Episode 401 – Zero Trust in Microsoft 365

May 08, 2025

Episode Transcript

Welcome to Episode 401 of the Microsoft Cloud IT Pro Podcast. In this episode, Ben Stegink and Scott Hoag dive into the intricacies of implementing Zero Trust principles within Microsoft 365 environments. They explore the foundational aspects of Zero Trust, starting with identity management and the importance of Entra ID. They also cover:

Identity Management: The critical role of identity in Zero Trust, including MFA, password policies, and least privilege access.
Endpoint Security: Strategies for verifying and managing devices, including compliance checks and the balance between corporate and BYOD devices.
Networking: The complexities of securing network traffic in a SaaS environment, including conditional access policies and the emerging Global Secure Access feature.
Application Management: The role of Defender for Cloud in monitoring shadow IT and ensuring data security across various applications.
Data Protection: Techniques for safeguarding sensitive information, including DLP policies and the upcoming network-level DLP capabilities.
Join us as we unpack these topics and provide practical insights for enhancing your organization’s security posture with Zero Trust.

Your support makes this show possible! Please consider becoming a premium member for access to live shows and more. Check out our membership options.

Show Notes

About the sponsors

Would you like to become the irreplaceable Microsoft 365 resource for your organization? Let us know!

See full episode transcriptTranscript is autogenerated by AI

1 00:00:03,600 --> 00:00:07,120 Welcome to episode 401 of the Microsoft Cloud 2 00:00:07,120 --> 00:00:08,179 IT Pro podcast 3 00:00:08,559 --> 00:00:11,699 recorded live 05/02/2025. 4 00:00:12,160 --> 00:00:14,480 This is a show about Microsoft three sixty 5 00:00:14,480 --> 00:00:16,625 five and Azure from the perspective of IT 6 00:00:16,625 --> 00:00:18,704 pros and end users, where we discuss a 7 00:00:18,704 --> 00:00:20,945 topic or recent news and how it relates 8 00:00:20,945 --> 00:00:23,184 to you. This week, Ben and Scott are 9 00:00:23,184 --> 00:00:25,684 back to Microsoft three sixty five security. 10 00:00:26,064 --> 00:00:26,879 In this episode, 11 00:00:39,600 --> 00:00:39,884 It's been 12 00:00:42,125 --> 00:00:44,204 It's been so long since we've done this. 13 00:00:44,204 --> 00:00:47,164 We've had, like, weird scheduling issues, and I've 14 00:00:47,164 --> 00:00:48,225 been gone, and 15 00:00:48,604 --> 00:00:50,524 I've been gone, and, I mean, that's pretty 16 00:00:50,524 --> 00:00:52,284 much it. We had some interviews. Like, we 17 00:00:52,284 --> 00:00:54,284 had some interviews from the MVP summit that 18 00:00:54,284 --> 00:00:56,920 took us away from this live. Hopefully, maybe 19 00:00:57,060 --> 00:00:58,820 we say this when we're back on schedule, 20 00:00:58,820 --> 00:01:01,079 but with summer coming, who knows? We'll 21 00:01:01,940 --> 00:01:03,700 we'll see where it goes. Real life always 22 00:01:03,700 --> 00:01:05,560 tends to get in the way. Yeah. 23 00:01:06,020 --> 00:01:09,939 So it does. Alright. Well, today's topic. Well, 24 00:01:09,939 --> 00:01:12,295 today's topic. If you're live, you can see 25 00:01:12,295 --> 00:01:14,295 it on the screen. If you're not live, 26 00:01:14,295 --> 00:01:16,055 you should come join us in Discord. Join 27 00:01:16,055 --> 00:01:18,055 the membership in Discord and come join us. 28 00:01:18,055 --> 00:01:20,614 Today's topic, though, is zero trust and primarily 29 00:01:20,614 --> 00:01:23,069 around Microsoft three sixty five. Like, we could 30 00:01:23,230 --> 00:01:25,390 maybe take this and extrapolate this out to 31 00:01:25,390 --> 00:01:25,890 Azure. 32 00:01:26,269 --> 00:01:27,409 Some of this would 33 00:01:27,790 --> 00:01:30,030 kind of apply to Azure too, but primarily 34 00:01:30,030 --> 00:01:32,450 Microsoft three sixty five. And 35 00:01:32,909 --> 00:01:34,750 I can't take a ton of credit. I 36 00:01:34,750 --> 00:01:36,465 can't take a ton of credit for this. 37 00:01:36,545 --> 00:01:38,384 Just say that. So Jelisk and I have 38 00:01:38,384 --> 00:01:41,024 done a presentation around this a couple times 39 00:01:41,024 --> 00:01:43,444 now. We did one down in Orlando 40 00:01:44,144 --> 00:01:45,125 at CollabCon. 41 00:01:45,504 --> 00:01:47,744 We just did it this past weekend that 42 00:01:47,744 --> 00:01:50,629 feels like forever ago for Microsoft three sixty 43 00:01:50,629 --> 00:01:51,129 five 44 00:01:51,670 --> 00:01:54,230 Community Days up in Philly, which is not 45 00:01:54,230 --> 00:01:56,950 really Philly Philly. It's just closes. I didn't 46 00:01:56,950 --> 00:01:58,549 realize how far outside of Philly it was 47 00:01:58,549 --> 00:02:00,090 till I got there and got an Uber. 48 00:02:00,310 --> 00:02:02,484 It's like, oh, Melbourne is like sort of 49 00:02:02,484 --> 00:02:04,325 Philly, but not really Philly. It's out there 50 00:02:04,325 --> 00:02:05,064 a little bit. 51 00:02:05,525 --> 00:02:07,204 If you're if you're doing if you're doing 52 00:02:07,204 --> 00:02:09,525 Malvern, you're, like, yeah, an hour outside Philly 53 00:02:09,525 --> 00:02:12,324 with traffic. So, yeah, we decided Scott, I 54 00:02:12,324 --> 00:02:14,004 would just talk about zero trust. It'll be 55 00:02:14,004 --> 00:02:16,645 interesting because I've done this with Jay Scott 56 00:02:16,645 --> 00:02:18,300 to get your take on some of this 57 00:02:18,300 --> 00:02:20,860 as well with your thoughts around Zero Trust 58 00:02:20,860 --> 00:02:23,260 and implementing Zero Trust in Microsoft three sixty 59 00:02:23,260 --> 00:02:24,780 five. We'll put a bunch of links in 60 00:02:24,780 --> 00:02:27,420 the chat. There's some tools too. I actually 61 00:02:27,420 --> 00:02:29,905 really wanna turn this into a workshop. So 62 00:02:30,125 --> 00:02:32,525 we'll see. I have a whole Zero Trust 63 00:02:32,525 --> 00:02:34,384 workshop submitted to a couple 64 00:02:34,685 --> 00:02:36,844 conferences along with Jay to see if we 65 00:02:36,844 --> 00:02:38,685 can turn this into a, like, eight hour 66 00:02:38,685 --> 00:02:40,764 workshop all in Zero Trust. We'll keep you 67 00:02:40,764 --> 00:02:42,925 updated. If it turns into one, which conference 68 00:02:42,925 --> 00:02:44,764 to go to to see the workshop version 69 00:02:44,764 --> 00:02:46,760 of this? I think it's an interesting topic, 70 00:02:46,760 --> 00:02:49,560 and there's a lot of knobs and levers, 71 00:02:49,560 --> 00:02:50,620 particularly across 72 00:02:51,000 --> 00:02:54,120 Microsoft three sixty five. So it's it's kinda 73 00:02:54,120 --> 00:02:55,560 easy to hop in at the front end, 74 00:02:55,560 --> 00:02:56,860 I think, and talk about, 75 00:02:57,719 --> 00:03:00,114 zero trust identity. What are the principles 76 00:03:00,414 --> 00:03:02,034 that you let into your directory, 77 00:03:03,294 --> 00:03:06,114 non person accounts versus per person accounts, 78 00:03:06,974 --> 00:03:08,435 all those things like that. 79 00:03:08,814 --> 00:03:10,594 But it could also be devices 80 00:03:11,134 --> 00:03:13,555 in your environment, like how do those connect, 81 00:03:13,854 --> 00:03:14,939 how do those come in. 82 00:03:15,419 --> 00:03:17,900 Once you've got all those identities out there 83 00:03:17,900 --> 00:03:20,540 well and and devices and things, then there's 84 00:03:20,540 --> 00:03:24,060 an endpoint component. And, well, zero trust from 85 00:03:24,060 --> 00:03:27,260 how you manage your endpoints from the perspective 86 00:03:27,260 --> 00:03:29,280 of maybe, like, your own endpoints versus, 87 00:03:30,254 --> 00:03:32,334 maybe a BYOD for, like, a partner or 88 00:03:32,334 --> 00:03:32,995 a contractor 89 00:03:33,375 --> 00:03:36,034 who comes into your environment, things like that. 90 00:03:36,334 --> 00:03:38,435 All the applications, all the data, 91 00:03:38,814 --> 00:03:41,215 not the infrastructure so much. Right? Like, Microsoft 92 00:03:41,215 --> 00:03:42,894 takes care of a bunch of that stuff 93 00:03:42,894 --> 00:03:45,294 for you. Right. But certainly, the networking aspects 94 00:03:45,294 --> 00:03:47,210 of it as well, I think, are 95 00:03:47,590 --> 00:03:49,770 interesting. Like, we talk a lot about, like, 96 00:03:49,990 --> 00:03:52,310 clients and endpoints and how they connect, and 97 00:03:52,310 --> 00:03:54,889 are they Internet bound versus private traffic? 98 00:03:55,909 --> 00:03:57,509 Where does all that fall out? And then, 99 00:03:57,509 --> 00:04:00,425 ultimately, like, once you make these decisions about 100 00:04:00,425 --> 00:04:02,104 how your environment's gonna look and and how 101 00:04:02,104 --> 00:04:03,865 it's gonna be structured, well, then you gotta 102 00:04:03,865 --> 00:04:05,564 go put it all together. 103 00:04:06,104 --> 00:04:08,264 So how do you automate that? How do 104 00:04:08,264 --> 00:04:10,185 you script things out? What are the API 105 00:04:10,185 --> 00:04:12,665 surfaces available to you? How do you ensure 106 00:04:12,665 --> 00:04:13,885 compliance within 107 00:04:14,479 --> 00:04:16,899 with within a given part of the substrate, 108 00:04:17,040 --> 00:04:18,879 like, be it, like, m three sixty five 109 00:04:18,879 --> 00:04:19,379 holistically? 