1
00:00:03,634 --> 00:00:05,871
Welcome to episode 380
2
00:00:05,871 --> 00:00:07,044
of the Microsoft
3
00:00:07,402 --> 00:00:11,538
It pro podcast recorded live on 07/12/2024.
4
00:00:12,015 --> 00:00:14,400
This is a show about Microsoft 3 65
5
00:00:14,400 --> 00:00:16,489
in Azure from the spec to of It
6
00:00:16,489 --> 00:00:18,649
pros and end users, where we discuss the
7
00:00:18,649 --> 00:00:20,649
topic or recent news and how it relates
8
00:00:20,649 --> 00:00:22,649
to you. With the recent news about the
9
00:00:22,809 --> 00:00:25,184
At and T data breach or data league
10
00:00:25,304 --> 00:00:28,175
we start, top off talking a bit about
11
00:00:28,175 --> 00:00:31,763
security identity protection into recent security alert in
12
00:00:31,842 --> 00:00:33,836
Ben's Microsoft 3 65 tenant.
13
00:00:34,408 --> 00:00:37,183
Then staying along the lines of security, we
14
00:00:37,183 --> 00:00:39,904
discussed the recently released Ad ass
15
00:00:40,276 --> 00:00:42,994
migration tool in some of our thoughts around
16
00:00:42,994 --> 00:00:46,195
migrating from Ad fast to Microsoft Enter Id.
17
00:00:48,594 --> 00:00:51,082
Wow. It's a Friday. Scott. It is... Run
18
00:00:51,082 --> 00:00:53,390
the right microphones phones for recording, I'm using
19
00:00:53,390 --> 00:00:55,299
the right camera, And if you're on At
20
00:00:55,299 --> 00:00:56,811
and T your data has been stolen.
21
00:00:58,809 --> 00:01:01,348
If you're on any United States carrier, date
22
00:01:01,348 --> 00:01:03,093
has been stolen and at some point. Heck,
23
00:01:03,252 --> 00:01:04,853
if you live in the Us, actually, I
24
00:01:04,853 --> 00:01:06,360
think if you live anywhere in the world
25
00:01:06,360 --> 00:01:08,342
at this point, your data has been stolen.
26
00:01:08,501 --> 00:01:09,690
Yeah. I saw 1 the other day it
27
00:01:09,690 --> 00:01:10,904
was, like, the largest
28
00:01:11,276 --> 00:01:14,322
credential dump is floating around, like the Dark
29
00:01:14,322 --> 00:01:16,640
web and it's, like billions of records. Have
30
00:01:16,640 --> 00:01:18,318
you had this issue? I've had this issue
31
00:01:18,318 --> 00:01:19,996
in Teams. Then we'll go back to At
32
00:01:19,996 --> 00:01:22,403
and T where it just randomly switches to
33
00:01:22,403 --> 00:01:24,153
a different audio source while you're using Teams.
34
00:01:24,472 --> 00:01:25,904
Is that what just happened? I don't know.
35
00:01:26,063 --> 00:01:29,405
Like, my speaker went from my ding to
36
00:01:29,405 --> 00:01:32,046
my speakers. Which was weird. Got it. Anyways,
37
00:01:32,285 --> 00:01:33,798
Okay. So back to At and T, Yeah.
38
00:01:34,037 --> 00:01:35,789
I can't remember if we talked about this
39
00:01:35,789 --> 00:01:37,244
or at this somewhere where
40
00:01:37,620 --> 00:01:38,790
realistically, you should
41
00:01:39,147 --> 00:01:41,213
operate on the assumption that your data has
42
00:01:41,213 --> 00:01:44,312
been stolen versus that you're trying to protect
43
00:01:44,312 --> 00:01:46,139
your data at this point in time. So
44
00:01:46,139 --> 00:01:48,062
there is another article this week. I'll pop
45
00:01:48,062 --> 00:01:50,212
a link in the the chat and Show
46
00:01:50,212 --> 00:01:53,078
notes for everybody. So the largest password database
47
00:01:53,078 --> 00:01:55,967
leak was also this week. So that was
48
00:01:56,279 --> 00:01:58,277
9 point 948
49
00:01:58,277 --> 00:02:01,953
million unique plain text passwords. Wow. Released by
50
00:02:01,953 --> 00:02:03,972
the threat actor dubbed Obamacare
51
00:02:04,351 --> 00:02:07,470
as part of the ro 20 24 dot
52
00:02:07,470 --> 00:02:10,250
TXT file. Can't make that stuff up. So
53
00:02:10,250 --> 00:02:10,726
creative.
54
00:02:11,838 --> 00:02:13,426
It's wild. This 1. I don't know did
55
00:02:13,426 --> 00:02:15,744
you see this At and T 1. Apparently
56
00:02:15,744 --> 00:02:18,443
it came from snowflake. So I'm curious to
57
00:02:18,443 --> 00:02:20,586
see more too if this was, like, At
58
00:02:20,586 --> 00:02:22,729
and T cr that were compromised to get
59
00:02:22,729 --> 00:02:24,653
into snowflake kinda like did they go through
60
00:02:24,812 --> 00:02:26,808
At and T to get to snowflake? Or
61
00:02:26,808 --> 00:02:28,404
was there a breach in snowflake? Because there
62
00:02:28,404 --> 00:02:29,463
been a bunch of
63
00:02:30,080 --> 00:02:32,256
stolen records that have come out of
64
00:02:32,649 --> 00:02:35,462
Snowflake. This article talked about...
65
00:02:36,397 --> 00:02:38,971
Who was it ticket master lending tree
66
00:02:39,348 --> 00:02:42,321
and some others that have all data stolen
67
00:02:42,474 --> 00:02:43,694
from snowflake
68
00:02:44,152 --> 00:02:46,550
specifically. So it's, like, was there issue. Snowflake.
69
00:02:46,709 --> 00:02:48,308
I don't know. It doesn't it doesn't really
70
00:02:48,308 --> 00:02:50,066
say, but a hundred and 10000000 At and
71
00:02:50,225 --> 00:02:50,965
T customers
72
00:02:51,278 --> 00:02:53,745
and it was, like, not just their information,
73
00:02:54,143 --> 00:02:54,643
but
74
00:02:55,257 --> 00:02:57,485
who they texted in who they called. So
75
00:02:57,485 --> 00:02:59,650
it was records of who called who who
76
00:02:59,650 --> 00:03:03,077
texted who didn't contain time date or the
77
00:03:03,077 --> 00:03:05,388
data of those, but still being able to
78
00:03:05,388 --> 00:03:08,347
draw a bunch of connections between different people
79
00:03:08,347 --> 00:03:11,052
based on who they're calling and texting. This
80
00:03:11,052 --> 00:03:12,587
is not an insignificant
81
00:03:13,041 --> 00:03:13,201
breach.
82
00:03:15,279 --> 00:03:17,207
No. It's not. So snowflake
83
00:03:17,580 --> 00:03:18,080
had
84
00:03:18,612 --> 00:03:22,206
a breach over the summer. And, like okay
85
00:03:22,365 --> 00:03:23,642
I guess, we're still in summer so. So
86
00:03:23,642 --> 00:03:26,196
this summer. It's snowflake kinda a breach. There
87
00:03:26,196 --> 00:03:28,451
there were, like, a hundred plus customers
88
00:03:29,004 --> 00:03:31,482
that were potentially leaked out in that breach,
89
00:03:31,641 --> 00:03:33,639
and, if I'm remembering great, it was actually,
90
00:03:33,799 --> 00:03:35,178
like, an ex campaign
91
00:03:35,717 --> 00:03:38,927
that kinda brought it all to bear. But
92
00:03:38,927 --> 00:03:40,301
you'll be happy to know
93
00:03:40,754 --> 00:03:41,254
that
94
00:03:41,628 --> 00:03:44,193
as of this week, what we're
95
00:03:44,647 --> 00:03:47,085
July 12. What is? Today's July July 12
96
00:03:47,284 --> 00:03:50,018
So as of July eleventh, Snowflake has decided
97
00:03:50,076 --> 00:03:50,576
to
98
00:03:51,273 --> 00:03:53,747
enable and enforce Mfa.
99
00:03:54,799 --> 00:03:56,712
Ironic that that came out the day before
100
00:03:56,712 --> 00:03:57,111
this did.
101
00:03:59,821 --> 00:03:59,981
Yeah.
102
00:04:00,858 --> 00:04:02,452
The, you know, the the the hits just
103
00:04:02,452 --> 00:04:04,222
keep on coming. I think it's a good
104
00:04:04,222 --> 00:04:06,875
lesson that none of us are
105
00:04:07,253 --> 00:04:09,348
actually in control
106
00:04:09,725 --> 00:04:11,639
of a lot of the data about our
107
00:04:11,639 --> 00:04:12,836
lives once it gets out there,
108
00:04:13,488 --> 00:04:15,735
you said, you kinda think about ways to
109
00:04:16,744 --> 00:04:18,436
mitigate that and
110
00:04:19,127 --> 00:04:19,627
kinda
111
00:04:20,080 --> 00:04:22,239
work through it. So I don't know how
112
00:04:22,239 --> 00:04:24,381
it works outside the Us, typically with a
113
00:04:24,381 --> 00:04:25,889
lot of these breaches in the Us like...
114
00:04:26,047 --> 00:04:27,317
And I imagine this will happen in the
115
00:04:27,317 --> 00:04:29,141
case of At and T, like, as a
116
00:04:29,141 --> 00:04:32,014
major provider with hundred million plus customers.
117
00:04:32,490 --> 00:04:35,110
Usually, they'll reach out, offer you some form
118
00:04:35,110 --> 00:04:37,492
of monitoring. So, like, for a credit card
119
00:04:37,492 --> 00:04:39,357
beat preach that could come in the form
120
00:04:39,493 --> 00:04:39,993
of
121
00:04:40,606 --> 00:04:41,583
credit monitoring
122
00:04:42,037 --> 00:04:44,103
for things like your credit score and maybe
123
00:04:44,103 --> 00:04:45,000
through, like Trans,
124
00:04:45,628 --> 00:04:47,771
or Ex ex or or some of the
125
00:04:47,771 --> 00:04:50,628
companies that monitor and watch that stuff could
126
00:04:50,628 --> 00:04:52,850
be other protections that are out there, like,
127
00:04:53,185 --> 00:04:55,104
I don't know. I've had, like, free ex
128
00:04:55,104 --> 00:04:56,164
experience and Trans,
129
00:04:57,024 --> 00:04:59,745
whatever premium monitoring for what feels like, the
130
00:04:59,745 --> 00:05:02,238
past, like, 5 years. Just because there's always
131
00:05:02,238 --> 00:05:04,155
another breach, and I just keep upping it
132
00:05:04,155 --> 00:05:04,475
for free.
133
00:05:05,434 --> 00:05:07,671
That makes sense. I've done identity theft insurance.
134
00:05:07,831 --> 00:05:09,838
So I actually went and bought identity theft
135
00:05:09,838 --> 00:05:12,383
insurance for, like, the entire family, and it's
136
00:05:12,383 --> 00:05:12,883
relatively
137
00:05:13,337 --> 00:05:15,405
inexpensive. I wanna say I pay, like, a
138
00:05:15,405 --> 00:05:17,075
hundred and 40 bucks a year or something.
