1 00:00:03,600 --> 00:00:07,120 Welcome to episode 401 of the Microsoft Cloud 2 00:00:07,120 --> 00:00:08,179 IT Pro podcast 3 00:00:08,559 --> 00:00:11,699 recorded live 05/02/2025. 4 00:00:12,160 --> 00:00:14,480 This is a show about Microsoft three sixty 5 00:00:14,480 --> 00:00:16,625 five and Azure from the perspective of IT 6 00:00:16,625 --> 00:00:18,704 pros and end users, where we discuss a 7 00:00:18,704 --> 00:00:20,945 topic or recent news and how it relates 8 00:00:20,945 --> 00:00:23,184 to you. This week, Ben and Scott are 9 00:00:23,184 --> 00:00:25,684 back to Microsoft three sixty five security. 10 00:00:26,064 --> 00:00:26,879 In this episode, 11 00:00:39,600 --> 00:00:39,884 It's been 12 00:00:42,125 --> 00:00:44,204 It's been so long since we've done this. 13 00:00:44,204 --> 00:00:47,164 We've had, like, weird scheduling issues, and I've 14 00:00:47,164 --> 00:00:48,225 been gone, and 15 00:00:48,604 --> 00:00:50,524 I've been gone, and, I mean, that's pretty 16 00:00:50,524 --> 00:00:52,284 much it. We had some interviews. Like, we 17 00:00:52,284 --> 00:00:54,284 had some interviews from the MVP summit that 18 00:00:54,284 --> 00:00:56,920 took us away from this live. Hopefully, maybe 19 00:00:57,060 --> 00:00:58,820 we say this when we're back on schedule, 20 00:00:58,820 --> 00:01:01,079 but with summer coming, who knows? We'll 21 00:01:01,940 --> 00:01:03,700 we'll see where it goes. Real life always 22 00:01:03,700 --> 00:01:05,560 tends to get in the way. Yeah. 23 00:01:06,020 --> 00:01:09,939 So it does. Alright. Well, today's topic. Well, 24 00:01:09,939 --> 00:01:12,295 today's topic. If you're live, you can see 25 00:01:12,295 --> 00:01:14,295 it on the screen. If you're not live, 26 00:01:14,295 --> 00:01:16,055 you should come join us in Discord. Join 27 00:01:16,055 --> 00:01:18,055 the membership in Discord and come join us. 28 00:01:18,055 --> 00:01:20,614 Today's topic, though, is zero trust and primarily 29 00:01:20,614 --> 00:01:23,069 around Microsoft three sixty five. Like, we could 30 00:01:23,230 --> 00:01:25,390 maybe take this and extrapolate this out to 31 00:01:25,390 --> 00:01:25,890 Azure. 32 00:01:26,269 --> 00:01:27,409 Some of this would 33 00:01:27,790 --> 00:01:30,030 kind of apply to Azure too, but primarily 34 00:01:30,030 --> 00:01:32,450 Microsoft three sixty five. And 35 00:01:32,909 --> 00:01:34,750 I can't take a ton of credit. I 36 00:01:34,750 --> 00:01:36,465 can't take a ton of credit for this. 37 00:01:36,545 --> 00:01:38,384 Just say that. So Jelisk and I have 38 00:01:38,384 --> 00:01:41,024 done a presentation around this a couple times 39 00:01:41,024 --> 00:01:43,444 now. We did one down in Orlando 40 00:01:44,144 --> 00:01:45,125 at CollabCon. 41 00:01:45,504 --> 00:01:47,744 We just did it this past weekend that 42 00:01:47,744 --> 00:01:50,629 feels like forever ago for Microsoft three sixty 43 00:01:50,629 --> 00:01:51,129 five 44 00:01:51,670 --> 00:01:54,230 Community Days up in Philly, which is not 45 00:01:54,230 --> 00:01:56,950 really Philly Philly. It's just closes. I didn't 46 00:01:56,950 --> 00:01:58,549 realize how far outside of Philly it was 47 00:01:58,549 --> 00:02:00,090 till I got there and got an Uber. 48 00:02:00,310 --> 00:02:02,484 It's like, oh, Melbourne is like sort of 49 00:02:02,484 --> 00:02:04,325 Philly, but not really Philly. It's out there 50 00:02:04,325 --> 00:02:05,064 a little bit. 51 00:02:05,525 --> 00:02:07,204 If you're if you're doing if you're doing 52 00:02:07,204 --> 00:02:09,525 Malvern, you're, like, yeah, an hour outside Philly 53 00:02:09,525 --> 00:02:12,324 with traffic. So, yeah, we decided Scott, I 54 00:02:12,324 --> 00:02:14,004 would just talk about zero trust. It'll be 55 00:02:14,004 --> 00:02:16,645 interesting because I've done this with Jay Scott 56 00:02:16,645 --> 00:02:18,300 to get your take on some of this 57 00:02:18,300 --> 00:02:20,860 as well with your thoughts around Zero Trust 58 00:02:20,860 --> 00:02:23,260 and implementing Zero Trust in Microsoft three sixty 59 00:02:23,260 --> 00:02:24,780 five. We'll put a bunch of links in 60 00:02:24,780 --> 00:02:27,420 the chat. There's some tools too. I actually 61 00:02:27,420 --> 00:02:29,905 really wanna turn this into a workshop. So 62 00:02:30,125 --> 00:02:32,525 we'll see. I have a whole Zero Trust 63 00:02:32,525 --> 00:02:34,384 workshop submitted to a couple 64 00:02:34,685 --> 00:02:36,844 conferences along with Jay to see if we 65 00:02:36,844 --> 00:02:38,685 can turn this into a, like, eight hour 66 00:02:38,685 --> 00:02:40,764 workshop all in Zero Trust. We'll keep you 67 00:02:40,764 --> 00:02:42,925 updated. If it turns into one, which conference 68 00:02:42,925 --> 00:02:44,764 to go to to see the workshop version 69 00:02:44,764 --> 00:02:46,760 of this? I think it's an interesting topic, 70 00:02:46,760 --> 00:02:49,560 and there's a lot of knobs and levers, 71 00:02:49,560 --> 00:02:50,620 particularly across 72 00:02:51,000 --> 00:02:54,120 Microsoft three sixty five. So it's it's kinda 73 00:02:54,120 --> 00:02:55,560 easy to hop in at the front end, 74 00:02:55,560 --> 00:02:56,860 I think, and talk about, 75 00:02:57,719 --> 00:03:00,114 zero trust identity. What are the principles 76 00:03:00,414 --> 00:03:02,034 that you let into your directory, 77 00:03:03,294 --> 00:03:06,114 non person accounts versus per person accounts, 78 00:03:06,974 --> 00:03:08,435 all those things like that. 79 00:03:08,814 --> 00:03:10,594 But it could also be devices 80 00:03:11,134 --> 00:03:13,555 in your environment, like how do those connect, 81 00:03:13,854 --> 00:03:14,939 how do those come in. 82 00:03:15,419 --> 00:03:17,900 Once you've got all those identities out there 83 00:03:17,900 --> 00:03:20,540 well and and devices and things, then there's 84 00:03:20,540 --> 00:03:24,060 an endpoint component. And, well, zero trust from 85 00:03:24,060 --> 00:03:27,260 how you manage your endpoints from the perspective 86 00:03:27,260 --> 00:03:29,280 of maybe, like, your own endpoints versus, 87 00:03:30,254 --> 00:03:32,334 maybe a BYOD for, like, a partner or 88 00:03:32,334 --> 00:03:32,995 a contractor 89 00:03:33,375 --> 00:03:36,034 who comes into your environment, things like that. 90 00:03:36,334 --> 00:03:38,435 All the applications, all the data, 91 00:03:38,814 --> 00:03:41,215 not the infrastructure so much. Right? Like, Microsoft 92 00:03:41,215 --> 00:03:42,894 takes care of a bunch of that stuff 93 00:03:42,894 --> 00:03:45,294 for you. Right. But certainly, the networking aspects 94 00:03:45,294 --> 00:03:47,210 of it as well, I think, are 95 00:03:47,590 --> 00:03:49,770 interesting. Like, we talk a lot about, like, 96 00:03:49,990 --> 00:03:52,310 clients and endpoints and how they connect, and 97 00:03:52,310 --> 00:03:54,889 are they Internet bound versus private traffic? 98 00:03:55,909 --> 00:03:57,509 Where does all that fall out? And then, 99 00:03:57,509 --> 00:04:00,425 ultimately, like, once you make these decisions about 100 00:04:00,425 --> 00:04:02,104 how your environment's gonna look and and how 101 00:04:02,104 --> 00:04:03,865 it's gonna be structured, well, then you gotta 102 00:04:03,865 --> 00:04:05,564 go put it all together. 