Solving the Security-Availability Paradox

In modern cybersecurity, rigid access controls often conflict with business continuity during emergencies. When key personnel are off-grid or abroad during a critical incident, organizations frequently face a binary choice: compromise security standards for speed, or risk operational failure.

This session presents a third option: Context-aware resilience.

Åsne Holtklimpen and Per-Torben Sørensen will unpack the architectural integration of Microsoft Entra and Microsoft Purview. They will showcase how to design a "Break Glass" mechanism that relies on data sensitivity and user context rather than static network perimeters.

You are admin'ing wrong!

In the world of Microsoft Entra and M365, privileged accounts are the managers, and the Global Administrator holds the master key to your entire kingdom. You’d expect these accounts to be protected from any compromise, yet in real environments they’re often exposed by weak processes, misconfigurations, and a false sense of security.

You Are Admin’ing Wrong! is an advanced (Level 300) deep‑dive into real‑world security missteps I’ve seen first‑hand while working with customers as a consultant. Too often, privileged accounts in Entra are wide open to theft or misuse. Sometimes through simple oversights, sometimes through risky shortcuts.

In this session, I’ll dissect some of the most common gaps, including:

- Missing or untested break‑glass accounts
- No Privileged Access Workstations (PAWs)
- Poorly scoped Conditional Access rules
- Role‑based access control blind spots
- Stale privileged identities
- MFA setups that look secure, but aren’t

By the end you’ll know exactly what to check, and how, so you can avoid some of the most common admin mistakes out there.

No more identity theft! Harden your identity security today

This session is a level 300 session designed to provide a comprehensive understanding of how to enhance the security of Entra ID using Conditional Access and passkeys. The session begins with an overview of Entra ID, a robust identity management solution, and the importance of identity security in the current digital landscape.

The focus then shifts to Conditional Access, a critical component in maintaining security. Participants will learn how Conditional Access works and how it can be leveraged to strengthen Entra ID security. The session will delve into the steps for hardening Conditional Access, providing participants with practical knowledge they can apply in their organizations.

The session also covers the use of passkeys as an additional layer of security. Participants will learn how passkeys can be integrated with Entra ID and Conditional Access for enhanced security and perhaps even a passwordless solution.

Urgent access without security compromise!

Disasters don't wait until it is convenient; they strike when you're busy or unavailable! So let us show you how Microsoft Entra and Microsoft Purview can work together and form a highly secure access solution, which is flexible enough to provide temporary access in times of crises.

Hold onto your access tokens! Per-Torben is packing his bags and heading to sunny Spain. But while he is sipping sangria, disaster strikes back home in Norway, and suddenly he needs to step in and this requires immediate access to a top secret project. But surely we can't give him access to this incredibly sensitive project without compromising our security posture! Or can we?

In this session, Åsne Holtklimpen and Per-Torben Sørensen explains how Microsoft Entra and Microsoft Purview can work together and form a highly secure access solution which is flexible enough to provide temporary access from sunny Spain in a time of crisis.

We will explain and demo:
* How Conditional Access policies and Access Packages provide flexible geo-filtering for your environment
* How sensitivity labels can tap into Conditional Access policies and together they can be your best travel companions
* Why Microsoft Information Protection (MIP) is the (sun)screen your data needs, no matter where in the world you are.

Passkey Passion: Proper Planning Prevents Poor… Authentication

Passwords have had a good run… mostly as the root cause of every breach post‑1998. It’s time to move on. In this session, I’ll share my very real, very nerdy journey into the world of passkeys in Entra: What works, what doesn’t, and what Microsoft finally got right when they gave us a passwordless option that doesn’t make users cry.

We’ll dig into the “7 P’s” behind successful passkey adoption: Phishing‑resistant, Platform‑agnostic, Portable, Practical, Protected, Policy‑driven, and People‑friendly. And why proper planning really does prevent poor… authentication. Expect a mix of architecture, demos, and the occasional opinion formed after too many late‑night experiments in a test tenant.

This is a Level 300 session: Deep enough for technical folks who want to understand the bits and bytes of how passkeys actually work in Entra, but accessible enough for decision‑makers who need to understand why this matters and how to roll it out without chaos.

If you’re curious about passkeys, planning a passwordless strategy, or just want to hear someone talk passionately about authentication (yes, that’s a thing), this session is for you.

The Chain Breaker: Eliminating Weak Links in Conditional Access

Conditional Access is only as strong as its weakest sign‑in, and most organizations have far more weak links than they realize.

In this fast‑paced, demo‑heavy session, we will walk through how to design and operate a secure Conditional Access architecture from the ground up. We start by exposing the real risks hidden in your tenant: Unprotected sign‑ins. From there, we build the foundations of safety with properly configured break‑glass accounts and a persona‑driven CA design that scales without chaos.

You’ll see how to implement a “block by default” strategy, create clean and intentional allow rules, and handle exceptions without undermining your entire security posture. Finally, we lock down the most critical part of the system: The CA policies and groups themselves. You’ll learn how to restrict CA management to only a select few, enforce just‑in‑time access with PIM, and protect the controls that protect everything else.

If you want to eliminate weak links, strengthen your identity security, and gain full control over your Conditional Access environment, this session shows you exactly how. With practical guidance and live demos you can apply immediately.

Demo-heavy, requires a basic understanding of Conditional Access and authentication in Entra.