110 00:04:19,839 --> 00:04:22,000 Maybe it's Exchange. Maybe you'd like you said, 111 00:04:22,000 --> 00:04:23,680 maybe you do some stuff over in Azure, 112 00:04:23,680 --> 00:04:25,120 and you're trying to figure out, like, the 113 00:04:25,120 --> 00:04:26,339 application of policy 114 00:04:26,985 --> 00:04:29,064 and and how all that meets up with 115 00:04:29,064 --> 00:04:32,444 those same identities, same endpoints, and and everything 116 00:04:32,504 --> 00:04:33,485 along the way. 117 00:04:33,785 --> 00:04:35,544 It's kinda funny how much of it, if 118 00:04:35,544 --> 00:04:37,544 if you look across the stack, like, even 119 00:04:37,544 --> 00:04:39,944 though it's very technology focused on m three 120 00:04:39,944 --> 00:04:42,520 sixty five, like, a lot of stuff decomposes 121 00:04:42,740 --> 00:04:43,639 back to 122 00:04:44,259 --> 00:04:46,500 the artist form formerly known as Azure Active 123 00:04:46,500 --> 00:04:47,800 Directory, Enter ID. 124 00:04:48,180 --> 00:04:49,560 We with the 125 00:04:50,259 --> 00:04:52,740 common constructs that are in there for auth 126 00:04:52,740 --> 00:04:54,819 n and and auth z, particularly around, like, 127 00:04:54,819 --> 00:04:55,720 conditional access. 128 00:04:56,314 --> 00:04:58,654 Some of the endpoint control with, like, EnterID 129 00:04:58,954 --> 00:05:00,954 plus Intune. Like, we start to get back 130 00:05:00,954 --> 00:05:04,314 into that whole suite of services things and 131 00:05:04,314 --> 00:05:05,854 everything that's there. So 132 00:05:06,154 --> 00:05:08,794 I I'm curious where you start the zero 133 00:05:08,794 --> 00:05:09,209 trust 134 00:05:09,610 --> 00:05:10,110 conversation 135 00:05:10,569 --> 00:05:11,069 with 136 00:05:11,529 --> 00:05:13,050 your customers. Like, I know you did this 137 00:05:13,050 --> 00:05:15,610 conference talk, but it's all based on your 138 00:05:15,610 --> 00:05:18,009 lived reality, right, as as a consultant and 139 00:05:18,009 --> 00:05:19,930 somebody who's out there kinda doing this day 140 00:05:19,930 --> 00:05:21,225 to day with customers. So 141 00:05:21,705 --> 00:05:23,485 where do you start that conversation 142 00:05:23,865 --> 00:05:24,365 given 143 00:05:24,824 --> 00:05:27,944 the broad swath and and just kinda the 144 00:05:27,944 --> 00:05:28,925 surface area 145 00:05:29,384 --> 00:05:30,045 of a 146 00:05:30,425 --> 00:05:32,345 of of a SaaS suite like m three 147 00:05:32,345 --> 00:05:35,209 sixty five plus the components of Azure and 148 00:05:35,209 --> 00:05:37,209 things that come into it. Plus. Yeah. And 149 00:05:37,209 --> 00:05:39,370 I think where I tend to start is 150 00:05:39,370 --> 00:05:41,529 actually where we do start when we do 151 00:05:41,529 --> 00:05:44,089 this presentation as well is more with the 152 00:05:44,089 --> 00:05:46,089 Entra, and you mentioned it, like the Entra 153 00:05:46,089 --> 00:05:47,789 ID, Azure AD, 154 00:05:48,169 --> 00:05:50,725 really the identity side of it because 155 00:05:51,504 --> 00:05:53,904 as you mentioned, like, when you think about 156 00:05:53,904 --> 00:05:56,785 zero trust and we even we even think 157 00:05:56,785 --> 00:05:58,865 about this when I talk to clients. When 158 00:05:58,865 --> 00:06:01,264 clients used to do zero trust and I'm 159 00:06:01,264 --> 00:06:03,779 gonna define, I should define zero trust. So 160 00:06:03,779 --> 00:06:05,699 when we talk about this too We should. 161 00:06:05,699 --> 00:06:07,459 We should take a step back. Is defining 162 00:06:07,459 --> 00:06:09,459 zero trust. Right? Zero trust a lot of 163 00:06:09,459 --> 00:06:11,879 times is assuming a breach. Right? Like assuming 164 00:06:12,180 --> 00:06:14,580 somebody is gonna get in. Not if somebody 165 00:06:14,580 --> 00:06:17,064 gets in, but when somebody is in or 166 00:06:17,064 --> 00:06:18,985 assuming that somebody is gonna get into your 167 00:06:18,985 --> 00:06:21,225 environment and making sure that when they do 168 00:06:21,225 --> 00:06:23,865 get in, there's least privilege. Like, there's barriers 169 00:06:23,865 --> 00:06:25,464 between things. I was even talking to my 170 00:06:25,464 --> 00:06:26,745 kids about it the other day, and I'm 171 00:06:26,745 --> 00:06:29,544 like, zero trust is like not if someone 172 00:06:29,544 --> 00:06:31,324 got into your house, they could go everywhere. 173 00:06:31,519 --> 00:06:33,600 Zero trust is almost like you lock every 174 00:06:33,600 --> 00:06:35,279 door in your house so that when somebody 175 00:06:35,279 --> 00:06:36,959 gets in one door, there's a whole bunch 176 00:06:36,959 --> 00:06:39,279 of other doors to get through. Assume that 177 00:06:39,279 --> 00:06:41,040 somebody is gonna get in. Don't give them 178 00:06:41,040 --> 00:06:43,120 free reign of everything, but then give them 179 00:06:43,120 --> 00:06:43,939 least privilege, 180 00:06:44,535 --> 00:06:47,014 once they do get in. So make sure 181 00:06:47,014 --> 00:06:48,454 that once you get through one door, there's 182 00:06:48,454 --> 00:06:49,894 another door to get through and another door 183 00:06:49,894 --> 00:06:51,095 to get through and another door to get 184 00:06:51,095 --> 00:06:53,894 to, and it's just not a trust that's 185 00:06:53,894 --> 00:06:55,814 there because you got in the door. And 186 00:06:55,814 --> 00:06:58,600 then actually verifying, like, every step of the 187 00:06:58,600 --> 00:07:01,000 process, verifying that someone is who they said 188 00:07:01,000 --> 00:07:02,220 they are, verifying 189 00:07:03,000 --> 00:07:05,319 that they should have access, verifying that they're 190 00:07:05,319 --> 00:07:08,139 coming from the proper device. So 191 00:07:08,519 --> 00:07:10,600 that's how I kind of frame up that 192 00:07:10,600 --> 00:07:13,645 would be my my rough definition of zero 193 00:07:13,645 --> 00:07:15,884 trust is assume that there's a breach, assume 194 00:07:15,884 --> 00:07:18,845 somebody's in, least privilege, don't just give everybody 195 00:07:18,845 --> 00:07:20,705 access to everything, and then verify 196 00:07:21,485 --> 00:07:23,725 everything that they're doing what they should, they 197 00:07:23,725 --> 00:07:25,404 are who they said, they're coming from where 198 00:07:25,404 --> 00:07:27,689 they're supposed to be, all those things. Anything 199 00:07:27,689 --> 00:07:29,129 you'd wanna add to that? No. No. I 200 00:07:29,129 --> 00:07:30,649 think that sums it up. The the the 201 00:07:30,649 --> 00:07:33,310 verify component's always a fun one. Right? Like, 202 00:07:33,529 --> 00:07:35,229 customers often, like, say they 203 00:07:35,689 --> 00:07:37,229 want this level of observability, 204 00:07:37,689 --> 00:07:39,375 but then they find out that it costs 205 00:07:39,375 --> 00:07:41,775 money to enable logs or to store logs 206 00:07:41,775 --> 00:07:44,574 or to query logs and and and where 207 00:07:44,574 --> 00:07:46,275 all that manifests. So I think as you're 208 00:07:46,495 --> 00:07:48,495 thinking about it as a customer, like, part 209 00:07:48,495 --> 00:07:49,314 of it is, 210 00:07:49,615 --> 00:07:51,694 what are the general principles that you wanna 211 00:07:51,694 --> 00:07:53,729 adopt? What does that look like within your 212 00:07:53,729 --> 00:07:54,229 organization, 213 00:07:54,529 --> 00:07:56,069 your users, your applications, 214 00:07:56,930 --> 00:07:59,029 all all those kinds of things? But then, 215 00:07:59,490 --> 00:08:02,209 yeah, like, also, what's reality for you? Like, 216 00:08:02,209 --> 00:08:02,709 what 217 00:08:03,329 --> 00:08:05,250 it's super easy with this stuff to talk 218 00:08:05,250 --> 00:08:07,615 art of the possible because, like, really a 219 00:08:07,615 --> 00:08:10,175 ton's possible, and it's been enabled within these 220 00:08:10,175 --> 00:08:11,154 suites of tooling. 221 00:08:11,615 --> 00:08:13,694 That said, they are tools that you have 222 00:08:13,694 --> 00:08:15,615 to adopt. So there's art of the possible, 223 00:08:15,615 --> 00:08:17,154 and then there's art of the real. 224 00:08:17,615 --> 00:08:19,955 What is real for you both in context 225 00:08:20,175 --> 00:08:22,595 of technologies you're comfortable managing 226 00:08:23,110 --> 00:08:25,029 to the degree you're going to automate this 227 00:08:25,029 --> 00:08:26,710 stuff, spin it up, make sure that you're 228 00:08:26,710 --> 00:08:29,350 adhering to your own compliance principles, all that. 229 00:08:29,350 --> 00:08:31,830 Like, yeah, that's great. But then also, like, 230 00:08:31,830 --> 00:08:33,750 just what what can you stomach to turn 231 00:08:33,750 --> 00:08:35,509 on? Because if you're an m three sixty 232 00:08:35,509 --> 00:08:38,024 five customer today at some kind of base 233 00:08:38,264 --> 00:08:38,764 licensing 234 00:08:39,384 --> 00:08:40,585 construct, then all of a sudden you go 235 00:08:40,585 --> 00:08:41,085 from 236 00:08:41,465 --> 00:08:43,785 zero to a hundred miles per hour, kilometers 237 00:08:43,785 --> 00:08:45,465 per hour, whatever you wanna do, like you're 238 00:08:45,465 --> 00:08:47,705 ramping really fast, and you're gonna find that 239 00:08:47,705 --> 00:08:49,305 some of those things kind of run away 240 00:08:49,305 --> 00:08:51,305 from you and potentially sour your taste on 241 00:08:51,305 --> 00:08:51,805 it 242 00:08:52,190 --> 00:08:54,350 versus coming back and focusing on, like, your 243 00:08:54,350 --> 00:08:56,589 core principles, what's what's the business need, and 244 00:08:56,589 --> 00:08:58,350 and how does all that manifest for you? 245 00:08:58,350 --> 00:08:59,870 Yeah. And I think going back to why 246 00:08:59,870 --> 00:09:02,049 I started with identity, Zero Trust, 247 00:09:02,750 --> 00:09:03,730 in some respects, 248 00:09:04,419 --> 00:09:06,284 it I would say customers didn't always do 249 00:09:06,284 --> 00:09:08,605 it well even internally. You would have, like, 250 00:09:08,605 --> 00:09:12,365 your DMZs and your your internal networks. Maybe 251 00:09:12,365 --> 00:09:14,764 you'd have, like, your barrier. You'd have your 252 00:09:14,764 --> 00:09:16,365 firewalls in and you'd poke a hole in 253 00:09:16,365 --> 00:09:18,524 to let VPN in, all those types of 254 00:09:18,524 --> 00:09:20,784 things. But when it was on prem days, 255 00:09:20,899 --> 00:09:23,779 I felt like network got treated a lot 256 00:09:23,779 --> 00:09:26,259 as the zero trust boundary, whether it was 257 00:09:26,259 --> 00:09:29,779 firewalls between subnets or different vnets and opening 258 00:09:29,779 --> 00:09:30,600 ports here, 259 00:09:31,059 --> 00:09:33,139 setting up air gaps here and there. The 260 00:09:33,139 --> 00:09:35,195 cloud changes all of that in that now 261 00:09:35,195 --> 00:09:36,795 I can really get to Microsoft three sixty 262 00:09:36,795 --> 00:09:38,554 five from anywhere. I don't have a network 263 00:09:38,554 --> 00:09:40,735 boundary I can set up because Microsoft 264 00:09:41,195 --> 00:09:42,575 owns a lot of that infrastructure. 