1
00:00:03,520 --> 00:00:04,740
Welcome to episode
2
00:00:05,279 --> 00:00:08,419
382 of the Microsoft Cloud IT Pro Podcast,
3
00:00:08,639 --> 00:00:10,820
recorded live on August 9, 2024.
4
00:00:11,519 --> 00:00:13,775
This is a show about Microsoft 365
5
00:00:14,074 --> 00:00:16,154
and Azure from the perspective of IT pros
6
00:00:16,154 --> 00:00:18,394
and end users, where we discuss the topic
7
00:00:18,394 --> 00:00:20,314
or recent news and how it relates to
8
00:00:20,314 --> 00:00:23,434
you. Today, we start diving into tools for
9
00:00:23,434 --> 00:00:26,670
safeguarding your organization in the cloud first world,
10
00:00:27,050 --> 00:00:28,969
talking about some of the pros and cons
11
00:00:28,969 --> 00:00:30,890
as well as when you might want to
12
00:00:30,890 --> 00:00:33,609
use some of these various tools. We start
13
00:00:33,609 --> 00:00:36,909
off talking about security defaults in Microsoft EntraID
14
00:00:37,530 --> 00:00:39,375
before moving into conditional access.
15
00:00:39,935 --> 00:00:41,795
We wrap up the episode discussing
16
00:00:42,255 --> 00:00:44,994
Secure Score in Microsoft Defender XDR.
17
00:00:47,534 --> 00:00:50,274
Should we talk about something Microsoft 365 related?
18
00:00:50,414 --> 00:00:53,075
Let's get into it. M 365
19
00:00:53,454 --> 00:00:55,280
day. It Maybe a little bit of Azure.
20
00:00:55,280 --> 00:00:56,960
We'll see what we can work in. This
21
00:00:56,960 --> 00:00:58,259
might be a little bit
22
00:00:58,560 --> 00:01:01,679
of Entra stuff, which as we have discussed
23
00:01:01,679 --> 00:01:03,059
multiple times spans
24
00:01:03,520 --> 00:01:06,500
both Entra or both Microsoft 365
25
00:01:07,234 --> 00:01:09,974
and Azure. But this came from
26
00:01:10,435 --> 00:01:12,435
kinda some things that people have brought up,
27
00:01:12,435 --> 00:01:14,995
questions that have been asked, and it was
28
00:01:14,995 --> 00:01:17,655
around security. And I think the specific question,
29
00:01:17,795 --> 00:01:19,734
if I go pull it up, was
30
00:01:20,520 --> 00:01:23,480
somebody asked more how do you would or
31
00:01:23,480 --> 00:01:26,219
how would you how do you how to
32
00:01:26,760 --> 00:01:28,379
evaluate new tenants,
33
00:01:29,000 --> 00:01:29,500
evaluate
34
00:01:29,799 --> 00:01:30,299
security
35
00:01:31,079 --> 00:01:33,880
resources out there to get statuses on your
36
00:01:33,880 --> 00:01:34,380
tenant.
37
00:01:34,905 --> 00:01:36,424
Like, I went and stood up a brand
38
00:01:36,424 --> 00:01:38,825
new tenant, again, whether it be Azure or
39
00:01:38,825 --> 00:01:41,325
Microsoft 365, I have a brand new Entra.
40
00:01:41,864 --> 00:01:43,305
Where do I go from here from a
41
00:01:43,305 --> 00:01:46,525
security perspective? It's the gist of the question.
42
00:01:47,710 --> 00:01:50,670
It's an interesting question, right, especially in split
43
00:01:50,670 --> 00:01:53,650
brained land where, like you said, Entra comprises
44
00:01:54,510 --> 00:01:55,010
functionality
45
00:01:55,790 --> 00:01:57,490
across both the M365
46
00:01:58,189 --> 00:02:01,090
stack and Azure as well.
47
00:02:01,469 --> 00:02:04,875
Yeah. So security is like a far ranging
48
00:02:04,935 --> 00:02:07,415
topic, and I would preface all this with
49
00:02:07,415 --> 00:02:09,834
I am by no means a security expert.
50
00:02:10,134 --> 00:02:11,655
But that being said, like, there's a bunch
51
00:02:11,655 --> 00:02:13,675
of tools out there that are available
52
00:02:14,055 --> 00:02:15,354
to us mere mortals
53
00:02:16,599 --> 00:02:17,900
to help us rationalize
54
00:02:18,439 --> 00:02:19,340
current configuration.
55
00:02:19,719 --> 00:02:22,040
Hey. How does stuff look today? And then
56
00:02:22,040 --> 00:02:24,939
maybe for folks like me who aren't experts,
57
00:02:25,639 --> 00:02:27,740
what are some logical defaults
58
00:02:28,040 --> 00:02:30,199
or some things that I should think about
59
00:02:30,199 --> 00:02:31,180
going and configuring
60
00:02:31,775 --> 00:02:33,474
to improve the posture
61
00:02:34,014 --> 00:02:35,875
of the security configuration
62
00:02:36,335 --> 00:02:37,395
of my tenant.
63
00:02:37,935 --> 00:02:39,694
And to a certain degree, not even just
64
00:02:39,694 --> 00:02:42,415
my tenant, like, the users who interact with
65
00:02:42,415 --> 00:02:44,814
my tenant because users who interact with my
66
00:02:44,814 --> 00:02:46,335
tenant could be in my tenant, or they
67
00:02:46,335 --> 00:02:48,370
could be guest accounts or other things that
68
00:02:48,370 --> 00:02:49,430
are coming in to
69
00:02:50,209 --> 00:02:53,329
interact across SharePoint and other workloads like that.
70
00:02:53,329 --> 00:02:55,810
We talked before. We are going to I'm
71
00:02:55,810 --> 00:02:57,329
not gonna commit to a time, but we
72
00:02:57,329 --> 00:02:59,590
are gonna try to keep these somewhat
73
00:02:59,925 --> 00:03:02,485
time boxed. So this very well may turn
74
00:03:02,485 --> 00:03:05,364
into a multipart episode too. To your point,
75
00:03:05,364 --> 00:03:06,025
this is
76
00:03:06,324 --> 00:03:08,965
a very broad topic across everything. So I
77
00:03:08,965 --> 00:03:10,185
think from my perspective,
78
00:03:10,965 --> 00:03:13,844
where I first start, new clients come to
79
00:03:13,844 --> 00:03:16,590
me, and this one is m 365, but
80
00:03:16,590 --> 00:03:18,590
it does touch Azure is I have a
81
00:03:18,590 --> 00:03:20,449
new tenant. I stood up Microsoft 365.
82
00:03:20,750 --> 00:03:23,569
I stood up Azure. I now have Entra.
83
00:03:23,870 --> 00:03:25,709
What do I do? And the first thing,
84
00:03:25,709 --> 00:03:27,569
and this is a newer one, is
85
00:03:27,870 --> 00:03:31,615
by default now, everybody has security defaults
86
00:03:31,915 --> 00:03:33,294
that are enabled in your tenant.
87
00:03:33,594 --> 00:03:36,155
These are also I don't have these been
88
00:03:36,155 --> 00:03:38,555
turned on by an old tenant yet? I
89
00:03:38,555 --> 00:03:40,314
don't I can't remember, and I don't see
90
00:03:40,314 --> 00:03:43,355
the timeline on here of when Microsoft was
91
00:03:43,355 --> 00:03:45,040
gonna force these on.
92
00:03:45,419 --> 00:03:47,840
These should be turned on
93
00:03:48,620 --> 00:03:51,040
in existing tenants as well. So
94
00:03:51,340 --> 00:03:53,599
at this point, if you have a tenant
95
00:03:53,740 --> 00:03:55,520
that was created after
96
00:03:56,460 --> 00:03:56,960
2019,
97
00:03:58,135 --> 00:04:00,295
give or take. Like, it it was late
98
00:04:00,295 --> 00:04:02,855
2019, early 2020 when a lot of this
99
00:04:02,855 --> 00:04:03,915
stuff rolled out
100
00:04:04,295 --> 00:04:05,974
as far as security defaults. So if you
101
00:04:05,974 --> 00:04:07,995
had, like, a new m 365
102
00:04:08,295 --> 00:04:10,235
environment that came up, o 365,
103
00:04:11,110 --> 00:04:13,590
you set up a new Azure subscription and
104
00:04:13,590 --> 00:04:16,230
a new entry ID tenant or Azure AD
105
00:04:16,230 --> 00:04:17,930
tenant as they were called back then,
106
00:04:18,389 --> 00:04:21,129
then you should have some permutation
107
00:04:21,990 --> 00:04:22,649
of this.
