Join Jay Gundotra and me at the M365 Community Conference

Reading Time: 2 minutes

Microsoft 365 Community Conference

Jay Gundotra has invited me on stage of the Microsoft 365 Community Conference to present on Entra and Microsoft 365 Governance solutions. As the virtual Product Owner for ENow App Governance, I'm joining him, and of course I'm inviting you all to join me for this session.

 

About the M365 Community Conference

The Microsoft 365 Community Conference is a premier event focused on Microsoft 365 and delivers an unusually dense concentration of Microsoft-led training that would otherwise require multiple courses, consultants, or extended trial-and-error.

The Conference offers over 200 sessions across IT, security, data, development, and business roles, of which over 110 sessions led by Microsoft engineers and leaders and over 150 Microsoft product makers on-site. The Microsoft 365 Community Conference also offers 21 full-day, hands-on workshops (pre- and post-conference).

The 2026 Microsoft 365 Community Conference takes place at Loews Sapphire Falls and Loews Royal Pacific Resorts in Orlando from Sunday April 19th, 2026, to Friday April 24th, 2026.

 

About our session

Jay Gundotra (Technical Founder and CEO of ENow Software) and I present a 45-minute session on:

Top 5 Challenges Managing Microsoft 365, Copilot and Entra ID, and What to Fix First

Wednesday April 22nd, 2026, 1:30 PM – 2:15 PM, Room Banda Sea 1

As Microsoft 365 evolves, many IT teams discover that managing the platform has become significantly more complex. Collaboration sprawl, evolving permissions, expanding Entra ID application ecosystems, and the introduction of Microsoft Copilot place new operational demands on admins who must balance governance, security, cost control, and AI readiness simultaneously.

Our session explores the Top 5 operational challenges that Modern Workplace leaders face when managing Microsoft 365, Copilot, and Entra ID today, and why these issues appear across organizations regardless of size or industry. Our session breaks down the technical patterns driving governance drift, reactive troubleshooting, and visibility gaps across Teams, SharePoint, OneDrive, identity, and licensing.

You will learn how platform growth, identity expansion, and AI adoption reshape admin responsibilities, and how to regain operational control without slowing collaboration or innovation. We include practical administrative checks to help identify oversharing risks, unowned enterprise applications, and licensing inefficiencies. You'll leave with a clear framework for moving from reactive management toward proactive operational maturity, along with actionable steps you can begin applying immediately.

 

Join us!

Register for the Microsoft 365 Community Conference to join us!

Posted on April 5, 2026 by Sander Berkouwer in Community, Entra ID, Microsoft 365, Microsoft MVP, Personal

0  

Sean Deuby interviews us on Entra app sprawl for Episode 91 of the HIP Podcast

Reading Time: < 1 minute

Hybrid Identity Protection Podcast Episode 91

Raymond Comvalius and I featured in an interview with Sean Deuby, Principal Technologist Americas at Semperis, for the Hybrid Identity Protection Podcast on Entra app sprawl.

 

About the Hybrid Identity Protection Podcast

The Hybrid Identity Protection (HIP) Podcast is the premier podcast for cybersecurity pros charged with defending hybrid identity environments from cyberattacks. Hosted by 15-year MVP alumnus Sean Deuby, the podcast includes conversations with global identity experts who share their strategic visions and practical guidelines for securing Active Directory and Entra ID, preventing and remediating identity-based attacks, and recovering from identity system attacks.

I also featured in an episodes on Choosing the right authentication method and an episode on Getting rid of AD FS.

 

About our interview

In this episode of the HIP Podcast, we explore a growing blind spot in cloud security: application governance. As organizations adopt more cloud apps and integrations, identity platforms like Microsoft Entra ID often accumulate hundreds of application registrations with little oversight. We explain why governance so often falls behind adoption, share practical steps organizations can take to regain control, and discuss the next frontier of identity.

 

Watch it

You can watch this episode of the HIP Podcast on YouTube:

 

 

 

 

Listen to it

You can also listen to this episode of the HIP Podcast on Spotify:

Posted on March 31, 2026 by Sander Berkouwer in Community, Entra ID, Microsoft MVP

0  

Entra Connect Sync 2.6.3.0 addresses an issue where auto-upgrade would halt synchronization

Reading Time: 2 minutes

Microsoft Entra

Microsoft Entra Connect Sync version v2.6.3.0 addresses an issue where auto-upgrade would halt synchronization.

