Pétur Eyþórsson | Senior Advisor – Cybersecurity and Enterprise Data Protection at Cristie
The controls that make a modern tenant hard to attack also make it hard to recover. In an environment secured with passwordless authentication, Privileged Identity Management, and Conditional Access, every recovery path runs through Entra ID — and when Entra ID is the casualty, the MFA, JIT activation, and access policies you rely on can all become locked doors.
Most organisations discover this problem during an incident. This session is for teams who want to find it before that.
Pétur works through the specific failure modes that high-security environments introduce into recovery design — the circular dependencies, the break-glass failures, the hybrid sync pitfalls, and the attacker persistence that gets restored along with everything else if you're not looking for it. The goal is a recovery design that's as rigorous as your security design.
The recovery paradox
Passwordless authentication, PIM, MFA, and Conditional Access all depend on the very service you're trying to recover. Pétur maps out where these circular dependencies sit and how to design recovery paths that break the loop before an incident forces you to.
Break-glass accounts: the most common point of failure
Why emergency access accounts fail when they're needed most. What cloud-only design means in practice. What to exclude them from, why they typically sit outside PIM, and why the only break-glass account worth having is one you've tested under realistic conditions.
PIM under incident conditions
Activating privileged roles when the activation path itself is degraded. The "eligible-only and locked out" trap. Approver circular dependencies. How to detect tampered PIM settings — relaxed MFA requirements, removed approvals, extended durations — that an attacker may have modified before you started recovering.
What you can and cannot restore
The hard limits of the 30-day recycle bin versus configuration that exists nowhere by default. Conditional Access policies, authentication-method policies, app registrations, enterprise applications, and federation trusts are not automatically backed up. Config-as-data backup is the only way to roll those back — and most environments don't have it.
Re-bootstrapping credentials with no password to fall back on
How to use Temporary Access Pass to re-issue FIDO2 keys and Windows Hello for Business credentials at scale. Mass token and session revocation. The sequencing that matters when you're rebuilding from a degraded state.
Hybrid source-of-authority pitfalls
Recovering AD and Entra in the correct order. Avoiding sync overwrites and immutableId/sourceAnchor mismatches. How to respect source of authority so you don't create orphaned or duplicate identities that compound the problem.
Finding the persistence before you call it a recovery
Restoring a tenant with a backdoor intact is not recovery. Pétur covers what to look for before you close the incident: rogue app credentials and consent grants, attacker-added federation or Golden SAML configurations, and tampered Conditional Access policies that survive the restore.
This session is designed for identity architects, security engineers, IT managers, and infrastructure leads in organisations running a genuinely high-security posture — and who need their recovery design to match.
Specifically suited for teams that:
Are running passwordless authentication, PIM, or Conditional Access and have not fully mapped what a recovery looks like if Entra ID is unavailable or compromised
Have break-glass accounts in place but have never tested them under realistic incident conditions
Are responsible for hybrid environments (AD + Entra ID) and need to understand the sequencing and dependency risks in a joint recovery
Operate under NIS2, DORA, or sector-specific compliance frameworks that require demonstrable identity recovery capability — not just backup policy documentation
Have experienced or investigated an identity-related incident and want to close the design gaps before it happens again
Typical participants: identity architects, cloud security engineers, IT security managers, infrastructure leads, and compliance officers in mid-to-large organisations with a mature or maturing Zero Trust posture.
Duration: 30–90 minutes depending on your environment and the depth of discussion
Format: Online or on-site at your premises
Style: Technical and scenario-driven. Pétur starts with a structured review of your current identity setup and recovery design, then works through the specific failure modes relevant to your posture — ending with concrete gaps to address and a clear picture of what a complete recovery design looks like.
Materials: A brief written summary covering key failure modes, recommended design changes, and next steps can be provided after the session.
Each masterclass is adapted to your specific environment. Whether you're running a fully passwordless tenant, a hybrid AD/Entra setup, or somewhere in between — you'll leave with a sharper view of where your recovery design breaks down and what closing those gaps actually requires.