud Sync Security & GMSA Accounts
35:16 Final Thoughts & Call to Action
Podcast Apps
ποΈ Entra.Chat β https://entra.chat
π§ Apple Podcast β https://entra.chat/apple
πΊ YouTube β https://entra.chat/youtube
πΊ Spotify β https://entra.chat/spotify
π§ Overcast β https://entra.chat/overcast
π§ Pocketcast β https://entra.chat/pocketcast
π§ Others β https://entra.chat/rss
Merill's socials
πΊ YouTube β youtube.com/@merillx
π LinkedIn β linkedin.com/in/merill
π€ Twitter β twitter.com/merill
πΊ TikTok β tiktok.com/@merillf
π¦ Bluesky β bsky.app/profile/merill.net
π Mastodon β infosec.exchange/@merill
𧡠Threads β threads.net/@merillf
π€ GitHub β github.com/merill
Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe -
In this insightful discussion, Martin Sandren from IKEA joins Entra Chat to discuss the evolving landscape of IAM.
The episode covers critical considerations for modern identity strategies, including the trade-offs between syncable and device-bound passkeys, the necessity of robust regression testing for Conditional Access, and advancements in identity proofing methods.
Subscribe with your favorite podcast player or watch on YouTube π
About Martin Sandren
Martin Sandren is the IAM Lead at Inter IKEA, overseeing the systems that support IKEA's worldwide presence. His extensive background includes over twenty years of experience as an IAM product lead, architect, engineering manager, and developer.
Beyond his role at IKEA, he is actively involved in the identity community as a frequent speaker at international conferences and a founder of the Digital Identity Amsterdam meetup and the Amsterdam chapter of IdentiBeer, and is active within the idNext foundation and IDPro.
LinkedIn - https://linkedin.com/in/martinsandren/
π Related Links
β’ IAM Conferences in Europe
π Chapters
00:00 Intro
02:51 Martin's Journey into Entra & Early IAM Experiences
05:35 Early Entra Wins: Simplified Sign-in Logging
07:02 Value of Microsoft's Preview Feature Model (Private/Public/GA)
09:39 Evolution of Federation: SAML/OIDC Then vs Now
13:22 The Rise of SCIM for User Provisioning
14:47 Cloud Standardization vs On-Prem Customization Trade-offs
16:48 Identity Governance & Multi-Tenant Organizations (MTO)
19:01 The Power & Complexity of Conditional Access
20:23 Resilience & Offline Scenarios in IAM
23:12 Challenges with Guest User Management & Governance
26:16 Cross-Tenant Sync vs Connected Organizations
27:49 The "Schrodinger's Cat" Problem with Guest Accounts
30:58 Mastering Conditional Access Policies: Best Practices & Pitfalls
32:41 Shifting Security Focus: From Network to Identity Defense-in-Depth
34:04 Adapting Security for Different User Populations (Frontline Workers)
35:21 Leveraging ITDR, Risky User Signals & Red Teaming
38:00 Importance of Regression Testing CA Policies (Meister Tool)
39:08 Edge Cases: SSPR & Certificate-Based Authentication Conflicts
40:37 Securing Conditional Access Group Memberships
42:40 Identity Proofing, Onboarding & Phishing Risks
46:01 Wishlist: Granular Read Permissions in Entra
48:36 Passkeys & Phishing-Resistant MFA: Progress & Challenges (Android Usability)
50:01 Strategy: Syncable vs Device-Bound Passkeys
51:58 Embracing Standards: SSF & CAPE Protocols
53:04 Advice for Newcomers to the Identity & Access Management Field
54:55 Closing Remarks
Podcast Apps
π§ Apple Podcast β https://entra.chat/apple
πΊ YouTube β https://entra.chat/youtube
πΊ Spotify β https://entra.chat/spotify
π§ Overcast β https://entra.chat/overcast
π§ Pocketcast β https://entra.chat/pocketcast
π§ Others β https://entra.chat/rss
Merill's socials
πΊ YouTube β youtube.com/@merillx
π LinkedIn β linkedin.com/in/merill
π€ Twitter β twitter.com/merill
πΊ TikTok β tiktok.com/@merillf
π¦ Bluesky β bsky.app/profile/merill.net
π Mastodon β infosec.exchange/@merill
𧡠Threads β threads.net/@merillf
π€ GitHub β github.com/merill
Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe -
Puuttuva jakso?
-
In this episode we discuss the evolution of guest access from SharePoint to Entra ID, the challenges of managing guest identities, and the importance of security and governance.
Our conversation covers key topics including cross-tenant access settings, identity governance, B2B direct connect, and licensing considerations.
Samantha also shares practical advice and best practices for organizations to secure their tenants and streamline external collaboration.
Subscribe with your favorite podcast player or watch on YouTube π
LinkedIn - https://www.linkedin.com/in/samkloos/
π Related Links
* Overview: Cross-tenant access with Microsoft Entra External ID
* Cross-tenant access activity workbook
* B2B direct connect overview
* Entra Security Recommendations
π Chapters
00:00 The Evolution of Guest Access
04:49 Guest Access Settings and Best Practices
23:00 Cross Tenant Access Settings Demystified
36:06 B2B Direct Connect
48:09 Guest Licensing: Key Considerations
56:10 Entitlement Management and Guest Users
Podcast Apps
π§ Apple Podcast β https://entra.chat/apple
πΊ YouTube β https://entra.chat/youtube
πΊ Spotify β https://entra.chat/spotify
π§ Overcast β https://entra.chat/overcast
π§ Pocketcast β https://entra.chat/pocketcast
π§ Others β https://entra.chat/rss
Merill's socials
πΊ YouTube β youtube.com/@merillx
π LinkedIn β linkedin.com/in/merill
π€ Twitter β twitter.com/merill
πΊ TikTok β tiktok.com/@merillf
π¦ Bluesky β bsky.app/profile/merill.net
π Mastodon β infosec.exchange/@merill
𧡠Threads β threads.net/@merillf
π€ GitHub β github.com/merill
Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe -
Entra.Chat Podcast - https://entra.chat
In this insightful episode, Nathan McNulty, Senior Security Solutions Architect at Patriot Consulting, shares his extensive experience deploying and securing Microsoft Entra environments. With a background spanning civil engineering, education, and critical infrastructure, Nathan brings practical wisdom from managing environments with 50,000+ users and 90,000+ devices.
