Posts

A New Face for Risky User Management in Microsoft Entra

-
You may be familiar with the classic interface that Microsoft Entra once provided to enable administrators and responders the ability to view risky users. In June 2026, this feature got a major upgrade that I am very excited to share with you. The new Risky Users experience in Microsoft Entra provides a fresh new look to gaining visibility into users at risk, and more information that will enable responders to make the best decision. So what is the Risky Users experience? For those who are not familiar, Microsoft Entra analyzes and processes billions of sign-in signals from many different tenants. These signals help to build a greater picture of the threats that organizations face, and your organization is no different. Risky Users is a part of a much broader suite of tools in Microsoft Entra called: ID Protection. Through this suite, responders and analysts are able to understand as well as remediate accounts, sign-ins, and now AI Agents that may be susceptible to compromise. In parti...
Post a Comment
Read more

Automating Identity at Scale: Why User Attribute Updates in Lifecycle Workflows Makes a Difference

-
Identity governance has always been both a friend and a foe. Every organization wants clean, consistent user data yet every admin knows the reality: attributes drift, HR systems differ, and manual updates cause errors. For years, we’ve relied on scripts, provisioning connectors, or external automation layers to keep identity data aligned with business needs. Microsoft Entra has changed that. 1. A Small Feature With Massive Impact The new User Attribute Updates task in Lifecycle Workflows is one of the most important additions to Entra ID Governance this year. It gives administrators a secure, auditable way to update user attributes directly within joiner, mover, and leaver workflows. Workflows can now set or clear any attribute, including: Standard attributes like department , jobTitle , and manager Directory extension attributes Custom schema extensions Boolean flags for dynamic groups or Conditional Access App‑specific attributes that influence provisioning logic This closes a long‑...
Post a Comment
Read more

Applying Sensitivity Labels to Groups In Entra

-
If you have read the latest Microsoft Entra Community newsletter, you probably know about one of the latest new features to become available which is the ability to apply sensitivity labels in Entra. This feature can help admins centralize policy and controls on a group level, which is a major step towards achieving tighter compliance within your Microsoft environment. In this article, we'll chat about this further and how you can stat availing of this amazing new feature. What are Sensitivity Labels? Sensitivity labels provide a unified way to classify and protect resources across Microsoft 365. When a label is scoped to Groups & Sites, it can automatically enforce privacy settings, guest access rules, and external sharing controls on any group it’s applied to. Instead of admins manually configuring each group, the label becomes the policy engine that dictates how the group behaves. This creates consistency, reduces configuration drift, and ensures governance follows the gro...
Post a Comment
Read more

The Zero-Trust Edge is Getting Sharper: What Admins Need to Know for Entra in Summer 2026

-
Image
Do you use Connect Sync to ensure the flow between your users on-premise is seamless? Well, if you didn't know, that seamlessness is about to have the plug pulled in Summer 2026. What does this mean? How do you prepare? In this article, I'll chat about this and what this means for organizations using Connect Sync to manage hybrid identities. What's Happening? Microsoft is tightening the screws. Cloud Sync will become the default strategic direction towards managing hybrid identities, and Connect Sync will be moving towards a reduced "legacy-only" role. While this isn't a hard cutoff, this signals the end of the Connect Sync service and it is important that organizations start to make the shift now to avoid the inevitable enforcement down the road. Cloud Sync will become the secure by default engine, with Microsoft expecting organizations to adopt this baseline sooner rather than later. Albeit this will not be a complete cutover just yet, administrators will n...
Post a Comment
Read more