265 00:09:42,955 --> 00:09:45,754 And, really, the way into Microsoft three sixty 266 00:09:45,754 --> 00:09:47,134 five now and into an environment 267 00:09:47,600 --> 00:09:48,820 is going through 268 00:09:49,200 --> 00:09:51,440 a user sign in, whether it's a service 269 00:09:51,440 --> 00:09:54,000 principal, whether it's a user. So that's why 270 00:09:54,000 --> 00:09:55,779 a lot of times it starts with 271 00:09:56,160 --> 00:09:59,040 identity. Like, who are you? Should you be 272 00:09:59,040 --> 00:10:01,125 allowed in? And what are you doing at 273 00:10:01,365 --> 00:10:02,024 that gateway of 274 00:10:02,804 --> 00:10:05,705 the user's login? Setting up MFA 275 00:10:06,085 --> 00:10:08,485 for all of your users. What are you 276 00:10:08,485 --> 00:10:09,384 doing around 277 00:10:10,085 --> 00:10:10,585 passwords 278 00:10:11,044 --> 00:10:13,225 for your users? What are you doing around, 279 00:10:13,524 --> 00:10:16,085 like, the legacy authentication? Some of those things 280 00:10:16,085 --> 00:10:16,585 that 281 00:10:16,959 --> 00:10:18,339 going back to the cost 282 00:10:18,720 --> 00:10:19,779 at a 283 00:10:20,080 --> 00:10:20,980 entry level 284 00:10:21,360 --> 00:10:24,000 is setting up those security defaults that I 285 00:10:24,000 --> 00:10:26,019 think are now enabled by every new tenant. 286 00:10:26,240 --> 00:10:28,000 A lot of tenants that didn't have them 287 00:10:28,000 --> 00:10:29,985 on, they're getting turned on for them. But 288 00:10:29,985 --> 00:10:31,345 at a base level, if you're not gonna 289 00:10:31,345 --> 00:10:33,445 go out and pay for extra entry licenses, 290 00:10:33,504 --> 00:10:36,144 you're just doing Microsoft three sixty five business 291 00:10:36,144 --> 00:10:37,524 basic or business standard 292 00:10:37,904 --> 00:10:40,725 or any one plan, having those security defaults 293 00:10:40,865 --> 00:10:43,184 on that set up some of those initial 294 00:10:43,184 --> 00:10:43,684 barriers 295 00:10:44,159 --> 00:10:46,879 just on identity. And then from there, you 296 00:10:46,879 --> 00:10:49,039 can continue to build out around if you 297 00:10:49,039 --> 00:10:50,959 wanna do MFA and if you wanna do 298 00:10:50,959 --> 00:10:52,419 phishing resistant MFA 299 00:10:53,120 --> 00:10:55,519 based on that feature level. And that's also 300 00:10:55,519 --> 00:10:57,279 where you go start thinking through the least 301 00:10:57,279 --> 00:10:59,924 privilege. I'm not gonna give everybody global admin 302 00:10:59,924 --> 00:11:02,804 rights. As much as the CEO wants to 303 00:11:02,804 --> 00:11:04,245 be able to get into everything and see 304 00:11:04,245 --> 00:11:06,565 everything, the CEO does not need to be 305 00:11:06,565 --> 00:11:09,045 a global admin in my tenant. What do 306 00:11:09,045 --> 00:11:09,625 you mean? 307 00:11:10,179 --> 00:11:13,059 Your exchange admin. Yeah. Your exchange admin does 308 00:11:13,059 --> 00:11:15,059 not necessarily have to be a global admin. 309 00:11:15,059 --> 00:11:18,019 And to give companies credit, I'm seeing companies 310 00:11:18,019 --> 00:11:19,779 do a lot better job at this. I'm 311 00:11:19,779 --> 00:11:21,220 also trying to do a better job at 312 00:11:21,220 --> 00:11:22,980 it even as a consultant. It's easy for 313 00:11:22,980 --> 00:11:24,725 me. Someone says, hey, Ben. We need you 314 00:11:24,725 --> 00:11:26,485 to help me with Microsoft three sixty five. 315 00:11:26,485 --> 00:11:27,845 Well, just give me a global admin. That's 316 00:11:27,845 --> 00:11:30,245 easiest. No. That should not be my approach. 317 00:11:30,245 --> 00:11:32,245 My approach should be, well, I'm helping you 318 00:11:32,245 --> 00:11:34,365 with SharePoint and Exchange and Intune. Give me 319 00:11:34,365 --> 00:11:36,899 a SharePoint exchange Intune admin rights. Don't give 320 00:11:36,899 --> 00:11:39,299 me global admin. Even though it's a little 321 00:11:39,299 --> 00:11:41,379 bit more work, maybe I have to go 322 00:11:41,379 --> 00:11:44,500 back and ask for extra credentials later. But 323 00:11:44,500 --> 00:11:46,200 really from that perspective, 324 00:11:46,659 --> 00:11:48,434 starting off with that least 325 00:11:48,914 --> 00:11:49,414 permissive 326 00:11:49,955 --> 00:11:53,075 for those different roles. And some of them, 327 00:11:53,075 --> 00:11:55,315 like even Teams, has like four or five 328 00:11:55,315 --> 00:11:57,394 different admin roles within Teams that you can 329 00:11:57,394 --> 00:12:00,054 be assigned. That goes back to how customers 330 00:12:00,115 --> 00:12:02,669 rationalize these things, right, and like how they 331 00:12:02,669 --> 00:12:05,470 grok the knobs and levers themselves. I I 332 00:12:05,470 --> 00:12:08,269 will say, like, I it's a complex stack 333 00:12:08,269 --> 00:12:10,029 that said I think Microsoft has done a 334 00:12:10,029 --> 00:12:12,669 better job at publishing guidance and being potentially 335 00:12:12,669 --> 00:12:13,889 a little bit more prescriptive. 336 00:12:14,585 --> 00:12:16,345 Like, today, like, if you went out in 337 00:12:16,345 --> 00:12:18,105 a zero trust environment, we talk about, like, 338 00:12:18,105 --> 00:12:20,424 global admins and, like, break glass accounts, things 339 00:12:20,424 --> 00:12:21,165 like that. 340 00:12:21,625 --> 00:12:24,105 That used to be, like, super fuzzy. Like, 341 00:12:24,105 --> 00:12:25,785 sure, you should have a break glass account, 342 00:12:25,785 --> 00:12:27,144 but what does that mean? How do you 343 00:12:27,144 --> 00:12:29,570 secure it? Like, what does MFA look like 344 00:12:29,570 --> 00:12:32,449 in context of a world like that? Like, 345 00:12:32,449 --> 00:12:34,449 how do you store that YubiKey for what's 346 00:12:34,449 --> 00:12:36,529 effectively not a person? Like, you and I 347 00:12:36,529 --> 00:12:38,449 are working together. Does YubiKey go to your 348 00:12:38,449 --> 00:12:39,730 house? Where do you store it at your 349 00:12:39,730 --> 00:12:41,169 house? But then what happens if I know 350 00:12:41,169 --> 00:12:42,769 the username and password? Like, how do we 351 00:12:42,769 --> 00:12:44,264 coordinate that and get it back together? So 352 00:12:44,424 --> 00:12:46,345 Microsoft's done a much better job, I think, 353 00:12:46,345 --> 00:12:49,865 about kind of publishing prescriptive guidance there at, 354 00:12:49,865 --> 00:12:51,884 like, the click stops as they exist 355 00:12:52,264 --> 00:12:54,825 within the licensing suites. It still gets a 356 00:12:54,825 --> 00:12:56,665 little bit confusing, especially when you start to, 357 00:12:56,665 --> 00:12:58,980 like, cross the streams between these things. I 358 00:12:58,980 --> 00:13:00,899 I I do think it's a little bit 359 00:13:00,899 --> 00:13:02,360 easier to live in the world of, say, 360 00:13:02,419 --> 00:13:03,480 like, just EntraID, 361 00:13:03,940 --> 00:13:05,639 and what comes to you with your EntraID 362 00:13:06,179 --> 00:13:08,419 premium licensing, maybe like a p one versus 363 00:13:08,419 --> 00:13:11,454 a p two kinda thing, versus what happens 364 00:13:11,454 --> 00:13:14,894 with m three sixty five plus Entra plus 365 00:13:14,894 --> 00:13:15,394 Intune 366 00:13:15,934 --> 00:13:18,495 plus I I don't know. Maybe you're doing, 367 00:13:18,495 --> 00:13:20,894 like, global secure access for your applications, and 368 00:13:20,894 --> 00:13:23,214 you're combining the endpoints and more client flows 369 00:13:23,214 --> 00:13:25,220 in there and things like that. Like, you 370 00:13:25,220 --> 00:13:27,720 as a customer can kinda ramp the complexity 371 00:13:28,019 --> 00:13:28,519 infinitely. 372 00:13:28,980 --> 00:13:29,480 And 373 00:13:29,860 --> 00:13:31,620 I do see at some point, like, customers 374 00:13:31,620 --> 00:13:33,300 kinda bottom out on they just can't figure 375 00:13:33,300 --> 00:13:34,040 it out anymore 376 00:13:34,580 --> 00:13:36,500 because they finally hit, like, the sweet spot 377 00:13:36,500 --> 00:13:37,559 for, like, that permutation 378 00:13:38,180 --> 00:13:39,784 or that set set of decisions in their 379 00:13:39,784 --> 00:13:40,585 environment where they're like, 380 00:13:41,144 --> 00:13:42,585 I'm off the beaten path. And then you 381 00:13:42,585 --> 00:13:44,585 gotta know kinda holistically how it all works 382 00:13:44,585 --> 00:13:47,065 together, and and that's still very hard to 383 00:13:47,065 --> 00:13:48,985 do. Yes. That's why I'm here, Scott. If 384 00:13:48,985 --> 00:13:50,745 you have trouble putting it all together, call 385 00:13:50,745 --> 00:13:53,799 me. Dreamless self plug, self promotion in the 386 00:13:53,799 --> 00:13:55,639 middle of the podcast. Yeah. So I think 387 00:13:55,639 --> 00:13:57,559 that's where I always start with identity. From 388 00:13:57,559 --> 00:13:59,240 there, we're gonna run out of time, Scott. 389 00:13:59,240 --> 00:14:01,080 I gotta talk fast. Did I mention this 390 00:14:01,080 --> 00:14:02,379 was an hour long presentation? 391 00:14:04,120 --> 00:14:06,164 No. I think from identity, the next one 392 00:14:06,164 --> 00:14:07,845 I tend to move to when I'm working 393 00:14:07,845 --> 00:14:09,784 with customers as well is 394 00:14:10,164 --> 00:14:12,404 and these two are, like I would say 395 00:14:12,404 --> 00:14:14,245 these two are step one and step two. 396 00:14:14,245 --> 00:14:15,464 After these two, 397 00:14:15,764 --> 00:14:17,865 you can kinda move a few different directions, 398 00:14:18,084 --> 00:14:20,024 but my next one is always endpoints, 399 00:14:20,840 --> 00:14:22,779 Primarily because when I'm logging 400 00:14:23,160 --> 00:14:25,560 in as somebody, I have to be logging 401 00:14:25,560 --> 00:14:28,060 in as somebody from some device. 402 00:14:28,519 --> 00:14:29,019 So 403 00:14:29,480 --> 00:14:31,580 how do I know that 404 00:14:31,960 --> 00:14:35,625 this identity, this person logging in, going back 405 00:14:35,625 --> 00:14:38,045 to even the least permissive here isn't necessarily 406 00:14:38,185 --> 00:14:40,504 just about roles, but it could be least 407 00:14:40,504 --> 00:14:43,004 permissive in terms of devices that I'm allowed 408 00:14:43,305 --> 00:14:45,565 to log in to my tenant from. Or 409 00:14:45,625 --> 00:14:48,185 going back to the assume breach, assume that 410 00:14:48,185 --> 00:14:50,740 every device that tries to log in to 411 00:14:50,740 --> 00:14:53,720 my tenant is not a safe device. 412 00:14:54,179 --> 00:14:57,320 So thinking through how am I verifying that 413 00:14:57,700 --> 00:15:00,500 the phone that somebody logs into my tenant 414 00:15:00,500 --> 00:15:03,000 from, the laptop, the desktop, 415 00:15:03,460 --> 00:15:04,279 the tablets, 416 00:15:04,934 --> 00:15:07,914 whatever that may be, how do I verify 417 00:15:07,975 --> 00:15:10,615 that device? How do I make sure that 418 00:15:10,615 --> 00:15:11,754 device is safe? 419 00:15:12,215 --> 00:15:14,875 How am I thinking about those endpoints that 420 00:15:14,934 --> 00:15:17,830 users are logging in from when they come 421 00:15:17,830 --> 00:15:19,589 to my tenant. Because again, now I don't 422 00:15:19,589 --> 00:15:20,089 necessarily 423 00:15:20,389 --> 00:15:21,850 have the network. 424 00:15:22,230 --> 00:15:24,149 A lot of people used to take the 425 00:15:24,149 --> 00:15:26,789 approach of this device is plugged into my 426 00:15:26,789 --> 00:15:29,269 local network. They're inside my firewall. I'm gonna 427 00:15:29,269 --> 00:15:31,264 trust it. I don't have a firewall anymore. 428 00:15:31,404 --> 00:15:33,184 There's some ways we can kinda 429 00:15:33,644 --> 00:15:35,585 you can look at that. You can kinda 430 00:15:35,725 --> 00:15:38,044 pseudo make a firewall, but I think it 431 00:15:38,044 --> 00:15:39,644 comes into a lot more now. What are 432 00:15:39,644 --> 00:15:42,705 you doing for corporate devices versus BYOD devices? 433 00:15:43,004 --> 00:15:44,865 One thing I think about is 434 00:15:45,330 --> 00:15:48,610 it's this is a newer approach I've started 435 00:15:48,610 --> 00:15:50,690 taking, and people can yell at me for 436 00:15:50,690 --> 00:15:52,370 saying, you should have thought of this sooner, 437 00:15:52,370 --> 00:15:54,529 you should have done this sooner, is a 438 00:15:54,529 --> 00:15:56,850 lot of clients are still focused on kind 439 00:15:56,850 --> 00:15:59,090 of that inside my network, and they're looking 440 00:15:59,090 --> 00:16:00,230 at device 441 00:16:00,914 --> 00:16:03,174 trust. It's the trust type in 442 00:16:03,554 --> 00:16:06,514 conditional access, but it's is this device joined 443 00:16:06,514 --> 00:16:08,995 to my intra ID, or is it hybrid 444 00:16:08,995 --> 00:16:10,754 joined? Is it joined to AD? Should I 445 00:16:10,754 --> 00:16:13,075 really be looking at, was this device able 446 00:16:13,075 --> 00:16:14,940 to be joined to my active directory, or 447 00:16:14,940 --> 00:16:16,860 should I be doing things like compliance? Is 448 00:16:16,860 --> 00:16:19,580 this device compliance? Has the drive been encrypted? 449 00:16:19,580 --> 00:16:21,419 Is the antivirus up to date? Is the 450 00:16:21,419 --> 00:16:23,500 patching up to date? Are they running a 451 00:16:23,500 --> 00:16:26,720 certain version of the OS? And not necessarily 452 00:16:26,940 --> 00:16:28,700 thinking through, oh, they were able to join 453 00:16:28,700 --> 00:16:30,634 this device to my domain so it's trusted 454 00:16:30,634 --> 00:16:32,095 and it's safe, but 455 00:16:32,475 --> 00:16:33,855 more, does this device 456 00:16:34,875 --> 00:16:36,575 meet the level of compliance, 457 00:16:37,355 --> 00:16:40,394 which could be that security construct that I'm 458 00:16:40,394 --> 00:16:42,715 going to allow it in? And maybe that 459 00:16:42,715 --> 00:16:44,850 trust type is a part of that, but 460 00:16:44,929 --> 00:16:46,370 I don't think that should be the whole 461 00:16:46,370 --> 00:16:48,449 picture when you're starting to talk zero trust. 462 00:16:48,449 --> 00:16:49,970 No. The other thing you have to think 463 00:16:49,970 --> 00:16:51,110 about is 464 00:16:52,370 --> 00:16:52,870 the 465 00:16:53,250 --> 00:16:54,949 the the experience of those devices. 466 00:16:55,490 --> 00:16:57,169 So how do you make it, like, friction 467 00:16:57,169 --> 00:16:57,669 free? 468 00:16:58,129 --> 00:16:59,809 You don't want potentially your 469 00:17:00,534 --> 00:17:01,735 I don't know. Maybe you do, maybe you 470 00:17:01,735 --> 00:17:03,014 don't. But you may maybe you don't want 471 00:17:03,014 --> 00:17:05,015 your user, like, pinning in on every boot 472 00:17:05,015 --> 00:17:07,494 of a device given the class of the 473 00:17:07,494 --> 00:17:09,654 device. Right? Like, is this my Yep. Everyday 474 00:17:09,654 --> 00:17:12,454 laptop versus maybe, like, my admin workstation or 475 00:17:12,454 --> 00:17:14,474 things like that? So what are those profiles? 476 00:17:14,694 --> 00:17:15,994 How do those come together? 477 00:17:16,480 --> 00:17:16,980 And 478 00:17:17,440 --> 00:17:20,419 then the other thing that happens here is 479 00:17:21,039 --> 00:17:21,539 the 480 00:17:22,159 --> 00:17:22,659 intersection 481 00:17:23,119 --> 00:17:24,899 of your environment, your policies, 482 00:17:25,599 --> 00:17:26,099 and 483 00:17:26,480 --> 00:17:29,380 application of those policies across managed and unmanaged 484 00:17:29,519 --> 00:17:30,019 devices. 485 00:17:30,634 --> 00:17:32,394 Shout out to Pirate in the chat. Like, 486 00:17:32,394 --> 00:17:34,494 he's going just where like, I was thinking 487 00:17:35,115 --> 00:17:36,975 so you have this world now of potentially 488 00:17:37,035 --> 00:17:38,894 thinking about, like, do you do 489 00:17:39,434 --> 00:17:40,654 full device management? 490 00:17:41,515 --> 00:17:43,914 Is MAM a possibility in your environment? Like, 491 00:17:43,914 --> 00:17:46,740 like, doing some kind of, like, application management 492 00:17:46,740 --> 00:17:48,580 level kinda thing. Like, what does that look 493 00:17:48,580 --> 00:17:50,180 like for you, and and how do you 494 00:17:50,180 --> 00:17:50,680 compose? 495 00:17:51,220 --> 00:17:53,940 Which ultimately bleeds back again to, like, your 496 00:17:53,940 --> 00:17:55,640 corporate construct plus 497 00:17:56,100 --> 00:17:59,619 user experience. Right? Like, like, practically, example, like, 498 00:17:59,619 --> 00:18:01,240 I live in a world where I can't 499 00:18:01,515 --> 00:18:02,015 access 500 00:18:02,555 --> 00:18:04,494 my work stuff through an unmanaged device. 501 00:18:04,795 --> 00:18:06,474 At the same time, my employer does my 502 00:18:06,474 --> 00:18:08,714 employer doesn't buy me, like, a phone. So 503 00:18:08,714 --> 00:18:10,955 I have a very, like, conscious decision to 504 00:18:10,955 --> 00:18:12,159 make of, do I join my personal phone 505 00:18:12,159 --> 00:18:12,272 and and let my employer manage a personal 506 00:18:12,272 --> 00:18:13,289 device where it's still a 507 00:18:17,289 --> 00:18:20,410 managed? Like, so you have to navigate a 508 00:18:20,410 --> 00:18:21,930 bunch of that stuff as well just in 509 00:18:21,930 --> 00:18:24,090 your policy and and thinking about how it 510 00:18:24,090 --> 00:18:26,115 comes together for your users. Yeah. 511 00:18:29,934 --> 00:18:32,095 Do you feel overwhelmed by trying to manage 512 00:18:32,095 --> 00:18:34,335 your Office three sixty five environment? Are you 513 00:18:34,335 --> 00:18:37,634 facing unexpected issues that disrupt your company's productivity? 514 00:18:37,934 --> 00:18:39,880 Intelligink is here to help. Much like you 515 00:18:39,880 --> 00:18:41,799 take your car to the mechanic that has 516 00:18:41,799 --> 00:18:43,880 specialized knowledge on how to best keep your 517 00:18:43,880 --> 00:18:46,920 car running, Intelligink helps you with your Microsoft 518 00:18:46,920 --> 00:18:49,179 cloud environment because that's their expertise. 519 00:18:49,559 --> 00:18:51,880 Intelligink keeps up with the latest updates in 520 00:18:51,880 --> 00:18:54,105 the Microsoft cloud to help keep your business 521 00:18:54,105 --> 00:18:56,345 running smoothly and ahead of the curve. Whether 522 00:18:56,345 --> 00:18:58,345 you are a small organization with just a 523 00:18:58,345 --> 00:19:00,825 few users up to an organization of several 524 00:19:00,825 --> 00:19:01,805 thousand employees, 525 00:19:02,184 --> 00:19:04,184 they want to partner with you to implement 526 00:19:04,184 --> 00:19:06,924 and administer your Microsoft cloud technology. 527 00:19:07,639 --> 00:19:11,179 Visit them at inteliginc.com/podcast. 528 00:19:11,319 --> 00:19:18,139 That's intelligink.com/podcast 529 00:19:18,599 --> 00:19:20,615 for more information or to schedule a thirty 530 00:19:20,615 --> 00:19:22,714 minute call to get started with them today. 531 00:19:23,015 --> 00:19:26,375 Remember, Intelligink focuses on the Microsoft cloud so 532 00:19:26,375 --> 00:19:28,075 you can focus on your business. 533 00:19:30,294 --> 00:19:32,214 Because this is audio, it's gonna be hard 534 00:19:32,214 --> 00:19:34,240 to visualize. But when we talk through this, 535 00:19:34,240 --> 00:19:36,319 sometimes too, we'll even draw a grid where 536 00:19:36,319 --> 00:19:39,519 you maybe have, like, upper left corner is 537 00:19:39,519 --> 00:19:41,220 a managed device 538 00:19:41,839 --> 00:19:43,700 that's on the corporate domain, 539 00:19:44,960 --> 00:19:46,419 that is going to be 540 00:19:46,720 --> 00:19:48,240 the level of hoops you have to jump 541 00:19:48,240 --> 00:19:50,585 through. It's going to be a much more 542 00:19:50,585 --> 00:19:52,825 trusted device than maybe, like, down in the 543 00:19:52,825 --> 00:19:56,265 bottom right is a BYOD device that isn't 544 00:19:56,265 --> 00:19:58,684 joined to your domain, that isn't managed, 545 00:19:59,065 --> 00:20:00,444 and thinking through 546 00:20:00,759 --> 00:20:02,519 what level of access to your point, what 547 00:20:02,519 --> 00:20:04,279 level of access are you gonna give these 548 00:20:04,279 --> 00:20:06,759 different types of devices in your domain or 549 00:20:06,759 --> 00:20:09,160 your user experience? What level of authentication do 550 00:20:09,160 --> 00:20:10,919 they have to go through? This is an 551 00:20:10,919 --> 00:20:14,140 unmanaged device. They're logging in from not a 552 00:20:14,200 --> 00:20:15,019 known location. 553 00:20:15,720 --> 00:20:16,299 I'm gonna 554 00:20:16,664 --> 00:20:20,105 force a phishing resistant MFA, and they're only 555 00:20:20,105 --> 00:20:23,085 gonna get browser based access. Whereas something that's 556 00:20:23,705 --> 00:20:26,285 joined to the domain, it's enrolled in Intune, 557 00:20:26,345 --> 00:20:27,644 it's a compliant device, 558 00:20:28,025 --> 00:20:30,690 maybe I relax my MFA requirements a little 559 00:20:30,690 --> 00:20:34,309 bit where it's not necessarily phishing resistant or 560 00:20:34,369 --> 00:20:36,710 maybe it's even corporate joined on the network 561 00:20:37,490 --> 00:20:40,529 compliant into managed. I'm gonna allow maybe you 562 00:20:40,529 --> 00:20:43,005 do allow those to bypass MFA if they 563 00:20:43,005 --> 00:20:45,884 reach a certain level there. So it's not 564 00:20:45,884 --> 00:20:47,644 even like that one size fits all, but 565 00:20:47,644 --> 00:20:50,625 it's here's this matricy of all these different 566 00:20:51,085 --> 00:20:53,345 scenarios that I can encounter with my devices. 567 00:20:53,884 --> 00:20:56,250 What level of trust and confidence do I 568 00:20:56,250 --> 00:20:58,089 have in the safety of that device, and 569 00:20:58,089 --> 00:20:59,849 what am I gonna allow based on that? 570 00:20:59,849 --> 00:21:02,089 So I think that's that's kind of that 571 00:21:02,089 --> 00:21:03,149 next step is devices. 572 00:21:03,609 --> 00:21:06,089 And thinking through all of that, I think 573 00:21:06,089 --> 00:21:07,434 some of it does, like you said, tie 574 00:21:07,434 --> 00:21:09,434 into your licensing. How much licensing do you 575 00:21:09,434 --> 00:21:11,535 have for things like auto autopilot, 576 00:21:11,914 --> 00:21:13,295 for Intune, for 577 00:21:13,595 --> 00:21:16,394 different levels because there is a cost to 578 00:21:16,394 --> 00:21:19,275 these different features in Microsoft three sixty five. 579 00:21:19,275 --> 00:21:20,740 There is a cost. There's there's 580 00:21:21,119 --> 00:21:24,180 a operational cost, like the human cost of 581 00:21:24,320 --> 00:21:26,000 just turn it on, your users have to 582 00:21:26,000 --> 00:21:28,340 interact with it, and then there's the dreaded 583 00:21:28,480 --> 00:21:29,539 licensing cost, 584 00:21:30,000 --> 00:21:32,160 which which also sits there as well. So 585 00:21:32,160 --> 00:21:33,840 where do you wanna go from there? Choose 586 00:21:33,840 --> 00:21:36,744 your own adventure, Scott. Identity and device are, 587 00:21:36,744 --> 00:21:38,345 I would say, a couple of my core 588 00:21:38,345 --> 00:21:40,585 ones. There's other things to think about. Why 589 00:21:40,585 --> 00:21:42,904 don't we talk about networking while we're here? 590 00:21:42,904 --> 00:21:45,945 So I I always find the networking aspects 591 00:21:45,945 --> 00:21:47,900 of, like, a SaaS surface, like, 592 00:21:48,359 --> 00:21:50,619 public endpoints connect to over the Internet, 593 00:21:50,920 --> 00:21:52,759 clients over the Internet, and then all the 594 00:21:52,759 --> 00:21:54,759 ways customers try and fight it. And they're 595 00:21:54,759 --> 00:21:57,340 like, how can I privatize my traffic to 596 00:21:57,880 --> 00:22:00,200 to SharePoint online? Like, well, a, do you 597 00:22:00,200 --> 00:22:02,575 wanna do that? B, no, you actually don't 598 00:22:02,575 --> 00:22:04,015 wanna do that. But, yeah, let's keep hearing 599 00:22:04,015 --> 00:22:05,714 you talk about how you wanna do it. 600 00:22:05,855 --> 00:22:07,615 So so so networking's a good one. Why 601 00:22:07,615 --> 00:22:09,875 don't we go there next? Alright. So networking 602 00:22:10,414 --> 00:22:13,054 is like you said, it's interesting because you're 603 00:22:13,054 --> 00:22:13,554 in 604 00:22:13,855 --> 00:22:15,934 the cloud. It's a SaaS space. There's a 605 00:22:15,934 --> 00:22:17,970 couple things I think about when I start 606 00:22:17,970 --> 00:22:20,369 going down the networking path. This one, very 607 00:22:20,369 --> 00:22:22,930 much licensing comes into play. One thing you 608 00:22:22,930 --> 00:22:24,710 can do is 609 00:22:25,089 --> 00:22:27,990 there are ways within conditional access to 610 00:22:28,369 --> 00:22:31,255 set up trusted networks. So you can either 611 00:22:31,255 --> 00:22:32,634 set it up based on 612 00:22:32,934 --> 00:22:33,674 IP address. 613 00:22:33,975 --> 00:22:35,575 So you can go in and define IP 614 00:22:35,575 --> 00:22:38,215 addresses. These are the public IP addresses that 615 00:22:38,215 --> 00:22:39,434 are for my office. 616 00:22:39,735 --> 00:22:42,295 I have my public IP addresses that are 617 00:22:42,295 --> 00:22:44,890 from my home network. You may have public 618 00:22:44,890 --> 00:22:47,130 IP addresses from different satellite locations that you 619 00:22:47,130 --> 00:22:49,289 can define. You can also go in and 620 00:22:49,289 --> 00:22:52,269 Microsoft gives you the ability to pick country 621 00:22:52,650 --> 00:22:56,190 based trust. So I'm gonna trust IP addresses 622 00:22:56,329 --> 00:22:59,325 that we're pretty sure, and this is not 623 00:22:59,325 --> 00:23:01,644 a you can be 100% sure all the 624 00:23:01,644 --> 00:23:04,605 time, IP addresses coming from The US, or 625 00:23:04,605 --> 00:23:07,585 here's IP addresses coming from Europe or Africa 626 00:23:08,845 --> 00:23:12,740 or South America, different regional locations. Microsoft does 627 00:23:12,740 --> 00:23:16,019 have predefined network locations there where you can 628 00:23:16,019 --> 00:23:17,000 go in and actually 629 00:23:17,380 --> 00:23:18,599 block or allow, 630 00:23:18,980 --> 00:23:21,460 maybe block everything and then set exclusions for 631 00:23:21,460 --> 00:23:23,640 allowing, however you wanna do it to 632 00:23:24,005 --> 00:23:24,985 set up different 633 00:23:25,765 --> 00:23:28,424 policies on logging into your environment 634 00:23:28,884 --> 00:23:31,365 based on which IP address you're coming from. 635 00:23:31,684 --> 00:23:33,465 So I think that's kind of the most 636 00:23:33,605 --> 00:23:36,244 basic one. That one is still its conditional 637 00:23:36,244 --> 00:23:38,105 access, so it's still gonna be your Entra 638 00:23:38,210 --> 00:23:40,930 plan one as minimum for that. The other 639 00:23:40,930 --> 00:23:43,809 interesting one that's coming into play more and 640 00:23:43,809 --> 00:23:45,750 more with networking in these conversations 641 00:23:46,289 --> 00:23:48,069 is the global secure access. 642 00:23:48,690 --> 00:23:51,190 This is an add on to even Entra 643 00:23:51,329 --> 00:23:53,625 p two, but there's a lot of stuff, 644 00:23:53,625 --> 00:23:54,984 and there's getting to be more and more 645 00:23:54,984 --> 00:23:56,765 stuff you can do with Global Secure Access. 646 00:23:56,984 --> 00:23:59,224 And there's different components to it. So there's 647 00:23:59,224 --> 00:24:01,865 the whole Microsoft three sixty five aspect, Global 648 00:24:01,865 --> 00:24:04,924 Secure Access to Microsoft three sixty five where 649 00:24:05,065 --> 00:24:06,825 it is I don't wanna say it's a 650 00:24:06,825 --> 00:24:09,579 VPN because it's it shows up as a 651 00:24:09,579 --> 00:24:11,579 VPN, though. I will say that. It kinda 652 00:24:11,579 --> 00:24:13,099 shows up as a VPN. You put a 653 00:24:13,099 --> 00:24:14,799 client on your desktop. 654 00:24:15,179 --> 00:24:15,679 You 655 00:24:15,980 --> 00:24:16,960 do it through 656 00:24:17,659 --> 00:24:20,000 Defender for Endpoint on your mobile devices, 657 00:24:20,460 --> 00:24:21,819 and then it does show up as a 658 00:24:21,819 --> 00:24:24,464 VPN connection on my phone. But it tunnels 659 00:24:24,464 --> 00:24:26,625 that traffic then, encrypts that traffic from your 660 00:24:26,625 --> 00:24:27,125 device 661 00:24:27,505 --> 00:24:29,444 straight to Microsoft three sixty five. 662 00:24:29,744 --> 00:24:31,744 Because of that, it also gives you some 663 00:24:31,744 --> 00:24:34,144 ability to do, like, some additional logging on 664 00:24:34,144 --> 00:24:37,285 that network traffic between your end user devices 665 00:24:37,519 --> 00:24:40,079 and Microsoft three sixty five. This is not 666 00:24:40,079 --> 00:24:42,799 out for everything yet. Like, ironically enough, I 667 00:24:42,799 --> 00:24:44,799 can't put it on my Surface device because 668 00:24:44,799 --> 00:24:46,919 there's not an ARM client available for it. 669 00:24:46,919 --> 00:24:48,879 It has to be x 64. You can 670 00:24:48,879 --> 00:24:50,159 do it in macOS. You can do it 671 00:24:50,159 --> 00:24:51,839 in mobile. I think iOS and Android are 672 00:24:51,839 --> 00:24:52,845 both out there now. 673 00:24:53,244 --> 00:24:54,845 But you can do that for Microsoft three 674 00:24:54,845 --> 00:24:56,684 sixty five traffic, but you can also do 675 00:24:56,684 --> 00:24:58,304 this. They also have an Internet, 676 00:24:59,644 --> 00:25:01,804 aspect of Global Secure Access and a private 677 00:25:01,804 --> 00:25:04,365 aspect of Global Secure Access where I can 678 00:25:04,365 --> 00:25:06,765 now send all my Internet traffic over Global 679 00:25:06,765 --> 00:25:08,304 Secure Access to do 680 00:25:08,769 --> 00:25:11,429 web protection, web filtering, web monitoring 681 00:25:12,049 --> 00:25:15,410 of Internet access. And it's interesting, like, I'll 682 00:25:15,410 --> 00:25:16,929 see it in mine where I get a 683 00:25:16,929 --> 00:25:18,529 lot of my web requests now routed through 684 00:25:18,529 --> 00:25:20,609 a proxy if I have Global Secure Access 685 00:25:20,609 --> 00:25:21,829 enabled on my desktop. 686 00:25:22,134 --> 00:25:24,954 The private one gives you the ability to 687 00:25:25,255 --> 00:25:27,595 use Microsoft three sixty five, the 688 00:25:27,894 --> 00:25:28,394 private 689 00:25:28,855 --> 00:25:30,875 connection in Global Secure Access, 690 00:25:31,255 --> 00:25:33,494 to create a tunnel from your endpoints back 691 00:25:33,494 --> 00:25:35,734 to your on premises network to access web 692 00:25:35,734 --> 00:25:36,234 applications 693 00:25:37,059 --> 00:25:39,700 on premises. So this is all built into 694 00:25:39,700 --> 00:25:41,720 Entra and add on to Entra for 695 00:25:42,099 --> 00:25:44,180 starting to do more of that managing of 696 00:25:44,180 --> 00:25:45,480 the network, creating 697 00:25:45,779 --> 00:25:48,920 secure tunnels to different locations, web filtering, 698 00:25:49,619 --> 00:25:50,119 and 699 00:25:50,420 --> 00:25:52,875 some of that additional monitoring of all that 700 00:25:52,954 --> 00:25:55,355 network traffic. Yeah. Quite a bit to think 701 00:25:55,355 --> 00:25:57,595 about on that one. It is. And we 702 00:25:57,595 --> 00:25:59,775 could spend the entire time on that, but 703 00:25:59,994 --> 00:26:01,994 It's a weird one. Like, I don't know. 704 00:26:01,994 --> 00:26:03,275 Even if when you go down, like, the 705 00:26:03,275 --> 00:26:05,515 filtering path, there's the things that you can 706 00:26:05,515 --> 00:26:06,575 do as part of 707 00:26:07,349 --> 00:26:10,390 Intune, Intra, and then, like, there's the whole, 708 00:26:10,390 --> 00:26:11,990 like, I actually deployed my app, and what 709 00:26:11,990 --> 00:26:13,509 does that look like? Like, does that app 710 00:26:13,509 --> 00:26:15,849 live in Azure? Does it have a firewall 711 00:26:15,910 --> 00:26:17,829 in front of it? Maybe it has, like, 712 00:26:17,829 --> 00:26:18,809 a front door 713 00:26:19,190 --> 00:26:19,690 or, 714 00:26:20,075 --> 00:26:22,315 like, an application gateway, like, all all that 715 00:26:22,315 --> 00:26:24,234 kind of stuff that just manifests as well. 716 00:26:24,234 --> 00:26:26,634 I think another one that this kinda ties 717 00:26:26,634 --> 00:26:27,454 into networking 718 00:26:27,755 --> 00:26:30,394 I'm gonna go into apps a little bit 719 00:26:30,394 --> 00:26:32,555 because there's a few different components to apps. 720 00:26:32,555 --> 00:26:33,454 There's the applications 721 00:26:33,835 --> 00:26:34,335 that 722 00:26:34,795 --> 00:26:37,009 you use for work, deploying apps to your 723 00:26:37,009 --> 00:26:39,349 endpoint, apps that are installed on your endpoints, 724 00:26:39,569 --> 00:26:41,809 all the app management in Intune. We talked 725 00:26:41,809 --> 00:26:43,169 about it in the chat a little bit. 726 00:26:43,169 --> 00:26:45,089 You mentioned it earlier, Scott, the MAM, the 727 00:26:45,089 --> 00:26:46,549 mobile application management, 728 00:26:47,089 --> 00:26:50,144 managing those apps. But there's also Defender for 729 00:26:50,144 --> 00:26:50,644 Cloud 730 00:26:51,025 --> 00:26:54,464 that isn't necessarily networking, but it does help 731 00:26:54,464 --> 00:26:57,984 watch for different shadow IT. People going out 732 00:26:57,984 --> 00:26:59,204 using ChatGPT, 733 00:26:59,664 --> 00:27:02,484 like, are people actually taking sensitive information 734 00:27:03,025 --> 00:27:03,924 from my environment, 735 00:27:04,330 --> 00:27:06,910 copying and pasting it, throwing it into ChatGPT. 736 00:27:08,170 --> 00:27:10,410 Oh, oh, this is networking. Can I go 737 00:27:10,410 --> 00:27:11,309 back to networking? 738 00:27:12,090 --> 00:27:14,009 This is networking and data. I'll save it 739 00:27:14,009 --> 00:27:15,609 for data. We'll save that when we talk 740 00:27:15,609 --> 00:27:17,049 about data. I thought you were gonna ask, 741 00:27:17,049 --> 00:27:18,805 and I was gonna say, like, yes. Your 742 00:27:18,805 --> 00:27:21,625 your users are taking private data to ChatGPT. 743 00:27:22,005 --> 00:27:22,805 100% 744 00:27:22,805 --> 00:27:25,445 there. Yes. And if not ChatGPT, they're taking 745 00:27:25,445 --> 00:27:28,485 it to Cloud or Copilot or Gemini or 746 00:27:28,485 --> 00:27:30,245 someplace where you don't think it should be. 747 00:27:30,245 --> 00:27:32,069 Where you don't think. Yeah. And that's something 748 00:27:32,069 --> 00:27:34,410 that Defender for Cloud can help for. Again, 749 00:27:34,470 --> 00:27:35,990 I'm gonna keep saying it just to remind 750 00:27:35,990 --> 00:27:37,509 people, although I think they already know it. 751 00:27:37,509 --> 00:27:39,509 There is cost for Defender for Cloud. This 752 00:27:39,509 --> 00:27:41,690 is another one that is like a security 753 00:27:41,750 --> 00:27:43,829 e five or Microsoft three sixty five e 754 00:27:43,829 --> 00:27:45,849 five. But I know that 755 00:27:46,755 --> 00:27:48,455 there's, like, 400 756 00:27:48,994 --> 00:27:51,474 some third party AI services that are all 757 00:27:51,474 --> 00:27:54,375 in Defender for Cloud already that if you 758 00:27:54,674 --> 00:27:57,255 go ramp this up, you have the ability 759 00:27:57,315 --> 00:27:59,494 to go in and block those to see 760 00:27:59,859 --> 00:28:01,779 what are all the AI services that my 761 00:28:01,779 --> 00:28:03,779 employees are using, where are they copying and 762 00:28:03,779 --> 00:28:07,220 pasting data, there's some DLP stuff, being able 763 00:28:07,220 --> 00:28:07,720 to 764 00:28:08,179 --> 00:28:08,679 monitor 765 00:28:09,460 --> 00:28:12,339 where people are putting files, which again, kinda 766 00:28:12,339 --> 00:28:14,359 apps, kinda data, kinda networking, 767 00:28:15,154 --> 00:28:18,454 but another part of that zero trust of 768 00:28:18,755 --> 00:28:21,474 making sure that your employees are keeping data 769 00:28:21,474 --> 00:28:24,194 where it's supposed to be kept, not putting 770 00:28:24,194 --> 00:28:26,674 data where it's supposed to not putting data 771 00:28:26,674 --> 00:28:28,700 where it's not supposed to be, that someone 772 00:28:28,700 --> 00:28:31,200 that got into your environment isn't exfiltrating 773 00:28:31,579 --> 00:28:32,079 data 774 00:28:32,380 --> 00:28:34,000 through some of those other services. 775 00:28:34,539 --> 00:28:36,720 And, again, a little bit of that verifying, 776 00:28:36,779 --> 00:28:38,700 a little bit of that monitoring when it 777 00:28:38,700 --> 00:28:40,640 comes to apps. And 778 00:28:41,255 --> 00:28:43,174 I get so much to talk about here 779 00:28:43,174 --> 00:28:44,694 because then you do get into all the 780 00:28:44,694 --> 00:28:46,774 installed apps, keeping data safe in the apps 781 00:28:46,774 --> 00:28:49,335 through, like, the mobile application management. So you 782 00:28:49,335 --> 00:28:51,095 want me to keep going, see how close 783 00:28:51,095 --> 00:28:53,095 we can keep this to a reasonable time 784 00:28:53,095 --> 00:28:54,855 episode? I mean, you're doing pretty good. Alright. 785 00:28:54,855 --> 00:28:56,554 All you got left in your talk is 786 00:28:57,119 --> 00:29:00,320 data. Well, then then logs, but, we we 787 00:29:00,320 --> 00:29:02,160 could always talk logs at a different time. 788 00:29:02,160 --> 00:29:04,019 And data's the other one, is 789 00:29:04,720 --> 00:29:05,220 looking 790 00:29:05,519 --> 00:29:06,019 at, 791 00:29:06,640 --> 00:29:08,960 like, how are you securing your data? This 792 00:29:08,960 --> 00:29:10,320 is one too that has come up a 793 00:29:10,320 --> 00:29:13,025 lot with Copilot, and we mentioned this in 794 00:29:13,025 --> 00:29:14,464 some of the times when we've talked about 795 00:29:14,464 --> 00:29:16,865 AI is some of that data security posture 796 00:29:16,865 --> 00:29:18,244 management, the DPSM. 797 00:29:18,545 --> 00:29:19,684 How are we protecting 798 00:29:20,384 --> 00:29:22,005 sensitive information within 799 00:29:22,384 --> 00:29:22,964 the company? 