Governing Guest Access with Entra ID Identity Governance

Guest users are often the least governed identities in an organisation, yet they frequently hold access to sensitive data through Microsoft 365, Teams, SharePoint, and line-of-business applications. Many organisations avoid applying Identity Governance controls to guests due to licensing concerns or misunderstandings about how billing works.

This lightning session cuts through that confusion. We focus specifically on how Entra ID Identity Governance can be applied to guest accounts using the Monthly Active User (MAU) billing model, enabling governance actions without requiring Entra ID P2 licenses for internal member users.

In a fast-paced, demo-driven format, we show how access packages, entitlement management, access reviews, and lifecycle controls can be targeted at guest users, partners, and external collaborators. We will explain how MAU billing is triggered, how to predict and control costs, and common pitfalls that lead to unexpected charges.

Attendees will leave with a clear understanding of when guest governance requires licenses, when MAU billing applies, and how to safely govern external identities at scale without over-licensing their tenant.

Automating Joiners, Movers, and Leavers with Entra ID

Identity Governance often promises automation, reduced risk, and cleaner directories, but many organisations still rely on manual processes, scripts, or disconnected HR and IT workflows. In hybrid environments, the challenge is even greater when identity data flows between multiple systems of record, on-premises Active Directory, and Entra ID.

This deep dive session focuses on implementing Identity Governance in Entra ID using real-world Joiner, Mover, and Leaver scenarios. We start by examining identity Source of Authority models and how users can be synchronised or provisioned into Active Directory, Entra ID, or both, depending on organisational and technical requirements. Attendees will gain clarity on when to use HR-driven provisioning, directory-based authority, or cloud-only identity models.

Through live demos, we then walk through lifecycle workflows that automate onboarding, role changes, and offboarding. This includes group and application assignments, access reviews, entitlement management, and the use of Lifecycle Workflows to trigger actions at precise points in the employee journey. A key scenario demonstrated is automatically issuing Temporary Access Passes on day one to securely bootstrap multifactor authentication and passwordless sign-in without helpdesk intervention.

The session also covers the newly released object-level Source of Authority switching capability in Entra ID, allowing organisations to convert synchronised on-premises users to cloud-managed users without disruptive rebuilds. We will discuss why this matters, how it fits into long-term identity modernisation strategies, and the risks and guardrails to consider.

Attendees will leave with practical guidance, architectural patterns, and implementation insights to build scalable, auditable, and secure identity lifecycle automation using Entra ID Identity Governance across hybrid and cloud-native environments.

Authentication Methods in Entra ID: Legacy to Passkeys

Authentication methods sit at the center of every access decision in Microsoft Entra ID and Azure. In this 1 hour online session, we will take a practical, security focused look at how authentication methods are defined, managed, and evolved in modern Entra environments.

We will start by reviewing the available multifactor authentication and self service password reset methods, and how users experience registration through the combined security information experience. From there, we will unpack the shift from legacy per user and legacy MFA settings to the Authentication Methods policy, including what changes in control, visibility, and risk management.

The session will cover common pitfalls and recommendations for reducing attack surface by retiring weaker methods, aligning authentication methods with Conditional Access and authentication strengths, and avoiding tenant wide lockouts. We will also dive into passkeys in Entra ID, explaining the difference between device bound and syncable passkeys, where each makes sense, and how to introduce them safely.

Finally, we will look at special cases such as break glass administrative accounts, with clear guidance on how to configure authentication methods that balance resilience and security. Attendees will leave with a clearer mental model of Entra authentication methods, practical configuration guidance, and a roadmap for moving from legacy approaches to a modern, phishing resistant authentication strategy.

From VPNs to Zero Trust: Implementing Entra Global Secure Access Private Access

For years, organizations have relied on perimeter based technologies such as ISA Server, TMG, firewalls, VPNs, and later Secure Web Gateways to provide access to internal resources. These solutions evolved incrementally, often bolting identity on after the fact, and struggled to keep pace with cloud adoption, remote work, and Zero Trust principles.

This session traces that evolution and explains how Microsoft Entra Global Secure Access, specifically Private Access, represents a fundamental shift in how private applications are securely published and consumed. We will demystify common industry and Microsoft acronyms including SASE, SSE, SWG, IAG, GSA, and PIM, and place them into a clear architectural context.

The core of the session focuses on Entra ID as the control plane. You will see how Conditional Access, Authentication Strengths, device signals, and Identity Governance integrate directly with Private Access to enforce least privilege and continuous verification, rather than network level trust. We will also cover practical design considerations, traffic flows, and common pitfalls.

The session concludes with a real-world walkthrough of standing up a functional Private Access proof of concept in a single day, showing how identity-first access can replace legacy VPN patterns without compromising security or user experience.

60 - 75 minute session