The Azure Security Podcast Episode 120: The Zero Trust Workshop (and so much more!)
Oct 29, 2025
In this discussion, Merill Fernando, a Customer Experience PM at Microsoft Identity, sheds light on her journey in the identity space and the creation of the Zero Trust Workshop. She explores how modern authentication enables conditional access while contrasting with legacy systems. Merill shares success stories from the workshop that helped clients secure funding and enhance security posture. She also discusses her podcast, Entra.chat, aimed at building a community of identity professionals, and emphasizes the importance of content creation for career growth.
AI Snips
Chapters
Transcript
Episode notes
Run A Zero Trust Workshop First
- Run a structured Zero Trust workshop to map gaps and plan sequence of changes.
- Use the workshop as a funding artifact and roadmap to drive multi-year projects.
Zero Trust Is Sequential Work
- Zero Trust requires sequencing because many controls depend on prior changes like device management.
- Customers get paralyzed without a clear ordered plan to reach stronger posture.
Why Modern Auth Enables Conditional Access
- Modern web auth (OIDC/OAuth) uses tokens and web flows, enabling conditional checks before access is granted.
- Legacy protocols like Kerberos/NTLM lack contextual signals, so they can't support conditional access policies.