In this hands-on, demo-driven session, you’ll learn how to take full ownership of your identity control plane using Microsoft Entra ID - with focus on devices. The focus is practical and actionable, with ready-to-use scripts and configurations you can bring back and implement immediately.

We’ll explore how to design and operate modern identity security by breaking down real-world security profiles such as Enterprise (ENT), Secure Access Workstations (SAW), and Privileged Access Workstations (PAW). You’ll gain a clear understanding of authentication strengths, methods, and why strong authentication is critical across different device types.

The session walks through how to build and secure PAW and SAW environments across Windows 365 Cloud PCs, virtual machines, and physical devices. You’ll see how to implement phishing-resistant authentication using FIDO2 and Windows Hello for Business across multiple device configurations, and how to classify and tag devices based on security posture and authentication capabilities.

We’ll also cover how to redesign your Microsoft Intune environment using device tags and filters to simplify management, enforce security boundaries, and reduce complexity. From there, we’ll dive into reporting and hunting techniques that help you identify, track, and remediate non-compliant devices at scale.

Finally, you’ll see how full automation can transform identity security, including how to implement and manage a large set of conditional access policies for consistent, enforceable control.

This session challenges outdated identity practices and shows how modern, automated identity design can improve both security and operational efficiency. If you want to move from manual processes to a scalable, resilient identity control plane, this session will put you firmly in the driver’s seat.

Take-aways:
Learn how devices define trust and security boundaries.
Enforce phishing-resistant authentication across all device types.
Simplify Intune using device tags and filters.
Automate conditional access for consistent identity control.