A new feature has been introduced in Entra: deleted device objects recovery. Similar to what has been there for years with user objects and more recently to group objects, you can now recover delete device objects up to 30 days after deletion. To do so, logon to your Entra tenant and access the Devices\Delete devices […]
Entra – You can now recover deleted device objects (preview) Read More »
With the Secure Boot certificate expiration date fast approaching (June 2026), Microsoft has released a new recommendation in Microsoft Defender to assist assessing the readiness of your environment. Off course, this means devices (either client or server) must be onboarded onto Microsoft Defender, which can be done either with Intune for clients or scripts or
Defender – Assess Secure Boot certificate expiration status Defender Read More »
If you are still relying on on-premises Active Directory for your identity management, especially because you still need to access applications or resources on-premises relying on Windows authentication, you are probably synchronizing your AD with Entra ID. Most likely, you are using Entra Connect Sync to sync your on-premises directory with Entra.
Entra ID – Prepare to migrate from Entra Connect Sync to Entra Cloud Sync Read More »
As you probably already know, you can synchronize users from one Entra ID tenant to another one, simplifying user management when in multiple tenant configuration (see Configure cross-tenant synchronization – Microsoft Entra ID | Microsoft Learn). Until now you could only synchronize user objects between tenants, with the error EntityTypeNotSupported. Well, good news as now
Entra ID – You can now synchronize groups with cross-tenant capability Read More »
As you probably already know, Microsoft has introduce a feature to reduce the number of device restart after updates deployment on Windows, called Hotpatch (see Hotpatch updates | Microsoft Learn). Well, starting May 2026, Hotpatch will now be enabled by default for eligible devices. If your organization is not ready for Hotpatch, Intune administrators can
Intune – Hotpatch will be enabled by default Read More »
Managing identity across multiple tenants is a growing challenge for organizations of all sizes. Mergers, acquisitions, and the rise of shadow IT often lead to a fragmented tenant landscape—creating security and compliance blind spots that attackers are quick to exploit. Even a single poorly secured tenant can put your entire organization at risk. This poses
Entra ID – Manage multi-tenant at scale in security (preview) Read More »
As we rely more and more to Entra ID for authentication and access control, a key requirements is the ability to recover from attacks and/or accidental changes. While there has been few improvements in Entra for quickly recovering (recycle bin for security groups (Entra ID – You can now recover deleted cloud security groups (preview))
Entra ID – You can now backup and recover your Entra tenant (preview) Read More »
If you work in an hybrid environment with Active Directory being synchronized with Entra ID using either Entra ID Connect or Cloud Sync, you probably already the best practice and recommendation to use cloud-based account only when assigning administration privileges. This helps mitigating potential account compromission to be extended to other environment and elevated privileges.
Entra ID – Entra ID Connect/Cloud Sync going to block hard match for privileged roles Read More »
If you are allowing/supporting Bring Your Own Device (BYPO), you may already have experienced unintentional mobile device management (MDM) enrolment for Entra registered devices because end-users does not really understand the prompt (“Allow my organization to manage my device”) they may receive when sign-in on applications. To avoid such unintentional enrollment, Intune now allows administrators
Intune – Block automatic mobile device management enrollment (preview) Read More »
As you know, Microsoft has introduced Secure Boot with Windows 8 (2011) and has become more important with Windows 10 and Windows 11 (this is even a prerequisites). Well, in June 2026 (as announced in November 2025 Secure Boot playbook for certificates expiring in 2026) certificates used by Secure Boot are going to expire. You
Windows – Enable Secure Boot certificate updates Read More »
