Lightnews — Scholar-powered news

Michael Epping

@michaelepping.com

1.6K followers 27 following 22 posts

Senior Product Manager in the Identity and Network Access Division at Microsoft. Opinions are my own.

Posts Media Videos Starter Packs

Michael Epping @michaelepping.com · Feb 4

This month, I'm happy to announce that we've updated the Entra passwordless guide to include instructions on how to use the new Phishing-Resistant Passwordless Workbook we just released! https://aka.ms/PasswordlessWorkbook

Reposted by Michael Epping

Mark Morowczynski @markmorow.com · Dec 17

If you have Apple devices in your environment (you do) and Entra ID, give the #macadmin podcast a listen podcast.macadmins.org/2024/12/17/.... @michaelepping.com and I discuss how you can improve your end user experience and security. Thanks to @tombridge.com & Marcus for having us. #infosec

Michael Epping @michaelepping.com · Dec 5

Got it, makes sense. This is definitely an edge case we plan to address, being able to use a passkey in the Office apps when SSO is not present.

Michael Epping @michaelepping.com · Dec 5

@crh.bsky.social and seconded what Mark said, if there's something in the guide we can make clearer please let me know

Michael Epping @michaelepping.com · Dec 5

@crh.bsky.social totally hear you on the need for this and its something we'll resolve. Broad FIDO coverage on clients has some interesting technical challenges. But if you're using PSSO why do you have users re-authing in Outlook anyways? Generally they should be getting an SSO experience.

Reposted by Michael Epping

Mark Morowczynski @markmorow.com · Dec 4

If you missed JNUC, all sessions are now live. www.youtube.com/playlist?lis.... Check out @michaelepping.com session on how you can use Platform SSO with #JAMF to get that phishing resistant credential for #EntraID. Please deploy this. youtu.be/KepEeeOx99I... #MacAdmins

Michael Epping @michaelepping.com · Nov 27

Today your options are use full MDM rather than MAM controls (auth app can satisfy full MDM compliance checks) or give the users temporary exemptions from the all apps policy that requires MAM

Michael Epping @michaelepping.com · Nov 27

Not sure what you mean by safeguarded, that isn’t a concept we have in CA. MAM and passkeys can coexist on the same device just fine, but if you have an overly broad MAM CA policy then registration can be blocked, since you’re covering the reg endpoint with the overly broad CA policy.

Michael Epping @michaelepping.com · Nov 27

@jeftek.com for visibility

Michael Epping @michaelepping.com · Nov 27

This problem doesn't exist if you are using full MDM compliance as one of the checks instead, Authenticator can satisfy that grant control in CA. But if you are mandating app protection policy then you need to adjust your policy so that this scenario is not in scope.

Michael Epping @michaelepping.com · Nov 27

This experience is expected if you have policies that require app protection policies for all cloud apps. Microsoft Authenticator doesn't support MAM policies, so you are getting the expected outcome, which is users cannot register due to not passing the app protection policy check

Michael Epping @michaelepping.com · Nov 23

Innovative!

Michael Epping @michaelepping.com · Nov 23

I have exactly this problem, always too lazy to dig into it

Michael Epping @michaelepping.com · Nov 23

It’s a little rough on the west coast, but we make it work. Don’t think my wife likes it too much when I tell her we have to go to a bar at 7am though…

Tom Warren @tomwarren.co.uk · Nov 23

I dunno how you Americans can get up at 4AM to watch Premier League games. I was laying in bed with a beer at 5AM today and I don’t think I could do this every week 😜

Michael Epping @michaelepping.com · Nov 22

Correct, assuming these are device-bound passkeys. If they are synced, then the user can recover them through the sync process (on consumer devices, where Windows is adding sync support soon)

Michael Epping @michaelepping.com · Nov 22

Inside the Windows Hello container, which is protected by the TPM

Michael Epping @michaelepping.com · Nov 21

Excellent! That’s what we like to hear!

Reposted by Michael Epping

Jef Kazimer 😶‍🌫️ 🆔 @jeftek.com · Nov 20

I am very excited for the App Discovery capabilities coming. This is a challenge many customers have, not knowing what apps exist that they need to secure! #entra #msignite

Reposted by Michael Epping

Ben K. @benjaminkabak.com · Nov 20

What this means is that despite the bullshit populism the media laps up, Trump is going to make sure airlines don't have to compensate passengers for hours and hours of delays and that flight attendants are worked to the bone. That's what this guy who earns $34 million a year is crying about.

Michael Epping @michaelepping.com · Nov 19

Don’t love this, but I can forgive it if they’d ever release Bloodborne on PC…

Tom Warren @tomwarren.co.uk · Nov 19

Reuters reports that Sony is poised to purchase FromSoftware’s parent company. Buying up Kadokawa would certainly give Sony even more control over anime and manga distribution www.reuters.com/markets/deal...

Exclusive: Sony in talks to buy media powerhouse behind 'Elden Ring', sources say

Sony is in talks to acquire Kadokawa , the Japanese media powerhouse behind the "Elden Ring" game, two sources familiar with the matter said, as the technology giant looks to add to its entertainment portfolio.

www.reuters.com

Michael Epping @michaelepping.com · Nov 18

Happy to help if you’ve got questions!

a man with a beard says hello there in a star wars scene

ALT: a man with a beard says hello there in a star wars scene

media.tenor.com

Michael Epping @michaelepping.com · Nov 13

I did know this!

Michael Epping @michaelepping.com · Nov 11

We also recently recorded an episode of the 425 Show to talk about our new deployment guidance, so check it out to get the latest and greatest info: www.youtube.com/watch?v=5J03...

425 Show | Phishing-Resistant Passwordless Deployment Guide

YouTube video by Microsoft Security Community

www.youtube.com

Michael Epping @michaelepping.com · Nov 11

In case you missed it, back in October we published a brand new guide for deploying phishing-resistant passwordless in your organization with Entra ID: aka.ms/Passwordless... ! This is the outcome of a ton of effort across Microsoft, please use it to begin your journey!

Get started with a phishing-resistant passwordless authentication deployment in Microsoft Entra ID - Microsoft Entra ID

Detailed guidance for planning the prerequisites to deploy passwordless and phishing-resistant authentication for organizations that use Microsoft Entra ID.

Michael Epping @michaelepping.com · Nov 11

Seems like bluesky has really been blowing up since last week, I’ve gotten hundreds of new followers. Guess I’ll have to spend some more time on here! Definitely a lot fewer bots than I’ve gotten used to see on twitter