Richard Tinker

Wow, this is so cool 😍! Jukka Niiranen just shared this infographic he generated based of the Entra Chat podcast episode with @WelkasWorld and @DanielatOCN entra.news/p/microsoft-is…

Microsoft is auto-enabling passkeys in March 2026. No opt-in required. If you don’t configure it first… your tenant gets the defaults. I sat down with Microsofty Security MVPs @DanielatOCN and @WelkasWorld. We break down: 1️⃣ Passkey Profiles Are Becoming the Default → Starting March 2026: → Passkey profiles will be auto-enabled → Tenants that haven’t configured profiles will be migrated → Registration campaigns will shift from Authenticator-first to passkey-first 2️⃣ Source of Authority Conversion Is Finally GA For years, admins used messy delete-and-restore hacks to convert synced users to cloud-only. → Now it’s officially supported. → You can convert individual users from on-premises authority to cloud-managed — without breaking hybrid entirely. Why this matters: → Easier M&A transitions → Full access to Entra ID Governance features → Cleaner lifecycle management → Reduced dependency on legacy infrastructure --------------------- Sponsored by: Action1 on.action1.com/entrachat Action1 is a cloud-native patch management platform for Windows, macOS, Linux, and third-party apps — all from one place, no VPN needed. Curious how easy it is to start? You can use it on your first 200 endpoints, for free, forever, with no functional limits. It’s not a disguised free trial. No credit card required, no hidden limits, no tricks. Visit on.action1.com/entrachat and get started today. --------------------- 3️⃣ App Registration Deactivation (A Quietly Powerful Feature) → Microsoft added the ability to deactivate app registrations. → Instead of deleting an app (and losing configuration), you can now: → Immediately stop token issuance → Preserve metadata and permissions → Investigate safely → For incident response scenarios — especially in multi-tenant or MSP environments — this is a big step forward. 4️⃣ Conditional Access Behavior Changes → There’s also a change impacting tenants with Conditional Access policies targeting “All resources” but excluding certain apps. → Previously, certain minimal-scope apps could bypass enforcement under specific conditions. → That loophole is closing. 5️⃣ Sync Security Hardening (Hard Match Protection) → Microsoft is adding additional validation to protect against malicious hard matching scenarios in hybrid environments. → This reduces the risk of identity takeover via manipulated on-prem objects. → It’s automatic — but important to understand if you manage hybrid identity or MSP transitions. Watch the full episode for the deep technical breakdown and real-world implications. entra.news/p/microsoft-is…

The X algorithm is suppressing this post about Farage and Gill.

For those who are interested in the context on why these accounts are necessary, so you avoid enabling an MFA method that defeats the purpose of these accounts, a little trip down a painful memory lane for many of us can provide some context. There was a major Microsoft MFA outage in the fall of 2019, lasting for 2.5 hours and primarily affecting users in North America. There was a 14-hour outage about 12 months prior. Microsoft started recommending breakglass accounts after the first outage so that Admins could use these accounts to go in and disable MFA temporarily if they needed to restore service during an outage. So while it may be safe to use a FIDO2 key, it is not clear if this would bypass the root causes of what led to the prior two outages. Perhaps someone from Microsoft product engineering could provide guidance here. @maryjofoley covered both outages here: zdnet.com/article/multif…

Good overview of hardware security keys.

Excellent post on common useful CA policies.

Today we remember the great Jim Smith and some of our finest moments under his management on what would have been his 83rd birthday 🦅🖤🤍 #DCFC

Just got refused by two taxi drivers at Sydney airport cos I wanted to go somewhere nearby. First guy even told me to order an Uber. I had to withdraw cash and offer to pay a third guy extra to take me. Is this normal? Or legal?

I’m the latest Microsoft Digital Defence Report one crucial point stands out: the vast majority of successful cyberattacks could be thwarted by implementing a few fundamental security hygiene practices.

We're a public company on @Nasdaq! 🎉 As we celebrate this exciting milestone, we'd like to thank you - our people, partners and the developer ecosystem - for supporting Arm's journey so far. Here's to the future of computing built #onArm: bit.ly/3RmInfk

Germany’s women’s national team have published a message on Instagram to express support for the Spanish players and Jenni Hermoso 🇩🇪🤝🇪🇸 #Rubiales

WARNING: Nice Football Tweet - short thread In between not posting, I coach boys football. Last night, a 9yo girl rocks up to club training with Sam Kerr’s number drawn on (inspired by World Cup, never played before). Now these boys….

Malaga fans were so annoyed at the club not making a Summer signing that they picked a random person at the airport to greet as a new player… 😂

The Japanese multiplication method makes everybody feel "I wish they taught math like this in school." It's not just a cute visual tool: it illuminates how and why long multiplication works. Here is the full story.

Drill to improve Speed Dribbling : 🟡Players race with a ball around the goal 🟡They must only shoot when they reach the white cone 🟡Then they sprint to tag in their teammates #soccertraining #footballkids #drill

[New blog post]: "Microsoft #Entra Workload ID - Introduction and Delegated Permissions" 🤖 🔐 In the first part of this blog post series, I will give an overview about workload identity types but also sensitive default & delegated permissions. #AzureAD cloud-architekt.net/entra-workload…

I frequently see vendors and devs asking customers to lower their security posture for their apps to work. What are the crazy asks you've heard from vendors and devs? Here's my maturity rating from worst to best 👇🏾 😱 Ask to create user accounts to be used as 'service accounts' for their apps. 😱 Ask to exclude user 'service' account from CA policies. 😲 Ask to create apps/service principals with password credential. 👍 App uses certificates to authenticate. 👌 App uses managed identities. 🙏 Cross cloud apps using workload federation with cloud native managed identities.

From being 2-0 down to drawing level, England's tenacity in this #Ashes series is a tribute to the beauty of Test cricket. The ability to rebound demonstrates the depth of character and the mental fortitude this format demands. Mother Nature might have denied us a series result, but that didn’t dampen the spirit of this incredible game. A series to remember for a long long time.

And what can I say about @jimmaxcricket. Broadcasting royalty. Always a total pleasure to have you with us on Test Match Special. No-one better to say farewell to the SHIPPING FORECAST @bbctms! #BBCCricket #ASHES