In this session, we break down the identity threat patterns shaping 2026 and what they reveal about where defenses are failing today. Drawing from real-world breaches, Microsoft advisories, and AppGov telemetry, we show how attackers are abusing OAuth, service principals, legacy permissions, and unattended access paths to persist undetected.

What You’ll Learn

• The top identity attack techniques threat actors are using against Entra ID today

• Why applications and non-human identities are becoming the preferred entry point

• How OAuth abuse, excessive permissions, and ownerless apps enable long-term access

• Which identity controls are breaking down at scale and why

• Early warning signals that indicate elevated identity risk inside your tena

The boundaries of identity are expanding fast. Every new application, automation, and AI agent connected to Microsoft Entra ID represents a new identity and a new risk. With the rise of low-code innovation and Copilot Studio, organizations are facing “agentic sprawl” where every workflow and integration becomes an application that must be governed under Zero Trust.

What You’ll Learn

• How to extend Zero Trust beyond human identities to applications and agents
• Application governance principles your DevOps and DevSecOps teams must adopt
• How low-code tools like Power Platform and Copilot Studio increase risk and how to manage it
• Practical steps for reducing “agentic sprawl” in Entra ID
• Best practices for continuous application governance and security automation

Zero Trust isn’t a product; it’s a principle. As organizations modernize their identity infrastructure in Microsoft Entra ID, many find that traditional approaches no longer scale to today’s hybrid, application-driven environments.  

What You’ll Learn

• How to build Zero Trust resilience through effective identity lifecycle management
• Strategies to isolate and govern Non-Human Identities (service principals, app registrations, automation agents)
• How to apply least privilege to application security in Entra ID
• Techniques to verify explicitly and prepare for breach scenarios
• How unified visibility and automation can accelerate Zero Trust adoption

Microsoft Entra ID powers identity and access across Microsoft 365, but when it comes to third-party and internal app governance, visibility and control are often lacking. In this webinar, you’ll learn how ENow App Governance Accelerator empowers you to:

• Identify risky OAuth and over-permissioned apps in your tenant
• Understand the gaps in Microsoft’s native governance capabilities
• Reduce your Entra ID application attack surface
• Automate app remediation and credential monitoring

Additionally, you will see wins and lessons from an AppGov customer, and an in-depth demo of ENow’s AppGov Accelerator 3.0, including new automated remediation workflow capabilities.

Workload identities, such as service principals and managed identities, are essential for enabling seamless application-to-application communication in Microsoft Entra ID. However, these identities are increasingly targeted by attackers due to their elevated privileges and lack of robust security controls.

This session focuses on the unique risks associated with workload identities, including their susceptibility to credential misuse and excessive permissions. We will also explore the parallels between securing workload identities and interactive user accounts, emphasizing the importance of applying consistent security measures across both.

Misconfigured app permissions in Microsoft Entra ID pose a significant security risk, enabling attackers to exploit applications with excessive or improperly assigned privileges. This session will delve into the vulnerabilities associated with misconfigurations, such as assigning non-administrative accounts as application owners and granting unconstrained permissions like Mail.ReadWrite or Mail.Send. 

Participants will explore real-world examples, including the Midnight Blizzard attack, which exploited a compromised OAuth application to infiltrate Microsoft’s tenant. 

Attendees will learn actionable strategies to mitigate these threats, including:

• Implementing stringent access controls for app ownership.
• Applying the principle of least privilege to app permissions.
• Utilizing tools such as PowerShell cmdlets and security scanners to enforce application access policies and monitor elevated permissions.

Microsoft Entra ID is central to securing access in Microsoft 365 and Azure, but recent findings reveal vulnerabilities that could let attackers escalate privileges to global admin.

Learn how to identify and mitigate these threats with real-world examples, and discover practical strategies such as enforcing least privilege, hardening service principals, and strengthening Conditional Access. 

• Understand the technical details behind privilege escalation vulnerabilities in Microsoft Entra ID.
• Learn how attackers exploit authentication flows and service principal permissions.
• Discover best practices for securing your Entra ID environment against unauthorized privilege elevation.

Alistair and Nicolas explore:

• ✅ The top 5 challenges of provisioning applications—and how to overcome them
• 🐶 Why application security is a “Dog Eat Dog” world (and how to protect your org)
• ⚠️ Critical governance measures you must implement today
• 🚨 The #1 problem with Application Governance in Entra ID—and how to fix it

Come along to Episode 1 of ENow’s Season 3 of its Preventive Maintenance show to find out what the hosts, Nic and Al, believe companies should focus on in 2025 in the world of Application Governance. They’ll be covering:

• Where Microsoft sees the world going
• Does AI really matter in Identity Security
• Recapping the most significant breaches of 2024
• And why Application Governance is for everyone

This session will provide you with insight into the future of application governance trends, what tools you should focus on so that you can improve your posture, and, ultimately, what you should be thinking about in 2025.

As applications proliferate in Entra ID, organizations' attack surface and risk profile increases. Understanding how to prioritize risks, address vulnerabilities, and create an ongoing governance plan becomes essential for protecting your organization. In this webinar, industry experts Nicolas Blank and Alistair Pugin will walk you through the key steps to create a robust risk profile for your Entra ID applications. 

During this session, you’ll learn how to: 

• Identify and categorize applications based on their criticality and risk level. 
• Prioritize actions based on real-world threat scenarios and business impact. 
• Develop a clear action plan to tackle the most important security risks. 
• Implement best practices for ongoing risk monitoring using AppGov Score

With the adoption of cloud-based applications and hybrid work environments, the security perimeter is redefined from firewall-based security to Identity based security. Zero Trust offers a more proactive and granular approach to security, assuming that no entity within or outside the network should be trusted without continuous verification. In this session, we explored how Microsoft Entra ID can be leveraged to implement Zero Trust principles for application security. 

We discussed the key benefits of Zero Trust, including: 

• A unified strategy: Building a security strategy that includes what you already own. 
• Enhanced security: Protecting your applications from unauthorized access and data breaches. 
• Reduced risk: Minimizing the impact of security incidents. 
• Increased productivity: Enabling secure and seamless access to applications. 

Entra ID, the Identity Management platform for all of Microsoft’s Cloud infrastructure and software services, does not only cater to traditional directory services but also application registrations and, more importantly, security. Identity administrators across the globe have been facing the enormous task of understanding application security patterns and practices. While security standards and frameworks like NIST, ISO 27001, and FISMA exist, many organizations are still figuring out how to apply these standards to Entra ID applications specifically. 

This session will give you the confidence to appropriately secure and govern your Entra ID Applications and Identities for an improved security posture and compliance with real-world standards. 

With application deployment in the Microsoft cloud as easy as adding a Teams app, Identity, and Security administrators have been inundated with applications popping up in their tenants, with very little knowledge about what they are and what they do. Yes, you should be worried.

Don't let application security vulnerabilities catch you off guard. Equip yourself with the knowledge and tools to protect your applications and the identities they're tied to in Entra ID.

Take advantage of insights that could transform your approach to SaaS application security! With SaaS applications integrated heavily into our Microsoft 365 and Entra ID tenants and user identities, ensuring their security is more critical than ever. 

Understand the 'red flags,' most significant risks, and challenges companies face and unlock the secrets of SaaS Security Posture Management.

Drawing from a decade of practical, hands-on experience with Entra ID (A.K.A. - Azure Active Directory), Nicolas Blank and Alistair Pugin share key strategies and methodologies to streamline Entra ID deployment while ensuring adherence to compliance, bolstered security, and operational efficiency. In this session, we cover: 

• Defining Clear Policies and Roles 
• Implementing Robust Access Controls 
• Designing and enforcing access control mechanisms 
• Harnessing Entra ID features 
• Monitoring and Auditing Mechanisms 
• Addressing User and App Lifecycle Management Challenges 
• Role Mapping and Privileged Access Management 

Join us for a webinar on Wed, March 20th at 10 am PST, where Alistair Pugin and Nicolas Blank will walk you through how to identify risky apps in your Entra ID tenant and, more importantly – the steps you need to take next to fix and securely configure applications. They’ll focus on things like:

• How applications are deployed 
• What security really means in Entra ID 
• How to make sure that your applications are secured 
• How to continuously evaluate your Application Security Posture

In this session, Microsoft MVPs Alistair Pugin and Nicolas Blank will explore the top 5 risks associated with application security and more, including: 

• A break down of the recent "Midnight Blizzard" attack on Microsoft
• Injection attacks 
• Broken authentication and session management 
• Sensitive data exposure 
• Security misconfiguration 
• Insufficient logging and monitoring