Entra.Chat

Service principals worked for static apps, but AI agents are different—they make autonomous decisions using LLMs and require a new approach to identity and security.
In this episode of Entra Chat, Padma Parthasarathy, Product Manager for Microsoft Entra Agent Registry, explains why Microsoft created Entra Agent Registry and Agent ID, and how they provide identity, governance, and security for AI agents.
We cover agent collections, discovery policies, integration with identity protection, and how custom security attributes automate AI agent governance at scale. You’ll also see how agents discover other agents by skills, how global and quarantine collections control visibility, and why these capabilities are critical for enterprise AI security.
This is a must-watch (listen) for identity, security, and platform architects preparing for AI at scale.
Subscribe with your favorite podcast player or watch on YouTube 👇

About Padma
With close to 20 years of experience in Identity, Security, and enterprise platforms, Padma Prasad Parthasarathy currently leads product and architecture for Security for AI and Agent Identity at Microsoft. He has built and scaled IAM and Zero Trust solutions across some of the world’s largest organizations, bridging deep technical expertise with real-world product impact.
LinkedIn - https://www.linkedin.com/in/padmaprasadp/
🔗 Related Links
* What is the Microsoft Entra Agent Registry? - https://learn.microsoft.com/en-us/entra/agent-id/identity-platform/what-is-agent-registry
📗 Chapters
00:00 Intro
02:14 The Rise of Digital Workers
07:13 Static Apps vs. AI Agents
12:43 Introducing Entra Agent Registry
17:28 Agent ID vs. Registry
24:08 How Agents Collaborate
30:29 Emerging Agent Standards
35:24 Understanding Agent Collections
42:05 Managing Risky Agents
46:01 Automating Agent Security
Podcast Apps
🎙️ Entra.Chat - https://entra.chat
🎧 Apple Podcast → https://entra.chat/apple
📺 YouTube → https://entra.chat/youtube
📺 Spotify → https://entra.chat/spotify
🎧 Overcast → https://entra.chat/overcast
🎧 Pocketcast → https://entra.chat/pocketcast
🎧 Others → https://entra.chat/rss
Merill’s socials
📺 YouTube → youtube.com/@merillx
👔 LinkedIn → linkedin.com/in/merill
🐤 Twitter → twitter.com/merill
🕺 TikTok → tiktok.com/@merillf
🦋 Bluesky → bsky.app/profile/merill.net
🐘 Mastodon → infosec.exchange/@merill
🧵 Threads → threads.net/@merillf
🤖 GitHub → github.com/merill


Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe

In this episode, I’m joined by Christopher Brumm from glueckkanja to discuss real-world experiences deploying Microsoft Entra Global Secure Access (GSA).We go beyond the docs to talk about actual customer rollouts, scaling challenges, retiring VPNs, and what teams often underestimate when moving to Zero Trust Network Access.
Subscribe with your favorite podcast player or watch on YouTube 👇

About Christopher Brumm
Christopher Brumm is a Cyber Security Architect at glueckkanja AG in Germany. With more than 15 years of experience in IT security, Chris brings deep expertise and hands-on knowledge across the Microsoft Security portfolio and beyond. His career journey spans from network and data center technologies to Active Directory and Entra ID, with a strong focus on identity security.
As a Microsoft MVP and CISSP, Chris is an active voice in the security community, regularly speaking at events and sharing insights through blog posts on identity and security topics. His latest passion is Global Secure Access, where identity, security, and networking converge to deliver a holistic Zero Trust approach.
* LinkedIn - https://www.linkedin.com/in/christopherbrumm
🔗 Related Links
* Blog - https://chris-brumm.com
📗 Chapters
04:46 Proof of Concept vs Pilot
12:19 Deployment Strategy: The Blue Pill Approach
16:03 Solving Performance with Intelligent Local Access
17:49 Navigating Networking Challenges
25:14 The Hardest Part: Shutting Down Legacy VPNs
27:38 Handling External Access and BYOD
32:15 B2B Features and Tenant Switching
46:05 Why You Need the Microsoft 365 Profile
50:49 The Ultimate Admin Workstation Security
Podcast Apps
🎙️ Entra.Chat - https://entra.chat
🎧 Apple Podcast → https://entra.chat/apple
📺 YouTube → https://entra.chat/youtube
📺 Spotify → https://entra.chat/spotify
🎧 Overcast → https://entra.chat/overcast
🎧 Pocketcast → https://entra.chat/pocketcast
🎧 Others → https://entra.chat/rss
Merill’s socials
📺 YouTube → youtube.com/@merillx
👔 LinkedIn → linkedin.com/in/merill
🐤 Twitter → twitter.com/merill
🕺 TikTok → tiktok.com/@merillf
🦋 Bluesky → bsky.app/profile/merill.net
🐘 Mastodon → infosec.exchange/@merill
🧵 Threads → threads.net/@merillf
🤖 GitHub → github.com/merill


Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe

Nicolas Blank, Founder of NBConsult and a 20-year Microsoft MVP, joins the show to dismantle the complexity around Zero Trust.Most Zero Trust conversations fail because they start with technology. Nicolas flips the script by using powerful everyday analogies (locking your car, protecting your newborn) to land the three core principles with executives.
Essential watching for anyone implementing Zero Trust, securing Microsoft 365/Entra ID, or needing leadership support in 2026.
Subscribe with your favorite podcast player or watch on YouTube 👇

About Nicholas Blank
Nicolas is the founder, as well an architect, author and speaker focused on Office 365 and Azure at NBConsult in South Africa, England and Hong Kong. Nicolas is a Microsoft Certified Master, Dual Microsoft MVP - Microsoft Office Apps and Services, Microsoft Azure since March 2007.​
Nicolas has co-authored the Microsoft Zero Trust Adoption Framework https://aka.ms/zero-trust-adopt, published by Microsoft; “Microsoft Exchange Server 2013: Design, Deploy and Deliver an Enterprise Messaging Solution”, published by Sybex and available on Amazon; as well as authoring “Azure Site Recovery: IaaS Migration and Disaster Recovery”, published by Pluralsight.
Nicolas can be found on LinkedIn: https://www.linkedin.com/in/nicolasblank/
Or via his Company Website:​ https://www.nbconsult.co
🔗 Related Links
* Microsoft Zero Trust Workshop - https://aka.ms/ztworkshop
* Zero Trust Adoption Framework - https://aka.ms/zero-trust-adopt
* Microsoft Digital Defense Report - http://aka.ms/mddr
📗 Chapters
01:52 The Why Behind Zero Trust
04:17 The Baby Analogy: Explaining Least Privilege
07:41 Debunking Security Myths
11:43 Assume Breach vs Being Secure
15:28 Getting Stakeholder Buy-in
20:24 The Immune System Approach
21:45 Ruining Attacker ROI 25:50 The
96% Statistic You Can’t Ignore
33:24 Where to Start: Practical Tools
37:54 The Zero Trust Adoption Framework
Podcast Apps
🎙️ Entra.Chat - https://entra.chat
🎧 Apple Podcast → https://entra.chat/apple
📺 YouTube → https://entra.chat/youtube
📺 Spotify → https://entra.chat/spotify
🎧 Overcast → https://entra.chat/overcast
🎧 Pocketcast → https://entra.chat/pocketcast
🎧 Others → https://entra.chat/rss
Merill’s socials
📺 YouTube → youtube.com/@merillx
👔 LinkedIn → linkedin.com/in/merill
🐤 Twitter → twitter.com/merill
🕺 TikTok → tiktok.com/@merillf
🦋 Bluesky → bsky.app/profile/merill.net
🐘 Mastodon → infosec.exchange/@merill
🧵 Threads → threads.net/@merillf
🤖 GitHub → github.com/merill


Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe

Is the traditional VPN dead? In the latest episode of Entra Chat, we dive deep Microsoft Entra Global Secure Access (GSA).Joined by Karen Simmel from the GSA product team and Thomas from the Entra CXE Architecture team, we explore how Microsoft is bridging the gap between identity and network security.The Shift from VPN to SASEThe "good old days" of spinning up firewalls and DMZs are fading. Traditional controls are often too coarse-grained and lack identity awareness. As Thomas explains, the COVID-19 pandemic accelerated the need for change when traditional VPN gateways physically couldn't handle the load of remote workforces.This has paved the way for SASE (Secure Access Service Edge) and SSE (Security Service Edge), which move security controls to the cloud at hyperscale.What is Global Secure Access?The team breaks down the confusing terminology to help you understand the core products:* Microsoft Entra Private Access: This is the ZTNA (Zero Trust Network Access) solution, replacing the classic VPN for accessing on-prem and private resources.* Microsoft Entra Internet Access: This acts as a Secure Web Gateway (SWG), protecting outbound access to SaaS apps and the internet with URL filtering and DLP controls.* Microsoft Entra Suite: A bundle that combines these network capabilities with Verified ID, Identity Governance, and Identity Protection for a comprehensive solution.The "Secret Sauce"Why choose Microsoft's solution? The differentiator is that GSA isn't just integrated with the Identity Provider (IdP)—it *is* part of the IdP.This deep integration allows for near real-time security. For example, if a user's device is compromised, the SOC team can revoke the token, and Entra can immediately terminate the network tunnel or prompt for step-up authentication. It brings the power of Conditional Access directly to network traffic.Better Performance, Better PrivacyContrary to the belief that security slows things down, GSA often improves performance. By leveraging Microsoft's massive global private fiber network, traffic is intelligently routed to the closest point of presence rather than being backhauled to a headquarters.From a privacy standpoint, admins have granular control. You decide what traffic is tunneled and inspected, ensuring you can meet compliance requirements (like those in the EU) without over-monitoring employee activity.Ready to Deploy?Deployment doesn't have to take months. Some customers are getting up and running with a Proof of Concept (PoC) in a single day. Whether you use the client-based agent or need client-less access for contractors, Microsoft provides detailed deployment plans to guide you.
Subscribe with your favorite podcast player or watch on YouTube 👇