Subscribe with your favorite podcast player or watch on YouTube π
The conversation explores realistic approaches to securing BYOD, building effective conditional access policies using a "castle" framework, and leveraging administrative units to partition permissions efficiently. Nathan reveals his innovative "operational groups" automation technique that helps classify users by authentication methods, enabling granular security controls without manual effort. The episode also covers authentication methods migration strategies, extension attributes, and modern cloud automation approaches that replace traditional server-based scripts.
Whether you're looking to improve your conditional access strategy, smoothly migrate authentication methods, or automate Entra management tasks, Nathan's field-tested insights will help you secure your environment more effectively while reducing administrative overhead.
Nathan McNulty
* Web - https://nathanmcnulty.com/
* LinkedIn - https://www.linkedin.com/in/nathanmcnulty/
* Bluesky - https://bsky.app/profile/nathanmcnulty.com
* X - https://x.com/nathanmcnulty
Related Links
* Operational Groups scripts - https://github.com/nathanmcnulty/nathanmcnulty/tree/master/Entra/operational-groups
* Maester DevOps - https://maester.dev/docs/monitoring/github
* Authentication Methods Migration - https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-authentication-methods-manage
* Administrative units - https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/administrative-units
* Restricted management administrative units - https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/admin-units-restricted-management
Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe -
Episode Summary
In this episode, we dive into the sophisticated world of phishing attacks with Kuba Gretzky, creator of the renowned Evilginx framework. He shares insights on how Evilginx operates as a reverse proxy, capturing authentication tokens in real-time, and discusses the ethical considerations of creating such a powerful tool. Most importantly, Kuba provides valuable guidance on protection strategies that organizations can implement to defend against these advanced phishing techniques.
Chapters
00:00 - Introduction to Kuba and Evilginx
- Creator of Evilginx, a phishing framework demonstrating MFA vulnerabilities
- 15+ years in cybersecurity, started with MMO game hacking
- Transitioned through reverse engineering to cybersecurity
02:03 - Understanding Phishing Fundamentals
- Phishing presents fake sign-in pages to capture user credentials
- Even 7-year-olds now learn about phishing dangers in school
03:39 - How Evilginx Works Technically
- Functions as a reverse proxy between user and legitimate server
- Creates dual TLS connections to intercept all communications
- Captures authentication tokens for complete account takeover
05:55 The Evolution of Phishing Tools
- Evolved from experiments with cookie manipulation
- Improved upon older tools that required malware installation
- Developed from Nginx with Lua scripting to standalone Go application
10:37 Evilginx's Impact and Popularity
- Gained traction through demonstrating MFA vulnerabilities
- Creates "shock factor" when users see how easily accounts are compromised
- Emerged alongside other tools but distinguished by ease of demonstration
12:25 Real-World Phishing Examples
- Sophisticated attacks use browser-in-browser techniques
- High-profile victims include Linus Tech Tips YouTube channel
- Attackers leverage urgency and fear to bypass security awareness
16:23 Protecting Against Evilginx Attacks
- Implement domain verification checks through JavaScript
- Deploy "shadow tokens" with browser fingerprinting
- Utilize conditional access policies and FIDO2/passkeys
22:57 - Detecting Evilginx Attacks
- HTTP header inspection can identify attack signatures
- TLS fingerprinting (JA4) detects unusual connection patterns
- Cloudflare and other services block suspicious proxy connections
27:33 - User Education and Psychological Factors
- Focus on recognizing psychological triggers like urgency
- Reward reporting rather than punishing victims
- Teach users to access websites directly rather than through email links
31:01 - Ethical Considerations and Responsible Development
- Implemented vetting process for Evilginx Pro access
- Built anti-cracking protections to prevent misuse
- Created trusted community for responsible information sharing
36:43 - Future Developments and Evilginx Pro
- New client-server architecture with API for automation
- Features include bot protection and shadow token bypass capabilities
- Established BreakDev as company with plans for security software platform
Key Takeaways
- Modern phishing attacks like those enabled by Evilginx can bypass MFA by acting as a proxy in real-time.
- The strongest protections include device compliance, FIDO2/passkeys, and domain verification checks.
- Organizations should implement conditional access policies that verify device identity, not just user identity.
- User education should focus on recognizing urgency tactics rather than just checking URLs.
- Shadow tokens that include browser fingerprinting and domain information show promise as protection methods.
- Ethical security tools require responsible handling - vetting processes to help prevent misuse.
- Security awareness demonstrations with tools like Evilginx help stakeholders understand risks and invest in protections.
Key Links
BREAKDEV Blog β breakdev.org
Evilginx Pro β evilginx.com
Evilginx Mastery Course β academy.breakdev.org/evilginx-mastery
Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe -
In this very first episode of the Entra Chat podcast I sat down with Ben Wolfe, my former manager and ex-Microsoft, who is now the Head of Security Solutions at Increment.
How to get in touch with Ben:
Ben Wolfe - https://www.linkedin.com/in/benjaminwillwolfe/
Increment - https://www.increment.inc/
Mentions during the episode:
Graph X-Ray - https://graphxray.merill.net/
Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe
