| Website | https://merill.net/about/ |
| https://twitter.com/merill | |
| https://www.linkedin.com/in/merill | |
| GitHub | https://github.com/merill |
| Profile | He/Him |
| Newsletter | https://entra.news |
👋 Check out this new Microsoft Entra blog post 👇
Strengthen Identity Resilience: Recover with Confidence using Microsoft Entra Backup and Recovery
👋 Check out this new Microsoft Entra blog post 👇
External MFA in Microsoft Entra ID is now Generally Available
We sent out this week's Entra newsletter.
Get it at https://entra.news/p/entra-news-141-this-week-in-microsoft
In this episode, we dive into ID Gov & ECMA connectors with Darren Robinson
We cover:
✅ What ECMA connectors are and why they matter
✅ How Entra provisioning works behind the scenes
✅ Lessons from decades of enterprise identity projects
✅ MCPs and the future of identity + AI
👋 Check out this new Microsoft Entra blog post 👇
Microsoft Entra innovations announced at RSAC 2026
👋 Check out this new Microsoft Entra blog post 👇
Secure access in the age of AI: Key findings from our 2026 Report
🎥 Watch the full session: https://www.youtube.com/watch?v=ZDlP1sFKMJo
📦 Get the slides & demo code: aka.ms/entra/mcp
I’m curious—for those of you building right now, has the "separate App ID" approach been on your radar, or have you been sticking to existing REST API registrations? 👇
#MicrosoftEntra #AI #Identity #ZeroTrust #CloudSecurity #Architecture #MCP
4/4
✔️ Granular Permissions: How to design your scopes so they are audit-friendly and secure.
✔️ Identity vs. Auth: Why mixing up agent identity and MCP auth is a trap, and how to avoid it.
✔️ Hosting Patterns: A side-by-side of Azure API Management, Logic Apps, and App Service (EasyAuth).
If you’re currently architecting or building MCPs for your organization, I hope this helps you follow the same guidelines we’re using internally to build secure, scalable AI agents.
3/4
One of the highlights I’m excited to share is a deep-dive into the "Gold Standard" MCP created by the Microsoft Entra engineering team themsleves.
Not theory, it’s the actual blueprint used for the Microsoft Graph MCP Server and in production use in hundreds of thousands of customers.
In this session, I break down:
✔️ The Blueprint: Why the engineering team chose a distinct App ID for MCP vs. the standard REST API.
2/4
MCP auth for enterprise is confusing and most of the confusion comes down to one thing: mixing up agent identity and MCP authentication.
It’s incredibly easy to blur the lines between agent identity and MCP authentication, which is exactly where things can get messy for an architecture team.
To help make sense of this, I recently ran a session that decodes the complexity.
1/4