139
00:05:17,234 --> 00:05:19,419
It's like 12 bucks a month. And
140
00:05:19,954 --> 00:05:22,423
they will monitor a bunch of that stuff
141
00:05:22,423 --> 00:05:24,653
as well so that if I didn't actually
142
00:05:24,653 --> 00:05:26,245
have free which. I'm like, you. I feel
143
00:05:26,245 --> 00:05:28,095
like, I've had free forever. But then if
144
00:05:28,095 --> 00:05:30,894
there is a case where, like, me or
145
00:05:30,894 --> 00:05:32,654
1 of the kids or my wife or
146
00:05:32,654 --> 00:05:33,394
we have
147
00:05:33,694 --> 00:05:35,886
identity stolen, they are also
148
00:05:36,263 --> 00:05:39,131
will help resolve it, take care of any
149
00:05:39,131 --> 00:05:39,631
issues,
150
00:05:40,406 --> 00:05:42,477
get identities back, all of that. And again,
151
00:05:42,636 --> 00:05:44,802
kinda operating on the assumption that it's out
152
00:05:44,802 --> 00:05:46,474
there. And if it happens,
153
00:05:46,952 --> 00:05:47,770
it's a relatively
154
00:05:48,146 --> 00:05:50,853
small price to pay. Because everything I've heard
155
00:05:50,853 --> 00:05:53,177
that if your identity does get stolen, it
156
00:05:53,177 --> 00:05:55,246
can be a nightmare to get everything un
157
00:05:55,246 --> 00:05:58,292
entangled by yourself. Yeah. So I've never done
158
00:05:58,428 --> 00:06:01,069
identity theft in insurance. So last time I
159
00:06:01,069 --> 00:06:02,581
looked into it, and again, this could be
160
00:06:02,740 --> 00:06:04,195
Us specific. The
161
00:06:04,809 --> 00:06:05,309
insurance
162
00:06:05,764 --> 00:06:07,490
was very, like
163
00:06:07,849 --> 00:06:10,725
specific in the legal east in that they
164
00:06:10,725 --> 00:06:12,084
would provide you coverage,
165
00:06:12,563 --> 00:06:15,220
but the coverage around costs
166
00:06:15,691 --> 00:06:18,785
was related to the recovery process.
167
00:06:19,181 --> 00:06:21,164
After you've become a victim of Vice theft,
168
00:06:21,402 --> 00:06:22,299
it's not
169
00:06:22,769 --> 00:06:23,269
the
170
00:06:24,048 --> 00:06:25,187
recovery of funds
171
00:06:25,966 --> 00:06:26,285
prior,
172
00:06:27,244 --> 00:06:29,082
we which is a little bit weird. So
173
00:06:29,082 --> 00:06:31,240
say somebody spending money on a credit card
174
00:06:31,240 --> 00:06:31,740
for
175
00:06:32,132 --> 00:06:34,358
illegally for, like, the past year, and they've
176
00:06:34,358 --> 00:06:36,584
rung up, like, 50 k and in fraudulent
177
00:06:36,584 --> 00:06:36,981
purchases.
178
00:06:37,538 --> 00:06:39,707
The 50 k in pro fraudulent purchases
179
00:06:40,161 --> 00:06:40,956
isn't what's covered.
180
00:06:41,608 --> 00:06:44,240
What's covered is the time and the money
181
00:06:44,240 --> 00:06:44,740
to
182
00:06:45,118 --> 00:06:47,032
get that fixed. So you're still on the
183
00:06:47,032 --> 00:06:48,787
hook for the fraudulent service or you still
184
00:06:48,787 --> 00:06:49,983
need to go and work that out with
185
00:06:49,983 --> 00:06:53,182
your financial provider. And I couldn't find any...
186
00:06:53,420 --> 00:06:54,771
So so maybe you and I left to
187
00:06:54,771 --> 00:06:56,440
chat offline. Maybe you found a better option
188
00:06:56,440 --> 00:06:57,871
or maybe you found 1 that did kinda,
189
00:06:57,951 --> 00:06:59,635
like, work through this. But it seems to
190
00:06:59,635 --> 00:07:02,337
be a pretty big loophole in coverage in
191
00:07:02,337 --> 00:07:04,563
that, like, you're effectively still on the hook
192
00:07:04,563 --> 00:07:06,709
for the fraudulent purchases. It's more about, like,
193
00:07:07,026 --> 00:07:07,901
recovery afterwards.
194
00:07:08,313 --> 00:07:09,982
Which in my mind, I'm like, hey, recovery.
195
00:07:10,141 --> 00:07:12,049
Wouldn't does that mean covering the fraudulent purchases?
196
00:07:12,287 --> 00:07:13,639
It does not... I'd have to look at
197
00:07:13,639 --> 00:07:15,649
when this starts. The 1 I have
198
00:07:16,103 --> 00:07:16,603
is
199
00:07:16,977 --> 00:07:20,487
up to 2000000 dollars for stolen funds and
200
00:07:20,487 --> 00:07:23,665
expenses. So again, when that starts if it,
201
00:07:23,744 --> 00:07:25,754
like, is retroactive to
202
00:07:26,144 --> 00:07:29,185
when it was originally started or once they
203
00:07:29,185 --> 00:07:30,865
discover the fraud, if it's only stolen funds
204
00:07:30,865 --> 00:07:33,264
and expenses after you discover it, but, yeah,
205
00:07:33,425 --> 00:07:35,277
we can talk more about this 1. And
206
00:07:35,277 --> 00:07:36,792
maybe throw some links in the show notes
207
00:07:36,792 --> 00:07:39,184
if other people are interested. So 1 other
208
00:07:39,184 --> 00:07:41,597
security topic, unless you wanna talk more about
209
00:07:41,655 --> 00:07:43,982
identity theft and data breaches I had an
210
00:07:43,982 --> 00:07:46,475
interesting 1 in my Microsoft 3 65 tenant
211
00:07:46,692 --> 00:07:49,801
today. Actually. Are you spam again? I am
212
00:07:49,801 --> 00:07:52,689
still absolutely getting spam Although I finally got
213
00:07:52,689 --> 00:07:54,449
the first 1 to go to quarantine, I've
214
00:07:54,449 --> 00:07:58,209
had a crazy spam problem coming from a
215
00:07:58,209 --> 00:08:00,702
dot on Microsoft dot com account Neither here
216
00:08:00,702 --> 00:08:02,375
nor there, but this is 1, I got
217
00:08:02,375 --> 00:08:04,288
an alert Microsoft defender, and I'm not gonna
218
00:08:04,288 --> 00:08:06,280
share this 1 because of information that's in
219
00:08:06,280 --> 00:08:07,396
it, but essentially,
220
00:08:07,969 --> 00:08:09,966
I got an alert this morning that 1
221
00:08:09,966 --> 00:08:10,786
of my
222
00:08:11,165 --> 00:08:12,384
guests users
223
00:08:12,763 --> 00:08:13,822
in my tenant
224
00:08:14,361 --> 00:08:14,861
that
225
00:08:15,493 --> 00:08:17,799
I had shared something with that Truth told
226
00:08:17,799 --> 00:08:19,071
it was like 5 or 6 years ago.
227
00:08:19,230 --> 00:08:21,377
So this is a lesson learned. 5 or
228
00:08:21,377 --> 00:08:23,069
6 years ago that I shared
229
00:08:23,459 --> 00:08:25,295
I invited them to a team channel. The
230
00:08:25,295 --> 00:08:27,689
team channel has long. The team has gone,
231
00:08:27,928 --> 00:08:29,444
I think the team has gone or archived.
232
00:08:29,683 --> 00:08:30,960
The channels got her archived,
233
00:08:31,454 --> 00:08:33,529
It was for some training stuff so nothing
234
00:08:33,529 --> 00:08:35,604
in there, but I got an alert that
235
00:08:35,764 --> 00:08:38,078
I had a user account in my tenant,
236
00:08:38,637 --> 00:08:42,336
accessing my tenant from tour Ip address. And
237
00:08:42,711 --> 00:08:44,380
when it it looked in, I will say
238
00:08:44,380 --> 00:08:45,811
defender did a good job, like it picked
239
00:08:45,811 --> 00:08:47,561
it up pretty quick based on all the
240
00:08:47,561 --> 00:08:49,094
audit logs, like, within
241
00:08:49,563 --> 00:08:50,063
seconds
242
00:08:50,516 --> 00:08:52,977
of the first activity. And actually went in
243
00:08:52,977 --> 00:08:54,248
and deleted the guest user.
244
00:08:55,598 --> 00:08:57,995
Just remove them from my tenant cleaned it
245
00:08:57,995 --> 00:09:00,297
all up. I didn't even recognize the username.
246
00:09:00,456 --> 00:09:02,282
So first I was like, oh, who is
247
00:09:02,282 --> 00:09:04,108
this guest username my tenant? I did some
248
00:09:04,108 --> 00:09:06,510
searching figured out when I had interacted with
249
00:09:06,510 --> 00:09:08,822
them when I had invited them, good thing
250
00:09:08,822 --> 00:09:10,257
is again, It didn't have any access to
251
00:09:10,257 --> 00:09:12,091
anything in the tenant because everything is long
252
00:09:12,091 --> 00:09:13,787
since come gone. But
253
00:09:14,179 --> 00:09:15,878
It appears because this
254
00:09:16,337 --> 00:09:19,054
credential was also used like, 4 different times,
255
00:09:19,214 --> 00:09:20,653
and this is part of why I got
256
00:09:20,653 --> 00:09:22,731
picked up to 4 different times in the
257
00:09:22,731 --> 00:09:23,770
course of a few seconds,
258
00:09:24,261 --> 00:09:24,761
to
259
00:09:25,371 --> 00:09:26,743
access my tenant
260
00:09:27,194 --> 00:09:28,937
as a guest, and it looks like it
261
00:09:28,937 --> 00:09:31,260
was probably in teams from, like, 4 different
262
00:09:31,647 --> 00:09:33,473
countries. Welcome to the fund that is be
263
00:09:33,473 --> 00:09:36,092
being on AAA tour. Right? And Right. The
264
00:09:36,092 --> 00:09:37,917
layers of the onion and and how all
265
00:09:37,917 --> 00:09:40,479
that comes together. It's an interesting thing. So
266
00:09:40,479 --> 00:09:41,995
so it's funny you bring this up. We
267
00:09:41,995 --> 00:09:45,104
do annual security training. And part of... Well,
268
00:09:45,583 --> 00:09:47,178
I mean, we do it more manually. But
269
00:09:47,178 --> 00:09:49,506
part of the latest round of security training.
270
00:09:50,224 --> 00:09:52,697
Actually had a section in there that talked
271
00:09:52,697 --> 00:09:53,575
about guest users.
272
00:09:54,133 --> 00:09:54,633
And
273
00:09:55,821 --> 00:09:59,019
actions that we as employees need to take
274
00:09:59,392 --> 00:10:03,043
when we're dealing with guest users and things
275
00:10:03,043 --> 00:10:03,519
like teams.
276
00:10:04,249 --> 00:10:06,961
So it's a very manual process. Right? Like,
277
00:10:07,041 --> 00:10:08,715
if you finished a project, like, you said,
278
00:10:08,795 --> 00:10:10,869
you've done all the things. You've archived the
279
00:10:10,869 --> 00:10:13,501
team, you've archived the channel. Like, it turns
280
00:10:13,501 --> 00:10:15,342
out you actually do have to go and,
281
00:10:15,421 --> 00:10:19,146
like, explicitly revoke access from those users to
282
00:10:19,146 --> 00:10:21,049
kinda clean it all up. Feels like a
283
00:10:21,049 --> 00:10:23,606
great space for, like, an Is or somebody
284
00:10:23,606 --> 00:10:26,571
to step in. Just have, like, the tenant
285
00:10:26,707 --> 00:10:29,729
monitoring blah blah blah. I'm surprised Microsoft doesn't
286
00:10:29,729 --> 00:10:31,815
have it and, like, some kind like, built
287
00:10:31,815 --> 00:10:35,254
in life cycle management for guests, but a
288
00:10:35,254 --> 00:10:37,355
lot of the onus is still on individuals
289
00:10:37,415 --> 00:10:39,750
who are spinning these things up. Have the
290
00:10:39,750 --> 00:10:41,750
context. Like, I get why it's hard automate.