108
00:04:23,204 --> 00:04:25,044
Like many things that Microsoft does, I think
109
00:04:25,044 --> 00:04:27,204
if you have an established tenancy and you
110
00:04:27,204 --> 00:04:29,365
were somebody who, like, looked after it, you
111
00:04:29,365 --> 00:04:32,324
were probably somebody who's decided to, like, slow
112
00:04:32,324 --> 00:04:34,644
roll it, or maybe you blocked it for
113
00:04:34,644 --> 00:04:35,225
a while.
114
00:04:35,729 --> 00:04:36,229
So
115
00:04:36,610 --> 00:04:39,029
it it could be in, like, various states
116
00:04:39,649 --> 00:04:40,149
within
117
00:04:40,849 --> 00:04:41,349
your
118
00:04:41,810 --> 00:04:43,269
own tenant configuration
119
00:04:43,889 --> 00:04:44,389
today.
120
00:04:44,849 --> 00:04:47,009
But it's actually it it's pretty easy to
121
00:04:47,009 --> 00:04:49,649
look. So you can hop into the entry
122
00:04:49,649 --> 00:04:50,789
ID admin center.
123
00:04:51,224 --> 00:04:53,564
You have to have a role that is
124
00:04:54,185 --> 00:04:56,044
at least a security administrator.
125
00:04:56,504 --> 00:04:57,884
And then if you go into
126
00:04:58,425 --> 00:05:01,144
the identity blade and just the kind of
127
00:05:01,144 --> 00:05:02,365
overview of
128
00:05:02,904 --> 00:05:03,884
your entry
129
00:05:04,185 --> 00:05:06,044
tenant your entry ID tenant,
130
00:05:06,370 --> 00:05:08,209
The properties for it, they just have a
131
00:05:08,209 --> 00:05:11,009
little, basically, am I enabled or am I
132
00:05:11,009 --> 00:05:12,870
disabled for security defaults
133
00:05:13,329 --> 00:05:15,750
that you can go ahead and flip through.
134
00:05:16,129 --> 00:05:17,910
And, like I said, I think,
135
00:05:18,930 --> 00:05:20,917
my approach to to this stuff back when
136
00:05:20,917 --> 00:05:23,114
I always used to do it was to
137
00:05:23,114 --> 00:05:25,311
slow roll it and say, oh, yeah. Microsoft
138
00:05:25,311 --> 00:05:27,508
gave me an easy button, but I might
139
00:05:27,508 --> 00:05:29,704
wanna turn that on a little bit more
140
00:05:29,704 --> 00:05:31,901
piecemeal rather than stepping in and having everything
141
00:05:31,901 --> 00:05:35,100
all at once, like requiring all users to
142
00:05:35,720 --> 00:05:38,600
enroll in MFA, requiring all my admins to
143
00:05:38,600 --> 00:05:39,339
do MFA,
144
00:05:39,879 --> 00:05:42,439
and all the blocking legacy authentication protocols, a
145
00:05:42,439 --> 00:05:43,720
lot of stuff, and, like, doing all those
146
00:05:43,720 --> 00:05:46,600
permutations at once, sometimes you wanna slow roll
147
00:05:46,600 --> 00:05:49,324
those and do them yourself. And if you
148
00:05:49,324 --> 00:05:52,685
are of that, like, kinda person, right, okay,
149
00:05:52,685 --> 00:05:54,764
that's your approach, nothing wrong with it, I
150
00:05:54,764 --> 00:05:57,004
think this even that the security defaults are
151
00:05:57,004 --> 00:05:59,664
there and documented, like, it's another thing to
152
00:05:59,724 --> 00:06:01,710
go and look at and say, k, what's
153
00:06:01,710 --> 00:06:04,029
my posture? Where am I at? Maybe I
154
00:06:04,029 --> 00:06:05,790
haven't turned it all on, but do I
155
00:06:05,790 --> 00:06:07,949
have a plan? Am I aligned to best
156
00:06:07,949 --> 00:06:10,270
practices? Those kinds of things. Yeah. The one
157
00:06:10,270 --> 00:06:11,870
thing I would say though so this is
158
00:06:11,870 --> 00:06:12,350
my biggest
159
00:06:12,910 --> 00:06:15,514
I would say my biggest gripe with security
160
00:06:15,514 --> 00:06:17,274
default is you can't slow roll it. You
161
00:06:17,274 --> 00:06:18,495
cannot. It is
162
00:06:18,875 --> 00:06:20,954
either on or off, and I get why
163
00:06:20,954 --> 00:06:23,035
Microsoft did this. Like, you had a bunch
164
00:06:23,035 --> 00:06:24,875
of old legacy tenants and new tenants that
165
00:06:24,875 --> 00:06:26,555
were getting stood up that people were not
166
00:06:26,555 --> 00:06:29,294
doing any sort of security with. And
167
00:06:29,610 --> 00:06:31,370
this has a lot of those basic controls
168
00:06:31,370 --> 00:06:33,550
you said. So if you turn this on
169
00:06:33,930 --> 00:06:36,569
or if it is on, what security default
170
00:06:36,569 --> 00:06:37,550
is requiring
171
00:06:37,930 --> 00:06:40,350
MFA for all users, it's requiring
172
00:06:41,050 --> 00:06:43,769
or to register for MFA, it's requiring admins
173
00:06:43,769 --> 00:06:46,264
to do MFA, multifactor authentication.
174
00:06:46,725 --> 00:06:48,824
It's requiring users to do MFA
175
00:06:49,444 --> 00:06:50,264
when necessary.
176
00:06:50,725 --> 00:06:53,285
So it's not all the time like, this
177
00:06:53,285 --> 00:06:55,604
is gonna probably be tied to certain risks
178
00:06:55,604 --> 00:06:58,245
or certain conditions that they're triggering. You don't
179
00:06:58,245 --> 00:07:00,509
really have any control over it. Microsoft decides
180
00:07:00,509 --> 00:07:03,069
when necessary is and isn't. Like you said,
181
00:07:03,069 --> 00:07:04,370
it blocks legacy authentication,
182
00:07:04,750 --> 00:07:07,170
and it protects privileged activities
183
00:07:07,550 --> 00:07:09,389
like access to the Azure portal. So you
184
00:07:09,389 --> 00:07:10,990
turn it on, it's gonna do all those
185
00:07:10,990 --> 00:07:12,350
things. You turn it off, it's not gonna
186
00:07:12,350 --> 00:07:13,790
do any of those. But there's nothing bad
187
00:07:13,790 --> 00:07:14,324
in here.
188
00:07:14,884 --> 00:07:16,985
There's the degrees of maturity
189
00:07:17,444 --> 00:07:17,944
with
190
00:07:18,965 --> 00:07:20,884
your comfort with an environment. So I would
191
00:07:20,884 --> 00:07:22,725
go to you, and I would say, hey,
192
00:07:22,725 --> 00:07:24,504
Ben. Help me out with the configuration
193
00:07:24,805 --> 00:07:28,259
of my AD sorry, enter ID tenant. And
194
00:07:28,259 --> 00:07:30,819
you go, sure. Gotcha. Been doing this for
195
00:07:30,819 --> 00:07:33,459
years years. I know where all the knobs
196
00:07:33,459 --> 00:07:35,699
and levers are. Let's go turn them. What
197
00:07:35,699 --> 00:07:37,300
kind of customer are you? Oh, I see
198
00:07:37,300 --> 00:07:39,620
you've got I see you have premium licenses
199
00:07:39,620 --> 00:07:41,220
for entry ID. Like, you have a mix
200
00:07:41,220 --> 00:07:44,044
of p ones, p twos. Maybe you're all
201
00:07:44,044 --> 00:07:45,904
p twos, all p ones, whatever it is.
202
00:07:45,964 --> 00:07:48,785
So you're immediately gonna clue into
203
00:07:49,245 --> 00:07:50,544
the world of
204
00:07:50,925 --> 00:07:53,425
I know what's available to you and
205
00:07:54,800 --> 00:07:57,300
where you can really lean into
206
00:07:57,759 --> 00:07:58,740
the complexity
207
00:07:59,279 --> 00:08:02,079
of that organization's requirements and where they wanna
208
00:08:02,079 --> 00:08:05,199
land. Because they're licensed for it, you'll have
209
00:08:05,199 --> 00:08:07,539
access to things like conditional access
210
00:08:08,074 --> 00:08:10,175
and CA policies and
211
00:08:10,555 --> 00:08:13,055
all the power that comes along with those.
212
00:08:13,355 --> 00:08:14,735
And on the flip side,
213
00:08:15,115 --> 00:08:16,955
there are people out there who just go
214
00:08:16,955 --> 00:08:19,455
and sign up for new GoDaddy tenants,
215
00:08:19,834 --> 00:08:22,235
and, yeah, they're Don't do that. No. Don't
216
00:08:22,235 --> 00:08:24,610
do it. Nobody. Don't do it. But people
217
00:08:24,610 --> 00:08:26,290
do it. Okay. But people do. And for
218
00:08:26,290 --> 00:08:28,790
those people who do it, like, they're not
219
00:08:29,009 --> 00:08:29,750
the most
220
00:08:30,290 --> 00:08:32,850
they're not the deepest into the ecosystem. Right?
