Blog

Yes, mostly — and it’s a strong way to explain the shift.

Username & password = the old bouncer

A bouncer who:

• Knows your face (username)
• Lets you in if you whisper the right word (password)

The problem:

• Anyone who learns the word can get in
• You can be tricked into revealing it
• The...

Onevinn's Secure Identity team is growing, and so is the team at the IdGuys!

Our latest addition, Johan Öberg, will introduce himself with an interesting blog post soon. A warm welcome to Johan.

Stay tuned.

Your Entra ID tenant will be affected by an upcoming change announced by Microsoft and currently expected around March/April 2026.

The change depends on your current FIDO2 settings, and it might enable synced passkeys in your tenant automatically.

You can read more details and how to prepare...

If you had told me a month ago that I'd build an assessment framework from scratch - one that would completely replace both Maester and Pester - I would have laughed, said "sure", and gone back to debugging my PowerShell script.

But here we are.

The need for a better way

I've spent a fair...

Not a day to soon, security groups can now be soft-deleted, something that has been around for Office groups for ever.

Recently Microsoft added soft-delete support for Conditional Access poclies, but this is in my mind an even bigger improvement.

If you take a look in any tenant today, you will...

Changing SoA for synced AD groups was recently made available as a public preview feature in Entra ID. In a previous blog post, I demonstrated how this can be used to move your management of these groups to Entra ID from Active...

Until now, once you deleted a Conditional Access policy it was gone forever. You always had the option to disable it or set it to report-only mode but as with so many other things, old policies have a tendency to be kept "just in case" and be forgotten.

Having the option to restore a deleted...

Microsoft has opened a long-awaited door: you can now switch a synced user's Source of Authority (SoA) from AD DS to Microsoft Entra ID without delete/recreate gymnastics. It's designed for "road-to-cloud" programs where you want to retire on-premises user management but keep identities, GUIDs, and...

On lacking feature in Lifecycle Workflows used to be the option to address other people than the user's manager when sending mail.

I usually set up a reminder before a user's end date is about to occure, to make sure that an incorrect end date doesn't offboard a user by accident.

Previously, the...

Entitlement Management has a distinct separation of being an approver or access reviewer, and being able to manage who holds those roles. If you are an approver or reviewer and need to delegate it to other people, temporary or on a permanent basis, you have been dependent on contacting someone with...

If you’ve worked with on-prem Active Directory for a while, you’ve probably seen passwords stored in user attributes and notes, especially for service accounts and shared accounts.

Microsoft Defender for Identity...

The feature to change Source of Authority (SOA) for AD groups synced to Entra ID is currently in public preview. This is very useful for organizations on the their cloud first journey, as it makes it easy to transition existing groups in Active Directory to be managed in Entra ID.

It is especially...

Microsoft Entra ID includes a Self-Service Purchase and Subscription feature that allows users to acquire Microsoft 365 and Power Platform licenses without IT intervention. While this can empower teams to move quickly, it can also lead to unmanaged costs and compliance issues if left unchecked.

In...