Who should issue the credential?
That choice shapes trust, revocation, and cost.
New post on Microsoft Entra Verified ID:
IDV-issued for portability
Org-issued for control
Face Check verifies the presenter
blog.samueleng.se/posts/2026-0...
#entra #verifiedid #verifiablecredentials
📣 New blog article ⬇️
blog.samueleng.se/posts/2025-1...
Conditional Access Back to Basics - What are "Cloud Apps" and why can't I find my app in the picker?
#conditionalaccess #entra #entraid
📣 New blog article
RDP connection to a Microsoft Entra–joined machine using Entra ID cloud account from macOS is not as straightforward as it seems.
blog.samueleng.se/posts/2025-0...
Block password additions is a massive security enhancement 👏
Got it 👍 I really appreciate your response
@danielbradley.bsky.social Really enjoyed the Entra Docs Tracker, great idea, and thank you! 👍 Any plans to open-source it? I’m thinking about other MS Docs repos I’d like to track.
Tagging additional Entra authorities for possible answers 🙂 @fabian.bader.cloud @dirkjanm.io
I see. My initial thought was that the attribute serves as a proxy indicator for the type of service principal (i.e., whether CA can be applied).
Does anyone know why the Conditional Access app picker applies the filter servicePrincipals?$filter=preferredSingleSignOnMode ne 'notSupported'? Is there any correlation with public vs. confidential clients or web vs. mobile clients? @merill.net @cbrhh.bsky.social @nathanmcnulty.com
Well deserved @nathanmcnulty.com! 👏🏆
I can confirm that I tried it in my lab tenant, and it is working as expected. 👍
👏👏I admire your dedication 😄
Out of curiosity, what did you base your announcement on? 🙂
Great news! Are there any updates on Learn or official announcements?
Ping @merill.net 😀
@merill.net Maester GitHub actions issue?
📣 Highlighting two Microsoft Entra products working together - External Authentication Method (EAM) and SSE Private Access (ZTNA)
www.linkedin.com/posts/samuel...
#sse #sase #microsoft #entra #entraid
Great content! 👏
Excellent news! Is it too much to ask for the inclusion of Workload ID premium features for this app? 😂
💯agree. Since all network destinations and segments are represented by an app, the possibilities become limitless. Combine this with Entra ID Governance for self-service, approval, access review, and audit trails 🔥🔥
Today is the day folks.
The new and updated Bluesky.ms is now live!
Go add yourself. I'll share a detailed step by step...
Thank you for a great video 👍
Entra supports attenstation of the Microsoft Authenticator app (iOS/Android)
iOS: Uses the iOS App Attest service
Android: Uses the Play Integrity API
Once we have native built-in capabilities to remove or scramble the password in Entra, passwordless options for self-remediation of ID protection risks, universal passkey support et.c., everything will come together.
By the way, am I misunderstanding this? @merill.net
Got it, I appreciate you taking the time to respond.
A user has a passkey and MS auth app with push registered, and initiates a SSPR. The SSPR wizard suggests verification with app + push (and no other alternatives). Why not the most secure way, using the passkey? Any idea? @merill.net @jeftek.com @nathanmcnulty.com
Does @ mentioning work for Linkedin?
Would have loved BYOD/unmanaged device support in H1 2025 instead
MFA requirement for Register security information, using TAP for secure bootstrapping to phishing-resistant authentication methods such as passkeys. This is the way.
