Identity and Access Management

Publishing a Copilot Studio agent creates an Entra identity in the same minute. As of March 18, 2026, every Copilot Studio agent in a default-on tenant gets a Microsoft Entra Agent ID: a service principal with the 'Agent' subtype, governable through the same Entra admin center and Microsoft 365 admin center your IAM team already operates. A walkthrough of what the Agent ID is, how Agent 365 governs it, the connected dual-agent pattern from a defensive SecOps PoC, and a 7-step

When someone leaves, can you prove every one of their accounts is actually closed? Most teams can't, because offboarding runs on manual steps across Active Directory, Entra ID, and SaaS apps. This deep-dive shows security architects and the leaders who fund them how to build lifecycle workflows in Microsoft Entra ID Governance: the joiner-mover-leaver architecture, the deployment order that works, and the ROI case for automating it.

Publishing a Copilot Studio agent creates an Entra identity in the same minute. As of March 18, 2026, every Copilot Studio agent in a default-on tenant gets a Microsoft Entra Agent ID: a service principal with the 'Agent' subtype, governable through the same Entra admin center and Microsoft 365 admin center your IAM team already operates. A walkthrough of what the Agent ID is, how Agent 365 governs it, the connected dual-agent pattern from a defensive SecOps PoC, and a 7-step

Three things get called "service account" in Microsoft Entra ID. Most incidents involve only one of them. This article gives security architects and CISOs a framework for picking the right control: PIM-eligible roles for human admins, managed identities and service principals for workloads. Two diagnostic questions, four patterns, and a 5-step checklist for converting a tenant from standing privilege to a controlled model.

App owners can't always answer who has access to their app right now. Mid-market enterprises run about 200 SaaS apps; large enterprises closer to 350. Account Discovery (preview) in Microsoft Entra ID Governance reads each connected app and classifies every account as Local, Unassigned, or Assigned. This post covers the business case, the three categories, and a three-phase rollout worked through SAP.

Identity attacks don't start with malware — they start with a perfectly valid sign-in. Microsoft Defender for Identity is the monitoring and early-warning system for your organization's "control room." This article breaks down the business case: what you're buying, how it reduces identity exposure, why earlier detection compresses cost, and how identity signals correlate into unified incidents for faster response. Includes an ROI model, executive and engineer checklists, and

I've never investigated a breach where Conditional Access failed — only where expectations did. Most CA breakdowns aren't technical. They're architectural: wrong exclusions, forgotten accounts, policies that evaluate risk but never enforce it. This article covers the four most common failure patterns — and the three-phase approach to fix them.