103 00:04:06,104 --> 00:04:08,264 So how do you automate that? How do 104 00:04:08,264 --> 00:04:10,185 you script things out? What are the API 105 00:04:10,185 --> 00:04:12,665 surfaces available to you? How do you ensure 106 00:04:12,665 --> 00:04:13,885 compliance within 107 00:04:14,479 --> 00:04:16,899 with within a given part of the substrate, 108 00:04:17,040 --> 00:04:18,879 like, be it, like, m three sixty five 109 00:04:18,879 --> 00:04:19,379 holistically? 110 00:04:19,839 --> 00:04:22,000 Maybe it's Exchange. Maybe you'd like you said, 111 00:04:22,000 --> 00:04:23,680 maybe you do some stuff over in Azure, 112 00:04:23,680 --> 00:04:25,120 and you're trying to figure out, like, the 113 00:04:25,120 --> 00:04:26,339 application of policy 114 00:04:26,985 --> 00:04:29,064 and and how all that meets up with 115 00:04:29,064 --> 00:04:32,444 those same identities, same endpoints, and and everything 116 00:04:32,504 --> 00:04:33,485 along the way. 117 00:04:33,785 --> 00:04:35,544 It's kinda funny how much of it, if 118 00:04:35,544 --> 00:04:37,544 if you look across the stack, like, even 119 00:04:37,544 --> 00:04:39,944 though it's very technology focused on m three 120 00:04:39,944 --> 00:04:42,520 sixty five, like, a lot of stuff decomposes 121 00:04:42,740 --> 00:04:43,639 back to 122 00:04:44,259 --> 00:04:46,500 the artist form formerly known as Azure Active 123 00:04:46,500 --> 00:04:47,800 Directory, Enter ID. 124 00:04:48,180 --> 00:04:49,560 We with the 125 00:04:50,259 --> 00:04:52,740 common constructs that are in there for auth 126 00:04:52,740 --> 00:04:54,819 n and and auth z, particularly around, like, 127 00:04:54,819 --> 00:04:55,720 conditional access. 128 00:04:56,314 --> 00:04:58,654 Some of the endpoint control with, like, EnterID 129 00:04:58,954 --> 00:05:00,954 plus Intune. Like, we start to get back 130 00:05:00,954 --> 00:05:04,314 into that whole suite of services things and 131 00:05:04,314 --> 00:05:05,854 everything that's there. So 132 00:05:06,154 --> 00:05:08,794 I I'm curious where you start the zero 133 00:05:08,794 --> 00:05:09,209 trust 134 00:05:09,610 --> 00:05:10,110 conversation 135 00:05:10,569 --> 00:05:11,069 with 136 00:05:11,529 --> 00:05:13,050 your customers. Like, I know you did this 137 00:05:13,050 --> 00:05:15,610 conference talk, but it's all based on your 138 00:05:15,610 --> 00:05:18,009 lived reality, right, as as a consultant and 139 00:05:18,009 --> 00:05:19,930 somebody who's out there kinda doing this day 140 00:05:19,930 --> 00:05:21,225 to day with customers. So 141 00:05:21,705 --> 00:05:23,485 where do you start that conversation 142 00:05:23,865 --> 00:05:24,365 given 143 00:05:24,824 --> 00:05:27,944 the broad swath and and just kinda the 144 00:05:27,944 --> 00:05:28,925 surface area 145 00:05:29,384 --> 00:05:30,045 of a 146 00:05:30,425 --> 00:05:32,345 of of a SaaS suite like m three 147 00:05:32,345 --> 00:05:35,209 sixty five plus the components of Azure and 148 00:05:35,209 --> 00:05:37,209 things that come into it. Plus. Yeah. And 149 00:05:37,209 --> 00:05:39,370 I think where I tend to start is 150 00:05:39,370 --> 00:05:41,529 actually where we do start when we do 151 00:05:41,529 --> 00:05:44,089 this presentation as well is more with the 152 00:05:44,089 --> 00:05:46,089 Entra, and you mentioned it, like the Entra 153 00:05:46,089 --> 00:05:47,789 ID, Azure AD, 154 00:05:48,169 --> 00:05:50,725 really the identity side of it because 155 00:05:51,504 --> 00:05:53,904 as you mentioned, like, when you think about 156 00:05:53,904 --> 00:05:56,785 zero trust and we even we even think 157 00:05:56,785 --> 00:05:58,865 about this when I talk to clients. When 158 00:05:58,865 --> 00:06:01,264 clients used to do zero trust and I'm 159 00:06:01,264 --> 00:06:03,779 gonna define, I should define zero trust. So 160 00:06:03,779 --> 00:06:05,699 when we talk about this too We should. 161 00:06:05,699 --> 00:06:07,459 We should take a step back. Is defining 162 00:06:07,459 --> 00:06:09,459 zero trust. Right? Zero trust a lot of 163 00:06:09,459 --> 00:06:11,879 times is assuming a breach. Right? Like assuming 164 00:06:12,180 --> 00:06:14,580 somebody is gonna get in. Not if somebody 165 00:06:14,580 --> 00:06:17,064 gets in, but when somebody is in or 166 00:06:17,064 --> 00:06:18,985 assuming that somebody is gonna get into your 167 00:06:18,985 --> 00:06:21,225 environment and making sure that when they do 168 00:06:21,225 --> 00:06:23,865 get in, there's least privilege. Like, there's barriers 169 00:06:23,865 --> 00:06:25,464 between things. I was even talking to my 170 00:06:25,464 --> 00:06:26,745 kids about it the other day, and I'm 171 00:06:26,745 --> 00:06:29,544 like, zero trust is like not if someone 172 00:06:29,544 --> 00:06:31,324 got into your house, they could go everywhere. 173 00:06:31,519 --> 00:06:33,600 Zero trust is almost like you lock every 174 00:06:33,600 --> 00:06:35,279 door in your house so that when somebody 175 00:06:35,279 --> 00:06:36,959 gets in one door, there's a whole bunch 176 00:06:36,959 --> 00:06:39,279 of other doors to get through. Assume that 177 00:06:39,279 --> 00:06:41,040 somebody is gonna get in. Don't give them 178 00:06:41,040 --> 00:06:43,120 free reign of everything, but then give them 179 00:06:43,120 --> 00:06:43,939 least privilege, 180 00:06:44,535 --> 00:06:47,014 once they do get in. So make sure 181 00:06:47,014 --> 00:06:48,454 that once you get through one door, there's 182 00:06:48,454 --> 00:06:49,894 another door to get through and another door 183 00:06:49,894 --> 00:06:51,095 to get through and another door to get 184 00:06:51,095 --> 00:06:53,894 to, and it's just not a trust that's 185 00:06:53,894 --> 00:06:55,814 there because you got in the door. And 186 00:06:55,814 --> 00:06:58,600 then actually verifying, like, every step of the 187 00:06:58,600 --> 00:07:01,000 process, verifying that someone is who they said 188 00:07:01,000 --> 00:07:02,220 they are, verifying 189 00:07:03,000 --> 00:07:05,319 that they should have access, verifying that they're 190 00:07:05,319 --> 00:07:08,139 coming from the proper device. So 191 00:07:08,519 --> 00:07:10,600 that's how I kind of frame up that 192 00:07:10,600 --> 00:07:13,645 would be my my rough definition of zero 193 00:07:13,645 --> 00:07:15,884 trust is assume that there's a breach, assume 194 00:07:15,884 --> 00:07:18,845 somebody's in, least privilege, don't just give everybody 195 00:07:18,845 --> 00:07:20,705 access to everything, and then verify 196 00:07:21,485 --> 00:07:23,725 everything that they're doing what they should, they 197 00:07:23,725 --> 00:07:25,404 are who they said, they're coming from where 198 00:07:25,404 --> 00:07:27,689 they're supposed to be, all those things. Anything 199 00:07:27,689 --> 00:07:29,129 you'd wanna add to that? No. No. I 200 00:07:29,129 --> 00:07:30,649 think that sums it up. The the the 201 00:07:30,649 --> 00:07:33,310 verify component's always a fun one. Right? Like, 202 00:07:33,529 --> 00:07:35,229 customers often, like, say they 203 00:07:35,689 --> 00:07:37,229 want this level of observability, 204 00:07:37,689 --> 00:07:39,375 but then