The Zero Trust Zone

What happens when passkeys hit real-world environments?In Episode 5, I’m joined by identity expert and Microsoft MVP Eric Woodruff to break down the practical implications of passkey adoption, the good, the bad, and the unexpected.We talk about:🔹 What passkeys actually solve (and what they don’t)🔹 Lessons learned from early deployments🔹 Challenges, device sync issues, and recovery scenarios🔹 How security teams should prepare for mainstream adoptionThis is a candid, no-fluff conversation packed with useful insights for anyone navigating the shift to passwordless and phishing-resistant authentication.

Active Directory is still at the heart of many organizations, and that makes it a prime target. When it gets compromised, the blast radius can be massive.In this episode of The Zero Trust Zone, we’re joined by legendary Microsoft MVP Jorge de Almeida Pinto, a seasoned expert in incident response and identity recovery, to unpack what really happens when AD goes down.What makes AD so attractive to attackersThe phases of a real-world AD incident responseLessons from the field: what goes wrong, and how to recoverPractical steps to prepare before disaster strikesFor those who know Jorge, we'll - of course - also talk about his legendary script to roll the KRBTGT password, and what the new version holds for us!Whether you manage AD, defend identities, or just want to understand the stakes, this episode is a must-listen!

In this episode of The Zero Trust Zone, we tackle a topic many teams avoid—identity governance—and show why it’s absolutely essential in a Zero Trust world.Joining us is Microsoft MVP and identity expert Jan Vidar Elven, who breaks down how Microsoft Entra Identity Governance can help organizations automate, secure, and streamline access—without drowning in complexity.We discuss:🔹 What identity governance really means🔹 Key components like Lifecycle Workflows, Access Reviews, Entitlement Management, and PIM🔹 Where to start if you’re new to Entra ID Governance🔹 Common pitfalls and best practices from the field🔹 Why governance is critical to both security and complianceIf you’re dealing with access sprawl, compliance pressure, or just want to clean up your Entra tenant—this episode is for you.

Welcome back to The Zero Trust Zone! In this episode, we’re joined by Microsoft MVP and identity security expert Thomas Naunheim to dive deep into a powerful Zero Trust design pattern: the bastion tenant.👉 What is a bastion tenant?👉 Why are more organizations isolating their admin identities into separate, hardened tenants?👉 Is this a must-have security strategy—or just a legacy relic from on-prem Active Directory guidance?We break down what a bastion tenant really is, how it fits into your modern cloud architecture, and whether it's worth implementing in your own environment.For more information on the elements discussed in this episode, make sure to check out the following links:- https://www.entraops.com (https://www.cloud-architekt.net/entraops/)- https://www.glueckkanja.com/en/security/managed-red-tenant (Glueck Kanja)

In this episode of the Zero Trust Zone podcast, host Michael Van Horenbeeck speaks with Rohit Gulati from Microsoft about decentralized identities and their growing importance in cybersecurity. They discuss the principles of decentralized identity, the role of trust systems, and how Microsoft is addressing these challenges with its verified ID solution. The conversation also touches on the need for portable identities, the balance between authorization and authentication, and the future of identity management in a rapidly evolving digital landscape.