 

What's Fixed

Microsoft addressed a known issue in Entra Connect Sync v2.5.190.0 and v2.6.1.0, where the Automatic Upgrades feature could stop Entra Connect Sync from synchronizing unexpectedly with the following error:

System.IO.FileLoadException: Could not load file or assembly 'System.Diagnostics.DiagnosticSource, Version=6.0.0.1' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)

From Entra Connect Sync v2.6.3.0 onwards, auto-upgrade now detects modifications to the miiserver.exe.config and miisclient.exe.config configuration files and skips automatic upgrade on these installations.

If admins manually upgrade and previously modified these configuration files, based on earlier guidance to support Password Hash Synchronization (PHS) in FIPS enabled environments as a workaround, they might encounter installation failures.

 

Version information

Version 2.6.3.0 of Entra Connect Sync (previously known as Azure AD Connect Sync) was made available for download on March 10th, 2026.

Admins can download the latest version of Entra Connect Sync from the Entra admin center.

Superseded versions

Past versions of Microsoft Entra Connect Sync 2.x are retired 12 months from the date they are superseded by a newer version. With the release of Entra Connect Sync v2.6.3.0, support for Entra Connect Sync version 2.6.1.0 stops on March 10th, 2027.

Support for Entra Connect Sync v2.4.27.0 and earlier versions of Entra Connect Sync has already stopped.

If you run a retired version of Microsoft Entra Connect, it might unexpectedly stop working.

Posted on March 12, 2026 by Sander Berkouwer in Entra Connect, What's New

0  

Join us for the upcoming Dutch Microsoft Entra Community Meetup

Reading Time: 2 minutes

Dutch Microsoft Entra Community

The Dutch Microsoft Entra Community, run by fellow MVPs Pim Jacobs, Jan Bakker and Michel van Vliet and Microsoft senior product manager Stefan van der Wiele has been gaining significant traction since its inaugural meetup on February 1st, 2024. For its upcoming meetup, Raymond and I were asked to co-present one of our favorite sessions.

 

About the Dutch Microsoft Entra Community

The Dutch Microsoft Entra Community (DMECnl) focuses on organizing meetups around Microsoft Entra technologies throughout the Netherlands. The purpose of these meetups is to share knowledge and experiences on Microsoft Entra, including Entra ID, Entra ID Governance, Entra Permission Management, Entra Verified ID, Entra External ID, Entra Internet Access, and Entra Private Access.

Sessions during the meetup will primarily be hosted in Dutch, with the exception of foreign guest speakers.

 

About the March 19th, 2026, meetup

The Dutch Microsoft Entra Community organizes their upcoming meetup on March 19th, 2026. This meetup is sponsored by Interstellar and hosted by them in their Delft office. Starting at 5 PM dinner will be served. Jan, Pim and Stefan kick off their community at 6 PM with a welcome and a quick overview on what's new in Entra in the past three months.

At 6:20 PM, Tim Wolf of Semperis fame takes the stage to talk for 60 minutes about securing Active Directory. After a short break, Raymond and I take the stage for another 60-minute session.

At 8:40 PM, drinks are served.

 

About our session

We’ll present a 60-minute session on:

Entra ID Applications and Agents: Five Do’s and Don’ts

Thursday March 19th 2026, 7:40 PM – 8:40 PM

Microsoft offers application and agent integration features in Entra. Just like every other feature in Entra, management, governance, and security for applications and agents require a certain level of attention.

Unfortunately, application governance and agents are not part of the official Microsoft curriculum. For most Entra admins this is a huge and potentially dangerous blind spot. In this session, we provide better optics around the situation and our real-world insights, as experienced with Entra ID application and agents.

We sprinkle valuable tips and tricks throughout this session, specifically designed to keep Microsoft Entra applications and agents in check, making this is a MUST attend session for all Entra admins!

 

Join us!

The March 19th, 2026, Dutch Microsoft Entra Community Meetup is a free event.
Register today to secure your seat.

Posted on March 5, 2026 by Sander Berkouwer in Community, Entra ID, Microsoft MVP, Personal

0  

Entra Connect Sync 2.6.1.0 improves on application-based authentication

Reading Time: 2 minutes

Microsoft Entra

Microsoft Entra Connect Sync version v2.6.1.0 builds on the application-based authentication feature.

 

What's New

Entra Connect Sync v2.6.1.0 offers three application-based authentication improvements and two other improvements:

Enhanced application-based authentication logging is now available

Starting with Entra Connect Sync v2.6.1.0, enhanced application-based authentication logging is available in the Windows Event logs and trace logs to help diagnose authentication failures.