they find out that it costs 205 00:07:39,375 --> 00:07:41,775 money to enable logs or to store logs 206 00:07:41,775 --> 00:07:44,574 or to query logs and and and where 207 00:07:44,574 --> 00:07:46,275 all that manifests. So I think as you're 208 00:07:46,495 --> 00:07:48,495 thinking about it as a customer, like, part 209 00:07:48,495 --> 00:07:49,314 of it is, 210 00:07:49,615 --> 00:07:51,694 what are the general principles that you wanna 211 00:07:51,694 --> 00:07:53,729 adopt? What does that look like within your 212 00:07:53,729 --> 00:07:54,229 organization, 213 00:07:54,529 --> 00:07:56,069 your users, your applications, 214 00:07:56,930 --> 00:07:59,029 all all those kinds of things? But then, 215 00:07:59,490 --> 00:08:02,209 yeah, like, also, what's reality for you? Like, 216 00:08:02,209 --> 00:08:02,709 what 217 00:08:03,329 --> 00:08:05,250 it's super easy with this stuff to talk 218 00:08:05,250 --> 00:08:07,615 art of the possible because, like, really a 219 00:08:07,615 --> 00:08:10,175 ton's possible, and it's been enabled within these 220 00:08:10,175 --> 00:08:11,154 suites of tooling. 221 00:08:11,615 --> 00:08:13,694 That said, they are tools that you have 222 00:08:13,694 --> 00:08:15,615 to adopt. So there's art of the possible, 223 00:08:15,615 --> 00:08:17,154 and then there's art of the real. 224 00:08:17,615 --> 00:08:19,955 What is real for you both in context 225 00:08:20,175 --> 00:08:22,595 of technologies you're comfortable managing 226 00:08:23,110 --> 00:08:25,029 to the degree you're going to automate this 227 00:08:25,029 --> 00:08:26,710 stuff, spin it up, make sure that you're 228 00:08:26,710 --> 00:08:29,350 adhering to your own compliance principles, all that. 229 00:08:29,350 --> 00:08:31,830 Like, yeah, that's great. But then also, like, 230 00:08:31,830 --> 00:08:33,750 just what what can you stomach to turn 231 00:08:33,750 --> 00:08:35,509 on? Because if you're an m three sixty 232 00:08:35,509 --> 00:08:38,024 five customer today at some kind of base 233 00:08:38,264 --> 00:08:38,764 licensing 234 00:08:39,384 --> 00:08:40,585 construct, then all of a sudden you go 235 00:08:40,585 --> 00:08:41,085 from 236 00:08:41,465 --> 00:08:43,785 zero to a hundred miles per hour, kilometers 237 00:08:43,785 --> 00:08:45,465 per hour, whatever you wanna do, like you're 238 00:08:45,465 --> 00:08:47,705 ramping really fast, and you're gonna find that 239 00:08:47,705 --> 00:08:49,305 some of those things kind of run away 240 00:08:49,305 --> 00:08:51,305 from you and potentially sour your taste on 241 00:08:51,305 --> 00:08:51,805 it 242 00:08:52,190 --> 00:08:54,350 versus coming back and focusing on, like, your 243 00:08:54,350 --> 00:08:56,589 core principles, what's what's the business need, and 244 00:08:56,589 --> 00:08:58,350 and how does all that manifest for you? 245 00:08:58,350 --> 00:08:59,870 Yeah. And I think going back to why 246 00:08:59,870 --> 00:09:02,049 I started with identity, Zero Trust, 247 00:09:02,750 --> 00:09:03,730 in some respects, 248 00:09:04,419 --> 00:09:06,284 it I would say customers didn't always do 249 00:09:06,284 --> 00:09:08,605 it well even internally. You would have, like, 250 00:09:08,605 --> 00:09:12,365 your DMZs and your your internal networks. Maybe 251 00:09:12,365 --> 00:09:14,764 you'd have, like, your barrier. You'd have your 252 00:09:14,764 --> 00:09:16,365 firewalls in and you'd poke a hole in 253 00:09:16,365 --> 00:09:18,524 to let VPN in, all those types of 254 00:09:18,524 --> 00:09:20,784 things. But when it was on prem days, 255 00:09:20,899 --> 00:09:23,779 I felt like network got treated a lot 256 00:09:23,779 --> 00:09:26,259 as the zero trust boundary, whether it was 257 00:09:26,259 --> 00:09:29,779 firewalls between subnets or different vnets and opening 258 00:09:29,779 --> 00:09:30,600 ports here, 259 00:09:31,059 --> 00:09:33,139 setting up air gaps here and there. The 260 00:09:33,139 --> 00:09:35,195 cloud changes all of that in that now 261 00:09:35,195 --> 00:09:36,795 I can really get to Microsoft three sixty 262 00:09:36,795 --> 00:09:38,554 five from anywhere. I don't have a network 263 00:09:38,554 --> 00:09:40,735 boundary I can set up because Microsoft 264 00:09:41,195 --> 00:09:42,575 owns a lot of that infrastructure. 265 00:09:42,955 --> 00:09:45,754 And, really, the way into Microsoft three sixty 266 00:09:45,754 --> 00:09:47,134 five now and into an environment 267 00:09:47,600 --> 00:09:48,820 is going through 268 00:09:49,200 --> 00:09:51,440 a user sign in, whether it's a service 269 00:09:51,440 --> 00:09:54,000 principal, whether it's a user. So that's why 270 00:09:54,000 --> 00:09:55,779 a lot of times it starts with 271 00:09:56,160 --> 00:09:59,040 identity. Like, who are you? Should you be 272 00:09:59,040 --> 00:10:01,125 allowed in? And what are you doing at 273 00:10:01,365 --> 00:10:02,024 that gateway of 274 00:10:02,804 --> 00:10:05,705 the user's login? Setting up MFA 275 00:10:06,085 --> 00:10:08,485 for all of your users. What are you 276 00:10:08,485 --> 00:10:09,384 doing around 277 00:10:10,085 --> 00:10:10,585 passwords 278 00:10:11,044 --> 00:10:13,225 for your users? What are you doing around, 279 00:10:13,524 --> 00:10:16,085 like, the legacy authentication? Some of those things 280 00:10:16,085 --> 00:10:16,585 that 281 00:10:16,959 --> 00:10:18,339 going back to the cost 282 00:10:18,720 --> 00:10:19,779 at a 283 00:10:20,080 --> 00:10:20,980 entry level 284 00:10:21,360 --> 00:10:24,000 is setting up those security defaults that I 285 00:10:24,000 --> 00:10:26,019 think are now enabled by every new tenant. 286 00:10:26,240 --> 00:10:28,000 A lot of tenants that didn't have them 287 00:10:28,000 --> 00:10:29,985 on, they're getting turned on for them. But 288 00:10:29,985 --> 00:10:31,345 at a base level, if you're not gonna 289 00:10:31,345 --> 00:10:33,445 go out and pay for extra entry licenses, 290 00:10:33,504 --> 00:10:36,144 you're just doing Microsoft three sixty five business 291 00:10:36,144 --> 00:10:37,524 basic or business standard 292 00:10:37,904 --> 00:10:40,725 or any one plan, having those security defaults 293 00:10:40,865 --> 00:10:43,184 on that set up some of those initial 294 00:10:43,184 --> 00:10:43,684 barriers 295 00:10:44,159 --> 00:10:46,879 just on identity. And then from there, you 296 00:10:46,879 --> 00:10:49,039 can continue to build out around if you 297 00:10:49,039 --> 00:10:50,959 wanna do MFA and if you wanna do 298 00:10:50,959 --> 00:10:52,419 phishing resistant MFA 299 00:10:53,120 --> 00:10:55,519 based on that feature level. And that's also 300 00:10:55,519 --> 00:10:57,279 where you go start thinking through the least 301 00:10:57,279 --> 00:10:59,924 privilege. I'm not gonna give everybody global admin 302 00:10:59,924 --> 00:11:02,804 rights. As much as the CEO wants to 303 00:11:02,804 --> 00:11:04,245 be able to get into everything and see 304 00:11:04,245 --> 00:11:06,565 everything, the CEO does not need to be 305 00:11:06,565 --> 00:11:09,045 a global admin in my tenant. What do 306 00:11:09,045 --> 00:11:09,625 you mean? 307 00:11:10,179 --> 00:11:13,059 Your exchange admin. Yeah. Your exchange admin does 308 00:11:13,059 --> 00:11:15,059 not necessarily have to be a global admin. 