221
00:08:32,850 --> 00:08:34,529
They they don't have that same level of
222
00:08:34,529 --> 00:08:36,389
maturity. They don't carry the licenses,
223
00:08:37,245 --> 00:08:39,504
particularly for some of the more advanced features
224
00:08:39,804 --> 00:08:41,664
in things like conditional access.
225
00:08:41,965 --> 00:08:44,945
So in that world, security defaults is nice
226
00:08:45,325 --> 00:08:45,825
because,
227
00:08:46,285 --> 00:08:48,304
yeah, it can cause some pain.
228
00:08:49,085 --> 00:08:50,924
We can argue how much the pain's worth
229
00:08:50,924 --> 00:08:54,039
it, but it immediately puts your posture in
230
00:08:54,039 --> 00:08:56,860
a place where you're at least covered for
231
00:08:57,079 --> 00:08:59,179
the vast majority of the basics
232
00:08:59,720 --> 00:09:02,039
for free, and you didn't have to do
233
00:09:02,039 --> 00:09:03,794
anything and go with it.
234
00:09:04,514 --> 00:09:06,355
Again, if you're a customer out there or
235
00:09:06,355 --> 00:09:09,075
you're an administrator, developer, whatever it is, and
236
00:09:09,075 --> 00:09:10,355
you're looking at this and you go, I
237
00:09:10,355 --> 00:09:12,514
know my way around this. I'm gonna script
238
00:09:12,514 --> 00:09:14,115
it out, or I'm gonna click next next
239
00:09:14,115 --> 00:09:14,615
next,
240
00:09:15,235 --> 00:09:17,690
and I'm really gonna dial it in. Security
241
00:09:17,690 --> 00:09:20,330
defaults isn't for you. So, in that case,
242
00:09:20,330 --> 00:09:21,789
you can just use the documentation
243
00:09:22,090 --> 00:09:24,330
for security defaults as, hey, what are the
244
00:09:24,330 --> 00:09:26,250
things that I should think about doing within
245
00:09:26,250 --> 00:09:26,990
my environment?
246
00:09:27,610 --> 00:09:30,970
Should I require all users to register for
247
00:09:30,970 --> 00:09:31,470
MFA?
248
00:09:32,884 --> 00:09:34,884
I might look at that and say, yeah.
249
00:09:34,884 --> 00:09:36,965
All users, but not really all users because
250
00:09:36,965 --> 00:09:39,225
you're gonna have a segment of users that,
251
00:09:39,605 --> 00:09:41,764
you might not want to be eligible for
252
00:09:41,764 --> 00:09:44,485
MFA today based on your organizational constraints, maybe
253
00:09:44,485 --> 00:09:46,830
like a break glass account or something like
254
00:09:46,830 --> 00:09:48,670
that. Right? Like, you you have the exceptions,
255
00:09:48,670 --> 00:09:49,649
and you know how to
256
00:09:50,029 --> 00:09:51,170
drive into those
257
00:09:51,629 --> 00:09:54,590
and configure those kinds of things. But for
258
00:09:54,590 --> 00:09:57,870
those that require the easy button or for
259
00:09:57,870 --> 00:09:59,904
those that are net new, I really don't
260
00:09:59,904 --> 00:10:01,745
think there's anything wrong with having the easy
261
00:10:01,745 --> 00:10:03,825
button enabled by default, especially as long as
262
00:10:03,825 --> 00:10:05,764
you can come back and upgrade later
263
00:10:06,225 --> 00:10:08,384
or you can disable it. But at least
264
00:10:08,384 --> 00:10:10,625
at that point, it's a conscientious decision on
265
00:10:10,625 --> 00:10:12,225
your part as a customer to come in
266
00:10:12,225 --> 00:10:14,029
and do it. So I can totally see
267
00:10:14,029 --> 00:10:16,269
where, like, as a service provider on the
268
00:10:16,269 --> 00:10:18,509
Microsoft side, they're saying, like, hey, we want
269
00:10:18,509 --> 00:10:20,929
you to be in the best default posture
270
00:10:21,149 --> 00:10:23,549
that you can be. And that's often at
271
00:10:23,549 --> 00:10:24,929
the expense of
272
00:10:25,404 --> 00:10:26,784
a little bit of pain
273
00:10:27,164 --> 00:10:29,884
and a little bit of friction because for
274
00:10:29,884 --> 00:10:32,125
better or worse, like, all these things, like
275
00:10:32,125 --> 00:10:33,745
turning on MFA
276
00:10:34,365 --> 00:10:37,004
and having all the authentication methods and locking
277
00:10:37,004 --> 00:10:39,899
users down to things like just certain authenticator
278
00:10:39,960 --> 00:10:41,419
apps and things like that.
279
00:10:41,799 --> 00:10:43,019
It's it is necessary,
280
00:10:43,399 --> 00:10:45,720
which is sad when that's a conversation for
281
00:10:45,720 --> 00:10:47,799
another day. I agree. 100%. All of these
282
00:10:47,799 --> 00:10:50,519
are good things to have, and to the
283
00:10:50,519 --> 00:10:52,759
pain point, it's not nearly as painful as
284
00:10:52,759 --> 00:10:54,085
it used to be. I would say 3
285
00:10:54,085 --> 00:10:56,184
years ago, the legacy authentication
286
00:10:56,725 --> 00:10:59,365
would really bite people. They'd go toggle this
287
00:10:59,365 --> 00:11:00,325
on and all of a sudden a whole
288
00:11:00,325 --> 00:11:02,245
bunch of stuff would break because they were
289
00:11:02,245 --> 00:11:04,404
still running old Office clients or they were
290
00:11:04,404 --> 00:11:06,804
still using app passwords, that type of stuff.
291
00:11:06,804 --> 00:11:08,980
But I am glad they have this as
292
00:11:08,980 --> 00:11:11,620
a default state. There's a few times that
293
00:11:11,620 --> 00:11:13,220
I've been in a few situations where I'm
294
00:11:13,220 --> 00:11:14,820
like, you know what? I wish I could
295
00:11:14,820 --> 00:11:17,540
toggle, like, one of these off where it
296
00:11:17,540 --> 00:11:19,540
is. It's a small business. They don't wanna
297
00:11:19,540 --> 00:11:21,540
go pay for conditional access, but you run
298
00:11:21,540 --> 00:11:22,040
into
299
00:11:22,575 --> 00:11:24,754
those weird one off scenarios
300
00:11:25,295 --> 00:11:25,795
where
301
00:11:26,495 --> 00:11:28,915
legacy authentication is causing an issue.
302
00:11:29,295 --> 00:11:32,014
That's probably the biggest one. But, again, over
303
00:11:32,014 --> 00:11:34,254
the last 3 years, as everybody has gone
304
00:11:34,254 --> 00:11:36,700
away from legacy auth, this is absolutely
305
00:11:37,080 --> 00:11:38,600
a good thing to have in place by
306
00:11:38,600 --> 00:11:39,100
default.
307
00:11:39,480 --> 00:11:41,000
The only other thing I would say with
308
00:11:41,000 --> 00:11:42,920
this is I still see some people that
309
00:11:42,920 --> 00:11:43,660
have this
310
00:11:44,040 --> 00:11:45,799
auth. They're like, I'm doing, like, the per
311
00:11:45,799 --> 00:11:48,440
user MFA, like, the old school per user
312
00:11:48,440 --> 00:11:50,779
MFA, and we've talked about that being legacy.
313
00:11:51,115 --> 00:11:52,795
That is going to go away at some
314
00:11:52,795 --> 00:11:54,634
point in time. So if you're still relying
315
00:11:54,634 --> 00:11:57,215
on that to turn off MFA in certain
316
00:11:57,355 --> 00:11:57,855
situations
317
00:11:58,475 --> 00:12:02,075
and leaving security defaults off, 1, security defaults
318
00:12:02,075 --> 00:12:04,200
gives you a lot more production than just
319
00:12:04,279 --> 00:12:06,360
that legacy MFA, and 2, that is gonna
320
00:12:06,360 --> 00:12:08,360
go away. I think folks should be prepared
321
00:12:08,360 --> 00:12:09,980
for stuff to
322
00:12:10,919 --> 00:12:13,660
start getting dialed in and change more rapidly
323
00:12:13,720 --> 00:12:15,399
as well. If you go out and you
324
00:12:15,399 --> 00:12:16,860
just look at the news
325
00:12:17,160 --> 00:12:17,660
for
326
00:12:18,040 --> 00:12:19,340
security incidents
327
00:12:20,745 --> 00:12:22,044
across Microsoft,
328
00:12:22,504 --> 00:12:23,725
Azure, Google,
329
00:12:24,345 --> 00:12:26,904
like, the these things definitely exist, right? They're
330
00:12:26,904 --> 00:12:29,804
out there. And then you consider, like, the
331
00:12:29,944 --> 00:12:32,584
spread and what's going on between having to
332
00:12:32,584 --> 00:12:34,059
protect cloud resources,
333
00:12:34,519 --> 00:12:35,899
protect local machines,
334
00:12:36,360 --> 00:12:37,899
and all these kinds of things,
335
00:12:38,360 --> 00:12:41,399
it's in the service provider's best interest to,
336
00:12:41,399 --> 00:12:44,220
like, really start to dial things in
337
00:12:44,600 --> 00:12:45,980
and lock things down.
