📬

Stay Updated

Get the latest Azure insights, security tips, and technical deep-dives delivered to your inbox.

Harri Jaakkonen Cloudpartner MVP Microsoft MVP Fortytwo fortytwo.io
Entra ID· Zero Trust· Sentinel· Defender· Purview· Azure Security
PS HarriJaakkonen :~/Blog> Get-LatestPosts
# microsoft mvp · microsoft security blog · 545 posts

Invoke-Blog
-Uri "learn.cloudpartner.fi"

I've been breaking down Microsoft's security stack since before Entra ID was even called Entra ID. No fluff, no paywalls — just technical depth on Entra, Sentinel, Defender, Purview, and Azure Security that the official docs rarely give you.

545Posts published
11Years active
39Categories
./visit-academy ./azure-helper
New-Tool -Uri "azurehelper.cloudpartner.fi" Fast Azure checks, tenant notes, and security helper content in one place.
Harri Jaakkonen
PS HarriJaakkonen :~/Academy> Get-AcademyPricing | Sort-Object Price

New-Session -Scope "UpSkillsModule"

Discussion on technical topics and MVP path exploration. Pick the intensity that fits your timeline. Only for Individuals.

PDF Study Guides
15€/mo
All exam PDFs, updated when exams change. No live sessions, no question bank. No Technical discussions and MVP path exploration.
  • ✓ All 7 exam PDFs
  • ✓ Updated on exam change
  • · No live sessions
  • · No practice questions
Subscribe via Stripe
Stripe · SSL encrypted
Learners Bronze
30€/mo
One 30-minute 1:1 session per week. Good for steady progress alongside a day job. Technical discussions and MVP path exploration.
  • ✓ 1× 30 min / week
  • ✓ All 7 exam PDFs
  • ✓ Practice question bank
  • · No daily access
Subscribe via Stripe
Stripe · SSL encrypted
Learners Silver
50€/mo
Two 30-minute 1:1 sessions per week. For people who need accountability and a review loop. Technical discussions and MVP path exploration.
  • ✓ 2× 30 min / week
  • ✓ All 7 exam PDFs
  • ✓ Practice question bank
  • ✓ Session recordings
Subscribe via Stripe
Stripe · SSL encrypted
MOST INTENSIVE
Learners Gold
250€/mo
Daily 30-minute 1:1 sessions Mon–Fri for fast, deadline-focused exam prep. Technical discussions and MVP path exploration.
  • ✓ Daily 30 min Mon–Fri
  • ✓ All 7 exam PDFs
  • ✓ Full question bank
  • ✓ Session recordings
  • ✓ Priority scheduling
Subscribe via Stripe
Stripe · SSL encrypted
PS HarriJaakkonen :~/Blog> ls ./Latest-Posts | Sort-Object Date -Descending
PS> Find-Post
Was It Worth It? The Real Cost of EU Sovereignty Architecture and Who Should Run It — Part 8
04/07/2026·13 min read
Was It Worth It? The Real Cost of EU Sovereignty Architecture and Who Should Run It — Part 8

Part 8 of the EU data sovereignty series. An honest cost and complexity analysis of the Keycloak–Entra ID federation architecture: infrastructure costs, operational overhead, comparison to native Entra ID licensing, and a practical decision framework for which organisations genuinely need this.

EU SovereigntyCost AnalysisDecision Framework
Apple Pay vs Google Pay: What Security Architects Can Learn About Tokenization and Zero Trust
01/07/2026·12 min read
Apple Pay vs Google Pay: What Security Architects Can Learn About Tokenization and Zero Trust

What Apple Pay and Google Pay teach security architects about tokenization, trust anchors, device-bound assurance, and Zero Trust identity design.

Security ArchitectureTokenizationZero Trust
Microsoft Entra PIM Custom Extensions: Automating Privileged Access Decisions
28/06/2026·10 min read
Microsoft Entra PIM Custom Extensions: Automating Privileged Access Decisions

Deep dive into PIM Custom Extensions: automated logic gates for privileged access workflows. How to approve/deny elevation requests based on custom business logic, audit trails, and real-world patterns.

Entra IDPIMIdentity Governance
Federation Hardening: Certificate Rotation, Health Monitoring, and Break-Glass Procedures — Part 7
27/06/2026·18 min read
Federation Hardening: Certificate Rotation, Health Monitoring, and Break-Glass Procedures — Part 7

Part 7 of the EU data sovereignty series. How to rotate your Keycloak SAML signing certificate without breaking M365 authentication, monitor federation health, tune Conditional Access under federation, and build a break-glass procedure for Keycloak downtime.

EU SovereigntyKeycloakFederation
Azure Functions Serverless Agents Runtime: Markdown-First Agents in Preview
24/06/2026·14 min read
Azure Functions Serverless Agents Runtime: Markdown-First Agents in Preview

Azure Functions now has a serverless agents runtime in public preview: agents defined as .agent.md files, triggered by the same events as Functions, wired to 1,400+ connectors and MCP servers.

Azure FunctionsAgentic AIServerless
Why Global Administrator Lost Agent User Lifecycle Permissions in Microsoft Entra
21/06/2026·14 min read
Why Global Administrator Lost Agent User Lifecycle Permissions in Microsoft Entra

Why Microsoft moved Agent ID and agent-user lifecycle permissions away from Global Administrator, which AI and Agent ID roles now own the work, and how to review it in a tenant.

Microsoft EntraAgent IDRBAC
SCIM Provisioning from Keycloak to Entra ID: Keeping Two Directories in Sync - Part 6
20/06/2026·18 min read
SCIM Provisioning from Keycloak to Entra ID: Keeping Two Directories in Sync - Part 6

Part 6 of the EU data sovereignty series. How to provision users from Keycloak to Entra ID via SCIM — the ImmutableID anchor problem, attribute mapping for Governance lifecycle workflows, deprovisioning, and handling edge cases.

EU SovereigntyKeycloakSCIM