309 00:11:15,059 --> 00:11:18,019 And to give companies credit, I'm seeing companies 310 00:11:18,019 --> 00:11:19,779 do a lot better job at this. I'm 311 00:11:19,779 --> 00:11:21,220 also trying to do a better job at 312 00:11:21,220 --> 00:11:22,980 it even as a consultant. It's easy for 313 00:11:22,980 --> 00:11:24,725 me. Someone says, hey, Ben. We need you 314 00:11:24,725 --> 00:11:26,485 to help me with Microsoft three sixty five. 315 00:11:26,485 --> 00:11:27,845 Well, just give me a global admin. That's 316 00:11:27,845 --> 00:11:30,245 easiest. No. That should not be my approach. 317 00:11:30,245 --> 00:11:32,245 My approach should be, well, I'm helping you 318 00:11:32,245 --> 00:11:34,365 with SharePoint and Exchange and Intune. Give me 319 00:11:34,365 --> 00:11:36,899 a SharePoint exchange Intune admin rights. Don't give 320 00:11:36,899 --> 00:11:39,299 me global admin. Even though it's a little 321 00:11:39,299 --> 00:11:41,379 bit more work, maybe I have to go 322 00:11:41,379 --> 00:11:44,500 back and ask for extra credentials later. But 323 00:11:44,500 --> 00:11:46,200 really from that perspective, 324 00:11:46,659 --> 00:11:48,434 starting off with that least 325 00:11:48,914 --> 00:11:49,414 permissive 326 00:11:49,955 --> 00:11:53,075 for those different roles. And some of them, 327 00:11:53,075 --> 00:11:55,315 like even Teams, has like four or five 328 00:11:55,315 --> 00:11:57,394 different admin roles within Teams that you can 329 00:11:57,394 --> 00:12:00,054 be assigned. That goes back to how customers 330 00:12:00,115 --> 00:12:02,669 rationalize these things, right, and like how they 331 00:12:02,669 --> 00:12:05,470 grok the knobs and levers themselves. I I 332 00:12:05,470 --> 00:12:08,269 will say, like, I it's a complex stack 333 00:12:08,269 --> 00:12:10,029 that said I think Microsoft has done a 334 00:12:10,029 --> 00:12:12,669 better job at publishing guidance and being potentially 335 00:12:12,669 --> 00:12:13,889 a little bit more prescriptive. 336 00:12:14,585 --> 00:12:16,345 Like, today, like, if you went out in 337 00:12:16,345 --> 00:12:18,105 a zero trust environment, we talk about, like, 338 00:12:18,105 --> 00:12:20,424 global admins and, like, break glass accounts, things 339 00:12:20,424 --> 00:12:21,165 like that. 340 00:12:21,625 --> 00:12:24,105 That used to be, like, super fuzzy. Like, 341 00:12:24,105 --> 00:12:25,785 sure, you should have a break glass account, 342 00:12:25,785 --> 00:12:27,144 but what does that mean? How do you 343 00:12:27,144 --> 00:12:29,570 secure it? Like, what does MFA look like 344 00:12:29,570 --> 00:12:32,449 in context of a world like that? Like, 345 00:12:32,449 --> 00:12:34,449 how do you store that YubiKey for what's 346 00:12:34,449 --> 00:12:36,529 effectively not a person? Like, you and I 347 00:12:36,529 --> 00:12:38,449 are working together. Does YubiKey go to your 348 00:12:38,449 --> 00:12:39,730 house? Where do you store it at your 349 00:12:39,730 --> 00:12:41,169 house? But then what happens if I know 350 00:12:41,169 --> 00:12:42,769 the username and password? Like, how do we 351 00:12:42,769 --> 00:12:44,264 coordinate that and get it back together? So 352 00:12:44,424 --> 00:12:46,345 Microsoft's done a much better job, I think, 353 00:12:46,345 --> 00:12:49,865 about kind of publishing prescriptive guidance there at, 354 00:12:49,865 --> 00:12:51,884 like, the click stops as they exist 355 00:12:52,264 --> 00:12:54,825 within the licensing suites. It still gets a 356 00:12:54,825 --> 00:12:56,665 little bit confusing, especially when you start to, 357 00:12:56,665 --> 00:12:58,980 like, cross the streams between these things. I 358 00:12:58,980 --> 00:13:00,899 I I do think it's a little bit 359 00:13:00,899 --> 00:13:02,360 easier to live in the world of, say, 360 00:13:02,419 --> 00:13:03,480 like, just EntraID, 361 00:13:03,940 --> 00:13:05,639 and what comes to you with your EntraID 362 00:13:06,179 --> 00:13:08,419 premium licensing, maybe like a p one versus 363 00:13:08,419 --> 00:13:11,454 a p two kinda thing, versus what happens 364 00:13:11,454 --> 00:13:14,894 with m three sixty five plus Entra plus 365 00:13:14,894 --> 00:13:15,394 Intune 366 00:13:15,934 --> 00:13:18,495 plus I I don't know. Maybe you're doing, 367 00:13:18,495 --> 00:13:20,894 like, global secure access for your applications, and 368 00:13:20,894 --> 00:13:23,214 you're combining the endpoints and more client flows 369 00:13:23,214 --> 00:13:25,220 in there and things like that. Like, you 370 00:13:25,220 --> 00:13:27,720 as a customer can kinda ramp the complexity 371 00:13:28,019 --> 00:13:28,519 infinitely. 372 00:13:28,980 --> 00:13:29,480 And 373 00:13:29,860 --> 00:13:31,620 I do see at some point, like, customers 374 00:13:31,620 --> 00:13:33,300 kinda bottom out on they just can't figure 375 00:13:33,300 --> 00:13:34,040 it out anymore 376 00:13:34,580 --> 00:13:36,500 because they finally hit, like, the sweet spot 377 00:13:36,500 --> 00:13:37,559 for, like, that permutation 378 00:13:38,180 --> 00:13:39,784 or that set set of decisions in their 379 00:13:39,784 --> 00:13:40,585 environment where they're like, 380 00:13:41,144 --> 00:13:42,585 I'm off the beaten path. And then you 381 00:13:42,585 --> 00:13:44,585 gotta know kinda holistically how it all works 382 00:13:44,585 --> 00:13:47,065 together, and and that's still very hard to 383 00:13:47,065 --> 00:13:48,985 do. Yes. That's why I'm here, Scott. If 384 00:13:48,985 --> 00:13:50,745 you have trouble putting it all together, call 385 00:13:50,745 --> 00:13:53,799 me. Dreamless self plug, self promotion in the 386 00:13:53,799 --> 00:13:55,639 middle of the podcast. Yeah. So I think 387 00:13:55,639 --> 00:13:57,559 that's where I always start with identity. From 388 00:13:57,559 --> 00:13:59,240 there, we're gonna run out of time, Scott. 389 00:13:59,240 --> 00:14:01,080 I gotta talk fast. Did I mention this 390 00:14:01,080 --> 00:14:02,379 was an hour long presentation? 391 00:14:04,120 --> 00:14:06,164 No. I think from identity, the next one 392 00:14:06,164 --> 00:14:07,845 I tend to move to when I'm working 393 00:14:07,845 --> 00:14:09,784 with customers as well is 394 00:14:10,164 --> 00:14:12,404 and these two are, like I would say 395 00:14:12,404 --> 00:14:14,245 these two are step one and step two. 396 00:14:14,245 --> 00:14:15,464 After these two, 397 00:14:15,764 --> 00:14:17,865 you can kinda move a few different directions, 398 00:14:18,084 --> 00:14:20,024 but my next one is always endpoints, 399 00:14:20,840 --> 00:14:22,779 Primarily because when I'm logging 400 00:14:23,160 --> 00:14:25,560 in as somebody, I have to be logging 401 00:14:25,560 --> 00:14:28,060 in as somebody from some device. 402 00:14:28,519 --> 00:14:29,019 So 403 00:14:29,480 --> 00:14:31,580 how do I know that 404 00:14:31,960 --> 00:14:35,625 this identity, this person logging in, going back 405 00:14:35,625 --> 00:14:38,045 to even the least permissive here isn't necessarily 406 00:14:38,185 --> 00:14:40,504 just about roles, but it could be least 407 00:14:40,504 --> 00:14:43,004 permissive in terms of devices that I'm allowed 408 00:14:43,305 --> 00:14:45,565 to log in to my tenant from. Or 409 00:14:45,625 --> 00:14:48,185 going back to the assume breach, assume that 410 00:14:48,185 --> 00:14:50,740 every device that tries to log in to 411 00:14:50,740 --> 00:14:53,720 my tenant is not a safe device. 