Joël Prins

You’re not managing PIM if you can’t see PIM for Groups Are "Unmanaged Groups" bypassing your Entra ID PIM policies? Discover the security gap in PIM for Groups and how to detect it with the new PIM Manager.

I wrote a detailed deep-dive about the architecture, the hybrid delta/full sync approach, and the logic gaps I found.

It's an absolute information bomb on the architecture and logic.

Read the full blog here: intothecloud.eu/p/pi...

#EntraID #PIM #MicrosoftGraph #CloudSecurity

What's in this update:
✅ Full PIM for Groups support (Owner vs Member policies)
✅ Security Gap Detection
✅ Smart Sync (Delta Queries)
✅ Multi-workload Architecture

Repo is now PUBLIC 💻

Huge thanks to everyone who provided feedback! 🙌

Under the hood: Delta Queries ⚡

I didn't know Graph Delta Queries existed until I started this. I was fetching everything on every refresh. Thousands of calls.

Now? 500+ calls dropped to ~10.

It’s a massive win performing huge optimizations.

The "Unmanaged Groups" Blind Spot 🚩

While digging, I found a refined security gap. Groups can have isRoleAssignable: true, but no PIM policy attached.

They bypass PIM entirely. No activation limits. No MFA. Only permanent privileged access.

PIM Manager now identifies these automatically.

PIM Manager just shipped a major update. 🚀

I planned to build the Configure wizard next. But I realized PIM for Groups behaves fundamentally differently than roles.

If I ignored that, I’d be building a tool that only works for half the product.

Here is what changed 👇

Stop struggling, start managing: building PIM Manager Microsoft does not offer a single-pane-of-glass dashboard or reporting function for Entra ID role management. Getting answers should not require a day’s worth of work. This is the gap that PIM Manager fills.

One dashboard & report where Entra roles, assignments, and configuration come together—built for audits and day-to-day control.

Nuance: actively evolving, with data accuracy as the absolute baseline.

📃 intothecloud.eu/p/pi...
⚙️ pimmanager.com

#Entra #PIM #RBAC

Stop struggling, start managing; PIMManager is here.

PIM in Entra shouldn’t mean clickops, scripts, and audit spreadsheets.
Yet that’s how most RBAC and PIM audits still work today.
Manual, fragmented, and error-prone.
That’s why I started building PIMManager.

🧵
#Entra #PIM #RBAC #Security

Practice what you preach. Use what you advise, be consistent, make actions visible. When words and deeds align, trust grows and ownership follows.

Full post on LinkedIn.

#Leadership #Ownership #TeamCulture

Soft skills give knowledge its value.
Works when in doubt.

Full post on LinkedIn.

#Leadership #TeamCulture

Trust → Empowers.
Give context, let them think & do, and keep accountability.
Better choices, more energy, real ownership.

Full post on LinkedIn.

#Leadership #PeopleDevelopment

Ask juniors what their idea was - on wins and misses.
Surface assumptions, learn out loud, tighten the frame when needed.

Full post on LinkedIn.

#Leadership

Don’t overload juniors, teach them to manage their own work.
Check my LinkedIn for the full post.

#Leadership

Let juniors make mistakes. Trust + safety → growth: small blast radius, two-person check, step by step.

Check my LinkedIn for the full post.

Join the Microsoft EMS Community Discord Server! This server is all about getting closer to the Microsoft Enterprise Mobility + Security community! | 2552 members

𝐂𝐥𝐨𝐮𝐝𝐇𝐨𝐮𝐫: where the Microsoft EMS community slows down to learn fast.

Every 1st Wed @ 8 PM (AMS).
Short news, key topics & an open round-table—stories, lessons, failures, next steps.

➡️ discord.gg/VBqRHKqNat
📅 Next Wed 20:00 (AMS)

#MicrosoftEMS #Security

10 years in IT taught me as much about people as tech. A leader who listens and acts builds stronger teams.
The series starts Tuesday.

Check my LinkedIn for the full post.

Couldn’t agree more with Erica; security isn’t a destination, it’s a practice.