Application-based authentication gets borked when Sync Service Manager is used

Microsoft addressed an issue where using the Synchronization Service Manager UI to modify the Microsoft Entra ID Connector configuration deleted application-based authentication parameters, causing the configuration wizard and certificate rotation failures. Microsoft recommends not using the Synchronization Service Manager UI in older versions of Entra Connect Sync.

Application-based authentication certificate renewal starts at 70% of 90 days

The default certificate lifetime for certificates managed by Entra Connect is now 90 days. The certificate renewal threshold has been updated to use percentage-based lifetime consumption (70%) instead of a fixed 30-day window. The certificate renewal process will now attempt to renew after 70% of the lifetime has elapsed instead of fixed 30 day intervals.

Staging Mode configuration fails when Password Writeback is disabled

Microsoft addressed an issue where Staging Mode configuration failed when the Password Writeback Service is disabled or deleted from the Entra ID tenant.

Accessibility improvements

Microsoft addressed two Accessibility issues:

  • Microsoft addressed an accessibility issue in the Connect wizard where help icons were announced incorrectly by screen readers, causing the full multi-line help text to be read as the control name. The help control now exposes the correct name and role, providing a better experience.
  • Microsoft addressed a keyboard accessibility issue where a hyperlink inside a help popup was not reachable using keyboard navigation. The link is now accessible using the keyboard alone.

 

Version information

Version 2.6.1.0 of Entra Connect Sync (previously known as Azure AD Connect Sync) was made available for download on February 2nd, 2026.

Admins can download the latest version of Entra Connect Sync from the Entra admin center.

Superseded versions

Past versions of Microsoft Entra Connect Sync 2.x are retired 12 months from the date they are superseded by a newer version. With the release of Entra Connect Sync v2.6.1.0, support for Entra Connect Sync version 2.5.190.0 stops on February 2nd, 2027.

Support for Entra Connect Sync v2.4.27.0 and earlier versions of Entra Connect Sync has already stopped.

If you run a retired version of Microsoft Entra Connect, it might unexpectedly stop working.

Posted on February 5, 2026 by Sander Berkouwer in Entra Connect, What's New

0  

Join us at the Hybrid Identity Protection Conference Europe 2026

Reading Time: 2 minutes

Hybrid Identity Protection Conference Frankfurt 2026

Following the Hybrid Identity Protection Conference in Charleston, South Carolina in November last year, I will be presenting an updated session on Enterprise Applications and Application Registrations in Microsoft Entra on the very first European Hybrid Identity Protection Conference… and that's not all: This time, Raymond Comvalius is joining me on stage to deliver our 5 do's and don'ts!

 

About the Hybrid Identity Protection Conference

The Hybrid Identity Protection Conference (HIPConf) is Semperis Inc.’s event in the spirit of The Expert Conference (TEC) to bring together the leading experts in the field of Identity and Access Management. Attendees are able to meet face-to-face with the leading experts of their field, acquire in-depth technical knowledge, and be exposed to the latest innovation.

The 2026 Hybrid Identity Protection Conference season kicks off with HIPConf Europe at the Westin Grand in Frankfurt, Germany, on Tuesday February 10th, 2026.

 

About our session

Raymond and I present a 45-minute session on:

Entra ID Applications: 5 Dos & Don’ts to Protect Your Blind Spot

Tuesday February 10th, 2026, 2:50 PM – 3:30 PM CET

Microsoft offers application-integration features in Entra for single-tenant applications, multi-tenant applications, and workload identities.

As with every other Entra feature, application management, governance, and security require a certain level of attention. Unfortunately, application governance is not part of the official Microsoft curriculum, Entra SKUs, or IAM solutions. Entra admins: Don’t be blindsided!

Get real-world insights into the inevitable parallels in application integration between Active Directory and Entra and learn valuable tips and tricks for keeping Microsoft Entra enterprise applications and application registrations in check.

 

Join us!

Register for Hybrid Identity Protection Conference Europe 2026.

The 2026 European Hybrid Identity Protection Conference uses AccelEvents as the delivery platform. By registering you confirm you intend to interact with and disclose personal information to Semperis and AccelEvents.

Posted on January 30, 2026 by Sander Berkouwer in Community, Entra ID, Microsoft MVP

0  

A Practical Approach to Monitoring the Entra Provisioning Service

Reading Time: 3 minutes

Microsoft Entra

Organizations who choose to leverage Entra's identity governance and administration (IGA) capabilities – in stead of the more mainstream SailPoint and Saviynt solutions, but perhaps as a logical successor to Microsoft Identity Manager – may notice that the Entra Provisioning Service lacks a service level agreement (SLA) and is missing from Microsoft's Status dashboard. As this service is the cornerstone to these IGA implementations, being aware of its non-availability is key.

 

About the Entra Provisioning Service

The Entra Provisioning Service offers automatic provisioning and deprovisioning for user objects and roles in Entra applications. This way, it supports these Joiner, Mover and Leaver (JML) flows using System for Cross-Domain Identity Management (SCIM) 2.0. When an application is configured for on-premises provisioning, the Entra Provisioning Service works together with the Entra Provisioning Agent to have SCIM 2.0 packets delivered to the SCIM 2.0 endpoints of on-premises applications.

 

About the Entra SLA

The Service Level Agreements (SLA) documents describe Microsoft’s commitments for uptime and connectivity for Microsoft Online Services. The agreement covers Microsoft Entra. However, its 99,99% availability currently only applies to times when users are unable to log in to the Microsoft Entra ID service, or Microsoft Entra ID fails to successfully emit the authentication and authorization tokens required for users to log into applications connected to the service. Basically, its scope is authentication and token issuance. Azure AD B2C and Entra Domain Services also have SLAs, but the Entra Provisioning Service falls squarely out of scope. Its SLA is non-existent.

 

About the Azure Status dashboard

Microsoft's Status dashboard provides an overview of the availability of Microsoft services per geographical region. It features Identity services, like Entra ID, Azure AD B2C, Azure AD Domain Services, Global Secure Access and Multi-Factor Authentication, but lacks a status for the Entra Provisioning Service.

 

The challenge with monitoring the Entra Provisioning Service

Based on the above information, Microsoft does not provide any guarantees or insights around the availability of the Entra Provisioning Service. It makes it chellenging for organizations to adopt the functionality as it may constitute a liability in an organization's information security operations.

When confronted with this challenge at a customer, I devised a way to monitor the availability of the Entra Provisioning Service in an end to end way as this organization utilizes the Entra Provisioning Agent and Azure API Management, too. Now, your organization can use this solution, too.

 

An overview for monitoring

One of the key metrics for the Entra Provisioning Service is that its provisioning cycles run every 40 minutes.

The solution consists of seven building blocks:

  1. An email address for the team responsible for the JML process towards SCIM 2.0-capable applications
  2. A security group in Entra that is exclusively used as the scoping mechanism for monitoring
  3. An Enterprise application in Entra configured for on-premises provisioning. This app is exclusively for monitoring purposes and does not constitute an actual on-premises application, but does (optionally) communicate to a SCIM 2.0 endpoint on the Azure API Management instance. This application should be scoped to the aforementioned security group
  4. The email address configured in the Settings for the monitoring enterprise application to receive notifications and to receive alerts on errors
  5. An Azure function that changes the group membership every 30 minutes for a single monitoring user object for a security group in Entra that is in scope for provisioning to the aforementioned Enterprise application
  6. An Azure function that monitors the Entra Provisioning logs through the Graph API, scoped to the aforementioned Enterprise application, every 20 minutes and sends a notification to the email address when there is no log activity for the past 125 minutes
  7. (optionally) A monitoring rule in Azure API Management on the monitoring endpoint that sends a notification when there is no activity for the past 125 minutes

Posted on January 22, 2026 by Sander Berkouwer in Entra ID, Systems Administration

0  

Join the IT Bro's for Workplace Ninja Connect 2026

Reading Time: 2 minutes

Workplace Ninja's NL Connect 2026

Raymond and I have been invited as speakers for the upcoming Connect event, organized by the Workplace Ninja's User Group the Netherlands, on February 4th, 2026, at the Van der Valk Hotel in Gorinchem, the Netherlands.

 

About Workplace Ninja's Connect

Workplace Ninja's Connect brings IT professionals, decision-makers, and community experts together to learn, share, and connect around the latest developments in Workplace Technologies. Whether you are looking for deep technical insights, strategic guidance, or inspiration from peers, this event is designed to help you take the next step in modern workplace and security.

 

About our session

Raymond and I present a 60-minute session on:

Entra ID Applications: Five Do’s and Don’ts for this potential blind spot

Wednesday February 4th, 2026, Room Vue 6, 4 PM – 5 PM CET

Microsoft offers application integration features in Entra for single-tenant applications, multi-tenant applications and workload identities. Just like every other feature in Entra, management, governance, and security for applications require a certain level of attention.

Unfortunately, application governance is not part of the official Microsoft curriculum, nor any of the Microsoft Entra SKUs or IAM solutions. For most Entra admins this is a huge and potentially dangerous blind spot. In this session, we provide better optics around the situation and our real-world insights, as experienced with Entra ID application governance.

we'll sprinkle valuable tips and tricks throughout the session, specifically designed to keep Microsoft Entra Enterprise Applications and Application Registrations in check, making this is a MUST attend session for all Entra admins!

 

Join us!

Although the event is sponsored, due to the high costs involved, the Workplace Ninja's are unable to offer this event free of charge. A small participation fee helps cover part of the catering (coffee, lunch, and refreshments) throughout the day.

Get one of the last available tickets here.

Posted on January 21, 2026 by Sander Berkouwer in Community, Entra ID, Microsoft MVP

0  

Watch our discussion on the 'Sentinels Talk Show' and learn essential Entra ID security

Reading Time: < 1 minute

Sentinels Talk Show

A few weeks ago, Raymond Comvalius and I joined Erdal Ozkaya on the Sentinels Talk Show to talk about the Entra ID Security. This 45-minute discussion is now available on-demand:

 

With 50 years of combined Microsoft MVP experience, Raymond and I pull no punches in this unfiltered conversation essential for every CISO, CIO, and IT Pro managing Microsoft cloud environments. We discuss:

  • The Passwordless Paradox: Why the move to FIDO2 fails and how to fix it.
  • Entra ID Mistakes: The most dangerous configuration errors organizations are making right now.
  • AI in Identity: How Security Copilot and AI agents are changing the security game.
  • The CISO's Mandate: The one piece of advice every technology leader needs to hear.
  • Skills to Stay Relevant: What IT Pros should be learning today to thrive tomorrow.

This is a strategic injection of expertise you can’t afford to miss.. and it's available for free.

Posted on January 19, 2026 by Sander Berkouwer in Community, Entra ID, Uncategorized

0  

The video of managing Active Directory like it's 2003 is now vailable on demand

Reading Time: 2 minutes

IT GRC Forum - Empowering the GRC community

On October 15th, 2025, Darryl Baker, senior solutions architect at Netwrix, and I presented a webinar titled 'Managing Active Directory Like It’s 2003 Leaves You Exposed in 2025' with the IT GRC Forum.

Active Directory and Windows Server have evolved significantly, but many organizations still rely on outdated management practices. Since Microsoft enhanced replication and security features in Windows Server 2003, Active Directory has gained powerful capabilities that are often underutilized. With Windows Server 2025 now rolling out, maintaining legacy practices increases risk, leaving organizations vulnerable to ransomware and other cyberattacks that target directory services.

 

Watch it now

It is now available on demand after a free registration.

The recording of this webinar provides actionable strategies to modernize Active Directory management and strengthen your security posture. You will learn how to streamline directory management, reduce complexity, detect and remediate common misconfigurations, and implement robust monitoring for suspicious activity. We also cover compliance alignment and governance best practices to ensure your Active Directory environment meets modern security standards.

If you manage Active Directory, this session is essential. Gain practical insights to harden your directory infrastructure, protect against threats, and maintain regulatory compliance. Don’t risk falling behind—modernize your Active Directory management today.

Enjoy!  Thumbs up

 

About IT GRC Forum

The goal of IT GRC Forum is to help industry stakeholders, government regulators, and end-users better understand and manage the increasingly complex Governance, Risk Management and Compliance (GRC) landscape across the organization. IT GRC Forum aims to empower the GRC community by providing the most current educational resources and a user friendly forum for collaboration with peers.

 

About Netwrix

Netwrix empowers information security and governance professionals to reclaim control over sensitive, regulated and business-critical data, regardless of where it resides.

Over 10,000 organizations worldwide rely on Netwrix solutions to secure sensitive data, realize the full business value of enterprise content, pass compliance audits with less effort and expense, and increase the productivity of IT teams and knowledge workers. Founded in 2006, Netwrix has earned more than 150 industry awards and been named to both the Inc. 5000 and Deloitte Technology Fast 500 lists of the fastest growing companies in the U.S.

Posted on January 12, 2026 by Sander Berkouwer in Active Directory, Community, Microsoft MVP, Systems Administration

0