412 00:14:54,179 --> 00:14:57,320 So thinking through how am I verifying that 413 00:14:57,700 --> 00:15:00,500 the phone that somebody logs into my tenant 414 00:15:00,500 --> 00:15:03,000 from, the laptop, the desktop, 415 00:15:03,460 --> 00:15:04,279 the tablets, 416 00:15:04,934 --> 00:15:07,914 whatever that may be, how do I verify 417 00:15:07,975 --> 00:15:10,615 that device? How do I make sure that 418 00:15:10,615 --> 00:15:11,754 device is safe? 419 00:15:12,215 --> 00:15:14,875 How am I thinking about those endpoints that 420 00:15:14,934 --> 00:15:17,830 users are logging in from when they come 421 00:15:17,830 --> 00:15:19,589 to my tenant. Because again, now I don't 422 00:15:19,589 --> 00:15:20,089 necessarily 423 00:15:20,389 --> 00:15:21,850 have the network. 424 00:15:22,230 --> 00:15:24,149 A lot of people used to take the 425 00:15:24,149 --> 00:15:26,789 approach of this device is plugged into my 426 00:15:26,789 --> 00:15:29,269 local network. They're inside my firewall. I'm gonna 427 00:15:29,269 --> 00:15:31,264 trust it. I don't have a firewall anymore. 428 00:15:31,404 --> 00:15:33,184 There's some ways we can kinda 429 00:15:33,644 --> 00:15:35,585 you can look at that. You can kinda 430 00:15:35,725 --> 00:15:38,044 pseudo make a firewall, but I think it 431 00:15:38,044 --> 00:15:39,644 comes into a lot more now. What are 432 00:15:39,644 --> 00:15:42,705 you doing for corporate devices versus BYOD devices? 433 00:15:43,004 --> 00:15:44,865 One thing I think about is 434 00:15:45,330 --> 00:15:48,610 it's this is a newer approach I've started 435 00:15:48,610 --> 00:15:50,690 taking, and people can yell at me for 436 00:15:50,690 --> 00:15:52,370 saying, you should have thought of this sooner, 437 00:15:52,370 --> 00:15:54,529 you should have done this sooner, is a 438 00:15:54,529 --> 00:15:56,850 lot of clients are still focused on kind 439 00:15:56,850 --> 00:15:59,090 of that inside my network, and they're looking 440 00:15:59,090 --> 00:16:00,230 at device 441 00:16:00,914 --> 00:16:03,174 trust. It's the trust type in 442 00:16:03,554 --> 00:16:06,514 conditional access, but it's is this device joined 443 00:16:06,514 --> 00:16:08,995 to my intra ID, or is it hybrid 444 00:16:08,995 --> 00:16:10,754 joined? Is it joined to AD? Should I 445 00:16:10,754 --> 00:16:13,075 really be looking at, was this device able 446 00:16:13,075 --> 00:16:14,940 to be joined to my active directory, or 447 00:16:14,940 --> 00:16:16,860 should I be doing things like compliance? Is 448 00:16:16,860 --> 00:16:19,580 this device compliance? Has the drive been encrypted? 449 00:16:19,580 --> 00:16:21,419 Is the antivirus up to date? Is the 450 00:16:21,419 --> 00:16:23,500 patching up to date? Are they running a 451 00:16:23,500 --> 00:16:26,720 certain version of the OS? And not necessarily 452 00:16:26,940 --> 00:16:28,700 thinking through, oh, they were able to join 453 00:16:28,700 --> 00:16:30,634 this device to my domain so it's trusted 454 00:16:30,634 --> 00:16:32,095 and it's safe, but 455 00:16:32,475 --> 00:16:33,855 more, does this device 456 00:16:34,875 --> 00:16:36,575 meet the level of compliance, 457 00:16:37,355 --> 00:16:40,394 which could be that security construct that I'm 458 00:16:40,394 --> 00:16:42,715 going to allow it in? And maybe that 459 00:16:42,715 --> 00:16:44,850 trust type is a part of that, but 460 00:16:44,929 --> 00:16:46,370 I don't think that should be the whole 461 00:16:46,370 --> 00:16:48,449 picture when you're starting to talk zero trust. 462 00:16:48,449 --> 00:16:49,970 No. The other thing you have to think 463 00:16:49,970 --> 00:16:51,110 about is 464 00:16:52,370 --> 00:16:52,870 the 465 00:16:53,250 --> 00:16:54,949 the the experience of those devices. 466 00:16:55,490 --> 00:16:57,169 So how do you make it, like, friction 467 00:16:57,169 --> 00:16:57,669 free? 468 00:16:58,129 --> 00:16:59,809 You don't want potentially your 469 00:17:00,534 --> 00:17:01,735 I don't know. Maybe you do, maybe you 470 00:17:01,735 --> 00:17:03,014 don't. But you may maybe you don't want 471 00:17:03,014 --> 00:17:05,015 your user, like, pinning in on every boot 472 00:17:05,015 --> 00:17:07,494 of a device given the class of the 473 00:17:07,494 --> 00:17:09,654 device. Right? Like, is this my Yep. Everyday 474 00:17:09,654 --> 00:17:12,454 laptop versus maybe, like, my admin workstation or 475 00:17:12,454 --> 00:17:14,474 things like that? So what are those profiles? 476 00:17:14,694 --> 00:17:15,994 How do those come together? 477 00:17:16,480 --> 00:17:16,980 And 478 00:17:17,440 --> 00:17:20,419 then the other thing that happens here is 479 00:17:21,039 --> 00:17:21,539 the 480 00:17:22,159 --> 00:17:22,659 intersection 481 00:17:23,119 --> 00:17:24,899 of your environment, your policies, 482 00:17:25,599 --> 00:17:26,099 and 483 00:17:26,480 --> 00:17:29,380 application of those policies across managed and unmanaged 484 00:17:29,519 --> 00:17:30,019 devices. 485 00:17:30,634 --> 00:17:32,394 Shout out to Pirate in the chat. Like, 486 00:17:32,394 --> 00:17:34,494 he's going just where like, I was thinking 487 00:17:35,115 --> 00:17:36,975 so you have this world now of potentially 488 00:17:37,035 --> 00:17:38,894 thinking about, like, do you do 489 00:17:39,434 --> 00:17:40,654 full device management? 490 00:17:41,515 --> 00:17:43,914 Is MAM a possibility in your environment? Like, 491 00:17:43,914 --> 00:17:46,740 like, doing some kind of, like, application management 492 00:17:46,740 --> 00:17:48,580 level kinda thing. Like, what does that look 493 00:17:48,580 --> 00:17:50,180 like for you, and and how do you 494 00:17:50,180 --> 00:17:50,680 compose? 495 00:17:51,220 --> 00:17:53,940 Which ultimately bleeds back again to, like, your 496 00:17:53,940 --> 00:17:55,640 corporate construct plus 497 00:17:56,100 --> 00:17:59,619 user experience. Right? Like, like, practically, example, like, 498 00:17:59,619 --> 00:18:01,240 I live in a world where I can't 499 00:18:01,515 --> 00:18:02,015 access 500 00:18:02,555 --> 00:18:04,494 my work stuff through an unmanaged device. 501 00:18:04,795 --> 00:18:06,474 At the same time, my employer does my 502 00:18:06,474 --> 00:18:08,714 employer doesn't buy me, like, a phone. So 503 00:18:08,714 --> 00:18:10,955 I have a very, like, conscious decision to 504 00:18:10,955 --> 00:18:12,159 make of, do I join my personal phone 505 00:18:12,159 --> 00:18:12,272 and and let my employer manage a personal 506 00:18:12,272 --> 00:18:13,289 device where it's still a 507 00:18:17,289 --> 00:18:20,410 managed? Like, so you have to navigate a 508 00:18:20,410 --> 00:18:21,930 bunch of that stuff as well just in 509 00:18:21,930 --> 00:18:24,090 your policy and and thinking about how it 510 00:18:24,090 --> 00:18:26,115 comes together for your users. Yeah. 511 00:18:29,934 --> 00:18:32,095 Do you feel overwhelmed by trying to manage 512 00:18:32,095 --> 00:18:34,335 your Office three sixty five environment? Are you 513 00:18:34,335 --> 00:18:37,634 facing unexpected issues that disrupt your company's productivity? 