No more identity theft! Harden your identity security today

This session is a level 300 session designed to provide a comprehensive understanding of how to enhance the security of Entra ID using Conditional Access and passkeys. The session begins with an overview of Entra ID, a robust identity management solution, and the importance of identity security in the current digital landscape.

The focus then shifts to Conditional Access, a critical component in maintaining security. Participants will learn how Conditional Access works and how it can be leveraged to strengthen Entra ID security. The session will delve into the steps for hardening Conditional Access, providing participants with practical knowledge they can apply in their organizations.

The session also covers the use of passkeys as an additional layer of security. Participants will learn how passkeys can be integrated with Entra ID and Conditional Access for enhanced security and perhaps even a passwordless solution.

Urgent access without security compromise!

Disasters don't wait until it is convenient; they strike when you're busy or unavailable! So let us show you how Microsoft Entra and Microsoft Purview can work together and form a highly secure access solution, which is flexible enough to provide temporary access in times of crises.

Hold onto your access tokens! Per-Torben is packing his bags and heading to sunny Spain. But while he is sipping sangria, disaster strikes back home in Norway, and suddenly he needs to step in and this requires immediate access to a top secret project. But surely we can't give him access to this incredibly sensitive project without compromising our security posture! Or can we?

In this session, Åsne Holtklimpen and Per-Torben Sørensen explains how Microsoft Entra and Microsoft Purview can work together and form a highly secure access solution which is flexible enough to provide temporary access from sunny Spain in a time of crisis.

We will explain and demo:
* How Conditional Access policies and Access Packages provide flexible geo-filtering for your environment
* How sensitivity labels can tap into Conditional Access policies and together they can be your best travel companions
* Why Microsoft Information Protection (MIP) is the (sun)screen your data needs, no matter where in the world you are.

You are admin'ing wrong!

In the world of Microsoft Entra and M365, privileged accounts are the managers, and the Global Administrator holds the master key to your entire kingdom. You’d expect these accounts to be protected from any compromise, yet in real environments they’re often exposed by weak processes, misconfigurations, and a false sense of security.

You Are Admin’ing Wrong! is an advanced (Level 300) deep‑dive into real‑world security missteps I’ve seen first‑hand while working with customers as a consultant. Too often, privileged accounts in Entra are wide open to theft or misuse. Sometimes through simple oversights, sometimes through risky shortcuts.

In this session, I’ll dissect some of the most common gaps, including:

- Missing or untested break‑glass accounts
- No Privileged Access Workstations (PAWs)
- Poorly scoped Conditional Access rules
- Role‑based access control blind spots
- Stale privileged identities
- MFA setups that look secure, but aren’t

By the end you’ll know exactly what to check, and how, so you can avoid some of the most common admin mistakes out there.

Elevator pitch: "Privileged accounts in Entra and M365 are the crown jewels, but too often, they’re left exposed by weak processes, risky shortcuts, and false confidence. In You Are Admin’ing Wrong!, I’ll unpack some of the most common real‑world missteps I’ve seen as a consultant and show exactly what to check, and how, to lock down your Privileged accounts before attackers find the gaps."