Is Entra Connect Sync Still the Best Choice? Let's Sync About It!

Many of us have done the initial design and deployment of Entra Connect quite some time ago. But besides the regular version updates, what has changed over the last years? Would we do it exactly the same way again?

In this session, we will challenge the presumption that Entra Connect is still required in the modern identity landscape. Can't it be replaced by Entra Cloud Sync?

We will not only highlight the advantages and disadvantages of each solution, but also look at migration or coexistence setups. And we will give you an outlook what to expect in the coming month to better support you in the decision what to do next.

And as the security guys, this session wouldn't be complete without a look at the security implications of both solutions. From lateral movement to available protections we will give insights what to be aware of when protecting these critical components.

The state of passkey at the end of '25

Entra ID introduced the first public preview passkey early 2024 and revamped it in October. Now it's December 2025 but where are we in the enterprise passkey journey?

In this session we will explore the past, the present and the future of passkeys not only in Entra ID, but with a look at ecosystem as a whole.

Have you ever asked yourself:

🛡️ What's cross-device or same-device authentication?
🛡️ Why do I need Bluetooth in some scenarios?
🛡️ Is there a difference between Android and iOS?
🛡️ What is this attestation?
🛡️ Should I choose device-bound or synced passkeys?
🛡️ Are passkeys really phishing-resistant?

Then you came to the right talk. We will explain fundamental concepts, dive deeper and compare different options to deploy and use passkeys.

What's New and What's Next in Global Secure Access

Global Secure Access - Microsoft's Security Service Edge Solution - combines an identity-centric Secure Web Gateway with identity-centric Zero Trust Network Access, marking a significant component of modern Zero Trust architecture when utilized properly.

Now that GSA has been available for just over a year and we've supported various proof of concepts and pilots, let's explore its evolution, how you can practically leverage the new features, and what problems have been resolved. Additionally, we'll discuss which of the many small and major functions on the roadmap are particularly relevant, which issues they address, and how GSA may evolve in the medium and long term.

This session provides a compelling outlook, perfectly following our first GSA session "One year with GSA projects - what we learned so far," which offers more of a retrospective.

How to build an Entra-ordinary Security Monitoring

Effective security monitoring goes beyond simply enabling Defender products and deploying rule templates. It requires a strategic approach which includes a phased rollout and defined maturity model. This session explores how to start with Defender XDR signals and alerts as a foundation to identify critical threats and go far beyond this with custom detection engineering.

We'll discuss key gaps in the threat landscape, highlighting areas that require adjustment or development for detection engineering in certain areas. Learn how to choose and adjust Analytic Rules to create a well-tuned, actionable rule set while customizing detections from the Content Hub and community solutions.

Alert fatigue is a common challenge — so we'll explore scenario-based incidents using correlation as a more efficient approach to signal management. Additionally, UEBA-driven anomaly detection will be covered, showcasing how behavioral analytics can help identify emerging threats.

Join us to gain practical insights, optimize detection rules, and learn which strategies are effective to achieve a happy SOC by reducing noise and effort in your environment.

Zero Trust - Zero Gap? Spotlight on (new) uncovered aspects of your CA design

Conditional Access is the heart of Microsoft's Zero Trust implementation as its policy enforcement engine and Microsoft introduces constantly new features to cover more and more use cases and integrations. This includes granular conditions and controls for specific authentication methods, restricted sessions and authentication flows but also new capabilities to re-trigger a policy evaluation.

In this session, we will discuss the latest features and their use cases and also challenges that you may not address in your current ruleset. Starting from automation for deployment, exclusion handling and gap monitoring, up to missing strong policy design to prevent rogue devices or protect privileged users.

The End of Passwords: An Introduction to Passkeys in Entra ID

In cyber security we had and still have a lot of trouble with passwords. They are, as a single factor, insecure or difficult to remember and overall inconvenient. While password managers solve some part of this problem, widespread adoption in the enterprise is not available. In the end nobody loves passwords, except hackers 😜

But 2024 is the year the password dies! At least we hope so.

In this talk we want to show you how passkeys can replace not only the password but phishable MFA factors as well.

We will delve in the basic´s behind passkeys, explain the technology that makes them so secure but also what different kind of passkeys there are.