800 00:29:23,265 --> 00:29:24,964 How are we thinking about 801 00:29:25,349 --> 00:29:27,269 AI activity and what data AI can get 802 00:29:27,269 --> 00:29:28,250 to? Are we putting 803 00:29:28,630 --> 00:29:29,130 sensitive 804 00:29:29,589 --> 00:29:32,309 sensitivity labels on our content and being aware 805 00:29:32,309 --> 00:29:34,869 of what types of sensitive data may be 806 00:29:34,869 --> 00:29:36,410 located in those various 807 00:29:36,789 --> 00:29:37,929 places within, 808 00:29:38,549 --> 00:29:41,015 our organization? I was I can't remember if 809 00:29:41,015 --> 00:29:42,934 I've told this story before. If I have, 810 00:29:42,934 --> 00:29:44,694 you get to hear it again. Working with 811 00:29:44,694 --> 00:29:46,375 one company where we were trying to get 812 00:29:46,375 --> 00:29:49,335 ready for Copilot, we were looking at sharing 813 00:29:49,335 --> 00:29:49,835 links. 814 00:29:50,134 --> 00:29:52,454 They had, like, 20,000 links that was shared 815 00:29:52,454 --> 00:29:54,430 with the entire company. But then we were 816 00:29:54,430 --> 00:29:56,750 also looking at sensitive information. I'm like, did 817 00:29:56,750 --> 00:29:58,910 you know, like, you have all these Social 818 00:29:58,910 --> 00:30:01,309 Security numbers over in the SharePoint site here? 819 00:30:01,309 --> 00:30:03,869 Like, Purview picked them up, and I it 820 00:30:03,869 --> 00:30:06,029 took me, like, five minutes. I was able 821 00:30:06,029 --> 00:30:06,850 to go in 822 00:30:07,154 --> 00:30:08,215 through Purview, 823 00:30:08,595 --> 00:30:10,674 go to the Content Explorer, pull up some 824 00:30:10,674 --> 00:30:12,674 social Social Security numbers. I was like, are 825 00:30:12,674 --> 00:30:14,755 these false positives? Clicked on a couple of 826 00:30:14,755 --> 00:30:17,494 them and was like, nope. Those are actually 827 00:30:18,515 --> 00:30:19,494 those are actually 828 00:30:19,955 --> 00:30:21,839 Social Security numbers, and it took me, like, 829 00:30:21,919 --> 00:30:24,240 five minutes to find them. And I brought 830 00:30:24,240 --> 00:30:25,599 it up to the company. They're like, oh, 831 00:30:25,599 --> 00:30:27,759 our policy says no Social Security numbers are 832 00:30:27,759 --> 00:30:28,659 allowed in SharePoint. 833 00:30:29,119 --> 00:30:31,359 Yeah. That's what your policy says. You didn't 834 00:30:31,359 --> 00:30:33,359 block it, though, so here we are. Right. 835 00:30:33,359 --> 00:30:35,299 So what are you doing from that perspective 836 00:30:35,440 --> 00:30:35,940 to 837 00:30:36,240 --> 00:30:37,059 not just 838 00:30:37,644 --> 00:30:39,325 set a policy of that or make that 839 00:30:39,325 --> 00:30:41,404 your policy, but to go through and verify 840 00:30:41,404 --> 00:30:43,184 that people are following the policy 841 00:30:43,644 --> 00:30:45,644 and or if you do allow that in 842 00:30:45,644 --> 00:30:48,144 there that it's being properly labeled and categorized 843 00:30:48,605 --> 00:30:51,404 so you can put DLP policies in place 844 00:30:51,404 --> 00:30:54,240 to prevent that exfiltration of that data, to 845 00:30:54,240 --> 00:30:55,539 prevent it being inadvertently 846 00:30:55,840 --> 00:30:58,720 shared with somebody it shouldn't be. And this 847 00:30:58,720 --> 00:31:00,400 was a new one. I I was gonna 848 00:31:00,400 --> 00:31:02,720 mention that I don't know how it's done. 849 00:31:02,720 --> 00:31:04,160 I'll find the blog post to it in 850 00:31:04,160 --> 00:31:05,440 the YouTube video and put it in the 851 00:31:05,440 --> 00:31:08,184 chat. There is I think it was just 852 00:31:08,184 --> 00:31:10,105 last week. It was about a week ago. 853 00:31:10,105 --> 00:31:11,164 Microsoft announced 854 00:31:11,785 --> 00:31:12,765 network level 855 00:31:13,304 --> 00:31:13,804 DLP 856 00:31:14,424 --> 00:31:17,545 coming to Microsoft three sixty five. So actually 857 00:31:17,545 --> 00:31:19,409 being able to, like, pick up if I 858 00:31:19,409 --> 00:31:22,210 copy and paste a Social Security number from 859 00:31:22,210 --> 00:31:23,750 my machine into a website, 860 00:31:24,609 --> 00:31:26,769 the picking it up in my network traffic 861 00:31:26,769 --> 00:31:29,970 that I'm copying and pasting sensitive information or 862 00:31:29,970 --> 00:31:33,109 that sensitive information is going from my device 863 00:31:33,674 --> 00:31:36,154 somewhere. No they didn't announce how they're doing 864 00:31:36,154 --> 00:31:37,515 it. I don't know if this is gonna 865 00:31:37,515 --> 00:31:39,595 be part of Global Secure Access or part 866 00:31:39,595 --> 00:31:41,055 of Microsoft Defender, 867 00:31:41,515 --> 00:31:43,375 but there is absolutely, 868 00:31:44,394 --> 00:31:47,595 like, that level of data security coming as 869 00:31:47,595 --> 00:31:50,279 well from a DLP perspective, sensitive information. 870 00:31:50,579 --> 00:31:52,099 So that's gonna be really cool to see 871 00:31:52,099 --> 00:31:54,419 where that goes because that is questions that 872 00:31:54,419 --> 00:31:56,980 come up. We'll see when it comes, how 873 00:31:56,980 --> 00:31:58,980 it comes, what the cost is when it 874 00:31:58,980 --> 00:32:01,460 comes, etcetera. I hadn't heard about that. Oh, 875 00:32:01,460 --> 00:32:03,805 Pirate posted that. Browser Network. Yeah. I think 876 00:32:03,805 --> 00:32:05,805 that's the one, Pirate, without actually looking at 877 00:32:05,805 --> 00:32:08,045 that article that looks because it was on 878 00:32:08,045 --> 00:32:10,205 Microsoft Mechanics where they posted that video and 879 00:32:10,205 --> 00:32:13,585 that article about doing network browser based DLP. 880 00:32:13,805 --> 00:32:15,904 It's okay, Scott. It's only a week old. 881 00:32:15,965 --> 00:32:18,169 You're excused for not knowing it. Whew. That's 882 00:32:18,169 --> 00:32:19,849 good. And I think kind of what brings 883 00:32:19,849 --> 00:32:23,049 us all together too is I've mentioned it 884 00:32:23,049 --> 00:32:25,210 a few times. We've talked about it. I 885 00:32:25,210 --> 00:32:28,669 will never back down from my statement that 886 00:32:28,970 --> 00:32:32,269 conditional access is worth the cost of EntraID 887 00:32:32,410 --> 00:32:34,335 plan one if all you got with that 888 00:32:34,335 --> 00:32:36,994 is conditional access. But to me that's really 889 00:32:37,295 --> 00:32:39,454 like the bow that ties all of this 890 00:32:39,454 --> 00:32:41,454 together, is going in and setting up a 891 00:32:41,454 --> 00:32:44,335 lot of those conditional access policies, looking at 892 00:32:44,335 --> 00:32:46,575 who you are, what identity you're logging in 893 00:32:46,575 --> 00:32:47,075 with, 894 00:32:47,419 --> 00:32:49,179 are you coming in as an admin, are 895 00:32:49,179 --> 00:32:51,819 you coming in with a service principal, so 896 00:32:51,819 --> 00:32:54,140 that identity aspect of it. And then looking 897 00:32:54,140 --> 00:32:56,880 at all those different signals from your devices, 898 00:32:57,419 --> 00:32:59,579 looking at different properties of the device, different 899 00:32:59,579 --> 00:33:01,599 trust types, compliance of the device. 900 00:33:01,964 --> 00:33:03,085 That's where you can go set up your 901 00:33:03,085 --> 00:33:05,005 network level. What network am I coming in? 902 00:33:05,005 --> 00:33:06,924 What IP address am I coming in from? 903 00:33:06,924 --> 00:33:09,565 What applications am not only am I accessing 904 00:33:09,565 --> 00:33:12,625 in Microsoft three sixty five, but what applications 905 00:33:12,765 --> 00:33:14,525 am I using to access my data in 906 00:33:14,525 --> 00:33:16,384 Microsoft three sixty five? 907 00:33:16,799 --> 00:33:19,860 Setting up all those conditional access policies to 908 00:33:20,240 --> 00:33:23,360 help you segment out how users are allowed 909 00:33:23,360 --> 00:33:25,759 into your environment, where they're allowed in from, 910 00:33:25,759 --> 00:33:26,960 all of that. There's a lot to think 911 00:33:26,960 --> 00:33:28,720 about in that one. There's absolutely a ton 912 00:33:28,720 --> 00:33:30,644 to think about. There's a reason you can 913 00:33:30,644 --> 00:33:33,204 create hundreds and hundreds of conditional access policies, 914 00:33:33,204 --> 00:33:35,044 Scott. I still wanna see a tenant that 915 00:33:35,044 --> 00:33:36,184 has hundreds of them. 916 00:33:36,964 --> 00:33:38,884 I haven't. No? I have heard of tenants 917 00:33:38,884 --> 00:33:40,244 hitting the limit. Did you know there's a 918 00:33:40,244 --> 00:33:43,380 limit to conditional access policies? I probably 919 00:33:44,000 --> 00:33:45,679 work for one of those companies that's at 920 00:33:45,679 --> 00:33:47,759 the limit. You probably do. I think it's 921 00:33:47,759 --> 00:33:49,039 995 922 00:33:49,039 --> 00:33:51,200 is the number of conditional access policies you 923 00:33:51,200 --> 00:33:53,279 can have. That's what I thought. Pirate said 924 00:33:53,279 --> 00:33:56,019 we've had the conversation before. So, anyways, 925 00:33:56,400 --> 00:33:57,255 and then the last 926 00:33:58,134 --> 00:34:00,375 I can do logs and signals. We talked 927 00:34:00,375 --> 00:34:02,634 about the verification aspect of this too, 928 00:34:03,015 --> 00:34:03,755 being alerted. 929 00:34:04,295 --> 00:34:07,095 There's a lot of verification you can do, 930 00:34:07,095 --> 00:34:08,534 but I would say a lot of it 931 00:34:08,534 --> 00:34:11,590 does cost money, whether it's spinning up Sentinel 932 00:34:11,890 --> 00:34:12,630 or another 933 00:34:13,170 --> 00:34:15,890 SIEM to capture all these logs, be able 934 00:34:15,890 --> 00:34:17,269 to query all these logs, 935 00:34:17,650 --> 00:34:19,190 set alerts on these logs, 936 00:34:19,570 --> 00:34:22,530 take automated actions based on them. Maybe you 937 00:34:22,530 --> 00:34:24,974 want to be able to peruse your logs 938 00:34:24,974 --> 00:34:26,994 or ask questions about it with 939 00:34:27,375 --> 00:34:29,554 Security Copilot or some other 940 00:34:29,855 --> 00:34:30,355 AI 941 00:34:30,815 --> 00:34:33,054 tool based on where all these logs are 942 00:34:33,054 --> 00:34:33,875 being captured. 