338
00:12:46,535 --> 00:12:48,615
If I was a Microsoft customer, I would
339
00:12:48,615 --> 00:12:51,595
go out and look at things like the
340
00:12:51,735 --> 00:12:53,195
Secure Future initiative,
341
00:12:53,815 --> 00:12:57,014
which has been publicly talked about, but, hey,
342
00:12:57,014 --> 00:12:59,495
these these are some thoughts and approaches and
343
00:12:59,495 --> 00:13:02,330
ways that we are going to align
344
00:13:02,710 --> 00:13:03,210
to
345
00:13:03,590 --> 00:13:05,990
being the most secure that we can be.
346
00:13:05,990 --> 00:13:09,110
And I'm a Microsoft employee. That bubbles back
347
00:13:09,110 --> 00:13:11,529
to me, actually. So one of the things
348
00:13:11,590 --> 00:13:14,570
that was publicly reported last week,
349
00:13:14,915 --> 00:13:16,115
I think I saw an article on The
350
00:13:16,115 --> 00:13:17,735
Verge about it, was
351
00:13:18,195 --> 00:13:20,615
that as a Microsoft employee,
352
00:13:21,075 --> 00:13:21,975
I am going
353
00:13:22,355 --> 00:13:23,415
to have a
354
00:13:23,955 --> 00:13:27,815
specific item on, like, my my annual assessments.
355
00:13:28,399 --> 00:13:30,100
I'm gonna I'm gonna have a core priority
356
00:13:30,160 --> 00:13:33,200
that basically aligns to saying, what did Scott
357
00:13:33,200 --> 00:13:36,480
do to contribute to the overall security of
358
00:13:36,480 --> 00:13:36,980
Microsoft?
359
00:13:37,519 --> 00:13:39,840
So now it's if it wasn't part of
360
00:13:39,840 --> 00:13:41,394
my job, and it was part of my
361
00:13:41,394 --> 00:13:44,274
job, but now it's it's really there. It's
362
00:13:44,274 --> 00:13:47,075
front and center, and it's effectively, like, priority
363
00:13:47,075 --> 00:13:48,995
0. Right? I need to get in, and
364
00:13:48,995 --> 00:13:50,514
I need to do these things. And as
365
00:13:50,514 --> 00:13:52,355
every employee is doing that across every part
366
00:13:52,355 --> 00:13:53,174
of the stack,
367
00:13:53,529 --> 00:13:55,149
I think you're gonna see an acceleration
368
00:13:56,490 --> 00:13:58,809
in not only the features that are available
369
00:13:58,809 --> 00:14:00,330
to you, and this is just my hunch.
370
00:14:00,330 --> 00:14:02,570
Right? As we all lean into it, like,
371
00:14:02,570 --> 00:14:04,330
you'll see an acceleration in the features that
372
00:14:04,330 --> 00:14:06,730
are available, but you'll also probably see an
373
00:14:06,730 --> 00:14:07,230
acceleration
374
00:14:08,355 --> 00:14:11,735
in application of those features, timelines for implementing
375
00:14:11,795 --> 00:14:14,274
those features, things like that, because there's gonna
376
00:14:14,274 --> 00:14:16,355
be a rapid desire not only to move,
377
00:14:16,355 --> 00:14:20,879
like, internal workloads away from an unsecure posture,
378
00:14:21,179 --> 00:14:23,839
but also to move customers that way. And
379
00:14:23,899 --> 00:14:26,240
we'll learn a bunch as we're moving internal
380
00:14:26,299 --> 00:14:28,159
stuff that way, and then that'll eventually
381
00:14:28,700 --> 00:14:31,019
disseminate out to the rest of the world.
382
00:14:31,019 --> 00:14:31,519
But
383
00:14:31,899 --> 00:14:33,315
when you're looking at this stuff,
384
00:14:33,715 --> 00:14:34,995
I I think just to give you the
385
00:14:34,995 --> 00:14:37,495
perspective of, hey, somebody who works at Microsoft,
386
00:14:37,634 --> 00:14:39,715
like, literally part of my job now. And
387
00:14:39,715 --> 00:14:41,394
so when I say I'm not a security
388
00:14:41,394 --> 00:14:43,394
expert, I gotta become one at least in
389
00:14:43,394 --> 00:14:45,394
some ways for like the things I own
390
00:14:45,394 --> 00:14:46,534
and the things that
391
00:14:46,835 --> 00:14:48,215
I'm accountable for
392
00:14:48,570 --> 00:14:50,649
so that I can move that forward because
393
00:14:50,649 --> 00:14:52,590
it's gonna be something that
394
00:14:52,970 --> 00:14:53,470
directly
395
00:14:54,250 --> 00:14:57,129
ties back to my performance at work. Yeah.
396
00:14:57,129 --> 00:14:59,129
And with that, it wouldn't surprise me. Like,
397
00:14:59,129 --> 00:15:01,049
they have guidance now for how to turn
398
00:15:01,049 --> 00:15:03,504
off security defaults, so you can still go
399
00:15:03,504 --> 00:15:05,424
in and disable it. You mentioned if you
400
00:15:05,424 --> 00:15:08,245
don't wanna do security defaults, the next logical
401
00:15:08,384 --> 00:15:10,325
step is conditional access.
402
00:15:10,705 --> 00:15:13,365
It would not surprise me to see them
403
00:15:13,904 --> 00:15:16,384
get to a point where if you turn
404
00:15:16,384 --> 00:15:17,764
off security defaults,
405
00:15:18,089 --> 00:15:20,569
you either, a, need to go implement certain
406
00:15:20,569 --> 00:15:21,949
conditional access policies
407
00:15:22,490 --> 00:15:26,009
within x amount of days to not have
408
00:15:26,009 --> 00:15:28,329
security defaults turned back on, or even when
409
00:15:28,329 --> 00:15:30,190
you turn it off, it goes and automatically
410
00:15:30,329 --> 00:15:32,669
creates some conditional access policies
411
00:15:33,129 --> 00:15:33,629
to
412
00:15:34,065 --> 00:15:37,745
mirror what security defaults did just because you
413
00:15:37,745 --> 00:15:39,904
don't wanna find yourself in that state where
414
00:15:39,904 --> 00:15:40,565
you're completely
415
00:15:41,024 --> 00:15:43,504
unsecured. And they already give you guidance, they
416
00:15:43,504 --> 00:15:44,644
just don't necessarily
417
00:15:45,264 --> 00:15:47,665
force you into it yet. It'll be interesting
418
00:15:47,665 --> 00:15:49,605
to see if they move in that direction.