291
00:10:41,990 --> 00:10:43,750
You don't know. Like a guess Google dormant
292
00:10:43,750 --> 00:10:45,269
for 2 months, and it turns out maybe
293
00:10:45,269 --> 00:10:47,429
they're needed later kinda thing, whatever. Yeah. Well
294
00:10:47,429 --> 00:10:49,596
it's a hard problem. It feels like a
295
00:10:49,596 --> 00:10:51,821
sol 1 as well. May maybe an Ai
296
00:10:51,821 --> 00:10:53,410
could solve it for us who knows. Yep.
297
00:10:53,569 --> 00:10:54,919
And I haven't not done this in mind.
298
00:10:55,158 --> 00:10:56,826
Maybe we should do a podcast on this.
299
00:10:57,318 --> 00:10:59,247
They have, like, their life cycle
300
00:11:00,018 --> 00:11:03,115
workflows in their identity governance, and the access
301
00:11:03,115 --> 00:11:06,150
reviews, which I would say get close. I
302
00:11:06,150 --> 00:11:08,461
don't know that you could build a full
303
00:11:08,461 --> 00:11:09,200
life cycle
304
00:11:09,656 --> 00:11:13,242
workflow. Because life cycle workflows are usually more
305
00:11:13,242 --> 00:11:14,379
onboarding new hires
306
00:11:15,329 --> 00:11:16,708
group membership changes,
307
00:11:17,247 --> 00:11:18,626
off boarding employees,
308
00:11:19,084 --> 00:11:22,040
off boarding employee, off boarding employee. It doesn't
309
00:11:22,040 --> 00:11:24,047
look like And I've looked at these some,
310
00:11:24,206 --> 00:11:25,320
you can do it for guest users.
311
00:11:25,956 --> 00:11:27,626
Access reviews, I know you can set up
312
00:11:27,626 --> 00:11:30,011
for guest users that are guests of teams
313
00:11:30,011 --> 00:11:30,886
and groups.
314
00:11:31,619 --> 00:11:32,119
Where
315
00:11:32,578 --> 00:11:34,496
it would, like, every 3 months that essentially
316
00:11:34,496 --> 00:11:36,733
goes through a team in or a Microsoft
317
00:11:36,733 --> 00:11:39,664
3 65 group, re really? Because that's the
318
00:11:39,942 --> 00:11:41,928
identity structure under the team. And you can
319
00:11:41,928 --> 00:11:44,890
set those up for guests and say, every
320
00:11:45,025 --> 00:11:47,170
so often looks roll my teams with guests
321
00:11:47,170 --> 00:11:48,917
and send notifications to the owners,
322
00:11:49,489 --> 00:11:51,487
Does this guest delete access to this team
323
00:11:51,487 --> 00:11:54,763
group? If not, like, by default, delete them
324
00:11:54,763 --> 00:11:58,454
or by default, leave them or after the
325
00:11:58,454 --> 00:12:01,091
owner hasn't set it for so long or
326
00:12:01,091 --> 00:12:03,408
responded for so long, escalated it to somebody
327
00:12:03,408 --> 00:12:04,707
else, but it isn't
328
00:12:05,486 --> 00:12:05,986
necessarily
329
00:12:06,699 --> 00:12:08,136
I think it falls a little short, and
330
00:12:08,136 --> 00:12:10,711
then it doesn't have that ability to necessarily
331
00:12:10,929 --> 00:12:13,164
delete the guest from your tenant. Kinda like
332
00:12:13,164 --> 00:12:14,520
mine was. The team was gone.
333
00:12:15,014 --> 00:12:16,692
An access review could cleaned them up from
334
00:12:16,692 --> 00:12:18,690
the team, and I think I may even
335
00:12:18,690 --> 00:12:20,608
manually cleaned them up from the team, but
336
00:12:20,608 --> 00:12:23,245
they're still stuck in intra, and even you
337
00:12:23,245 --> 00:12:25,332
like At Microsoft, you're not gonna have the
338
00:12:25,332 --> 00:12:27,642
ability to go into entrant and delete remove
339
00:12:27,642 --> 00:12:30,828
users. So it does have to fall to
340
00:12:30,828 --> 00:12:33,494
an admin. Yeah. You really need like, holistic.
341
00:12:34,190 --> 00:12:35,785
You almost want like all the life cycle
342
00:12:35,785 --> 00:12:38,816
management components to come together. So, like, life
343
00:12:38,816 --> 00:12:41,528
cycle for my team, life cycle for the
344
00:12:41,528 --> 00:12:42,746
data and the
345
00:12:43,058 --> 00:12:45,209
That exist in there. Life cycle for the
346
00:12:45,209 --> 00:12:48,497
users, all the way back down to the
347
00:12:48,555 --> 00:12:51,618
identity store, be it And and Id or
348
00:12:51,754 --> 00:12:54,379
or whatever kind of thing. Especially for like,
349
00:12:54,538 --> 00:12:57,257
these more, like, project driven workflows, like you
350
00:12:57,257 --> 00:12:59,084
really would wanna. I think, like, you know,
351
00:12:59,163 --> 00:13:01,547
it'd be an interesting world where you come
352
00:13:01,547 --> 00:13:02,897
in and you say, hey, I'm spending up
353
00:13:02,897 --> 00:13:05,121
a new project and that thing automatically creates
354
00:13:05,121 --> 00:13:06,764
a team, and it has some metadata that's
355
00:13:06,884 --> 00:13:08,555
says here's the start date. Here's the end
356
00:13:08,555 --> 00:13:10,067
date. And then once you hit the end
357
00:13:10,067 --> 00:13:11,659
date, if you haven't extended it, then it
358
00:13:11,659 --> 00:13:14,285
goes and kinda runs the machine and does
359
00:13:14,285 --> 00:13:16,275
all the other stuff behind it, but it
360
00:13:16,275 --> 00:13:18,682
says humans are bad at managing information. I've
361
00:13:18,682 --> 00:13:20,278
learned that very well over the course of
362
00:13:20,278 --> 00:13:20,597
my career,
363
00:13:21,474 --> 00:13:23,628
myself included. You know, sometimes you need, like,
364
00:13:23,867 --> 00:13:25,941
the state machine to come and kick things
365
00:13:25,941 --> 00:13:28,029
and move it forward and get it going.
366
00:13:28,189 --> 00:13:30,741
So... Tl, these things are gonna continue to
367
00:13:30,741 --> 00:13:32,198
happen. They'll continue to be an
368
00:13:32,575 --> 00:13:35,446
issue, be vigilant even in your own tenants.
369
00:13:35,686 --> 00:13:38,488
Yes. And I will give props to defender.
370
00:13:38,648 --> 00:13:40,001
It did a good job. It caught it.
371
00:13:40,161 --> 00:13:42,072
It deleted it, and then right from within
372
00:13:42,072 --> 00:13:44,063
the incident that it generated. I was able
373
00:13:44,063 --> 00:13:44,381
to go,
374
00:13:45,033 --> 00:13:46,464
I reviewed all my logs. I'm like, okay.
375
00:13:46,782 --> 00:13:47,497
Did this user...
376
00:13:47,974 --> 00:13:50,995
Is there data? This guest account accessible. It
377
00:13:50,995 --> 00:13:52,585
was in there? Was there data that was
378
00:13:52,585 --> 00:13:54,929
still shared with this guest account. Like everything
379
00:13:55,067 --> 00:13:55,625
came back,
380
00:13:56,183 --> 00:13:58,177
like, there was nothing there. For all I
381
00:13:58,177 --> 00:14:00,250
knew it was still the user that happened
382
00:14:00,250 --> 00:14:02,005
to be on a to network with his
383
00:14:02,005 --> 00:14:03,542
company account, and
384
00:14:03,934 --> 00:14:07,790
opened up teams and hit my tenant because
385
00:14:08,169 --> 00:14:10,246
once you're a guest, you have, like, a
386
00:14:10,246 --> 00:14:13,700
gazillion different teams, in your tenancy and all
387
00:14:13,700 --> 00:14:15,539
it does is just taking it opening up,
388
00:14:15,700 --> 00:14:18,580
trying to re in teams to. Yep, pop
389
00:14:18,580 --> 00:14:20,671
that up. But yes, Looks like have a
390
00:14:20,671 --> 00:14:22,265
safe, but it... It's a new 1 for
391
00:14:22,265 --> 00:14:24,177
me. I had not ever seen that before.
392
00:14:24,496 --> 00:14:26,966
So like you said, be wary with guest
393
00:14:26,966 --> 00:14:29,459
accounts. And their life cycle and how you
394
00:14:29,459 --> 00:14:31,459
manage them? Be beware with your own user
395
00:14:31,459 --> 00:14:33,459
accounts too. No Limited it to guests. That
396
00:14:33,459 --> 00:14:35,220
as well. Be wary with all the accounts.
397
00:14:35,632 --> 00:14:37,779
Yeah. I think people forget about guest accounts.
398
00:14:38,097 --> 00:14:40,004
An easy 1 to slip your mind especially
399
00:14:40,004 --> 00:14:41,674
when you just shared an document with 1
400
00:14:41,674 --> 00:14:43,979
and didn't, like, that whole process of now
401
00:14:43,979 --> 00:14:45,741
they're guest accounts. I do like the 1
402
00:14:45,741 --> 00:14:48,678
time passcode stuff from that perspective where there
403
00:14:48,678 --> 00:14:50,106
is some sharing now you can do where
404
00:14:50,106 --> 00:14:52,090
it doesn't create a guest account. It's just
405
00:14:52,090 --> 00:14:54,413
like a 1 time Act. Cisco code, you
406
00:14:54,413 --> 00:14:56,730
get it and that also can help with
407
00:14:56,730 --> 00:14:59,127
some of that. So with that, 20 minutes
408
00:14:59,127 --> 00:15:02,012
later, good conversation. Should we jump into our
409
00:15:02,012 --> 00:15:04,395
topic that we had planned for today? Jump
410
00:15:04,395 --> 00:15:05,587
into this 1 a little bit? You put
411
00:15:05,587 --> 00:15:07,175
all this work into planning. We should get
412
00:15:07,175 --> 00:15:08,605
to it. We should get to it. And
413
00:15:08,605 --> 00:15:09,894
it's still kinda released. To this.
414
00:15:13,804 --> 00:15:15,959
Do you feel overwhelmed by trying to manage
415
00:15:15,959 --> 00:15:18,788
your office 3 65 environments are you facing
416
00:15:18,925 --> 00:15:21,495
unexpected issues that disrupt your company's productivity?
417
00:15:21,951 --> 00:15:23,783
Intelligent is here to help much like you
418
00:15:23,783 --> 00:15:25,694
take your car to the mechanic that has
419
00:15:25,694 --> 00:15:28,015
specialized knowledge, how to best keep your car
420
00:15:28,015 --> 00:15:31,112
running, intelligent helps you with your Microsoft cloud
421
00:15:31,112 --> 00:15:34,447
environment because that's their expertise. Intelligent keeps up
422
00:15:34,447 --> 00:15:36,693
with the latest updates in the Microsoft cloud
423
00:15:36,693 --> 00:15:39,006
to help keep your business running smoothly and
424
00:15:39,006 --> 00:15:40,680
ahead of the curve. Whether you are a
425
00:15:40,680 --> 00:15:43,073
small organization with just a few users up
426
00:15:43,073 --> 00:15:46,504
to an organization several thousand employees. They want
427
00:15:46,504 --> 00:15:48,828
to partner with you to implement and administer
428
00:15:48,963 --> 00:15:50,653
your Microsoft cloud technology
429
00:15:51,026 --> 00:15:54,476
of Visit them at intelligent dot com slash
430
00:15:54,476 --> 00:16:00,150
podcast that's INTELLIGINK
431
00:16:00,150 --> 00:16:02,021
dot com slash podcast
432
00:16:02,396 --> 00:16:04,464
for more information or to schedule a 30
433
00:16:04,464 --> 00:16:06,373
minute call to get started with them today.