In this session we will focus on how passkeys fit into Microsoft Entra IDs ecosystem, our favorite identity provider, but many aspects are applicable to other IdPs as well.

But where there is light, there is also shadows. We will discuss the risk some of the passkey implementations might hold for you as an enterprise and will show counter measures to mitigate or minimize this risk.

Let us all make 2024 the end of the password!

Level 200-300 ~45 minutes

Walk the walk - explore ways to ensure strong authentication in real life scenarios

Everyone will agree that a solid set of rules for authentication and authorization is one (if not the) cornerstone of a Zero Trust implementation. Furthermore, everyone actually agrees that device compliance and phishing resistant MFA are the best basic measures to implement with Azure Active Directory Conditional Access.

However, when we look at the status quo of many environments we see a different picture and anyone who has tried to roll out these basic measures to all users in a larger environment knows that this is not an easy task.

This session is based on a lot of project experience and shows a collection of strategies, tactics and tools to make a roll-out efficient and as painless as possible.

Topics: Conditional Access, Authentication methods, Logs, Reports & Workbooks, MFA registration methods / policies, Strong Authentication, Passwordless, Zero Trust

Level 200-300, minimum 45 minutes (better more)

1st AID for EID - how to prevent lateral movement to Entra ID when your Active Directory has fallen

Currently, the biggest threat to an Entra ID tenant in the vast majority of environments comes from the connected Active Directory. Attackers are (currently) focusing heavily on on-prem environments, as these are generally much more difficult to protect and are also in a much worse state. And it's often not far from there to the cloud...

Containment is one of the most important measures in an emergency and usually Entra ID, M365 and Azure are at the top of the list as M365 is very important for crisis communication and Azure can be a good platform for the recovery phase.

In this session, we will discuss the steps necessary to block lateral movement for a full compromise of Entra ID from Active Directory in a reasonable order.

We will then look at your users' accounts, the impact of your actions on their ability to work and how you can make decisions in this situation.

We will also discuss what you can do today to be best prepared for this scenario.

Level 200-300, minimum 45 minutes

Let’s replace your VPN with a real Zero Trust Network Access !

We've spent the last few years modernizing clients, kicking them out of Active Directory and optimizing them to run outside the corporate network. The use of modern protocols, conditional access and the integration of MDE and Intune now enables us to access cloud services with access management that largely complies with the principles of zero trust.

However, when it comes to accessing legacy apps in the old data center world, we unfortunately all too often fall back on the old solutions - perhaps enhanced with some SAML and certificates - and features such as microsegmentation and session revocation are sought in vain.

In this session I would like to discuss and show why Microsoft's SSE solution is so much closer to my understanding of Zero Trust Network Access by explicitly checking every session in the network during its establishment, limiting access to the least necessary and disconnecting in case of a breach.

As a security architect who used to deal intensively with networks and in recent years with identity, I am very much looking forward to a deep dive on the topic of Single SignOn when accessing the OnPrem environment with Private Access.

In addition to the way the technology works, you will learn what needs to be considered during POC and rollout and what differences there are to a classic VPN project.

Level 200-300, minimum 45 minutes

Conditional Access in times of Global Secure Access

Over time, conditional access has taken on an ever-increasing role in corporate access management and is now the (!) policy enforcement engine of a modern Zero Trust architecture. So it's not surprising that Microsoft is also relying on Conditional Access for Global Secure Access and making it the primary point of policy enforcement for Secure Web Gateway and Zero Trust Network Access!

In this session I would like to discuss

* what elements GSA integrates with CA and what features are being added
* how to use CA Policies to configure Entra Internet Access
* how to cleverly structure CA policies for Entra Private Access Apps
* why using GSA also gives you advantages when accessing Microsoft 365 Services Security.
* why there are several connections between GSA and Continuous Access Evaluation.

In addition to the limitations and incompatibilities that you should be aware of in order to design a sensible rule set, I would also like to give you an outlook on the effects that Global Secure Access can have on your existing conditional access rule set.

Based on my previous project experience in this field, I can

* give you an outlook on the impact of a Global Secure Access implementation on the existing Conditional Access rule set.
* report on experiences with the division of labor and collaboration between Global Secure Access Admin and Conditional Access Admin
* present suggestions for sensible policies

Level 300 - 40 minutes