419
00:15:49,850 --> 00:15:52,090
But you wanna go to conditional access. This
420
00:15:52,090 --> 00:15:55,070
is where I tend to go. I tell
421
00:15:55,210 --> 00:15:56,590
most of my customers,
422
00:15:57,210 --> 00:15:59,850
don't tell Microsoft this, Scott. I think the
423
00:15:59,850 --> 00:16:01,309
price of EntraID
424
00:16:01,690 --> 00:16:05,004
plan 1 is worth it just for conditional
425
00:16:05,004 --> 00:16:06,285
access and what you can do. And I
426
00:16:06,285 --> 00:16:08,524
think we've done whole episodes on that, but
427
00:16:08,524 --> 00:16:09,825
it is an EntraID
428
00:16:10,445 --> 00:16:11,264
p one
429
00:16:11,725 --> 00:16:14,125
SKU, so you have to license everybody for
430
00:16:14,125 --> 00:16:17,309
EntraID p one to do conditional access. But
431
00:16:17,309 --> 00:16:18,610
then you get all the customization,
432
00:16:19,389 --> 00:16:20,990
you can tweak it, and you can even
433
00:16:20,990 --> 00:16:23,230
make it more secure. If you want to
434
00:16:23,230 --> 00:16:25,389
just make that step and you're like, you
435
00:16:25,389 --> 00:16:27,789
know what? I've had security defaults. I haven't
436
00:16:27,789 --> 00:16:29,649
done conditional access yet,
437
00:16:30,029 --> 00:16:32,450
but I wanna move in that direction, Microsoft
438
00:16:32,894 --> 00:16:35,315
does provide your security foundations
439
00:16:35,855 --> 00:16:36,355
category
440
00:16:37,134 --> 00:16:37,634
of
441
00:16:38,014 --> 00:16:41,055
templates in conditional access. So, essentially, you can
442
00:16:41,055 --> 00:16:43,715
go into Entra, go to security
443
00:16:44,495 --> 00:16:46,815
I think it's under secure or protection and
444
00:16:46,815 --> 00:16:49,590
then security and conditional access, Select templates and
445
00:16:49,590 --> 00:16:50,410
they have categories,
446
00:16:50,789 --> 00:16:53,110
and one of those is secure foundation, and
447
00:16:53,110 --> 00:16:56,250
it has a template for all of those
448
00:16:56,470 --> 00:16:57,850
conditional access policies
449
00:16:58,549 --> 00:17:01,429
that that security defaults implements. You can go
450
00:17:01,429 --> 00:17:03,529
click through and just deploy all
451
00:17:04,005 --> 00:17:07,384
what 7 templates it looks like in conditional
452
00:17:07,445 --> 00:17:08,744
access to
453
00:17:09,285 --> 00:17:12,325
replicate security defaults within your tenant. So this
454
00:17:12,325 --> 00:17:14,565
is one that again, if you're not doing
455
00:17:14,565 --> 00:17:17,125
security defaults, absolutely go do this. This is
456
00:17:17,125 --> 00:17:19,799
a nice first step for anybody that wants
457
00:17:19,799 --> 00:17:21,319
to move in that direction and wants to
458
00:17:21,319 --> 00:17:24,140
see how do these conditional access policies work.
459
00:17:24,279 --> 00:17:26,440
Use this template or, frankly, any of the
460
00:17:26,440 --> 00:17:29,259
templates in there to start creating those policies
461
00:17:29,720 --> 00:17:30,220
and
462
00:17:30,519 --> 00:17:33,015
get those in place instead and see what
463
00:17:33,015 --> 00:17:35,255
they look like, how those settings look, that
464
00:17:35,255 --> 00:17:37,275
type of stuff. It's all well documented.
465
00:17:37,575 --> 00:17:39,835
Right? So the other thing is
466
00:17:40,214 --> 00:17:41,815
even if you didn't wanna use the template,
467
00:17:41,815 --> 00:17:44,055
you can technically go spin this stuff up
468
00:17:44,055 --> 00:17:44,555
yourself,
469
00:17:45,174 --> 00:17:47,674
and next next your way through it or
470
00:17:48,099 --> 00:17:50,259
use the various automation tooling and things like
471
00:17:50,259 --> 00:17:51,379
that to get it to where it needs
472
00:17:51,379 --> 00:17:52,899
to be. There's a lot you can do
473
00:17:52,899 --> 00:17:54,419
with conditional access. We can do a whole
474
00:17:54,419 --> 00:17:56,899
episode on that if we haven't. I'm pretty
475
00:17:56,899 --> 00:17:58,740
sure we have. I've done YouTube videos on
476
00:17:58,740 --> 00:17:59,240
it.
477
00:18:02,595 --> 00:18:04,674
Do you feel overwhelmed by trying to manage
478
00:18:04,674 --> 00:18:05,575
your Office 365
479
00:18:06,035 --> 00:18:09,154
environment? Are you facing unexpected issues that disrupt
480
00:18:09,154 --> 00:18:11,875
your company's productivity? IntelliJunk is here to help.
481
00:18:11,875 --> 00:18:13,394
Much like you take your car to the
482
00:18:13,394 --> 00:18:15,794
mechanic that has specialized knowledge on how to
483
00:18:15,794 --> 00:18:18,529
best keep your car running, Intelligent helps you
484
00:18:18,529 --> 00:18:21,329
with your Microsoft cloud environment because that's their
485
00:18:21,329 --> 00:18:21,829
expertise.
486
00:18:22,210 --> 00:18:24,450
Intelligent keeps up with the latest updates in
487
00:18:24,450 --> 00:18:26,690
the Microsoft cloud to help keep your business
488
00:18:26,690 --> 00:18:28,930
running smoothly and ahead of the curve. Whether
489
00:18:28,930 --> 00:18:30,930
you are a small organization with just a
490
00:18:30,930 --> 00:18:32,390
few users, up to
491
00:18:33,404 --> 00:18:34,384
1000 employees,
492
00:18:34,845 --> 00:18:36,764
they want to partner with you to implement
493
00:18:36,764 --> 00:18:39,505
and administer your Microsoft Cloud technology.
494
00:18:40,204 --> 00:18:41,744
Visit them at inteligink.com/podcast.
495
00:18:43,964 --> 00:18:45,105
That's intell
496
00:18:47,829 --> 00:18:48,329
ing.com/podcast
497
00:18:51,109 --> 00:18:53,190
for more information or to schedule a 30
498
00:18:53,190 --> 00:18:55,289
minute call to get started with them today.
499
00:18:55,589 --> 00:18:58,869
Remember, IntelliJ focuses on the Microsoft cloud, so
500
00:18:58,869 --> 00:19:00,704
you can focus on your business.
501
00:19:03,024 --> 00:19:05,024
What you would do next. So so you
502
00:19:05,024 --> 00:19:07,924
either did security defaults, you've done conditional access,
503
00:19:08,224 --> 00:19:08,964
you have
504
00:19:09,265 --> 00:19:11,284
base I would say that's base
505
00:19:11,585 --> 00:19:12,085
authentication
506
00:19:12,384 --> 00:19:15,919
security. Right? You're protecting your user accounts and
507
00:19:15,919 --> 00:19:18,079
how they're logging in with those 2, but
508
00:19:18,079 --> 00:19:20,339
there's a lot more to security
509
00:19:20,720 --> 00:19:23,759
than just go in and turn on security
510
00:19:23,759 --> 00:19:27,839
defaults or turn on conditional access policies. There's
511
00:19:27,839 --> 00:19:29,714
just a hint or a hair or more
512
00:19:29,714 --> 00:19:31,714
to that. Yeah. And if you're we're going
513
00:19:31,955 --> 00:19:33,255
going back to the question
514
00:19:33,555 --> 00:19:35,315
a little bit is how to evaluate new
515
00:19:35,315 --> 00:19:39,075
tenant security, eval, resources, tools. I'm thinking, given
516
00:19:39,075 --> 00:19:40,994
the time, maybe we do a third a
517
00:19:40,994 --> 00:19:42,214
second one on tools.
518
00:19:42,569 --> 00:19:44,809
The next place I go before I would
519
00:19:44,809 --> 00:19:46,909
even go implement tools or look at tools
520
00:19:47,130 --> 00:19:49,149
is I head over to
521
00:19:49,690 --> 00:19:52,509
the security center that you have in Microsoft
522
00:19:52,649 --> 00:19:53,149
365.
523
00:19:53,609 --> 00:19:54,109
Security.microsoft
524
00:19:54,835 --> 00:19:56,375
dotcom. If you go to admin.microsoft.com
525
00:19:57,715 --> 00:20:00,455
and go to security there, underneath,
526
00:20:00,914 --> 00:20:03,715
they keep changing the navigation around in here.
527
00:20:03,715 --> 00:20:05,174
I think it is under
528
00:20:06,035 --> 00:20:08,160
where did they move it? They moved it
529
00:20:08,320 --> 00:20:10,400
under some place in there. You can go
530
00:20:10,400 --> 00:20:12,240
search for it. Is you have your secure
531
00:20:12,240 --> 00:20:14,000
score. And every time I need it, I'm
532
00:20:14,000 --> 00:20:15,859
able to find it, exposure management.
533
00:20:16,240 --> 00:20:17,840
There it is. So if you stand out
534
00:20:17,840 --> 00:20:20,160
exposure management, you can look at your secure
535
00:20:20,160 --> 00:20:22,820
score, and this gives you an overview
536
00:20:23,359 --> 00:20:23,859
of
537
00:20:24,375 --> 00:20:26,695
your security posture and your tenant. So it'll
538
00:20:26,695 --> 00:20:28,474
give you some score.
539
00:20:28,775 --> 00:20:30,954
My score is 53.73%.
540
00:20:33,015 --> 00:20:33,914
I have achieved
541
00:20:34,295 --> 00:20:34,795
748.99
542
00:20:36,454 --> 00:20:37,994
out of a possible 1394
543
00:20:38,855 --> 00:20:40,589
points. I don't know about you, Scott. I
544
00:20:40,589 --> 00:20:42,349
have never seen anybody get this to a
545
00:20:42,349 --> 00:20:44,269
100. So if you go in here, I
546
00:20:44,269 --> 00:20:46,450
think new tenants start out
547
00:20:47,230 --> 00:20:49,490
somewhere in the 40 to 50%
548
00:20:49,950 --> 00:20:50,450
range
549
00:20:50,829 --> 00:20:53,625
if you don't do anything. I continue to
550
00:20:53,944 --> 00:20:57,144
not like Secure Score. I wish it was
551
00:20:57,144 --> 00:20:59,005
more like Azure Advisor recommendations.