434
00:16:06,930 --> 00:16:09,805
Remember intelligent jake focuses on the Microsoft cloud,
435
00:16:09,964 --> 00:16:11,790
so you can focus on your business.
436
00:16:14,172 --> 00:16:17,133
So this was an article, take from Tech
437
00:16:17,133 --> 00:16:19,929
nut that popped up, and it brought up
438
00:16:19,929 --> 00:16:22,806
an interesting conversation. It was from June 26.
439
00:16:22,965 --> 00:16:25,051
So this was few weeks ago now, but
440
00:16:25,051 --> 00:16:26,881
it's moved to the cloud or move to
441
00:16:26,881 --> 00:16:27,381
cloud
442
00:16:27,756 --> 00:16:29,926
authentication with the the Ad
443
00:16:30,698 --> 00:16:32,153
or active directory
444
00:16:32,703 --> 00:16:33,602
Federation services,
445
00:16:34,299 --> 00:16:37,251
migration tool. So this was an announcement that
446
00:16:37,251 --> 00:16:39,325
the migration tool for Ad fast,
447
00:16:39,897 --> 00:16:43,399
to move their apps to Microsoft Enter. Id
448
00:16:43,399 --> 00:16:46,104
is now generally available. They can update identity
449
00:16:46,104 --> 00:16:46,604
management,
450
00:16:47,153 --> 00:16:48,130
they announced
451
00:16:48,585 --> 00:16:51,845
the Efs application migration moving to public freebie
452
00:16:51,845 --> 00:16:53,595
back in November, all of that. We can
453
00:16:53,595 --> 00:16:55,106
talk about the tool, But what I think
454
00:16:55,106 --> 00:16:57,820
is interesting about this, Scott. And we talked
455
00:16:57,820 --> 00:17:00,282
about this a little bit is further down
456
00:17:00,282 --> 00:17:03,163
in this article, they have a diagram with
457
00:17:03,378 --> 00:17:04,092
Ad efs,
458
00:17:04,743 --> 00:17:05,243
and
459
00:17:05,697 --> 00:17:07,787
enter Id in highlighting
460
00:17:08,479 --> 00:17:10,410
limitations of not transforming
461
00:17:11,500 --> 00:17:12,000
to
462
00:17:12,469 --> 00:17:15,248
and try Id and benefits moving to Id,
463
00:17:15,565 --> 00:17:17,789
but then they also label Ad is the
464
00:17:17,789 --> 00:17:19,774
old way in try Id as the new
465
00:17:19,774 --> 00:17:20,830
way, and
466
00:17:21,283 --> 00:17:21,734
this
467
00:17:22,094 --> 00:17:25,527
spurred a very immediate comment on the article.
468
00:17:25,846 --> 00:17:28,720
Given this new tool, the age complexity, security
469
00:17:28,720 --> 00:17:31,115
limitations of ad fast and improve technology being
470
00:17:31,115 --> 00:17:33,527
available, Do you consider a road map on
471
00:17:33,607 --> 00:17:36,563
Ad s d fabrication? And we started talking
472
00:17:36,563 --> 00:17:38,801
a little bit? Or 1 about this tool
473
00:17:38,801 --> 00:17:41,842
but too about Ad efs and try,
474
00:17:42,557 --> 00:17:44,965
comparing them as 2 different ways of
475
00:17:45,816 --> 00:17:47,327
authentication, especially in old way in a new
476
00:17:47,327 --> 00:17:49,648
way, And I would say even more so
477
00:17:49,648 --> 00:17:52,989
that in my head, this triggers eye old
478
00:17:52,989 --> 00:17:54,421
way new way, but it's also...
479
00:17:54,834 --> 00:17:57,149
Is Microsoft saying on prem is the old
480
00:17:57,149 --> 00:17:59,863
way cloud is the new way versus some
481
00:17:59,863 --> 00:18:02,098
of these where it's... They're still providing an
482
00:18:02,098 --> 00:18:04,988
on prem solution. This is almost starting to
483
00:18:04,988 --> 00:18:06,346
say, and I think where this comment is
484
00:18:06,346 --> 00:18:08,923
coming from is, is the on prem
485
00:18:09,462 --> 00:18:12,271
identity for something like Ad efs or a
486
00:18:12,271 --> 00:18:14,346
lot going away and interest going to be
487
00:18:14,346 --> 00:18:16,820
the only way forward or there's a lot
488
00:18:16,820 --> 00:18:19,568
of questions, I think. Around
489
00:18:19,942 --> 00:18:21,769
just the way some of this was labeled.
490
00:18:22,008 --> 00:18:23,756
And I still have customers on Ad s
491
00:18:23,756 --> 00:18:25,266
2, which makes me think about it. I
492
00:18:25,266 --> 00:18:26,194
don't think this is
493
00:18:26,633 --> 00:18:29,984
too different than what everybody's been hearing for
494
00:18:29,984 --> 00:18:32,856
years now. In that there's a focus on
495
00:18:32,856 --> 00:18:35,347
the cloud and cloud services. And, you know,
496
00:18:35,427 --> 00:18:36,945
it's kind of a a funny list if
497
00:18:36,945 --> 00:18:39,022
you go and and look at their they're
498
00:18:39,022 --> 00:18:41,273
framing for old way in new way, like,
499
00:18:41,512 --> 00:18:44,403
you could apply just about any of these
500
00:18:44,780 --> 00:18:45,280
benefits
501
00:18:45,736 --> 00:18:47,967
to any cloud solution.
502
00:18:48,938 --> 00:18:51,081
Over to, like, remove Ad fast from it.
503
00:18:51,240 --> 00:18:52,430
Right and so, like, they talk about, like
504
00:18:52,430 --> 00:18:54,494
the new way and the benefits. So benefits,
505
00:18:54,732 --> 00:18:57,841
more agile than responsive Ai future ready. Whatever.
506
00:18:58,000 --> 00:18:59,506
We'll throw the Ai thing out the window
507
00:18:59,506 --> 00:19:01,568
for a second, but more agile and responsive,
508
00:19:01,964 --> 00:19:04,598
sure. Like, if there's an evergreen service that's
509
00:19:04,598 --> 00:19:07,304
constantly being updated in the cloud, that's gonna
510
00:19:07,304 --> 00:19:09,396
be more responsive. That could be
511
00:19:09,851 --> 00:19:12,023
ent, that could be exchange
512
00:19:12,575 --> 00:19:14,654
that could be your toaster fridge in the
513
00:19:14,654 --> 00:19:16,815
corner and it's firmware, like, like, whatever it
514
00:19:16,815 --> 00:19:19,534
is. Right? Like, like those things. If they're
515
00:19:19,534 --> 00:19:22,105
running and somebody else responsible for running them
516
00:19:22,105 --> 00:19:24,256
in their data center. Like, they're gonna be
517
00:19:24,256 --> 00:19:26,725
more agile more up to date. Reduce costs
518
00:19:26,725 --> 00:19:29,592
and operational complexity. Again, that's not Ad efs
519
00:19:29,592 --> 00:19:33,276
specific. It's you're just removing the costs and
520
00:19:33,276 --> 00:19:37,026
the Capex and Op associated with running on
521
00:19:37,026 --> 00:19:39,454
prem kit. So, hey, I don't need to
522
00:19:39,830 --> 00:19:42,778
lease new servers. I don't need to worry
523
00:19:42,778 --> 00:19:44,394
about getting the latest
524
00:19:44,770 --> 00:19:47,810
version of that load balance or or whatever
525
00:19:47,810 --> 00:19:49,397
it happens to be those kinds of things.
526
00:19:50,190 --> 00:19:51,404
Requirements around
527
00:19:51,777 --> 00:19:53,442
where data is home.
528
00:19:53,839 --> 00:19:55,446
So you know, if you think about, like,
529
00:19:55,925 --> 00:19:56,425
try
530
00:19:56,803 --> 00:19:59,515
versus on prem. Well, on prem. Everything's gotta
531
00:19:59,515 --> 00:20:01,270
be an active directory. And then you go,
532
00:20:01,350 --> 00:20:03,357
well, Great Scott, Like, everything's gotta be an
533
00:20:03,357 --> 00:20:05,111
intro Id in in in the cloud. Isn't
534
00:20:05,111 --> 00:20:05,669
it the same.
535
00:20:06,466 --> 00:20:09,197
Yeah, kinda sorta of not really though because
536
00:20:09,747 --> 00:20:13,323
entry Id is more than 80 domain accounts.
537
00:20:13,641 --> 00:20:14,141
It's
538
00:20:14,515 --> 00:20:17,152
devices. It's this whole other world of like,
539
00:20:17,787 --> 00:20:21,065
constructs and personas and and types of things
540
00:20:21,756 --> 00:20:22,256
that
541
00:20:22,630 --> 00:20:24,589
exist out there. And then in the last
542
00:20:24,629 --> 00:20:27,737
benefit they had was eliminating vulnerable assets. I
543
00:20:27,737 --> 00:20:30,447
kinda put that back under the hidden costs
544
00:20:30,447 --> 00:20:32,772
of maintenance of on prem things. Benefit you're
545
00:20:32,772 --> 00:20:34,439
moving at a different pace. Somebody else is
546
00:20:34,439 --> 00:20:37,456
responsible for the the security and all the
547
00:20:37,456 --> 00:20:39,679
other things around it. So in Ad s
548
00:20:39,837 --> 00:20:42,560
Land, like, you're like, well, Microsoft is still
549
00:20:42,560 --> 00:20:44,234
responsible for the security either way, whether it's
550
00:20:44,314 --> 00:20:46,545
Ad efs or whether it's enter in the
551
00:20:46,545 --> 00:20:49,347
cloud. Yes and no. Like, they're responsible for
552
00:20:49,347 --> 00:20:51,972
the software, but you're responsible for deploying the
553
00:20:51,972 --> 00:20:54,938
software. You're responsible for deploying all the,
554
00:20:55,408 --> 00:20:57,875
surrounding kit on those things. Right? Because it's
555
00:20:57,875 --> 00:21:00,979
not just an Ad f server. It's usually
556
00:21:00,979 --> 00:21:03,366
multiple Ad f servers. Usually those sit behind
557
00:21:03,366 --> 00:21:06,349
a load balance. There's probably also, like, firewalls
558
00:21:06,646 --> 00:21:09,754
and Ips, Ids, things like that in in
559
00:21:09,754 --> 00:21:11,666
line in there that all need to be
560
00:21:11,666 --> 00:21:12,724
updated and
561
00:21:13,180 --> 00:21:15,349
configured as well. How I think it was
562
00:21:15,349 --> 00:21:16,970
interesting just to kinda see the
563
00:21:17,269 --> 00:21:17,769
framing
564
00:21:18,230 --> 00:21:21,190
of this. But clearly, there's a desire to,
565
00:21:21,349 --> 00:21:22,950
you know, shift customers away.