514 00:18:37,934 --> 00:18:39,880 Intelligink is here to help. Much like you 515 00:18:39,880 --> 00:18:41,799 take your car to the mechanic that has 516 00:18:41,799 --> 00:18:43,880 specialized knowledge on how to best keep your 517 00:18:43,880 --> 00:18:46,920 car running, Intelligink helps you with your Microsoft 518 00:18:46,920 --> 00:18:49,179 cloud environment because that's their expertise. 519 00:18:49,559 --> 00:18:51,880 Intelligink keeps up with the latest updates in 520 00:18:51,880 --> 00:18:54,105 the Microsoft cloud to help keep your business 521 00:18:54,105 --> 00:18:56,345 running smoothly and ahead of the curve. Whether 522 00:18:56,345 --> 00:18:58,345 you are a small organization with just a 523 00:18:58,345 --> 00:19:00,825 few users up to an organization of several 524 00:19:00,825 --> 00:19:01,805 thousand employees, 525 00:19:02,184 --> 00:19:04,184 they want to partner with you to implement 526 00:19:04,184 --> 00:19:06,924 and administer your Microsoft cloud technology. 527 00:19:07,639 --> 00:19:11,179 Visit them at inteliginc.com/podcast. 528 00:19:11,319 --> 00:19:18,139 That's intelligink.com/podcast 529 00:19:18,599 --> 00:19:20,615 for more information or to schedule a thirty 530 00:19:20,615 --> 00:19:22,714 minute call to get started with them today. 531 00:19:23,015 --> 00:19:26,375 Remember, Intelligink focuses on the Microsoft cloud so 532 00:19:26,375 --> 00:19:28,075 you can focus on your business. 533 00:19:30,294 --> 00:19:32,214 Because this is audio, it's gonna be hard 534 00:19:32,214 --> 00:19:34,240 to visualize. But when we talk through this, 535 00:19:34,240 --> 00:19:36,319 sometimes too, we'll even draw a grid where 536 00:19:36,319 --> 00:19:39,519 you maybe have, like, upper left corner is 537 00:19:39,519 --> 00:19:41,220 a managed device 538 00:19:41,839 --> 00:19:43,700 that's on the corporate domain, 539 00:19:44,960 --> 00:19:46,419 that is going to be 540 00:19:46,720 --> 00:19:48,240 the level of hoops you have to jump 541 00:19:48,240 --> 00:19:50,585 through. It's going to be a much more 542 00:19:50,585 --> 00:19:52,825 trusted device than maybe, like, down in the 543 00:19:52,825 --> 00:19:56,265 bottom right is a BYOD device that isn't 544 00:19:56,265 --> 00:19:58,684 joined to your domain, that isn't managed, 545 00:19:59,065 --> 00:20:00,444 and thinking through 546 00:20:00,759 --> 00:20:02,519 what level of access to your point, what 547 00:20:02,519 --> 00:20:04,279 level of access are you gonna give these 548 00:20:04,279 --> 00:20:06,759 different types of devices in your domain or 549 00:20:06,759 --> 00:20:09,160 your user experience? What level of authentication do 550 00:20:09,160 --> 00:20:10,919 they have to go through? This is an 551 00:20:10,919 --> 00:20:14,140 unmanaged device. They're logging in from not a 552 00:20:14,200 --> 00:20:15,019 known location. 553 00:20:15,720 --> 00:20:16,299 I'm gonna 554 00:20:16,664 --> 00:20:20,105 force a phishing resistant MFA, and they're only 555 00:20:20,105 --> 00:20:23,085 gonna get browser based access. Whereas something that's 556 00:20:23,705 --> 00:20:26,285 joined to the domain, it's enrolled in Intune, 557 00:20:26,345 --> 00:20:27,644 it's a compliant device, 558 00:20:28,025 --> 00:20:30,690 maybe I relax my MFA requirements a little 559 00:20:30,690 --> 00:20:34,309 bit where it's not necessarily phishing resistant or 560 00:20:34,369 --> 00:20:36,710 maybe it's even corporate joined on the network 561 00:20:37,490 --> 00:20:40,529 compliant into managed. I'm gonna allow maybe you 562 00:20:40,529 --> 00:20:43,005 do allow those to bypass MFA if they 563 00:20:43,005 --> 00:20:45,884 reach a certain level there. So it's not 564 00:20:45,884 --> 00:20:47,644 even like that one size fits all, but 565 00:20:47,644 --> 00:20:50,625 it's here's this matricy of all these different 566 00:20:51,085 --> 00:20:53,345 scenarios that I can encounter with my devices. 567 00:20:53,884 --> 00:20:56,250 What level of trust and confidence do I 568 00:20:56,250 --> 00:20:58,089 have in the safety of that device, and 569 00:20:58,089 --> 00:20:59,849 what am I gonna allow based on that? 570 00:20:59,849 --> 00:21:02,089 So I think that's that's kind of that 571 00:21:02,089 --> 00:21:03,149 next step is devices. 572 00:21:03,609 --> 00:21:06,089 And thinking through all of that, I think 573 00:21:06,089 --> 00:21:07,434 some of it does, like you said, tie 574 00:21:07,434 --> 00:21:09,434 into your licensing. How much licensing do you 575 00:21:09,434 --> 00:21:11,535 have for things like auto autopilot, 576 00:21:11,914 --> 00:21:13,295 for Intune, for 577 00:21:13,595 --> 00:21:16,394 different levels because there is a cost to 578 00:21:16,394 --> 00:21:19,275 these different features in Microsoft three sixty five. 579 00:21:19,275 --> 00:21:20,740 There is a cost. There's there's 580 00:21:21,119 --> 00:21:24,180 a operational cost, like the human cost of 581 00:21:24,320 --> 00:21:26,000 just turn it on, your users have to 582 00:21:26,000 --> 00:21:28,340 interact with it, and then there's the dreaded 583 00:21:28,480 --> 00:21:29,539 licensing cost, 584 00:21:30,000 --> 00:21:32,160 which which also sits there as well. So 585 00:21:32,160 --> 00:21:33,840 where do you wanna go from there? Choose 586 00:21:33,840 --> 00:21:36,744 your own adventure, Scott. Identity and device are, 587 00:21:36,744 --> 00:21:38,345 I would say, a couple of my core 588 00:21:38,345 --> 00:21:40,585 ones. There's other things to think about. Why 589 00:21:40,585 --> 00:21:42,904 don't we talk about networking while we're here? 590 00:21:42,904 --> 00:21:45,945 So I I always find the networking aspects 591 00:21:45,945 --> 00:21:47,900 of, like, a SaaS surface, like, 592 00:21:48,359 --> 00:21:50,619 public endpoints connect to over the Internet, 593 00:21:50,920 --> 00:21:52,759 clients over the Internet, and then all the 594 00:21:52,759 --> 00:21:54,759 ways customers try and fight it. And they're 595 00:21:54,759 --> 00:21:57,340 like, how can I privatize my traffic to 596 00:21:57,880 --> 00:22:00,200 to SharePoint online? Like, well, a, do you 597 00:22:00,200 --> 00:22:02,575 wanna do that? B, no, you actually don't 598 00:22:02,575 --> 00:22:04,015 wanna do that. But, yeah, let's keep hearing 599 00:22:04,015 --> 00:22:05,714 you talk about how you wanna do it. 600 00:22:05,855 --> 00:22:07,615 So so so networking's a good one. Why 601 00:22:07,615 --> 00:22:09,875 don't we go there next? Alright. So networking 602 00:22:10,414 --> 00:22:13,054 is like you said, it's interesting because you're 603 00:22:13,054 --> 00:22:13,554 in 604 00:22:13,855 --> 00:22:15,934 the cloud. It's a SaaS space. There's a 605 00:22:15,934 --> 00:22:17,970 couple things I think about when I start 606 00:22:17,970 --> 00:22:20,369 going down the networking path. This one, very 607 00:22:20,369 --> 00:22:22,930 much licensing comes into play. One thing you 608 00:22:22,930 --> 00:22:24,710 can do is 609 00:22:25,089 --> 00:22:27,990 there are ways within conditional access to 610 00:22:28,369 --> 00:22:31,255 set up trusted networks. So you can either 611 00:22:31,255 --> 00:22:32,634 set it up based on 612 00:22:32,934 --> 00:22:33,674 IP address. 