552
00:20:59,464 --> 00:21:01,065
K. Here's the set of things that you
553
00:21:01,065 --> 00:21:03,384
should consider doing kinda thing. But the way
554
00:21:03,384 --> 00:21:05,305
it's presented as, like, a hard number with
555
00:21:05,305 --> 00:21:07,144
a percentage, it really makes you feel like
556
00:21:07,144 --> 00:21:08,444
you should get to a 100%,
557
00:21:09,089 --> 00:21:09,589
and
558
00:21:10,690 --> 00:21:13,730
I don't believe that's the intention behind it.
559
00:21:13,730 --> 00:21:16,369
Like, I've never run into anybody who thinks
560
00:21:16,369 --> 00:21:17,269
it's that way
561
00:21:17,650 --> 00:21:19,569
nor have I met anyone who's ever gotten
562
00:21:19,569 --> 00:21:21,669
a 10 to 100. If you ever have,
563
00:21:21,730 --> 00:21:23,410
hey, give us a call. Come on the
564
00:21:23,410 --> 00:21:25,825
show. We'd love to have you. Well, walk
565
00:21:25,825 --> 00:21:28,464
us through, like, how many prompts your users
566
00:21:28,464 --> 00:21:30,224
go through every time they, like, click a
567
00:21:30,224 --> 00:21:31,984
button. So the intent isn't to get you
568
00:21:31,984 --> 00:21:33,984
to a 100%, but it's in in intended
569
00:21:33,984 --> 00:21:35,045
to get you to
570
00:21:35,585 --> 00:21:36,085
incrementally
571
00:21:36,625 --> 00:21:39,710
approve or improve your posture over time because
572
00:21:39,710 --> 00:21:41,470
there could be, like, new rules that are
573
00:21:41,470 --> 00:21:41,970
added.
574
00:21:42,349 --> 00:21:44,690
There could be new metrics that are evaluated,
575
00:21:45,070 --> 00:21:46,990
things like that. So as long as you're
576
00:21:46,990 --> 00:21:48,990
comfortable with it, like, it turns out that,
577
00:21:48,990 --> 00:21:50,450
like, your score of
578
00:21:50,829 --> 00:21:51,329
53.73%,
579
00:21:52,684 --> 00:21:54,204
that could actually be your version of a
580
00:21:54,204 --> 00:21:57,164
100. Right? K. We're comfortable. We're ready. We're
581
00:21:57,164 --> 00:21:57,984
good to go.
582
00:21:58,285 --> 00:22:00,605
For somebody else, it could be 60. For
583
00:22:00,605 --> 00:22:02,384
somebody else, it could be 40.
584
00:22:02,845 --> 00:22:05,005
50 feels like an actually, like, a pretty
585
00:22:05,005 --> 00:22:07,565
good number, like, in the model for what's
586
00:22:07,565 --> 00:22:08,224
out there.
587
00:22:08,640 --> 00:22:11,119
But, yeah, you're not gonna get to a
588
00:22:11,119 --> 00:22:13,119
100, nor do I believe the intent is
589
00:22:13,119 --> 00:22:14,880
to get you to a 100. Yeah. And
590
00:22:14,880 --> 00:22:16,640
that's the way I tell clients to look
591
00:22:16,640 --> 00:22:18,720
at it too is within the secure score,
592
00:22:18,720 --> 00:22:20,320
you get an overview, but you also get
593
00:22:20,320 --> 00:22:23,194
a history. So I can see that my
594
00:22:23,194 --> 00:22:23,694
historic
595
00:22:23,994 --> 00:22:25,294
score over the last
596
00:22:25,595 --> 00:22:27,454
I don't know. I'm looking at the last
597
00:22:27,515 --> 00:22:28,335
3 months
598
00:22:28,634 --> 00:22:30,015
has increased 2.19%.
599
00:22:31,115 --> 00:22:33,515
So my security has gotten incrementally better. There
600
00:22:33,515 --> 00:22:35,730
are times it's decreased, there are times it's
601
00:22:35,730 --> 00:22:36,230
increased,
602
00:22:36,690 --> 00:22:38,690
but I treat it more as, am I
603
00:22:38,690 --> 00:22:40,789
getting better or worse at security?
604
00:22:41,170 --> 00:22:43,430
Not, am I getting up to a 100%
605
00:22:43,970 --> 00:22:46,130
when I'm looking at the score. To your
606
00:22:46,130 --> 00:22:48,850
point about the adviser, what I like about
607
00:22:48,850 --> 00:22:51,234
Secure Score is it comes up with that
608
00:22:51,234 --> 00:22:54,615
score based on a list of recommended actions.
609
00:22:54,755 --> 00:22:56,434
So if I look at mine, I actually
610
00:22:56,434 --> 00:22:58,035
have I should go look at this. I
611
00:22:58,035 --> 00:23:00,454
have actions to review 7 are
612
00:23:00,835 --> 00:23:04,035
regressed. So something has regressed in my tenant,
613
00:23:04,035 --> 00:23:07,470
whether something got turned off or a
614
00:23:08,089 --> 00:23:10,190
policy that was applying to devices,
615
00:23:10,809 --> 00:23:13,849
a device got removed from it. Somehow, there's
616
00:23:13,849 --> 00:23:16,089
something that regressed, and then I have a
617
00:23:16,089 --> 00:23:16,589
126
618
00:23:17,595 --> 00:23:19,595
actions to address. And, again, I would say
619
00:23:19,595 --> 00:23:21,035
the dangerous is people look at it and
620
00:23:21,035 --> 00:23:22,575
they're like, oh, I got a 126
621
00:23:22,875 --> 00:23:24,654
things I need to fix in my tenant.
622
00:23:25,194 --> 00:23:26,734
No. There's a 126
623
00:23:27,355 --> 00:23:28,575
recommended actions
624
00:23:28,954 --> 00:23:31,194
that you can go look at, ranging from
625
00:23:31,194 --> 00:23:35,049
things like blocking JavaScript or VB scripts from
626
00:23:35,049 --> 00:23:35,549
launching
627
00:23:36,089 --> 00:23:36,589
downloaded
628
00:23:36,970 --> 00:23:37,470
executable
629
00:23:38,569 --> 00:23:39,069
content
630
00:23:39,690 --> 00:23:42,910
to blocking office applications from creating executable
631
00:23:44,250 --> 00:23:44,750
content,
632
00:23:45,049 --> 00:23:47,230
unsigned processes running on USBs,
633
00:23:48,375 --> 00:23:51,275
disabling basic authentication for the winrm
634
00:23:51,894 --> 00:23:52,394
client.
635
00:23:53,174 --> 00:23:55,255
Like, there's a whole bunch of things. And
636
00:23:55,255 --> 00:23:57,174
to your point, Scott, I treat this as
637
00:23:57,255 --> 00:23:58,955
okay. Let's go look at this.
638
00:23:59,335 --> 00:24:00,714
It does give you
639
00:24:01,015 --> 00:24:03,035
a percentage. If you go do this,
640
00:24:03,400 --> 00:24:06,140
your score is going to increase by
641
00:24:06,599 --> 00:24:07,099
0.57%,
642
00:24:08,119 --> 00:24:09,019
by 0.65%.
643
00:24:10,440 --> 00:24:11,880
The other thing to call out is your
644
00:24:11,880 --> 00:24:13,799
score is different than my score, which is
645
00:24:13,799 --> 00:24:16,839
different from the next person's score. And even
646
00:24:16,839 --> 00:24:18,894
to, like, the degree of, k, here's your
647
00:24:18,894 --> 00:24:21,295
max score and how your percentage is configured
648
00:24:21,295 --> 00:24:23,375
and things like that. Because one of the
649
00:24:23,375 --> 00:24:25,055
things that strikes me as I look at
650
00:24:25,055 --> 00:24:27,375
yours, you talked about, okay, maybe the default
651
00:24:27,375 --> 00:24:29,214
score being someplace in, like, the forties for
652
00:24:29,214 --> 00:24:31,394
a new tenant. You're not a new tenant,
653
00:24:31,454 --> 00:24:32,974
and you have a bunch of stuff lit
654
00:24:32,974 --> 00:24:35,779
up. Like, you have things related to devices
655
00:24:35,839 --> 00:24:38,579
in here. So because Secure Score
656
00:24:38,960 --> 00:24:41,599
technically falls under Defender, and it's part of
657
00:24:41,599 --> 00:24:43,700
the whole, like, Defender XDR
658
00:24:44,000 --> 00:24:46,315
suite thing that's going on, So you're seeing
659
00:24:46,315 --> 00:24:48,494
a bunch of things that are potentially applicable,
660
00:24:48,555 --> 00:24:51,375
not just to where we started off with
661
00:24:51,515 --> 00:24:52,335
entry ID
662
00:24:52,715 --> 00:24:55,055
and just access policies
663
00:24:55,355 --> 00:24:56,255
around identity.