566
00:21:23,524 --> 00:21:25,759
From on prem. And then the reality is,
567
00:21:25,839 --> 00:21:27,435
like, once you're in enter in the cloud,
568
00:21:27,595 --> 00:21:29,111
like, you're probably not going back the other
569
00:21:29,111 --> 00:21:30,947
way either. I would agree on those benefits
570
00:21:30,947 --> 00:21:33,114
and how they framed it It's an interesting
571
00:21:33,114 --> 00:21:35,583
comparison to make and. I have started having
572
00:21:35,583 --> 00:21:38,052
these conversations with some of my customers that
573
00:21:38,052 --> 00:21:39,804
are like, we wanna start getting off of
574
00:21:39,964 --> 00:21:43,477
Ed efs. But I've also had conversations. I
575
00:21:43,477 --> 00:21:45,248
don't know that I have any customers
576
00:21:46,337 --> 00:21:47,529
that I've had it with that I have
577
00:21:47,608 --> 00:21:50,726
Ad fest today, but there is... Also still
578
00:21:50,726 --> 00:21:53,438
a few feature gaps. I would say between
579
00:21:53,518 --> 00:21:55,990
Ad ass and and try d. I don't
580
00:21:55,990 --> 00:21:57,267
know what all of them are because I
581
00:21:57,267 --> 00:21:59,181
don't do a ton with Ad ass, most
582
00:21:59,181 --> 00:22:00,793
of my customers that have it. I know
583
00:22:00,793 --> 00:22:02,551
it's there and we've done some work with
584
00:22:02,551 --> 00:22:04,789
it. But I do know 1 that. This
585
00:22:04,789 --> 00:22:06,467
is an interesting 1 that comes up over
586
00:22:06,467 --> 00:22:09,216
and over and over again is customers limiting
587
00:22:09,984 --> 00:22:10,484
the
588
00:22:11,014 --> 00:22:11,514
time
589
00:22:11,885 --> 00:22:14,975
that people can log in to a service.
590
00:22:15,134 --> 00:22:18,021
Like these employees are only allowed to log
591
00:22:18,021 --> 00:22:20,178
in between 8AM and 5PM.
592
00:22:20,498 --> 00:22:24,425
And there's been various requirements that make valid
593
00:22:24,425 --> 00:22:26,019
sense for that. It actually makes sense from
594
00:22:26,019 --> 00:22:28,888
a security perspective. Right? Like, some of my
595
00:22:28,888 --> 00:22:31,142
workers that are maybe scheduled to
596
00:22:31,774 --> 00:22:32,913
work a particular
597
00:22:33,612 --> 00:22:34,831
shift or
598
00:22:35,450 --> 00:22:38,566
work certain hours and should not be accessing
599
00:22:38,566 --> 00:22:40,660
company data outside of those hours, Some of
600
00:22:40,660 --> 00:22:41,880
that I've heard around
601
00:22:42,420 --> 00:22:45,059
need to pay them over time if they're
602
00:22:45,059 --> 00:22:47,554
accessing company data outside of work hours. Some
603
00:22:47,554 --> 00:22:49,070
of it could be a security thing. If
604
00:22:49,070 --> 00:22:50,426
they're on the clock, they can access data,
605
00:22:50,585 --> 00:22:53,138
but I don't want them logging in anywhere
606
00:22:53,138 --> 00:22:55,067
else when they're not at work. You could
607
00:22:55,067 --> 00:22:57,057
argue well you can do device join and
608
00:22:57,057 --> 00:22:59,366
some of that. But that's 1 that has
609
00:22:59,366 --> 00:23:00,481
come up a lot. And I'm like, yeah.
610
00:23:00,720 --> 00:23:02,153
There isn't the way to sell that right
611
00:23:02,153 --> 00:23:04,480
now and enter. And I do know that
612
00:23:04,480 --> 00:23:05,677
can be solved with Ad s.
613
00:23:07,273 --> 00:23:09,347
Because that's been the answer for a long
614
00:23:09,347 --> 00:23:09,986
time. So...
615
00:23:10,558 --> 00:23:12,069
Again, maybe some of these will start coming
616
00:23:12,069 --> 00:23:14,296
to Intro. If anybody's listening on the enter
617
00:23:14,296 --> 00:23:15,886
team and wants to add a new feature
618
00:23:15,886 --> 00:23:17,477
to Enter, you need something to add in
619
00:23:17,477 --> 00:23:20,195
this next fiscal year. Time bound logins to
620
00:23:20,195 --> 00:23:21,943
enter would be on a list of things
621
00:23:21,943 --> 00:23:23,930
that I've been asked about. That's an interesting
622
00:23:23,930 --> 00:23:26,416
1. So you're 1 of the few people
623
00:23:26,632 --> 00:23:27,132
who
624
00:23:27,918 --> 00:23:30,724
I've actually heard frame it as a
625
00:23:31,099 --> 00:23:34,120
business problem versus a security problem. So, like,
626
00:23:34,200 --> 00:23:35,392
if you go out and you'd look,
627
00:23:36,044 --> 00:23:37,481
We talked about this like, last week when
628
00:23:37,481 --> 00:23:39,078
we we're going it. So III was kinda
629
00:23:39,078 --> 00:23:40,595
looking around. I was like, you know, it's
630
00:23:40,595 --> 00:23:42,750
like, it makes sense. Like, why isn't it
631
00:23:42,750 --> 00:23:44,506
there? I can see it, like, based on
632
00:23:44,506 --> 00:23:47,231
the way you framed it. And everything that
633
00:23:47,311 --> 00:23:50,258
I saw, every time somebody asks about this,
634
00:23:50,975 --> 00:23:54,321
they often frame it in context of security.
635
00:23:54,815 --> 00:23:56,974
Where they're like, oh, this person not being
636
00:23:56,974 --> 00:23:59,075
able to log in at this time is
637
00:23:59,454 --> 00:24:02,015
more secure, or I only want admins to
638
00:24:02,015 --> 00:24:03,134
be able to log in into these times.
639
00:24:03,295 --> 00:24:05,783
Like, And from that lens, it's like, well,
640
00:24:05,943 --> 00:24:07,937
no. Not really. It's more like security through
641
00:24:07,937 --> 00:24:09,851
obscurity. Right? Because once you're in with the
642
00:24:09,851 --> 00:24:11,366
access rates you have, it doesn't matter if
643
00:24:11,366 --> 00:24:13,360
you're doing that at 12AM or 12PM,
644
00:24:13,855 --> 00:24:16,174
like, in is in kind of thing. Right.
645
00:24:16,414 --> 00:24:18,095
So from a security lens, like,
646
00:24:19,375 --> 00:24:21,215
yeah. It probably doesn't make a ton of
647
00:24:21,215 --> 00:24:23,225
sense Like, I'm I'm sure there's somebody out
648
00:24:23,225 --> 00:24:24,501
there who can rationalize the way into it.
649
00:24:24,900 --> 00:24:26,336
But, like, it's just soft to cough, Like,
650
00:24:26,655 --> 00:24:29,207
doesn't make a ton of sense from a
651
00:24:29,207 --> 00:24:31,541
security perspective. Like, it's more a
652
00:24:31,934 --> 00:24:33,390
a piece of business
653
00:24:33,767 --> 00:24:34,267
functionality.
654
00:24:34,643 --> 00:24:36,555
And then that actually makes it I think
655
00:24:36,555 --> 00:24:39,917
harder to prioritize in today's world, So, like,
656
00:24:40,076 --> 00:24:41,988
you know, we opened with the whole credential
657
00:24:41,988 --> 00:24:44,241
theft thing. So with
658
00:24:45,174 --> 00:24:48,441
And Microsoft being the provider of that service.
659
00:24:49,013 --> 00:24:51,898
Do you want them to spend time on
660
00:24:52,431 --> 00:24:52,931
a
661
00:24:53,703 --> 00:24:56,247
user nice, like, time based to access control?
662
00:24:56,898 --> 00:24:59,067
Or do you want them to focus on
663
00:24:59,202 --> 00:25:01,825
better audit logs and better restrictions and being
664
00:25:01,825 --> 00:25:04,447
able to catch people on to networks or
665
00:25:04,447 --> 00:25:05,583
the traffic from
666
00:25:05,892 --> 00:25:08,352
China or rogue actor, things like that. Like,
667
00:25:08,431 --> 00:25:10,176
most people are gonna say, like, no. I
668
00:25:10,176 --> 00:25:12,557
actually wanna focus on the security stuff. So
669
00:25:12,557 --> 00:25:15,856
that's where the time, like, continues to go
670
00:25:16,233 --> 00:25:18,705
and lean into. Maybe this manifests in other
671
00:25:18,705 --> 00:25:20,061
ways. Like, I I don't know if it
672
00:25:20,061 --> 00:25:22,215
ever becomes, like, a core intra thing. Maybe
673
00:25:22,215 --> 00:25:23,592
it shows up as
674
00:25:24,144 --> 00:25:27,487
you know, something inside of conditional access. Like,
675
00:25:27,646 --> 00:25:29,022
they used to have the
676
00:25:29,397 --> 00:25:32,103
configure... What were they, like, the adaptive session
677
00:25:32,103 --> 00:25:34,846
lifetimes and things like that. So they've had
678
00:25:35,142 --> 00:25:37,686
kind of ish features like this, but they're
679
00:25:37,686 --> 00:25:39,992
like, all almost not quite kinds of things.
680
00:25:40,469 --> 00:25:42,139
We'll see. And I think to thing for
681
00:25:42,139 --> 00:25:44,144
you to do as customers to, like, frame
682
00:25:44,144 --> 00:25:46,565
that out and think about it too is
683
00:25:47,345 --> 00:25:48,565
what's the Roi?
684
00:25:48,945 --> 00:25:51,025
Am I getting it out of it. You
685
00:25:51,025 --> 00:25:52,865
know, you're using Ad efs for this thing
686
00:25:52,865 --> 00:25:54,878
today, is the writing on the wall that
687
00:25:54,878 --> 00:25:56,875
eventually Ad efs goes away. I don't know.
688
00:25:57,195 --> 00:25:59,512
But Ad efs also isn't getting meaningful improvements.
689
00:25:59,752 --> 00:26:02,045
So at some point you're gonna kinda be
690
00:26:02,323 --> 00:26:04,549
left behind. And this same thing has happened
691
00:26:04,549 --> 00:26:07,729
with, like, Sharepoint, with exchange, with all these
692
00:26:07,729 --> 00:26:09,795
other things. You're just seeing it on kind
693
00:26:09,795 --> 00:26:11,249
of a a different timeline
694
00:26:11,799 --> 00:26:12,299
and
695
00:26:12,756 --> 00:26:16,105
potentially a different scale depending on your organization
696
00:26:16,105 --> 00:26:18,578
and and kinda your applications you host in
697
00:26:18,578 --> 00:26:20,252
your company and and the way you do
698
00:26:20,252 --> 00:26:21,265
business. So
699
00:26:21,781 --> 00:26:22,679
we'll see
700
00:26:23,054 --> 00:26:24,246
where it bake out.
701
00:26:24,803 --> 00:26:26,711
I don't know. Maybe somebody will step in
702
00:26:26,711 --> 00:26:28,619
at some point, like, even if Ad f
703
00:26:28,619 --> 00:26:31,285
goes away. I don't think the ability for
704
00:26:31,503 --> 00:26:34,534
ent intro to be a modern identity provider
705
00:26:34,534 --> 00:26:37,166
and support things like Sam off and replying
706
00:26:37,166 --> 00:26:39,160
parties. Like, I don't think that goes away.
707
00:26:39,654 --> 00:26:41,490
So maybe there's an opportunity where even like,
708
00:26:41,730 --> 00:26:43,566
another 1 of, like, the cloud vendors picks
709
00:26:43,566 --> 00:26:45,721
it up, like, say, like, an O or
710
00:26:45,721 --> 00:26:47,797
something like that. So if you maybe fed
711
00:26:47,797 --> 00:26:48,435
through O,
712
00:26:48,929 --> 00:26:49,888
Oracle Id,
713
00:26:50,367 --> 00:26:52,525
maybe, you know, say there's a theoretical world
714
00:26:52,525 --> 00:26:55,002
where Ad goes away. Does that mean, everybody
715
00:26:55,002 --> 00:26:57,014
goes to oracle Id or sale pointers. Something.