943 00:34:34,414 --> 00:34:36,719 But not just setting up all these controls 944 00:34:36,719 --> 00:34:38,559 and then not ever keeping an eye on 945 00:34:38,559 --> 00:34:40,500 what people are doing or 946 00:34:40,800 --> 00:34:43,039 what's going on in your environment. So you 947 00:34:43,039 --> 00:34:45,039 could go set all of this up. Someone 948 00:34:45,039 --> 00:34:46,719 finds a way around it. Someone finds a 949 00:34:46,719 --> 00:34:49,519 way around our backdoor. We're all human. We're 950 00:34:49,519 --> 00:34:51,734 not perfect. We're gonna miss something. We're gonna 951 00:34:51,734 --> 00:34:54,394 make mistakes. So do you have that logging, 952 00:34:54,454 --> 00:34:57,674 that signaling, that alerting set up so that 953 00:34:57,815 --> 00:34:59,734 if something does go wrong or if you 954 00:34:59,734 --> 00:35:01,574 need to go back and look at what 955 00:35:01,574 --> 00:35:03,640 somebody did, you have that ability 956 00:35:04,579 --> 00:35:07,140 to go in and look at it, adjust 957 00:35:07,140 --> 00:35:09,480 it, make changes to your security 958 00:35:10,099 --> 00:35:12,140 based on what may come out of some 959 00:35:12,140 --> 00:35:14,579 of that logging, that signaling, and that alerting. 960 00:35:14,579 --> 00:35:16,034 What may come out of it? Good luck 961 00:35:16,034 --> 00:35:17,474 interpreting it most of us. What may come 962 00:35:17,474 --> 00:35:19,155 out of it? Okay. That's the other thing 963 00:35:19,155 --> 00:35:20,675 is like, yeah, like, what may come out 964 00:35:20,675 --> 00:35:22,355 of it? Now now go interpret it. Good 965 00:35:22,355 --> 00:35:24,855 luck. Yeah. That's what Security Copilot's for, Scott. 966 00:35:25,074 --> 00:35:27,954 Or Copilot for security. Security Copilot? Which one 967 00:35:27,954 --> 00:35:30,030 is it? Something like that. One of those. 968 00:35:30,269 --> 00:35:31,730 So there is an assessment. 969 00:35:32,030 --> 00:35:34,110 Pirate mentioned it before. We'll put a link 970 00:35:34,110 --> 00:35:35,409 to this in the chat too. 971 00:35:35,710 --> 00:35:38,449 There is a Zero Trust workshop out there 972 00:35:38,590 --> 00:35:41,150 that Microsoft has. Oh, you're not gonna be 973 00:35:41,150 --> 00:35:42,349 able to see it in that window though 974 00:35:42,349 --> 00:35:43,550 if I put it in the chat. We've 975 00:35:43,550 --> 00:35:45,070 just had one window up in the one 976 00:35:45,070 --> 00:35:47,125 browser window up. But a whole zero trust 977 00:35:47,125 --> 00:35:48,424 workshop around identity 978 00:35:49,045 --> 00:35:51,284 devices, and part of that workshop, they do 979 00:35:51,284 --> 00:35:54,324 have a an assessment tool as well, a 980 00:35:54,324 --> 00:35:56,884 PowerShell script that you can go run on 981 00:35:56,884 --> 00:35:57,545 your environment 982 00:35:57,844 --> 00:35:59,065 that will give you 983 00:35:59,444 --> 00:36:00,424 some of that configuration 984 00:36:00,964 --> 00:36:03,519 of how close are you to Zero Trust. 985 00:36:03,519 --> 00:36:05,359 There's some other tools in here to help 986 00:36:05,359 --> 00:36:08,400 you work through implementing Zero Trust. So this 987 00:36:08,400 --> 00:36:10,719 is another good resource. I think this workshop 988 00:36:10,719 --> 00:36:13,280 is easily a day long, if not a 989 00:36:13,280 --> 00:36:14,339 multi day 990 00:36:14,800 --> 00:36:16,980 workshop, if you were going to 991 00:36:17,424 --> 00:36:19,824 work through it with somebody. Again, there's tools 992 00:36:19,824 --> 00:36:21,344 in here you can take and run-in your 993 00:36:21,344 --> 00:36:23,585 own environment to see where you stack up, 994 00:36:23,585 --> 00:36:26,144 what you should think think about, configurations you 995 00:36:26,144 --> 00:36:28,464 may need to make, again, based on what 996 00:36:28,464 --> 00:36:31,119 licenses you have, what's available for you to 997 00:36:31,119 --> 00:36:33,039 actually go turn on and light up. Yeah. 998 00:36:33,039 --> 00:36:36,000 What's the scope of that workshop? So is 999 00:36:36,000 --> 00:36:37,380 it all things Microsoft? 1000 00:36:37,760 --> 00:36:39,679 It it looks like it's pretty expansive. Like 1001 00:36:39,920 --> 00:36:42,559 Yes. I'm pretty sure this one will look 1002 00:36:42,559 --> 00:36:44,019 at all things 1003 00:36:45,094 --> 00:36:46,875 Microsoft. I should go find 1004 00:36:47,574 --> 00:36:49,574 where this is. I mean, it's yeah. Like, 1005 00:36:49,574 --> 00:36:50,474 you have DevSecOps 1006 00:36:50,775 --> 00:36:52,315 in here. You've got identity 1007 00:36:52,934 --> 00:36:53,434 devices. 1008 00:36:54,214 --> 00:36:56,315 That's talking about the Intune data warehouse. 1009 00:36:57,414 --> 00:37:00,359 What else in here? Conditional launch. There's stuff 1010 00:37:00,359 --> 00:37:01,819 around backing up to iCloud. 1011 00:37:03,000 --> 00:37:04,380 Yeah. Here's ARM provisioning, 1012 00:37:04,920 --> 00:37:06,059 RBAC stuff, 1013 00:37:06,519 --> 00:37:09,079 VPN tunnel. Someone asked me too, VPN tunnel 1014 00:37:09,079 --> 00:37:11,900 versus global secure access. I think they're both 1015 00:37:12,039 --> 00:37:14,195 in there. It wouldn't surprise me if the 1016 00:37:14,195 --> 00:37:16,434 VPN tunnel goes away. Yeah. All the stuff 1017 00:37:16,434 --> 00:37:17,335 around Samsung 1018 00:37:18,514 --> 00:37:19,815 AR, VR devices. 1019 00:37:20,835 --> 00:37:22,355 This is I don't is this I don't 1020 00:37:22,355 --> 00:37:24,195 even know what this is. A hundred and 1021 00:37:24,195 --> 00:37:24,695 twenty, 1022 00:37:25,315 --> 00:37:29,094 fifty, seventy, 80 Just keeps going. 89 1023 00:37:29,639 --> 00:37:30,139 different 1024 00:37:30,760 --> 00:37:33,819 steps, I guess, just in the devices section 1025 00:37:33,880 --> 00:37:35,799 that are things for you to think about 1026 00:37:35,799 --> 00:37:38,199 with devices. But, yeah, DevOps, I bet this 1027 00:37:38,199 --> 00:37:40,940 is Defender. Yeah. Implement Defender for servers. 1028 00:37:41,239 --> 00:37:42,760 So this is 100%, 1029 00:37:42,760 --> 00:37:43,900 like, all things 1030 00:37:44,605 --> 00:37:45,825 Microsoft cloud 1031 00:37:46,285 --> 00:37:49,985 from servers to Azure to ARM provisioning to 1032 00:37:50,525 --> 00:37:51,025 GitHub, 1033 00:37:51,325 --> 00:37:53,184 CodeQL is a part of this, 1034 00:37:54,045 --> 00:37:56,144 Azure DevOps is a part of this, 1035 00:37:56,650 --> 00:37:57,710 Defender for DevOps. 1036 00:37:58,090 --> 00:37:59,610 All of it. You could spend a long 1037 00:37:59,610 --> 00:38:02,090 time on this, Scott. All the things. Everything 1038 00:38:02,090 --> 00:38:04,010 is here. Just a couple of days. Easy 1039 00:38:04,010 --> 00:38:06,010 peasy. Yeah. Just blow through it all quick. 1040 00:38:06,010 --> 00:38:07,130 In and out. And then you get a 1041 00:38:07,130 --> 00:38:08,650 nice pretty docs that you need to go 1042 00:38:08,650 --> 00:38:09,150 implement. 1043 00:38:09,449 --> 00:38:09,949 Exactly. 1044 00:38:10,250 --> 00:38:11,849 Or call Ben, and Ben will help you 1045 00:38:11,849 --> 00:38:14,704 implement. I'm full of shameless self promotion today. 1046 00:38:14,704 --> 00:38:16,625 Yeah. You're doing a good job. Thanks. Appreciate 1047 00:38:16,625 --> 00:38:19,525 it. Alright. Anything else? It is 5PM 1048 00:38:19,664 --> 00:38:21,425 Eastern Time on a Friday. And I think 1049 00:38:21,425 --> 00:38:23,825 that takes us on a whirlwind tour of 1050 00:38:23,825 --> 00:38:25,744 Zero Trust. That was. And if I have 1051 00:38:25,744 --> 00:38:27,045 a workshop at a conference, 1052 00:38:27,380 --> 00:38:29,239 I will self promote that as well. 1053 00:38:30,739 --> 00:38:33,380 You just gotta score one, man. That's it. 1054 00:38:33,380 --> 00:38:35,460 Easy peasy. No sweat. We'll get it. We'll 1055 00:38:35,460 --> 00:38:37,539 get it nailed out. So well, thanks, Scott. 1056 00:38:37,539 --> 00:38:40,019 Appreciate it. Enjoy your weekend. Enjoy the rest 1057 00:38:40,019 --> 00:38:41,295 of your day. You too. And we will 1058 00:38:41,375 --> 00:38:43,474 talk to you again soon. Thanks, Ben. 1059 00:38:45,454 --> 00:38:47,694 If you enjoyed the podcast, go leave us 1060 00:38:47,694 --> 00:38:49,934 a five star rating in iTunes. It helps 1061 00:38:49,934 --> 00:38:51,614 to get the word out so more IT 1062 00:38:51,614 --> 00:38:53,775 pros can learn about Office three sixty five 1063 00:38:53,775 --> 00:38:54,329 and Azure. 1064 00:38:54,890 --> 00:38:56,650 If you have any questions you want us 1065 00:38:56,650 --> 00:38:58,809 to address on the show, or feedback about 1066 00:38:58,809 --> 00:39:01,130 the show, feel free to reach out via 1067 00:39:01,130 --> 00:39:03,309 our website, Twitter, or Facebook. 1068 00:39:03,610 --> 00:39:05,450 Thanks again for listening, and have a great 1069 00:39:05,450 --> 00:39:05,950 day.

Digital Dispatch Podcast Podcast Artwork Image

Microsoft Cloud IT Pro Podcast

Ben Stegink, Scott Hoag

On the MS Cloud IT Pro Podcast, Scott and Ben discuss the Microsoft Cloud with a focus on IT Pros. They'll discuss the latest in Microsoft 365 and Office 365 News, Azure news and talk about their experiences with managing the Microsoft Cloud as well as interview industry experts on various cloud technology. They'll cover things such as SharePoint, Exchange, Microsoft Teams, PowerShell, Azure, Azure AD, Security, Networking, Storage, and the many other technologies and products that have made their way into the Microsoft 365 suite and Azure. To stay up-to-date on the latest in Microsoft Cloud news and gain some valuable knowledge as you deploy it within your own organization, make sure to tune in every week! Find out more at msclouditpropodcast.com.

Contact Show