Practice Lead – Microsoft Security
Threatscape
Entra ID’s 80/20: Practical Lessons in High-Impact Security Controls
True or false: Attackers only need to be right once; defenders must be perfect.
The answer, according to Microsoft Security expert and MVP Ru Campbell, is that it depends. Getting a few core things right can provide substantial protection. Working across hundreds of Microsoft 365 and Entra ID tenants while building a multi-tenant cloud security posture management (CSPM) platform provides a clear view of what fails in real environments.
This session distils practical lessons from that experience: the controls that consistently make the biggest difference, the patterns that emerge when you secure organizations at scale, and the guidance that is often repeated but rarely holds up in practice.
Leave with a focused, immediately actionable set of high-impact security changes that you can apply to your own tenants.
February 27, 2026
See Other Session
Hybrid cloud security
Through live demos, Microsoft MVP Christopher Brumm shows how you can implement granular access controls, privileged identity management, and access packages for partners and consultants, while maintaining high security standards.
Hybrid cloud security
In this HIP Conf session, Tim Wolf, Senior Solution Architect at Semperis, discusses the challenges of traditional PAW implementations and explores how modern PAW approaches offer greater flexibility and easier management while maintaining Zero Trust principles.
Hybrid cloud security, Identity threat detection and response
Token theft attacks—which enable attackers to impersonate users even in environments with strong authentication—are on the rise. Fortunately, Entra ID has built-in protections. Discover how to use them, how threat actors also leverage them, and how to detect such abuse.
Active Directory security, Hybrid cloud security
True: You can’t get rid of NTLM in 30 minutes. The entire process typically takes months or even years. But in 30 minutes, you can learn invaluable tips for removing NTLM quickly but precisely. Get the method and toolkit in this HIP Conf session.
Active Directory security
Active Directory expert Christoffer Andersson delivers an in-depth technical presentation and practical security demonstration on the internal workings of Active Directory, clarifying common misconceptions and demonstrating advanced troubleshooting techniques.
Hybrid cloud security
Privileged Identity Management is key in a Zero Trust environment, but it’s not a plug-and-play solution. In this session, learn how to avoid common pitfalls and how administrators can unlock the full potential of PIM. Leave with best practices to enhance control and security in your daily operations.
Hybrid cloud security
Application security in Entra ID is an essential part of your identity and access management processes. Through the lens of real-world breaches, Sander Berkauer and Raymond Convalius how Entra ID applications work, risks of misconfiguration, and why everything is becoming an app-based identity.
Hybrid cloud security
Non-human workload identities involve a crucial human element: knowing how to securely configure and monitor them. In this session, Eric Woodruff, Chief Identity Architect at Semperis, and Thomas Naunheim, Cyber Security Architect, glueckkanja AG, explore workload identities and credential options for integrating your workloads with Entra ID.
Hybrid cloud security
Hybrid identity environments often turn into a patchwork of cloud and on-prem systems—breeding access chaos, privilege creep, and compliance risk. In this session, discover how Microsoft Entra ID Governance can bring unified control to mixed environments. Learn how to automate joiner-mover-leaver processes, enforce least privilege, and restore visibility and order across both worlds.
Sign Up for Email Updates