716
00:26:57,253 --> 00:26:58,769
I don't know. You know, we'll see. It's
717
00:26:58,769 --> 00:27:00,286
interesting And does that mean...
718
00:27:01,243 --> 00:27:03,638
I mean, I feel like almost every organization
719
00:27:03,638 --> 00:27:05,729
has something in the cloud But does it
720
00:27:05,729 --> 00:27:08,525
also mean for, like, companies that have been
721
00:27:08,525 --> 00:27:10,203
purely on prem if this goes away and
722
00:27:10,203 --> 00:27:13,400
stops being supported, something like an authentication server,
723
00:27:13,814 --> 00:27:15,572
You shouldn't run any software out of support
724
00:27:15,572 --> 00:27:18,210
for security reasons. I feel like authentication servers
725
00:27:18,210 --> 00:27:19,728
or maybe on another level? Kind of a
726
00:27:19,728 --> 00:27:22,125
important. Right. Is it gonna start pushing some
727
00:27:22,125 --> 00:27:22,525
companies?
728
00:27:23,018 --> 00:27:24,999
Dan. Like, are they gonna get some kickback?
729
00:27:25,237 --> 00:27:27,059
I know at 1 point in time, there
730
00:27:27,059 --> 00:27:28,407
was, like, this is the last version of
731
00:27:28,486 --> 00:27:29,834
Sharepoint on prem ever.
732
00:27:30,404 --> 00:27:32,074
And then there were a bunch of customers
733
00:27:32,074 --> 00:27:35,018
that said, can we rethink that? And low
734
00:27:35,018 --> 00:27:36,790
and behold we had Sharepoint.
735
00:27:37,739 --> 00:27:39,814
Subscription edition, I can't remember if there was
736
00:27:39,814 --> 00:27:41,729
even like a Sharepoint 20 19 and then
737
00:27:41,809 --> 00:27:44,442
Sharepoint subscription edition after that, how the timing
738
00:27:44,442 --> 00:27:46,472
of that worked, But I would
739
00:27:46,844 --> 00:27:49,303
imagine that. And again, this is not... Don't
740
00:27:49,303 --> 00:27:51,388
interpret this as Ad s is going away
741
00:27:51,444 --> 00:27:53,426
because there has been no announcements about it.
742
00:27:53,838 --> 00:27:56,779
But it definitely feels like it's Microsoft trying
743
00:27:56,779 --> 00:27:57,438
to push
744
00:27:57,812 --> 00:28:00,038
everybody to the cloud for authentication, which good
745
00:28:00,038 --> 00:28:02,285
or bad. I mean, space at Microsoft was
746
00:28:02,285 --> 00:28:04,365
also in the news for security stuff over
747
00:28:04,365 --> 00:28:06,785
the course of the last 6 months. So
748
00:28:07,644 --> 00:28:09,884
I don't know. Definitely an interesting discussion and
749
00:28:09,965 --> 00:28:11,500
I say especially if you do have an
750
00:28:11,500 --> 00:28:13,919
ad f server. And again, I've had these
751
00:28:13,980 --> 00:28:15,579
conversations already with my clients is,
752
00:28:16,140 --> 00:28:18,674
do you need to start thinking about... Let's
753
00:28:19,115 --> 00:28:22,174
enter in replacing Ad s with Ent. And
754
00:28:22,394 --> 00:28:24,315
they're all already in the cloud. This has
755
00:28:24,315 --> 00:28:25,994
already been conversations that have come up for
756
00:28:25,994 --> 00:28:28,329
that reason because as they've migrated work workloads
757
00:28:28,329 --> 00:28:29,948
to the cloud, and
758
00:28:30,407 --> 00:28:33,284
there are challenges that have also come up
759
00:28:33,284 --> 00:28:35,681
with Ad aws from their perspective where their
760
00:28:35,681 --> 00:28:38,251
like it probably is smart, for us to
761
00:28:38,251 --> 00:28:39,843
look at getting rid of our Ad f
762
00:28:39,843 --> 00:28:41,617
servers and migrate to
763
00:28:42,232 --> 00:28:44,382
given that we're already in the cloud already
764
00:28:44,382 --> 00:28:46,069
doing a bunch of stuff for Azure well,
765
00:28:46,308 --> 00:28:48,940
Azure ad with Id, all of that. But
766
00:28:49,100 --> 00:28:50,536
I will say, well we have a few
767
00:28:50,536 --> 00:28:53,428
more minutes, this also led us to
768
00:28:53,806 --> 00:28:56,614
this tool, I gotta find it. And I
769
00:28:56,614 --> 00:28:58,451
was trying to remember if I've seen this
770
00:28:58,451 --> 00:29:01,487
website before Scott. It is set up dot
771
00:29:01,487 --> 00:29:04,688
cloud dot Microsoft. And then in this tool,
772
00:29:04,847 --> 00:29:06,592
there is a migrate from Ad to my
773
00:29:06,592 --> 00:29:09,210
Microsoft and Id for identity management, and this
774
00:29:09,210 --> 00:29:12,638
is the website. And the sub site within
775
00:29:12,638 --> 00:29:15,815
the website that this blog post redirected us
776
00:29:15,815 --> 00:29:17,664
to where it's like a
777
00:29:18,594 --> 00:29:20,514
it's an interesting tool We'll put it at
778
00:29:20,514 --> 00:29:22,601
that. It's not necessarily a
779
00:29:22,973 --> 00:29:24,957
click through and go connect to my tenant,
780
00:29:25,116 --> 00:29:27,337
like, maybe I anticipated it was,
781
00:29:27,893 --> 00:29:31,025
but it's a guide where, like, on the
782
00:29:31,025 --> 00:29:32,244
first page, it's
783
00:29:32,545 --> 00:29:34,964
for all types of migrations. The following Ad
784
00:29:35,025 --> 00:29:37,902
scenarios can't be migrated to end. So it
785
00:29:37,902 --> 00:29:39,513
does start right off with
786
00:29:40,123 --> 00:29:40,623
certain
787
00:29:41,075 --> 00:29:42,741
cases and it gives you a bullet list
788
00:29:42,741 --> 00:29:43,796
there of,
789
00:29:44,344 --> 00:29:46,417
these can't be migrated to Ad s and
790
00:29:46,417 --> 00:29:48,411
then some stuff are on staged rollout. And
791
00:29:48,411 --> 00:29:49,927
if the too select to none of the
792
00:29:49,927 --> 00:29:51,682
scenarios apply to my org and I'm ready
793
00:29:51,682 --> 00:29:54,249
to move forward, then you can go to
794
00:29:54,249 --> 00:29:56,957
the next page, which then walks you through.
795
00:29:57,195 --> 00:29:59,186
It's almost like a questionnaire of, then what
796
00:29:59,186 --> 00:30:01,018
types of apps are using. They're using office
797
00:30:01,018 --> 00:30:02,872
apps, non Microsoft apps
798
00:30:03,263 --> 00:30:05,353
Based on those it's an conditional checkbox
799
00:30:05,887 --> 00:30:06,387
of
800
00:30:07,080 --> 00:30:08,454
Is your Ad efs
801
00:30:08,988 --> 00:30:12,010
implementation integrated with Microsoft Enter multi factor authentication
802
00:30:12,010 --> 00:30:14,740
server, which has been d by the way.
803
00:30:16,740 --> 00:30:19,059
And based on what you select there. So
804
00:30:19,059 --> 00:30:21,894
it's it's like a walk through of
805
00:30:22,427 --> 00:30:25,051
getting you ready for it. And then I
806
00:30:25,051 --> 00:30:26,721
believe once you get far enough we found
807
00:30:26,721 --> 00:30:27,618
it, does
808
00:30:27,993 --> 00:30:28,493
provide,
809
00:30:29,186 --> 00:30:31,505
like, some scripts you can run links out
810
00:30:31,505 --> 00:30:32,164
to different
811
00:30:32,855 --> 00:30:33,355
documentation
812
00:30:33,729 --> 00:30:34,229
to
813
00:30:35,159 --> 00:30:38,454
begin your... Some actual migration. And,
814
00:30:38,828 --> 00:30:40,734
again, not necessarily the tool I was thinking
815
00:30:40,734 --> 00:30:42,402
where it's gonna, like, do a bunch of
816
00:30:42,402 --> 00:30:43,911
migrations of apps for you and grab all
817
00:30:43,911 --> 00:30:44,570
the metadata,
818
00:30:44,960 --> 00:30:46,880
and copy it from your Ad f server
819
00:30:46,880 --> 00:30:49,519
maybe into entrance and start creating applications there
820
00:30:49,519 --> 00:30:53,619
and automate the migration, but walks you through
821
00:30:54,094 --> 00:30:56,168
I would say better than maybe the Microsoft
822
00:30:56,168 --> 00:30:58,560
learn documentation does around some of the steps
823
00:30:58,560 --> 00:31:00,895
and what you need to think about to
824
00:31:01,113 --> 00:31:03,585
actually manage this migration and go forward with
825
00:31:03,585 --> 00:31:03,665
that.
826
00:31:04,714 --> 00:31:06,544
Migration. I think it abstracts away just like,
827
00:31:06,703 --> 00:31:08,873
on the front, like some of the complexities
828
00:31:09,088 --> 00:31:11,417
of thinking about, like, sam assertion,
829
00:31:12,190 --> 00:31:13,578
Ad what are the
830
00:31:14,428 --> 00:31:16,651
potential, like, claim rules that need to be
831
00:31:16,651 --> 00:31:17,151
augmented?
832
00:31:17,762 --> 00:31:19,509
Like, how do I swing things? How do
833
00:31:19,588 --> 00:31:21,255
I roll back? Like, it's not the most.
834
00:31:21,509 --> 00:31:25,269
Like un complicated scenario to swing your identity
835
00:31:25,723 --> 00:31:27,790
from 1 side to the other and get
836
00:31:27,790 --> 00:31:29,380
it to where it needs to be. So
837
00:31:29,380 --> 00:31:30,510
it's know I think it depends on the
838
00:31:30,510 --> 00:31:32,739
kind of admin you are, like, hopefully, if
839
00:31:32,739 --> 00:31:35,685
you're maintaining Ad fast infrastructure, like, you know
840
00:31:35,685 --> 00:31:37,278
all this stuff and you know how to
841
00:31:37,278 --> 00:31:39,201
go in and like, augment claims roll with
842
00:31:39,201 --> 00:31:42,060
your eyes closed. If you don't, then, you
843
00:31:42,060 --> 00:31:44,681
know, wizards like this are kind of nice
844
00:31:44,681 --> 00:31:47,063
for you to keep you there. Like, maybe
845
00:31:47,063 --> 00:31:48,511
somebody else set it up, and it's just,
846
00:31:48,590 --> 00:31:50,741
like a piece of infrastructure to your portfolio.
847
00:31:51,219 --> 00:31:52,972
You need to go back and maintain it
848
00:31:52,972 --> 00:31:54,007
and get it to where it needs to
849
00:31:54,007 --> 00:31:56,090
be. So I kinda go both ways with
850
00:31:56,090 --> 00:31:57,362
it. Like, 1, it's nice to have to
851
00:31:57,362 --> 00:31:59,429
wizard, but the other... The reality is, like,
852
00:31:59,667 --> 00:32:01,097
you're gonna end up in those deep dive
853
00:32:01,097 --> 00:32:01,892
docks anyway.
854
00:32:02,543 --> 00:32:03,653
At the end of the day to get
855
00:32:03,653 --> 00:32:05,478
to get where you need to be. This
856
00:32:05,478 --> 00:32:07,724
site, the the whole setup dot cloud dot
857
00:32:07,779 --> 00:32:10,342
Microsoft dot thing. Set up dot cloud dot
858
00:32:10,397 --> 00:32:12,570
Microsoft was interesting me. Like, I never really...
859
00:32:12,970 --> 00:32:14,730
I mean, maybe at some point, like they
860
00:32:14,730 --> 00:32:17,450
announced this thing or somebody knew existed. I
861
00:32:17,450 --> 00:32:19,609
couldn't remember it existed or that it was
862
00:32:19,609 --> 00:32:21,860
out there but there's just all sorts of
863
00:32:21,860 --> 00:32:22,360
different
864
00:32:22,817 --> 00:32:25,451
kind of migration guides. They're they're all in
865
00:32:25,451 --> 00:32:28,575
these, like, wizard driven interfaces, right. And so
866
00:32:28,575 --> 00:32:31,354
it's like, weird stuff, like, configuring high mode
867
00:32:31,354 --> 00:32:34,847
for Microsoft edge. There's a 0 trust setup
868
00:32:34,847 --> 00:32:36,855
guide. You can do things by categories.
869
00:32:37,244 --> 00:32:38,198
So you can go in and look at
870
00:32:38,198 --> 00:32:39,630
like, hey. I wanna look at, like a
871
00:32:39,630 --> 00:32:42,653
guide for identity, which would be things like
872
00:32:42,732 --> 00:32:46,339
Ad cleanup, so wanna do security. You mentioned
873
00:32:46,339 --> 00:32:49,299
defender, like, kudos to defender, Like, hey, Guess
874
00:32:49,299 --> 00:32:51,539
what? There... There's a guy. There's a scenario
875
00:32:51,539 --> 00:32:53,013
guide in here. For
876
00:32:53,470 --> 00:32:55,940
defender for identity, for defender for Office 3
877
00:32:55,940 --> 00:32:56,498
65,
878
00:32:56,897 --> 00:32:59,208
defender for cloud apps. There's a bunch of
879
00:32:59,208 --> 00:33:02,722
intune stuff with Md. There's per stuff for
880
00:33:02,722 --> 00:33:03,119
compliance.
881
00:33:03,676 --> 00:33:05,686
There's team stuff for
882
00:33:06,696 --> 00:33:09,098
collaboration and voice Right? So, like, how do
883
00:33:09,098 --> 00:33:11,805
you configure teams for a frontline workforce? As
884
00:33:11,805 --> 00:33:13,557
a guide that they they have in here.
885
00:33:13,796 --> 00:33:15,547
They have a bunch of employee experience stuff?
886
00:33:15,786 --> 00:33:18,273
Like, don't think I've ever seen engage insights
887
00:33:18,273 --> 00:33:21,862
goals, like, Fifa engage, insights, v insights, Vivo
888
00:33:21,862 --> 00:33:24,255
goals, all that stuff, like wrap together in
889
00:33:24,255 --> 00:33:26,582
1 place like this, product driven guides it's
890
00:33:26,582 --> 00:33:28,412
a really kind of a weird site, and
891
00:33:28,412 --> 00:33:29,389
then it replicates
892
00:33:29,765 --> 00:33:32,970
some other functionality as well and potentially
893
00:33:34,079 --> 00:33:34,579
strange
894
00:33:35,118 --> 00:33:36,796
ways. So, like, 1 of the ones you
895
00:33:36,796 --> 00:33:38,155
and I were talking about when where we're
896
00:33:38,155 --> 00:33:39,913
really looking at this previously was when you
897
00:33:39,913 --> 00:33:42,230
do office deployments with the office deployment tool
898
00:33:42,230 --> 00:33:44,737
in O t, you have to create some
899
00:33:44,873 --> 00:33:47,814
xml to pump into your Ot t file
900
00:33:47,814 --> 00:33:50,039
that Xml defines configuration for your office client.
901
00:33:50,198 --> 00:33:50,277
Like,
902
00:33:51,087 --> 00:33:52,598
what are the things that I'm saw? I'm
903
00:33:52,598 --> 00:33:53,972
oh, I'm only gonna saw,
904
00:33:54,346 --> 00:33:56,890
excel and word here? And I'm gonna have
905
00:33:56,890 --> 00:33:58,480
this turned on. I want a 32 bit.
906
00:33:58,734 --> 00:34:01,451
64 bit architecture, blah all those things. So
907
00:34:01,451 --> 00:34:02,809
usually, the way you would do that is
908
00:34:02,809 --> 00:34:05,047
there's actually an entire, like, setup and provisioning
909
00:34:05,047 --> 00:34:06,805
engine. That's part of the admin center,
910
00:34:07,299 --> 00:34:09,451
the interesting thing about the 1 that sits
911
00:34:09,451 --> 00:34:12,081
over here is this 1 sits outside the
912
00:34:12,081 --> 00:34:13,516
admin center, and you can do it all
913
00:34:13,516 --> 00:34:16,083
una a authenticated. Right? Just come in and
914
00:34:16,083 --> 00:34:17,522
spin up the Xml and get it out
915
00:34:17,522 --> 00:34:19,519
the other side. But then it not only
916
00:34:19,519 --> 00:34:20,798
gives you the Xml. It gives you a
917
00:34:20,798 --> 00:34:22,876
whole other set of, like, powershell scripts that
918
00:34:22,876 --> 00:34:25,277
are bespoke, for you to actually go and
919
00:34:25,277 --> 00:34:27,817
do the Odd deployment, it's really kind of
920
00:34:27,817 --> 00:34:28,556
a weird
921
00:34:29,008 --> 00:34:29,508
du
922
00:34:29,882 --> 00:34:30,120
thing.
923
00:34:31,231 --> 00:34:32,795
I don't know. But if nobody's seen it
924
00:34:32,994 --> 00:34:35,149
I did like, like, the wizard driven interface,
925
00:34:35,547 --> 00:34:37,463
the next next next, like, hey, Explain it
926
00:34:37,463 --> 00:34:38,740
to me as I go kind of thing,
927
00:34:38,900 --> 00:34:40,496
like some of that was nice. Again, It
928
00:34:40,496 --> 00:34:42,750
felt like... Even though it duplicated it it
929
00:34:42,750 --> 00:34:44,349
puts some of that in, I would say
930
00:34:44,349 --> 00:34:46,190
more logical order if you're brand new to
931
00:34:46,190 --> 00:34:47,550
it. To your point if you've been doing
932
00:34:47,550 --> 00:34:49,563
this for a while, I don't know. Like
933
00:34:49,563 --> 00:34:52,377
you and I how beneficial this really is
934
00:34:52,515 --> 00:34:54,907
because it does... I would say it tends
935
00:34:54,907 --> 00:34:56,104
to focus on a little bit more of
936
00:34:56,104 --> 00:34:58,736
the basic stuff. Deployed the Microsoft 3 65
937
00:34:58,736 --> 00:35:00,824
apps, I didn't know look what was in
938
00:35:00,824 --> 00:35:02,896
there like for defender. Set up your 0
939
00:35:02,976 --> 00:35:05,367
Trust security model. That 1 be interesting to
940
00:35:05,367 --> 00:35:06,881
walk through to see how detailed that 1
941
00:35:06,881 --> 00:35:07,120
gets.
942
00:35:07,693 --> 00:35:10,242
Deploying configure defender for endpoint, defender for Office
943
00:35:10,242 --> 00:35:11,358
3 65,
944
00:35:11,916 --> 00:35:14,226
analyze security posture. And like you said, some
945
00:35:14,226 --> 00:35:15,739
of the stuff that's in here, then you
946
00:35:15,739 --> 00:35:17,906
have that mixed in with die mode for
947
00:35:17,906 --> 00:35:19,442
edge. I don't
948
00:35:19,977 --> 00:35:21,650
I don't know, Scott. You know, you gotta
949
00:35:21,650 --> 00:35:23,164
sprinkle the legacy in there with the new
950
00:35:23,164 --> 00:35:25,333
stuff. It's it's it's 5. To play and
951
00:35:25,333 --> 00:35:27,810
configure edge with a step by step experience.
952
00:35:28,609 --> 00:35:32,045
Microsoft search setup guide is somehow under edge.
953
00:35:32,539 --> 00:35:34,289
Don't know that I would consider Microsoft search
954
00:35:34,289 --> 00:35:36,278
setup up got under edge, but we'll go
955
00:35:36,278 --> 00:35:38,903
with it. Yeah. I would say worth exploring.
956
00:35:39,222 --> 00:35:41,952
There's... 61 different guides in here, so it
957
00:35:41,952 --> 00:35:43,411
is not gonna be
958
00:35:44,030 --> 00:35:45,249
all inclusive.
959
00:35:46,268 --> 00:35:48,505
Tell me everything I need to know about
960
00:35:48,505 --> 00:35:49,955
deploying Microsoft 36C5?
961
00:35:50,193 --> 00:35:51,699
There might be couple in here that you
962
00:35:51,699 --> 00:35:53,918
find interesting. Preview security are the big ones,
963
00:35:54,077 --> 00:35:55,979
V. Yeah. There's 9 of them for Viva.
964
00:35:56,930 --> 00:35:58,771
C There was a bunch of. Is it
965
00:35:58,771 --> 00:35:59,645
insights goals,
966
00:36:00,360 --> 00:36:02,187
engaged that they were all there. There's 1
967
00:36:02,187 --> 00:36:04,649
for Am 2 Scott, which technically isn't even
968
00:36:04,649 --> 00:36:07,048
a product anymore. Just in case. I mean,
969
00:36:07,287 --> 00:36:08,802
just in case someone's still using the upper.
970
00:36:08,962 --> 00:36:11,592
Yes. Which has steve engage. Just think we've
971
00:36:11,592 --> 00:36:14,405
engaged. Let's just rec categorize it. Yeah. So
972
00:36:14,463 --> 00:36:15,101
nifty tools.
973
00:36:15,594 --> 00:36:17,989
If you are still any D ass, you're
974
00:36:17,989 --> 00:36:21,182
looking to migrate. There's a click through to
975
00:36:21,182 --> 00:36:23,417
maybe help you, I would say to help
976
00:36:23,417 --> 00:36:25,348
you think through it. But given some of
977
00:36:25,348 --> 00:36:26,706
these, I would also say if you're on
978
00:36:26,786 --> 00:36:29,423
Ad ass, and especially if you're already using
979
00:36:29,743 --> 00:36:30,802
Ent for
980
00:36:31,500 --> 00:36:34,460
identity, this is probably something you wanna start
981
00:36:34,460 --> 00:36:36,449
thinking about doing. Or even start to think
982
00:36:36,449 --> 00:36:38,994
about, like, how you scope those things down
983
00:36:38,994 --> 00:36:41,396
and segment them to? I think... Some folks
984
00:36:41,396 --> 00:36:41,714
view,
985
00:36:42,271 --> 00:36:44,738
identity is, like, an all or nothing scenario.
986
00:36:45,454 --> 00:36:47,524
And, you know, so, like, all my users
987
00:36:47,524 --> 00:36:48,994
are in the con
988
00:36:49,450 --> 00:36:50,349
domain. Therefore
989
00:36:50,805 --> 00:36:52,399
everyone has to authenticate through 3 D efs?
990
00:36:52,877 --> 00:36:55,347
Well, maybe maybe not. Right? Like, you might
991
00:36:55,347 --> 00:36:57,509
want more security for, like, your admins and
992
00:36:57,509 --> 00:37:00,289
your admin accounts and maybe that actually requires,
993
00:37:00,448 --> 00:37:01,742
like, a different
994
00:37:02,116 --> 00:37:04,474
tenant with a different configuration and maybe the
995
00:37:04,594 --> 00:37:06,508
that stuff does go through Ad efs or
996
00:37:06,508 --> 00:37:08,125
it goes through some other
997
00:37:08,661 --> 00:37:10,496
security token service. Right? That can just sit
998
00:37:10,496 --> 00:37:12,489
out there as a relying party and and
999
00:37:12,489 --> 00:37:14,574
do what it needs to do. I live
1000
00:37:14,574 --> 00:37:17,217
in that world for sure. I have multiple
1001
00:37:17,986 --> 00:37:20,763
Pcs for my employer. Like, I have basically,
1002
00:37:20,922 --> 00:37:23,162
like my prod identity. And then I have
1003
00:37:23,162 --> 00:37:25,635
another, like, admin identity, and that's the thing
1004
00:37:25,635 --> 00:37:28,108
that gets me into the admin stuff. But
1005
00:37:28,108 --> 00:37:30,420
the admin stuff actually happens on, like, at
1006
00:37:30,420 --> 00:37:33,802
this point, a dedicated machine. It flows through
1007
00:37:34,096 --> 00:37:36,874
its own dedicated identity provider, like, all, all
1008
00:37:36,874 --> 00:37:38,699
these different things. Like, it is truly, like,
1009
00:37:39,016 --> 00:37:39,516
segmented.
1010
00:37:40,064 --> 00:37:41,653
And I think that's kinda funny too. Like,
1011
00:37:41,812 --> 00:37:43,401
that very much reminds me of, like, the
1012
00:37:43,401 --> 00:37:45,308
old school worlds. We're like, hey, we used
1013
00:37:45,308 --> 00:37:47,294
to have separate, like, user Ids and admin
1014
00:37:47,453 --> 00:37:48,977
Ids and then for a while, we've... Floated
1015
00:37:48,977 --> 00:37:50,010
back. And we said, well, why do you
1016
00:37:50,010 --> 00:37:51,360
really need an admin id when you can
1017
00:37:51,360 --> 00:37:52,710
just pi in and you can do all
1018
00:37:52,710 --> 00:37:54,695
this other stuff. Right? And it turns out
1019
00:37:54,695 --> 00:37:56,600
that III now live in a world where
1020
00:37:56,759 --> 00:37:58,762
I still have separate Ids floated I still
1021
00:37:58,762 --> 00:38:00,597
have to pi in, but when I pi
1022
00:38:00,597 --> 00:38:02,830
in, I'm not only logged into my admin
1023
00:38:02,830 --> 00:38:04,824
account, but then I'm still pi or doing,
1024
00:38:04,984 --> 00:38:06,021
like, just in time,
1025
00:38:06,579 --> 00:38:08,823
request or things like that. Even on that
1026
00:38:08,823 --> 00:38:11,282
admin account for the additional layer that goes
1027
00:38:11,282 --> 00:38:13,820
in there. It's all just very cyclical. Right?
1028
00:38:13,979 --> 00:38:14,851
We always come back around.
1029
00:38:15,565 --> 00:38:15,803
Yes.
1030
00:38:16,374 --> 00:38:18,525
And then you set up different authentication or
1031
00:38:18,525 --> 00:38:21,813
different Mfa options for your admin account that
1032
00:38:21,950 --> 00:38:24,499
to make Mfa more secure for admin versus
1033
00:38:24,499 --> 00:38:26,983
normal user and there's all. Kinds of things.
1034
00:38:27,381 --> 00:38:28,814
And I've started doing some of that too.
1035
00:38:29,052 --> 00:38:30,485
I've seen some of the security stuff, and
1036
00:38:30,644 --> 00:38:32,794
I now have 2 accounts, my end and
1037
00:38:32,794 --> 00:38:35,356
1 has Pam it requires strong Mfa. My
1038
00:38:35,356 --> 00:38:37,266
normal 1, not quite as.
1039
00:38:37,902 --> 00:38:40,131
Not quite the same level of Mfa requirements.
1040
00:38:41,739 --> 00:38:44,699
It's a thing. So, like, separate identities, separate
1041
00:38:44,699 --> 00:38:45,199
devices.
1042
00:38:45,739 --> 00:38:47,519
I saw the other day that
1043
00:38:48,059 --> 00:38:50,792
it looks like Microsoft is position for, like,
1044
00:38:51,031 --> 00:38:53,603
employees in China that they can only use
1045
00:38:53,740 --> 00:38:54,240
iphones
1046
00:38:54,776 --> 00:38:57,325
due to security threat. I saw that. So
1047
00:38:57,325 --> 00:38:59,737
it's even coming down to potentially
1048
00:39:00,128 --> 00:39:02,677
that point as well. Not only, like, do
1049
00:39:02,677 --> 00:39:04,510
you have to use this identity in this
1050
00:39:04,510 --> 00:39:06,682
thing? You also have to
1051
00:39:07,218 --> 00:39:11,684
potentially use this device from this manufacturer, which
1052
00:39:11,684 --> 00:39:13,589
is kind of funny as well, like, not
1053
00:39:13,589 --> 00:39:15,731
like, funny sad, but more like, funny, like,
1054
00:39:16,366 --> 00:39:17,820
That was come all the way back around
1055
00:39:17,820 --> 00:39:19,579
to, like, you can use any device to
1056
00:39:19,579 --> 00:39:21,980
access anything, and now we're into, like, oh,
1057
00:39:22,059 --> 00:39:24,140
you must use this device kinda thing. Yeah.
1058
00:39:24,380 --> 00:39:26,311
This was I've mean, here's a news article
1059
00:39:26,311 --> 00:39:27,588
for it. I'm sure there's a better 1
1060
00:39:27,588 --> 00:39:29,104
out here because I think this came from
1061
00:39:29,104 --> 00:39:32,215
somewhere else. But Msn... Yeah. Microsoft employees in
1062
00:39:32,295 --> 00:39:34,717
China. Now have to use authentication apps installed
1063
00:39:35,170 --> 00:39:39,401
exclusively on iphone devices. Part of Microsoft secure
1064
00:39:39,536 --> 00:39:42,570
future initiative announced last year. We'll that 95
1065
00:39:42,650 --> 00:39:44,717
Mac reports. 9 to 5 Mac has some...
1066
00:39:45,115 --> 00:39:46,865
It's interesting what shows up on 9 to
1067
00:39:46,865 --> 00:39:49,903
5 Max sometimes go with that. So interesting.
1068
00:39:50,301 --> 00:39:51,437
Lots more always
1069
00:39:51,812 --> 00:39:52,312
always
1070
00:39:53,244 --> 00:39:55,574
something new to talk about with security and
1071
00:39:55,710 --> 00:39:55,789
authentication.
1072
00:39:56,744 --> 00:39:58,914
You know, it's... Just keep on coming. With
1073
00:39:58,914 --> 00:39:59,155
that,
1074
00:39:59,715 --> 00:40:00,375
I have
1075
00:40:00,755 --> 00:40:03,155
meetings, I actually have a presentation coming up.
1076
00:40:03,554 --> 00:40:05,715
Ironically enough. I have a presentation like 2
1077
00:40:05,715 --> 00:40:07,882
hours today, Scott. On Ad...
1078
00:40:08,598 --> 00:40:10,530
Id. No. Id best practices
1079
00:40:11,462 --> 00:40:13,928
or security best practices an Id. That is
1080
00:40:13,928 --> 00:40:15,853
some I have to spit into like, Step
1081
00:40:15,853 --> 00:40:18,086
1 do Ad efs? What what which which
1082
00:40:18,086 --> 00:40:19,840
way you lean in? No. My... Slide 1
1083
00:40:19,840 --> 00:40:22,391
is turn on Mfa. Slide 2 is turn
1084
00:40:22,391 --> 00:40:25,039
on Mfa. Slide 3 is... Turn on... No.
1085
00:40:25,519 --> 00:40:27,780
Sounds about right. Yeah. No. Mfa,
1086
00:40:28,239 --> 00:40:29,059
secure off,
1087
00:40:29,519 --> 00:40:32,159
or anti phishing Mfa because I have also
1088
00:40:32,159 --> 00:40:34,751
seen a lot of... Articles recently and how
1089
00:40:34,809 --> 00:40:37,601
actually scar easily it is to bypass,
1090
00:40:38,000 --> 00:40:41,212
certain M mfa methods. Oh, yeah. With the
1091
00:40:41,589 --> 00:40:43,079
can't... It's it's not
1092
00:40:43,519 --> 00:40:44,958
it's not called man in the middle, but
1093
00:40:44,958 --> 00:40:46,396
it's essentially a man in the middle and
1094
00:40:46,396 --> 00:40:48,974
stealing the session token and
1095
00:40:49,513 --> 00:40:51,431
the need for the anti phishing
1096
00:40:51,910 --> 00:40:54,070
Mfa. So I'm dying some about anti phishing
1097
00:40:54,467 --> 00:40:57,085
Mfa, the guest access thing I talked about
1098
00:40:57,085 --> 00:40:58,355
reviewing guests,
1099
00:40:58,831 --> 00:41:00,419
how long they've been in there who has
1100
00:41:00,419 --> 00:41:02,665
access. So Can't remember. And pull up my
1101
00:41:02,665 --> 00:41:04,500
slides. We can turn this into a future
1102
00:41:04,500 --> 00:41:06,675
podcast topic. Maybe, adjusting
1103
00:41:07,053 --> 00:41:09,142
authentication methods. Yeah. Limits me your admin roles,
1104
00:41:09,381 --> 00:41:11,135
some of the Pi stuff we talked about
1105
00:41:11,135 --> 00:41:12,331
auditing and alerting.
1106
00:41:12,810 --> 00:41:15,361
I might bring up, like, I'm borderline, like
1107
00:41:15,361 --> 00:41:17,409
some of the global secure access stuff, senior
1108
00:41:17,608 --> 00:41:18,347
best practice,
1109
00:41:19,121 --> 00:41:19,939
maybe borderline,
1110
00:41:20,315 --> 00:41:20,815
but
1111
00:41:21,349 --> 00:41:24,612
beneficial from a security perspective, probably. So I
1112
00:41:24,612 --> 00:41:26,216
have way more slides that I'm gonna cover
1113
00:41:26,216 --> 00:41:28,042
so I may kinda just pick and choose
1114
00:41:28,042 --> 00:41:30,186
through my slides as well as I. So
1115
00:41:30,186 --> 00:41:31,853
that's the rest of my Friday. And with
1116
00:41:31,853 --> 00:41:33,441
that, I'll let you go enjoy your Friday.
1117
00:41:33,917 --> 00:41:36,641
Sam like a plan. Thank you, Ben. Alright.
1118
00:41:36,880 --> 00:41:38,554
Thank you, and we will talk to you
1119
00:41:38,554 --> 00:41:38,873
again soon.
1120
00:41:41,185 --> 00:41:43,273
If you enjoyed the podcast, runs go leave
1121
00:41:43,273 --> 00:41:45,347
us a 5 star rating in itunes. It
1122
00:41:45,347 --> 00:41:46,862
helps to get the word out so more
1123
00:41:46,942 --> 00:41:49,414
It pros can learn about Office 3 65
1124
00:41:49,414 --> 00:41:49,973
in Azure.
1125
00:41:50,771 --> 00:41:52,286
If you have any questions you want us
1126
00:41:52,286 --> 00:41:54,538
to address on the show, or feedback about
1127
00:41:54,538 --> 00:41:56,856
the show, feel free to reach out via
1128
00:41:56,856 --> 00:41:59,013
our website, Twitter, or Facebook.
1129
00:41:59,493 --> 00:42:01,251
Thanks again for listening and have a great
1130
00:42:01,251 --> 00:42:01,411
day.
1131
00:42:02,610 --> 00:42:02,657
On