About the Guests
Keren SemelKeren leads visibility and data insights for the Global Secure Access product group. Based in Tel Aviv, she brings deep experience from the SASE/SSE market to Microsoft.
LinkedIn: https://www.linkedin.com/in/keren-semel-4876383/Thomas Detzner Thomas is a lead architect in the Entra CxE team, specializing in Global Secure Access and Zero Trust. A former network engineer based near Munich, he helps organizations bridge the gap between traditional networking and modern identity security.
LinkedIn: https://www.linkedin.com/in/thomasdetzner/
🔗 Related Links
* Microsoft Global Secure Access Documentation - https://learn.microsoft.com/en-us/entra/global-secure-access/
* Zero Trust Workshop - https://aka.ms/ztworkshop
📗 Chapters
00:00 Intro
05:17 The Limitations of Legacy VPNs
12:49 SASE vs SSE vs ZTNA Explained
21:26 The Identity-Network Secret Sauce
29:42 Unpacking Entra Suite
33:20 Microsoft’s Global Network Architecture
38:19 Client and Clientless Connectivity
41:26 Deployment and POC Process
45:31 Migrating from Zscaler to GSA
47:15 Privacy and Compliance Controls
Podcast Apps
🎧 Apple Podcast → https://entra.chat/apple
📺 YouTube → https://entra.chat/youtube
📺 Spotify → https://entra.chat/spotify
🎧 Overcast → https://entra.chat/overcast
🎧 Pocketcast → https://entra.chat/pocketcast
🎧 Others → https://entra.chat/rss
Merill’s socials
📺 YouTube → youtube.com/@merillx
👔 LinkedIn → linkedin.com/in/merill
🐤 Twitter → twitter.com/merill
🕺 TikTok → tiktok.com/@merillf
🦋 Bluesky → bsky.app/profile/merill.net
🐘 Mastodon → infosec.exchange/@merill
🧵 Threads → threads.net/@merillf
🤖 GitHub → github.com/merill


Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe

Louis Mastelinck, a Microsoft MVP and Security Consultant at Proximus NXT, joins me to discuss the critical journey of moving organizations away from SMS-based MFA.
We deep dive into a practical strategy for migrating users to the Authenticator app, starting with “stopping the bleed” and managing user groups. We also explore a significant security blind spot regarding Email OTP for SharePoint guest access and how to resolve it.
Finally, we debate the future of authentication with device-bound versus synced Passkeys and how to defend against downgrade attacks.
Subscribe with your favorite podcast player or watch on YouTube 👇

About Louis Mastelinck
Louis Mastelinck is a Security Consultant at Proximus NXT and a recognized Microsoft MVP based in Belgium. Specializing in Incident Response and the full Microsoft Security stack (including MDE, MDO, Sentinel, and Identity Management), he is dedicated to neutralizing threats and securing digital environments. A GCFA-certified professional, Louis is known for his deep technical expertise in areas like Conditional Access and authentication methods.
LinkedIn - https://www.linkedin.com/in/louismastelinck/
🔗 Related Links
* Microsoft: Hang up on SMS - http://aka.ms/hangup
📗 Chapters
00:00 Intro
00:52 Props and PIM
01:41 The Dangers of SMS MFA
04:51 Strategy: Stopping the Bleed
10:06 Migrating Existing Users off SMS
19:20 Impact on Self-Service Password Reset
22:39 The SharePoint Email OTP Security Gap
25:13 Enabling Entra B2B Integration
34:28 Passkeys: Device-Bound vs Synced
44:40 Defending Against MFA Downgrade Attacks
Podcast Apps
🎙️ Entra.Chat - https://entra.chat
🎧 Apple Podcast → https://entra.chat/apple
📺 YouTube → https://entra.chat/youtube
📺 Spotify → https://entra.chat/spotify
🎧 Overcast → https://entra.chat/overcast
🎧 Pocketcast → https://entra.chat/pocketcast
🎧 Others → https://entra.chat/rss
Merill’s socials
📺 YouTube → youtube.com/@merillx
👔 LinkedIn → linkedin.com/in/merill
🐤 Twitter → twitter.com/merill
🕺 TikTok → tiktok.com/@merillf
🦋 Bluesky → bsky.app/profile/merill.net
🐘 Mastodon → infosec.exchange/@merill
🧵 Threads → threads.net/@merillf
🤖 GitHub → github.com/merill


Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe