Daniel Fraubaum
Lead Architect Modern Workplace & Security
Vienna, Austria
Actions
Where cloud identity meets endpoint reality — minus the hype.
Lead Architect for the Modern Workplace with 15+ years in IT. I design and roll out Microsoft Entra, Intune, Azure Virtual Desktop, and Windows 365 environments, with a focus on identity-first security and automation.
My sessions are rooted in real customer projects: Conditional Access architecture, certificate deployments, device lifecycle, and AVD/W365 best practices.
I build open-source tools for Intune and Entra on GitHub, and publish hands-on content on headsinthecloud.blog — demos, scripts, and lessons learned from the field.
Area of Expertise
Topics
Beyond Secrets – Securing Workload Identities in Entra ID
App registrations and service principals are everywhere in your tenant – but how well are they actually secured? In most environments, the answer is: not well enough.
This session takes you on a journey through the identity lifecycle of non-human identities in Entra ID. We'll start with the fundamentals – how app registrations, service principals, and managed identities relate to each other and where the security boundaries lie. From there, we'll dive into a commonly overlooked attack vector: client secrets on service principals that can be added via Graph API but are completely invisible in the Entra admin center.
You'll learn how to use App Management Policies to block secret creation at the tenant level and per-application, why federated credentials and managed identities should be your default, and how Conditional Access for Workload Identities adds a critical policy layer to control how and from where your non-human identities authenticate.
Expect real-world scenarios, live demos, and actionable takeaways you can implement in your tenant the same week.
Learn how to lock down app registrations and service principals in Entra ID – from blocking secret creation with App Management Policies to enforcing Conditional Access for Workload Identities.
Ephemeral PAW – Disposable Cloud PCs for Privileged Access
Hardware-based Privileged Access Workstations remain the gold standard – with full supply chain control, dedicated devices, and physical isolation. But reality hits: not every organization can deploy and manage dedicated PAW hardware across all scenarios.
This session presents an alternative design for when hardware PAWs aren't feasible. Using Windows 365 Frontline in shared mode, every privileged session starts on a freshly provisioned Cloud PC – and gets destroyed on logoff. No persistent state, no leftover artifacts, no lateral movement from a compromised session.
We lock down internet access and precisely control connectivity to privileged resources through Global Secure Access – ensuring the Cloud PC can only reach what it needs, nothing more.
You'll see the full architecture, Conditional Access integration, real-world deployment patterns, and the tradeoffs compared to traditional hardware PAWs. Walk away with a blueprint you can adapt to your environment.
When hardware PAWs aren't an option, build ephemeral privileged workstations with Windows 365 Frontline, Global Secure Access, and custom reprovisioning automation – fresh on every login, gone on every logoff.
techConference 2026
Workshop:
Zero Trust Reloaded: Entra Suite, Security Copilot & Modern Managed SOC in Practice
Deployment is only the starting gun for Zero Trust security, and that is exactly where we pick up. We show how the Microsoft Entra Suite closes governance gaps, how Global Secure Access gives you clear and controlled access paths, and how to keep workload identities properly under control. Security Copilot adds the pace, while our Managed SOC actively orchestrates the technologies behind the scenes. Hands-on, with live demos and concrete architecture recommendations you can take straight back to your environment.
Session:
Ephemeral PAW: Admin Access Without the Aftermath
Admin access is often already too insecure before anything even happens.
Too many access models still rest on outdated assumptions: the endpoint is trustworthy, the session stays manageable, and remote access becomes safe with enough policies layered on top. This session challenges exactly those assumptions. You will see a practical approach for enterprise admins to handle sensitive access in a controlled and isolated way, with no unnecessary persistence left behind. The focus is not product slides but real operational problems: access to corporate resources, hardened working sessions, and a clean handover that leaves no lingering residue. A session for everyone who wants to think about admin security in a way that actually holds up in operations.
techConference 2025
Workshop – Attack & Defense with Microsoft Entra: Understand Attack Patterns, Master Defense Strategies
This hands-on workshop dives into real-world identity attack scenarios targeting Microsoft Entra. We’ll explore common attack vectors such as token theft, privilege escalation, and misconfigured Conditional Access—and then walk through practical defense strategies to harden your environment. Expect live demos, actionable best practices, and guidance on building a resilient identity-first security posture.
Microsoft Discovery Day: Endpoint Innovation 2025
Talking about the newest Innovations from Windows in the Cloud and real live scenarios.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top