The Zero Trust Power Couple, Why Identity Without Data Protection Is Just Half a Marriage

Zero Trust has been the industry mantra for years, but most implementations still stop at identity. Conditional Access policies guard the front door, yet once a user is authenticated, data moves freely across endpoints, apps, and AI tools. In 2026, that gap is no longer theoretical. It is operational risk.
This session explores why identity-only Zero Trust fails in Copilot and AI-driven environments, and how Microsoft Entra and Microsoft Purview together form a continuous control loop. We will walk through how Entra decides who gets access, how Purview decides what they can do with the data, and why AI finally makes these policies matter.
Attendees will learn how sensitivity labels act as policy anchors, how identity context enriches data protection decisions, and how DLP and adaptive protection close the gap between authentication and authorization. We will demonstrate how the same user with the same identity gets radically different Copilot outcomes depending on labels and data policies.
You will leave with a practical architecture pattern for Zero Trust that survives oversharing, AI acceleration, and the uncomfortable truth that authenticated does not mean authorized for data use.

Solving the Security-Availability Paradox

In modern cybersecurity, rigid access controls often conflict with business continuity during emergencies. When key personnel are off-grid or abroad during a critical incident, organizations frequently face a binary choice: compromise security standards for speed, or risk operational failure.

This session presents a third option: Context-aware resilience.

Åsne Holtklimpen and Per-Torben Sørensen will unpack the architectural integration of Microsoft Entra and Microsoft Purview. They will showcase how to design a "Break Glass" mechanism that relies on data sensitivity and user context rather than static network perimeters.

No more identity theft! Harden your identity security today

This session is a level 300 session designed to provide a comprehensive understanding of how to enhance the security of Entra ID using Conditional Access and passkeys. The session begins with an overview of Entra ID, a robust identity management solution, and the importance of identity security in the current digital landscape.

The focus then shifts to Conditional Access, a critical component in maintaining security. Participants will learn how Conditional Access works and how it can be leveraged to strengthen Entra ID security. The session will delve into the steps for hardening Conditional Access, providing participants with practical knowledge they can apply in their organizations.

The session also covers the use of passkeys as an additional layer of security. Participants will learn how passkeys can be integrated with Entra ID and Conditional Access for enhanced security and perhaps even a passwordless solution.

Urgent access without security compromise!

Disasters don't wait until it is convenient; they strike when you're busy or unavailable! So let us show you how Microsoft Entra and Microsoft Purview can work together and form a highly secure access solution, which is flexible enough to provide temporary access in times of crises.

Hold onto your access tokens! Per-Torben is packing his bags and heading to sunny Spain. But while he is sipping sangria, disaster strikes back home in Norway, and suddenly he needs to step in and this requires immediate access to a top secret project. But surely we can't give him access to this incredibly sensitive project without compromising our security posture! Or can we?

In this session, Åsne Holtklimpen and Per-Torben Sørensen explains how Microsoft Entra and Microsoft Purview can work together and form a highly secure access solution which is flexible enough to provide temporary access from sunny Spain in a time of crisis.

We will explain and demo:
* How Conditional Access policies and Access Packages provide flexible geo-filtering for your environment
* How sensitivity labels can tap into Conditional Access policies and together they can be your best travel companions
* Why Microsoft Information Protection (MIP) is the (sun)screen your data needs, no matter where in the world you are.

Passkey Passion: Proper Planning Prevents Poor… Authentication

Passwords are the leading cause of identity-based breaches, not because we lack alternatives, but because most alternatives introduce friction that kills adoption. Passkeys fundamentally change that equation, and Microsoft Entra's implementation is now mature enough to deploy at scale. This is not a future-state conversation. It is happening now, and it is worth getting right.

This session covers passkeys end-to-end: The FIDO2 and WebAuthn standards underneath them, how Entra handles registration, authentication, and credential binding, and where the platform still has rough edges you need to plan around. We'll walk through the full lifecycle, from onboarding flows and Temporary Access Pass bootstrapping to cross-platform behavior, Conditional Access enforcement, and what happens when a device is lost or replaced. There will be demos, there will be architecture, and there will be strong opinions backed by real-world experience.

Attendees will leave with a clear architectural understanding of how passkeys work in Entra, an honest view of current limitations, and a practical framework for planning a passwordless transition that holds up in production, not just in a test tenant.

Level 300, assumes familiarity with Microsoft Entra ID, authentication methods policy, and Conditional Access fundamentals.

The Chain Breaker: Eliminating Weak Links in Conditional Access

Conditional Access is only as strong as its weakest sign‑in, and most organizations have far more weak links than they realize.

In this fast‑paced, demo‑heavy session, we will walk through how to design and operate a secure Conditional Access architecture from the ground up. We start by exposing the real risks hidden in your tenant: Unprotected sign‑ins. From there, we build the foundations of safety with properly configured break‑glass accounts and a persona‑driven CA design that scales without chaos.

You’ll see how to implement a “block by default” strategy, create clean and intentional allow rules, and handle exceptions without undermining your entire security posture. Finally, we lock down the most critical part of the system: The CA policies and groups themselves. You’ll learn how to restrict CA management to only a select few, enforce just‑in‑time access with PIM, and protect the controls that protect everything else.

If you want to eliminate weak links, strengthen your identity security, and gain full control over your Conditional Access environment, this session shows you exactly how. With practical guidance and live demos you can apply immediately.

Demo-heavy, requires a basic understanding of Conditional Access and authentication in Entra.