Securing Identities at Scale: Conditional Access, Azure Security & Infrastructure as Code with Jonathan Hope [MVP]

Identity has become the new security perimeter. As organizations continue moving workloads to Microsoft 365, Azure, and cloud-native platforms, traditional security models are no longer enough. In this episode of the M365 FM Podcast, Mirko Peters is joined by Microsoft MVP Jonathan Hope to explore how modern organizations can secure identities at scale using Conditional Access, Azure Security, Infrastructure as Code, and Zero Trust principles.Jonathan shares lessons learned from more than a decade working with enterprise infrastructure, virtualization, Azure architecture, and identity management. From his early VMware days to designing cloud-first security architectures, he explains why identity protection is now the most critical component of any modern cybersecurity strategy.

UNDERSTANDING WHY IDENTITY IS THE NEW PERIMETER

The conversation explores how the shift to remote work, cloud applications, and hybrid environments transformed security. Traditional firewalls and network boundaries no longer provide sufficient protection when users, applications, and data are accessible from anywhere.Jonathan explains why attackers increasingly focus on identities instead of infrastructure and how compromised accounts can become the entry point for lateral movement, privilege escalation, and data breaches.Topics discussed include:

• Identity-first security strategies
• Modern authentication challenges
• Cloud-native access controls
• Reducing organizational attack surfaces

CONDITIONAL ACCESS AS THE MODERN SECURITY CONTROL PLANE

One of the central topics of the episode is Microsoft Entra Conditional Access. Jonathan explains why he considers Conditional Access one of the most powerful security capabilities available in Microsoft 365 today.The discussion covers:

• How Conditional Access works
• Real-time authorization decisions
• Device compliance integration
• Defender and risk signal integration
• Country-based access controls
• Blocking legacy authentication
• Protecting privileged administrator accounts

Listeners will gain practical guidance on the foundational Conditional Access policies every organization should implement immediately.

AZURE SECURITY, ZERO TRUST AND GOVERNANCE

Security is no longer limited to identity teams. Jonathan explains why Azure infrastructure, identity management, governance, and compliance must work together as a unified security strategy.The conversation dives into:

• Zero Trust architecture principles
• Least privilege access models
• Break-glass account strategies
• Security monitoring and alerting
• Log Analytics and Microsoft Sentinel
• Azure Policy enforcement
• Governance versus compliance realities

The episode highlights why security requires continuous validation rather than simply checking compliance boxes.

INFRASTRUCTURE AS CODE WITH BICEP

Jonathan shares his journey from manual Azure deployments to Infrastructure as Code using Bicep. He explains how automation improves consistency, security, and operational efficiency while reducing human error.Key topics include:

• Why manual deployments create risk
• Desired state configuration concepts
• Repeatable Azure deployments
• Azure Policy as Code
• Version control and Git integration
• Security standardization at scale
• Building secure Azure environments through automation

For cloud architects and Azure administrators, this section provides valuable insights into modern infrastructure management practices.

AI, PASSKEYS AND THE FUTURE OF IDENTITY SECURITY

The episode also explores how artificial intelligence is changing both offensive and defensive security practices. While attackers increasingly leverage AI to create sophisticated phishing campaigns, organizations can use AI-powered security tools to detect threats and improve security operations.Jonathan shares his thoughts on:

• Security Copilot
• AI-assisted security operations
• Passkeys and phishing-resistant authentication
• FIDO2 security keys
• Authentication method modernization
• Microsoft’s evolving identity roadmap

WHY PASSWORDLESS AUTHENTICATION MATTERS

As the discussion concludes, Jonathan highlights one security improvement every organization should prioritize today: modernizing authentication methods.The move away from SMS-based MFA and weaker authentication methods toward passkeys and phishing-resistant authentication can dramatically improve an organization’s security posture while also delivering a better user experience.

FINAL THOUGHTS

If your organization relies on Microsoft 365, Entra ID, Azure, Conditional Access, or Zero Trust security principles, this episode delivers practical guidance from real-world experience. Learn how to build stronger identity defenses, automate secure cloud deployments, and prepare your environment for the next generation of cybersecurity challenges.

CONNECT WITH M365 FM

Subscribe to M365 FM for expert conversations covering Microsoft 365, Azure, AI, Security, Governance, SharePoint, Copilot, Data Management, and the future of modern workplace technology.

Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365–6704921/support.