Follow @merill.net for these top-tier videos.
Follow @ericazelic.bsky.social insight that actually makes you better.

#ZeroTrust #InfoSec #CareerJourney

A bit late to the party, but this one’s worth sharing it!
🎧 How a Pharmacist Became a Pro Hacker.

entra.news/p/how-a-pharma…

Whether you’re starting out or 20 years in, this episode hits home.
Curiosity. Re-skilling. Building trust in security, one career turn at a time.

What's new in Microsoft Intune - Microsoft Intune Find out what's new in Microsoft Intune.

learn.microsoft.com/...
2/2

“Functionality may vary” - Microsoft’s quiet way of saying “use at your own risk.”

🪟 Windows 10 stays allowed in Intune after Oct 14 2025 - but not 𝘨𝘶𝘢𝘳𝘢𝘯𝘵𝘦𝘦𝘥.
Devices still enroll, yet policy behavior may drift.

💡 Grace time, not a steady state.
#Intune #Windows10 #ZeroTrust
1/2

(2/2)
In my latest blog, I explain why SFI is a real game changer for building security as a mindset, not just a policy.
intothecloud.eu/p/se...
#MicrosoftSFI #Security #Cloud #SecureFuture

🧠 Security as Mindset 🧠
Zero Trust is evolving, and today’s digital boundaries are more dynamic than ever.
That’s why Microsoft’s Secure Future Initiative deserves your attention.
(1/2)📖⬇️

🔐 Managing local admin rights doesn't have to be fragmented.

Bringing together Microsoft Entra, Intune, Autopilot, and Windows LAPS to create a unified approach for managing local admin rights.

📘 Discover the comprehensive solution: intothecloud.eu/p/lo...

Windows at Microsoft Technical Takeoff 2025 - Windows IT Pro Blog Quickly find technical deep dives and demos to add to your calendar. Get the guidance and skills you need to deploy, manage, and support the latest features!

Check out Windows at Microsoft Technical Takeoff 2025, coming up March 3-6. Please share and spread the word.

aka.ms/WindowsAtTec...

#Windows #ITpros #TechTakeoff #Microsoft #MSIntune #Windows365 #Copilot

Isn't that nice! Fetching application assignments for more than 700 apps within just a few seconds. New update on the roll for #IntuneAssistant.. Coming soon! @msintune.bsky.social @intunesuppteam.bsky.social #mvpBuzz

GitHub - SecNinjaltd/Microsoft-Defender-for-O365 Contribute to SecNinjaltd/Microsoft-Defender-for-O365 development by creating an account on GitHub.

I’ve created a bunch of Defender for O365 drawings which you can download from my new GitHub site.

The idea was to help anyone new to the product how policies work and hopefully make them a little easier to navigate.

github.com/SecNinjaltd/...

A new dedicated resource application to enable Active Directory to Microsoft Entra ID sync using Microsoft Entra Connect Sync or Cloud Sync is coming 😱

In the announcement the mentioned reason is "upcoming security hardening"...

6bf85cfa-ac8a-4be5-b5de-425a0d0dc016

#EntraID

❄️I created this tool some time ago to make it easier to manage the startmenu and taskbar of #Windows11 by using #msintune

Check it out and let me know if you have ideas of improvements.

www.rockenroll.tech/2022/01/10/w...

#mvpbuzz

Let's secure the cloud PC! Intro With the announcement that we are able to connect via the Windows App to our Windows 365 Cloud PC's from the major platforms (Windows, iOS/iPadOS, MacOS, and Android), it's time to give our users access in a controlled and secure manner! In this blog, I will try to

❗ New Blog Post! ❗

I've just published my first blog on securing access to the Windows 365 Cloud PC. 🖥️🔒 Discover a solution to secure your digital workspace while allowing access from BYOD devices!

👉 www.intothecloud.eu/...


#Windows365 #CyberSecurity #Microsoft

Folks we are super excited to announce the launch of Maester v1!

To celebrate 🎉 🍾 we are joining the EMS community Discord for an AMA.

discord.com/channels...

Read more at maester.dev/blog/mae...

🚨Join us in tomorrows Spotlight session!