664
00:24:56,634 --> 00:24:59,134
Now we've extended into the world of
665
00:24:59,480 --> 00:25:02,059
devices and device specific configuration
666
00:25:03,080 --> 00:25:05,799
and the the behaviors of my users that
667
00:25:05,799 --> 00:25:07,559
are out there. And then this takes us
668
00:25:07,559 --> 00:25:10,299
back to the same conversation we had with
669
00:25:10,759 --> 00:25:13,694
secure defaults versus CA policies and things like
670
00:25:13,934 --> 00:25:15,615
you might be able to turn it all
671
00:25:15,615 --> 00:25:16,894
on, you might not be able to turn
672
00:25:16,894 --> 00:25:18,974
it all on, or it at least points
673
00:25:18,974 --> 00:25:20,894
you in a direction where you wanna go.
674
00:25:20,894 --> 00:25:21,394
Oh,
675
00:25:21,774 --> 00:25:24,255
I thought about Office Mac this is legit.
676
00:25:24,255 --> 00:25:26,095
The last time I thought about Office Macros
677
00:25:26,095 --> 00:25:27,714
was probably 2 plus years ago,
678
00:25:28,029 --> 00:25:29,789
but maybe seeing it on there is enough
679
00:25:29,789 --> 00:25:32,430
to, like, just light up an admin's brain
680
00:25:32,430 --> 00:25:34,849
and say, oh, we should go reevaluate that
681
00:25:34,910 --> 00:25:36,289
and see if we can improve
682
00:25:36,910 --> 00:25:40,369
improve our posture there and move things forward.
683
00:25:40,670 --> 00:25:42,715
Or maybe you wanna look at these things
684
00:25:42,775 --> 00:25:44,315
by their categories
685
00:25:44,855 --> 00:25:46,695
and where they sit, and these things are
686
00:25:46,695 --> 00:25:47,195
categorical.
687
00:25:47,654 --> 00:25:49,735
Like, even if you look down what you
688
00:25:49,735 --> 00:25:51,815
have on the screen right now, it's Exchange
689
00:25:51,815 --> 00:25:53,115
Online, it's Teams,
690
00:25:53,654 --> 00:25:55,914
it's Office. It's very workload centric,
691
00:25:56,299 --> 00:25:58,339
so you can go in and choose, I
692
00:25:58,339 --> 00:26:01,179
I guess, workload or solution or scenario, like,
693
00:26:01,179 --> 00:26:03,179
depending on how you slice it. So if
694
00:26:03,179 --> 00:26:04,539
you wanted to come in and you wanted
695
00:26:04,539 --> 00:26:07,200
to just do, like, the secure score equivalents
696
00:26:07,259 --> 00:26:10,394
for identity, you could absolutely dial into just
697
00:26:10,394 --> 00:26:11,914
enter ID and the things that are going
698
00:26:11,914 --> 00:26:14,255
on there. Yep. And that's 100%
699
00:26:14,714 --> 00:26:16,554
what I do. Like, I've looked down this
700
00:26:16,554 --> 00:26:18,474
list and I treat it as a checklist,
701
00:26:18,474 --> 00:26:21,294
but what you mentioned is a prompt for,
702
00:26:21,434 --> 00:26:23,289
oh, yeah. I didn't think about this. I
703
00:26:23,289 --> 00:26:26,650
didn't think about turning on customer lockbox feature,
704
00:26:26,650 --> 00:26:27,950
or I didn't think about
705
00:26:28,650 --> 00:26:29,630
dial in users
706
00:26:30,009 --> 00:26:32,250
bypassing the meeting lobby because I do a
707
00:26:32,250 --> 00:26:34,970
bunch of Teams meetings. This does let you
708
00:26:34,970 --> 00:26:38,934
sort filtered group by scores, by how you
709
00:26:38,934 --> 00:26:41,575
can improve it, by the status, if you've
710
00:26:41,575 --> 00:26:44,615
actually addressed it or not, categories for it,
711
00:26:44,615 --> 00:26:46,315
identity versus apps,
712
00:26:46,855 --> 00:26:47,835
products, devices,
713
00:26:48,215 --> 00:26:48,960
all of that.
714
00:26:49,440 --> 00:26:50,880
And the other thing I would say too
715
00:26:50,880 --> 00:26:52,019
about this, Scott,
716
00:26:52,640 --> 00:26:55,839
is this tries to automate it. It tries
717
00:26:55,839 --> 00:26:57,059
to look at your configuration
718
00:26:57,839 --> 00:26:58,659
and say,
719
00:26:59,039 --> 00:27:00,559
yeah, you've done this or you haven't done
720
00:27:00,559 --> 00:27:04,054
this. But there's things like configuring VPN integration
721
00:27:04,835 --> 00:27:05,335
or
722
00:27:05,954 --> 00:27:07,634
especially when you get into some of the
723
00:27:07,634 --> 00:27:08,134
devices,
724
00:27:08,755 --> 00:27:11,255
disabling machine account password changes.
725
00:27:11,714 --> 00:27:12,214
This,
726
00:27:12,994 --> 00:27:14,700
in so much as it can automate it,
727
00:27:14,779 --> 00:27:17,039
it depends on you using Microsoft 365
728
00:27:17,339 --> 00:27:18,000
for everything.
729
00:27:18,779 --> 00:27:21,019
Just a little bit. Yeah. If you're using
730
00:27:21,019 --> 00:27:22,559
AirWatch for device management
731
00:27:22,940 --> 00:27:25,119
or one of the other third parties,
732
00:27:25,579 --> 00:27:26,559
if you're using
733
00:27:27,099 --> 00:27:28,700
Sophos, I was talking to somebody the other
734
00:27:28,700 --> 00:27:31,015
day using Sophos for endpoint management, There may
735
00:27:31,015 --> 00:27:33,174
be some of this stuff that you've already
736
00:27:33,174 --> 00:27:36,054
addressed via a third party tool that your
737
00:27:36,054 --> 00:27:38,694
Secure Score just doesn't know about. So they
738
00:27:38,694 --> 00:27:40,775
do give you the option to also manually
739
00:27:40,775 --> 00:27:42,075
go in and say it's addressed
740
00:27:42,375 --> 00:27:45,690
or, again, your percentage, it's a guideline. It
741
00:27:45,690 --> 00:27:48,190
may not know everything that you have done,
742
00:27:48,250 --> 00:27:51,210
especially if you've done it in ways outside
743
00:27:51,210 --> 00:27:54,750
of managing it within the Microsoft 365 ecosystem.
744
00:27:54,890 --> 00:27:56,625
Yeah. You almost want the button like, I'm
745
00:27:56,625 --> 00:27:58,384
never gonna do this. Don't evaluate me on
746
00:27:58,384 --> 00:27:58,884
it.
747
00:27:59,184 --> 00:28:00,945
Yeah. There are some in here I look
748
00:28:00,945 --> 00:28:03,505
at. It's black USB devices from working on
749
00:28:03,505 --> 00:28:05,345
your endpoints. I'm like, no. I'm not ever
750
00:28:05,345 --> 00:28:07,924
gonna completely disable USB on all my endpoints.
751
00:28:08,224 --> 00:28:10,724
Some people may. Some places, it's a requirement.
752
00:28:11,345 --> 00:28:13,580
Mine, it's not. So it's a security risk
753
00:28:13,580 --> 00:28:15,500
I'm willing to accept even though it lowers
754
00:28:15,500 --> 00:28:17,759
my secure score. But this is
755
00:28:18,059 --> 00:28:20,380
after I look at security defaults and conditional
756
00:28:20,380 --> 00:28:21,920
access, the next place
757
00:28:22,380 --> 00:28:25,100
I would go from evaluating a tenant is
758
00:28:25,100 --> 00:28:27,625
just almost working through this with a client.
759
00:28:27,684 --> 00:28:29,204
What of these do you care about? Or
760
00:28:29,204 --> 00:28:31,684
I tell a client, go look through this
761
00:28:31,684 --> 00:28:33,845
list. What of these do you care about?
