Stop Leaving the Door Open: The Entra ID Hardening Checklist Security Experts Actually Use
Microsoft Entra security is evolving and the way organizations think about identity protection needs to evolve with it. In this episode, I’m joined by Sean Metcalf, one of the foremost identity security experts in the industry, whose work has helped shape how many organizations approach securing both Active Directory and Microsoft Entra. Sean shares the hardening steps many teams still overlook, and why advances in AI are making it easier for both defenders and attackers to work faster than ever before. From MFA and application controls to protecting privileged accounts and reducing unnecessary exposure, this conversation offers a practical look at where strong identity security starts and why getting the fundamentals right matters more than ever. About Sean Metcalf Sean Metcalf is the Identity Security Architect at TrustedSec and a renowned expert in Microsoft identity security. He holds the rare Certified Master in Active Directory certification and has spoken at major security conferences including Black Hat, DEF CON, and BlueHat on how to defend cloud and hybrid environments. LinkedIn - / seanmmetcalf 🔗 Related Links Improve Entra ID Security More Quickly - https://adsecurity.org/?p=4825 Microsoft Graph Skill - https://graph.pm 📗 Chapters 00:04:05 AI and the Evolution of Attacks 00:06:42 The Importance of Hardening Fundamentals 00:12:03 Securing Entra ID Quickly 00:16:24 Protecting Tokens with VBS and TPM 00:19:58 Restricting Consent and Guest Users 00:23:40 Managing Rogue Tenants 00:27:36 Cloud Admin Workstation Strategies 00:34:14 Delegated Admin Privileges 00:44:32 The Danger of Application Permissions 00:57:06 Artemis Mission Trivia Podcast Apps 🎙️ Entra.Chat - https://entra.chat 🎧 Apple Podcast → https://entra.chat/apple 📺 YouTube → https://entra.chat/youtube 📺 Spotify → https://entra.chat/spotify 🎧 Overcast → https://entra.chat/overcast 🎧 Pocketcast → https://entra.chat/pocketcast 🎧 Others → https://entra.chat/rss Merill’s socials 📺 YouTube → / @merillx 👔 LinkedIn → linkedin.com/in/merill 🐤 Twitter → twitter.com/merill 🕺 TikTok → tiktok.com/@merillf 🦋 Bluesky → bsky.app/profile/merill.net 🐘 Mastodon → infosec.exchange/@merill 🧵 Threads → threads.net/@merillf 🤖 GitHub → github.com/merill
5 Passkey Rollout Lessons Every Identity Team Should Know
The Skills That Take You From Helpdesk to Head of Security
How to Design Bullet-Proof Conditional Access Policies in Microsoft Entra ID
Secure Boot Certificate Expiry (Windows & Linux)
Finding Every MFA Gap: Testing 250 Million Conditional Access Combinations in Under 20 Minutes
Say Goodbye to Passwords: Passkeys Explained Simply
5 Entra ID Updates You Can’t Afford to Ignore in 2026 (Backup, Governance & Risk Score Exposed)
THESE Apps Are SPYING on You — Shut Them Off NOW!
Attacking AI - Jason Haddix - NDC Security 2026
How to Secure Copilot Agents, Azure DevOps & Defender with Maester 2.1 (Full Breakdown)
Passkeys Explained: Are They Actually Better Than Passwords?
What an ID Governance Consultant Wishes You Knew About Entra
Breaking Identity Barriers: 700 Apps & 30,000 Users in 90 Days | EntraChat with Ben Wolfe
Deep Dive: The New Control Plane for Microsoft Entra Tenant Governance
Your Phone Is Not Listening to You - Truth Is Much Worse
Entra ID Deep Dive: Identity Governance, ECMA Connectors & Modern Provisioning Explained
Polygon U.S. Crypto Hearing | Here's What's at Stake
3 Reasons to Use Entra ID P2
Yes, This All Seems Very Legitimate | NVIDIA's AI Circular Funding