762
00:28:33,845 --> 00:28:35,285
What of these do you wanna know more
763
00:28:35,285 --> 00:28:37,525
about? Which ones of these are you like,
764
00:28:37,525 --> 00:28:40,164
yeah, we've already taken care of that? But
765
00:28:40,164 --> 00:28:42,000
using it as a starting checklist
766
00:28:42,940 --> 00:28:43,440
for
767
00:28:43,740 --> 00:28:46,380
what are some other security things I should
768
00:28:46,380 --> 00:28:49,200
be thinking about or addressing within
769
00:28:49,500 --> 00:28:52,059
my Microsoft 365 tenant. All of this just
770
00:28:52,059 --> 00:28:54,654
lets you widen the net. So where should
771
00:28:54,654 --> 00:28:57,775
you start? Arguably, identity 100% of the time,
772
00:28:57,775 --> 00:29:00,174
right? It's your first gateway into all of
773
00:29:00,174 --> 00:29:01,234
these things, like,
774
00:29:01,535 --> 00:29:02,755
you're not using Teams
775
00:29:03,215 --> 00:29:06,575
until you're logging in through enter ID, full
776
00:29:06,575 --> 00:29:09,330
stop. So start on the identity side, and
777
00:29:09,330 --> 00:29:11,670
then this approach of, hey, let's go in
778
00:29:11,730 --> 00:29:13,570
and cast a wider net and see what
779
00:29:13,570 --> 00:29:15,830
else is out there. Like, the I'm gonna
780
00:29:15,890 --> 00:29:17,650
throw a pebble into the pond and see
781
00:29:17,650 --> 00:29:19,515
how many ripples it creates kinda thing,
782
00:29:19,994 --> 00:29:21,134
and you can start to
783
00:29:21,434 --> 00:29:23,674
do that this way. So, great, I've got
784
00:29:23,674 --> 00:29:26,154
the identity thing. Oh, it turns out that
785
00:29:26,154 --> 00:29:28,815
security score tells me more about identity
786
00:29:29,595 --> 00:29:33,359
than even just the security defaults did
787
00:29:33,839 --> 00:29:35,440
or than some of the stuff that maybe
788
00:29:35,440 --> 00:29:37,119
I saw while I was clicking around in
789
00:29:37,119 --> 00:29:39,119
conditional access or reading the docs. Great. Those
790
00:29:39,119 --> 00:29:40,799
are other things I can look at. Now
791
00:29:40,799 --> 00:29:42,400
I just looked at identity. What do I
792
00:29:42,400 --> 00:29:44,079
wanna look at next? Do I wanna look
793
00:29:44,079 --> 00:29:47,265
at my cloud hosted workloads like Teams and
794
00:29:47,265 --> 00:29:48,485
Exchange and SharePoint?
795
00:29:49,025 --> 00:29:50,565
Or do I wanna look at
796
00:29:50,945 --> 00:29:51,445
desktops
797
00:29:51,904 --> 00:29:54,785
and devices that that that exist out there?
798
00:29:54,785 --> 00:29:56,325
And you can start to
799
00:29:56,705 --> 00:29:59,359
just keep searching, right? And every layer you
800
00:29:59,359 --> 00:30:00,960
peel back, you you find a new thing,
801
00:30:00,960 --> 00:30:02,500
and it gives you more work to do.
802
00:30:02,639 --> 00:30:04,000
And like I said, if there's somebody out
803
00:30:04,000 --> 00:30:05,200
there and you're listening to this and you're
804
00:30:05,200 --> 00:30:07,220
like, I've gotten a tenant to a 100%,
805
00:30:07,919 --> 00:30:09,359
I wanna hear about it. I wanna hear
806
00:30:09,359 --> 00:30:11,335
if anybody's even gotten it to 90. I
807
00:30:11,335 --> 00:30:12,875
won't even set the bar at a 100.
808
00:30:13,015 --> 00:30:13,515
90%,
809
00:30:13,815 --> 00:30:15,674
I would love to hear about it. 90%.
810
00:30:15,735 --> 00:30:17,414
Let us know. We have a contact form.
811
00:30:17,414 --> 00:30:18,555
You just go to msclouditpropodcast.comormsclouditpro.com.
812
00:30:22,615 --> 00:30:25,089
I think we redirect these days, and just
813
00:30:25,089 --> 00:30:27,329
hit the contact form, let us know. If
814
00:30:27,329 --> 00:30:29,829
you're a member, come ping us in Discord.
815
00:30:29,970 --> 00:30:31,909
We'd love to have you on and participate
816
00:30:32,130 --> 00:30:34,369
in real time. We can make it happen.
817
00:30:34,369 --> 00:30:36,069
Ben and I are curious. Absolutely.
818
00:30:36,450 --> 00:30:38,375
With that, should we wrap it up and
819
00:30:38,375 --> 00:30:38,875
continue
820
00:30:39,494 --> 00:30:41,034
our discussion next time
821
00:30:41,335 --> 00:30:42,154
on evaluating
822
00:30:43,015 --> 00:30:45,095
security, whether it be Azure, whether it be
823
00:30:45,095 --> 00:30:47,575
third party tools, whether it be some other
824
00:30:47,575 --> 00:30:49,734
random security thing we think of? I think
825
00:30:49,734 --> 00:30:51,599
next time, because because we did the research
826
00:30:51,599 --> 00:30:53,200
on it, we should talk about tools next
827
00:30:53,200 --> 00:30:56,160
time and ways to and I consider, like,
828
00:30:56,160 --> 00:30:58,559
Secure Score a tool. Right? Like, you browse
829
00:30:58,559 --> 00:31:00,079
to this website, you've pulled it up, it's
830
00:31:00,079 --> 00:31:02,480
giving you some actionable information. There's a bunch
831
00:31:02,480 --> 00:31:04,160
of other ways to get at this data
832
00:31:04,160 --> 00:31:04,740
as well
833
00:31:05,224 --> 00:31:05,724
through
834
00:31:06,184 --> 00:31:08,125
the API surface that's available
835
00:31:08,424 --> 00:31:12,525
in Entra, including our friend, the Microsoft Graph.
836
00:31:12,744 --> 00:31:14,904
So we can talk about some tools and
837
00:31:14,904 --> 00:31:16,365
some ways to interrogate
838
00:31:17,305 --> 00:31:18,285
and visualize
839
00:31:18,664 --> 00:31:19,565
tenant configurations
840
00:31:20,369 --> 00:31:22,150
through some of the stuff that's out there.
841
00:31:22,450 --> 00:31:24,210
We can also talk about tools and ways
842
00:31:24,210 --> 00:31:26,369
to, like, break into your environments and things
843
00:31:26,369 --> 00:31:28,849
like that, so, like, vulnerability testing for these
844
00:31:28,849 --> 00:31:32,069
environments. Perfect. Sounds like a plan. Thanks, Scott.
845
00:31:32,130 --> 00:31:34,085
With that, go enjoy your, hopefully,
846
00:31:34,384 --> 00:31:37,664
your hurricane free, hopefully, a nice weather weekend.
847
00:31:37,664 --> 00:31:39,904
I'm going to Denver this weekend, so I
848
00:31:39,904 --> 00:31:41,424
got a concert at Red Rocks that I
849
00:31:41,424 --> 00:31:43,825
gotta get to. I'm jealous. I'm staying in
850
00:31:43,825 --> 00:31:46,065
Florida this weekend where it is currently feels
851
00:31:46,065 --> 00:31:48,269
like a 112 degrees outside. So I'm gonna
852
00:31:48,269 --> 00:31:50,910
go outside and play pickleball because somehow in
853
00:31:50,910 --> 00:31:52,830
my mind, that's a great idea. I was
854
00:31:52,830 --> 00:31:54,990
in Denver last week for another concert, and
855
00:31:54,990 --> 00:31:57,630
it was 98 degrees Fahrenheit, and there were
856
00:31:57,630 --> 00:31:59,950
forest fires. So don't feel bad for me.
857
00:31:59,950 --> 00:32:02,350
Alright. I won't. Sounds good. Well, enjoy. Hopefully,
858
00:32:02,350 --> 00:32:04,125
you have better weather this weekend, and we
859
00:32:04,125 --> 00:32:05,884
will talk to you again soon. Alright. Thanks,
860
00:32:05,884 --> 00:32:07,345
Ben. Alright. Thanks, Scott.
861
00:32:09,325 --> 00:32:11,565
If you enjoyed the podcast, go leave us
862
00:32:11,565 --> 00:32:13,805
a 5 star rating in iTunes. It helps
863
00:32:13,805 --> 00:32:15,485
to get the word out so more IT
864
00:32:15,485 --> 00:32:17,345
pros can learn about Office 365
865
00:32:17,759 --> 00:32:18,339
and Azure.
866
00:32:18,880 --> 00:32:20,559
If you have any questions you want us
867
00:32:20,559 --> 00:32:22,720
to address on the show, or feedback about
868
00:32:22,720 --> 00:32:25,039
the show, feel free to reach out via
869
00:32:25,039 --> 00:32:25,700
our website,
870
00:32:26,000 --> 00:32:27,220
Twitter, or Facebook.
871
00:32:27,519 --> 00:32:29,440
Thanks again for listening, and have a great
872
00:32:29,440 --> 00:32:29,940
day.