613 00:22:33,975 --> 00:22:35,575 So you can go in and define IP 614 00:22:35,575 --> 00:22:38,215 addresses. These are the public IP addresses that 615 00:22:38,215 --> 00:22:39,434 are for my office. 616 00:22:39,735 --> 00:22:42,295 I have my public IP addresses that are 617 00:22:42,295 --> 00:22:44,890 from my home network. You may have public 618 00:22:44,890 --> 00:22:47,130 IP addresses from different satellite locations that you 619 00:22:47,130 --> 00:22:49,289 can define. You can also go in and 620 00:22:49,289 --> 00:22:52,269 Microsoft gives you the ability to pick country 621 00:22:52,650 --> 00:22:56,190 based trust. So I'm gonna trust IP addresses 622 00:22:56,329 --> 00:22:59,325 that we're pretty sure, and this is not 623 00:22:59,325 --> 00:23:01,644 a you can be 100% sure all the 624 00:23:01,644 --> 00:23:04,605 time, IP addresses coming from The US, or 625 00:23:04,605 --> 00:23:07,585 here's IP addresses coming from Europe or Africa 626 00:23:08,845 --> 00:23:12,740 or South America, different regional locations. Microsoft does 627 00:23:12,740 --> 00:23:16,019 have predefined network locations there where you can 628 00:23:16,019 --> 00:23:17,000 go in and actually 629 00:23:17,380 --> 00:23:18,599 block or allow, 630 00:23:18,980 --> 00:23:21,460 maybe block everything and then set exclusions for 631 00:23:21,460 --> 00:23:23,640 allowing, however you wanna do it to 632 00:23:24,005 --> 00:23:24,985 set up different 633 00:23:25,765 --> 00:23:28,424 policies on logging into your environment 634 00:23:28,884 --> 00:23:31,365 based on which IP address you're coming from. 635 00:23:31,684 --> 00:23:33,465 So I think that's kind of the most 636 00:23:33,605 --> 00:23:36,244 basic one. That one is still its conditional 637 00:23:36,244 --> 00:23:38,105 access, so it's still gonna be your Entra 638 00:23:38,210 --> 00:23:40,930 plan one as minimum for that. The other 639 00:23:40,930 --> 00:23:43,809 interesting one that's coming into play more and 640 00:23:43,809 --> 00:23:45,750 more with networking in these conversations 641 00:23:46,289 --> 00:23:48,069 is the global secure access. 642 00:23:48,690 --> 00:23:51,190 This is an add on to even Entra 643 00:23:51,329 --> 00:23:53,625 p two, but there's a lot of stuff, 644 00:23:53,625 --> 00:23:54,984 and there's getting to be more and more 645 00:23:54,984 --> 00:23:56,765 stuff you can do with Global Secure Access. 646 00:23:56,984 --> 00:23:59,224 And there's different components to it. So there's 647 00:23:59,224 --> 00:24:01,865 the whole Microsoft three sixty five aspect, Global 648 00:24:01,865 --> 00:24:04,924 Secure Access to Microsoft three sixty five where 649 00:24:05,065 --> 00:24:06,825 it is I don't wanna say it's a 650 00:24:06,825 --> 00:24:09,579 VPN because it's it shows up as a 651 00:24:09,579 --> 00:24:11,579 VPN, though. I will say that. It kinda 652 00:24:11,579 --> 00:24:13,099 shows up as a VPN. You put a 653 00:24:13,099 --> 00:24:14,799 client on your desktop. 654 00:24:15,179 --> 00:24:15,679 You 655 00:24:15,980 --> 00:24:16,960 do it through 656 00:24:17,659 --> 00:24:20,000 Defender for Endpoint on your mobile devices, 657 00:24:20,460 --> 00:24:21,819 and then it does show up as a 658 00:24:21,819 --> 00:24:24,464 VPN connection on my phone. But it tunnels 659 00:24:24,464 --> 00:24:26,625 that traffic then, encrypts that traffic from your 660 00:24:26,625 --> 00:24:27,125 device 661 00:24:27,505 --> 00:24:29,444 straight to Microsoft three sixty five. 662 00:24:29,744 --> 00:24:31,744 Because of that, it also gives you some 663 00:24:31,744 --> 00:24:34,144 ability to do, like, some additional logging on 664 00:24:34,144 --> 00:24:37,285 that network traffic between your end user devices 665 00:24:37,519 --> 00:24:40,079 and Microsoft three sixty five. This is not 666 00:24:40,079 --> 00:24:42,799 out for everything yet. Like, ironically enough, I 667 00:24:42,799 --> 00:24:44,799 can't put it on my Surface device because 668 00:24:44,799 --> 00:24:46,919 there's not an ARM client available for it. 669 00:24:46,919 --> 00:24:48,879 It has to be x 64. You can 670 00:24:48,879 --> 00:24:50,159 do it in macOS. You can do it 671 00:24:50,159 --> 00:24:51,839 in mobile. I think iOS and Android are 672 00:24:51,839 --> 00:24:52,845 both out there now. 673 00:24:53,244 --> 00:24:54,845 But you can do that for Microsoft three 674 00:24:54,845 --> 00:24:56,684 sixty five traffic, but you can also do 675 00:24:56,684 --> 00:24:58,304 this. They also have an Internet, 676 00:24:59,644 --> 00:25:01,804 aspect of Global Secure Access and a private 677 00:25:01,804 --> 00:25:04,365 aspect of Global Secure Access where I can 678 00:25:04,365 --> 00:25:06,765 now send all my Internet traffic over Global 679 00:25:06,765 --> 00:25:08,304 Secure Access to do 680 00:25:08,769 --> 00:25:11,429 web protection, web filtering, web monitoring 681 00:25:12,049 --> 00:25:15,410 of Internet access. And it's interesting, like, I'll 682 00:25:15,410 --> 00:25:16,929 see it in mine where I get a 683 00:25:16,929 --> 00:25:18,529 lot of my web requests now routed through 684 00:25:18,529 --> 00:25:20,609 a proxy if I have Global Secure Access 685 00:25:20,609 --> 00:25:21,829 enabled on my desktop. 686 00:25:22,134 --> 00:25:24,954 The private one gives you the ability to 687 00:25:25,255 --> 00:25:27,595 use Microsoft three sixty five, the 688 00:25:27,894 --> 00:25:28,394 private 689 00:25:28,855 --> 00:25:30,875 connection in Global Secure Access, 690 00:25:31,255 --> 00:25:33,494 to create a tunnel from your endpoints back 691 00:25:33,494 --> 00:25:35,734 to your on premises network to access web 692 00:25:35,734 --> 00:25:36,234 applications 693 00:25:37,059 --> 00:25:39,700 on premises. So this is all built into 694 00:25:39,700 --> 00:25:41,720 Entra and add on to Entra for 695 00:25:42,099 --> 00:25:44,180 starting to do more of that managing of 696 00:25:44,180 --> 00:25:45,480 the network, creating 697 00:25:45,779 --> 00:25:48,920 secure tunnels to different locations, web filtering, 698 00:25:49,619 --> 00:25:50,119 and 699 00:25:50,420 --> 00:25:52,875 some of that additional monitoring of all that 700 00:25:52,954 --> 00:25:55,355 network traffic. Yeah. Quite a bit to think 701 00:25:55,355 --> 00:25:57,595 about on that one. It is. And we 702 00:25:57,595 --> 00:25:59,775 could spend the entire time on that, but 703 00:25:59,994 --> 00:26:01,994 It's a weird one. Like, I don't know. 704 00:26:01,994 --> 00:26:03,275 Even if when you go down, like, the 705 00:26:03,275 --> 00:26:05,515 filtering path, there's the things that you can 706 00:26:05,515 --> 00:26:06,575 do as part of 707 00:26:07,349 --> 00:26:10,390 Intune, Intra, and then, like, there's the whole, 708 00:26:10,390 --> 00:26:11,990 like, I actually deployed my app, and what 709 00:26:11,990 --> 00:26:13,509 does that look like? Like, does that app 710 00:26:13,509 --> 00:26:15,849 live in Azure? Does it have a firewall 711 00:26:15,910 --> 00:26:17,829 in front of it? Maybe it has, like, 712 00:26:17,829 --> 00:26:18,809 a front door 713 00:26:19,190 --> 00:26:19,690 or, 714 00:26:20,075 --> 00:26:22,315 like, an application gateway, like, all all that 715 00:26:22,315 --> 00:26:24,234 kind of stuff that just manifests as well. 716 00:26:24,234 --> 00:26:26,634 I think another one that this kinda ties 717 00:26:26,634 --> 00:26:27,454 into networking 718 00:26:27,755 --> 00:26:30,394 I'm gonna go into apps a little bit 719 00:26:30,394 --> 00:26:32,555 because there's a few different components to apps. 720 00:26:32,555 --> 00:26:33,454 There's the applications 721 00:26:33,835 --> 00:26:34,335 that 722 00:26:34,795 --> 00:26:37,009 you use for work, deploying apps to your 723 00:26:37,009 --> 00:26:39,349 endpoint, apps that are installed on your endpoints, 724 00:26:39,569 --> 00:26:41,809 all the app management in Intune. We talked 725 00:26:41,809 --> 00:26:43,169 about it in the chat a little bit. 726 00:26:43,169 --> 00:26:45,089 You mentioned it earlier, Scott, the MAM, the 727 00:26:45,089 --> 00:26:46,549 mobile application management, 728 00:26:47,089 --> 00:26:50,144 managing those apps. But there's also Defender for 729 00:26:50,144 --> 00:26:50,644 Cloud 730 00:26:51,025 --> 00:26:54,464 that isn't necessarily networking, but it does help 731 00:26:54,464 --> 00:26:57,984 watch for different shadow IT. People going out 732 00:26:57,984 --> 00:26:59,204 using ChatGPT, 733 00:26:59,664 --> 00:27:02,484 like, are people actually taking sensitive information 734 00:27:03,025 --> 00:27:03,924 from my environment, 735 00:27:04,330 --> 00:27:06,910 copying and pasting it, throwing it into ChatGPT. 736 00:27:08,170 --> 00:27:10,410 Oh, oh, this is networking. Can I go 737 00:27:10,410 --> 00:27:11,309 back to networking? 738 00:27:12,090 --> 00:27:14,009 This is networking and data. I'll save it 739 00:27:14,009 --> 00:27:15,609 for data. We'll save that when we talk 740 00:27:15,609 --> 00:27:17,049 about data. I thought you were gonna ask, 741 00:27:17,049 --> 00:27:18,805 and I was gonna say, like, yes. Your 742 00:27:18,805 --> 00:27:21,625 your users are taking private data to ChatGPT. 743 00:27:22,005 --> 00:27:22,805 100% 744 00:27:22,805 --> 00:27:25,445 there. Yes. And if not ChatGPT, they're taking 745 00:27:25,445 --> 00:27:28,485 it to Cloud or Copilot or Gemini or 746 00:27:28,485 --> 00:27:30,245 someplace where you don't think it should be. 747 00:27:30,245 --> 00:27:32,069 Where you don't think. Yeah. And that's something 748 00:27:32,069 --> 00:27:34,410 that Defender for Cloud can help for. Again, 749 00:27:34,470 --> 00:27:35,990 I'm gonna keep saying it just to remind 750 00:27:35,990 --> 00:27:37,509 people, although I think they already know it. 751 00:27:37,509 --> 00:27:39,509 There is cost for Defender for Cloud. This 752 00:27:39,509 --> 00:27:41,690 is another one that is like a security 753 00:27:41,750 --> 00:27:43,829 e five or Microsoft three sixty five e 754 00:27:43,829 --> 00:27:45,849 five. But I know that 755 00:27:46,755 --> 00:27:48,455 there's, like, 400 756 00:27:48,994 --> 00:27:51,474 some third party AI services that are all 757 00:27:51,474 --> 00:27:54,375 in Defender for Cloud already that if you 758 00:27:54,674 --> 00:27:57,255 go ramp this up, you have the ability 759 00:27:57,315 --> 00:27:59,494 to go in and block those to see 760 00:27:59,859 --> 00:28:01,779 what are all the AI services that my 761 00:28:01,779 --> 00:28:03,779 employees are using, where are they copying and 762 00:28:03,779 --> 00:28:07,220 pasting data, there's some DLP stuff, being able 763 00:28:07,220 --> 00:28:07,720 to 764 00:28:08,179 --> 00:28:08,679 monitor 765 00:28:09,460 --> 00:28:12,339 where people are putting files, which again, kinda 766 00:28:12,339 --> 00:28:14,359 apps, kinda data, kinda networking, 767 00:28:15,154 --> 00:28:18,454 but another part of that zero trust of 768 00:28:18,755 --> 00:28:21,474 making sure that your employees are keeping data 769 00:28:21,474 --> 00:28:24,194 where it's supposed to be kept, not putting 770 00:28:24,194 --> 00:28:26,674 data where it's supposed to not putting data 771 00:28:26,674 --> 00:28:28,700 where it's not supposed to be, that someone 772 00:28:28,700 --> 00:28:31,200 that got into your environment isn't exfiltrating 773 00:28:31,579 --> 00:28:32,079 data 774 00:28:32,380 --> 00:28:34,000 through some of those other services. 775 00:28:34,539 --> 00:28:36,720 And, again, a little bit of that verifying, 776 00:28:36,779 --> 00:28:38,700 a little bit of that monitoring when it 777 00:28:38,700 --> 00:28:40,640 comes to apps. And 778 00:28:41,255 --> 00:28:43,174 I get so much to talk about here 779 00:28:43,174 --> 00:28:44,694 because then you do get into all the 780 00:28:44,694 --> 00:28:46,774 installed apps, keeping data safe in the apps 781 00:28:46,774 --> 00:28:49,335 through, like, the mobile application management. So you 782 00:28:49,335 --> 00:28:51,095 want me to keep going, see how close 783 00:28:51,095 --> 00:28:53,095 we can keep this to a reasonable time 784 00:28:53,095 --> 00:28:54,855 episode? I mean, you're doing pretty good. Alright. 785 00:28:54,855 --> 00:28:56,554 All you got left in your talk is 786 00:28:57,119 --> 00:29:00,320 data. Well, then then logs, but, we we 787 00:29:00,320 --> 00:29:02,160 could always talk logs at a different time. 788 00:29:02,160 --> 00:29:04,019 And data's the other one, is 789 00:29:04,720 --> 00:29:05,220 looking 790 00:29:05,519 --> 00:29:06,019 at, 791 00:29:06,640 --> 00:29:08,960 like, how are you securing your data? This 792 00:29:08,960 --> 00:29:10,320 is one too that has come up a 793 00:29:10,320 --> 00:29:13,025 lot with Copilot, and we mentioned this in 794 00:29:13,025 --> 00:29:14,464 some of the times when we've talked about 795 00:29:14,464 --> 00:29:16,865 AI is some of that data security posture 796 00:29:16,865 --> 00:29:18,244 management, the DPSM. 797 00:29:18,545 --> 00:29:19,684 How are we protecting 798 00:29:20,384 --> 00:29:22,005 sensitive information within 799 00:29:22,384 --> 00:29:22,964 the company? 800 00:29:23,265 --> 00:29:24,964 How are we thinking about 801 00:29:25,349 --> 00:29:27,269 AI activity and what data AI can get 802 00:29:27,269 --> 00:29:28,250 to? Are we putting 803 00:29:28,630 --> 00:29:29,130 sensitive 804 00:29:29,589 --> 00:29:32,309 sensitivity labels on our content and being aware 805 00:29:32,309 --> 00:29:34,869 of what types of sensitive data may be 806 00:29:34,869 --> 00:29:36,410 located in those various 807 00:29:36,789 --> 00:29:37,929 places within, 808 00:29:38,549 --> 00:29:41,015 our organization? I was I can't remember if 809 00:29:41,015 --> 00:29:42,934 I've told this story before. If I have, 810 00:29:42,934 --> 00:29:44,694 you get to hear it again. Working with 811 00:29:44,694 --> 00:29:46,375 one company where we were trying to get 812 00:29:46,375 --> 00:29:49,335 ready for Copilot, we were looking at sharing 813 00:29:49,335 --> 00:29:49,835 links. 814 00:29:50,134 --> 00:29:52,454 They had, like, 20,000 links that was shared 815 00:29:52,454 --> 00:29:54,430 with the entire company. But then we were 816 00:29:54,430 --> 00:29:56,750 also looking at sensitive information. I'm like, did 817 00:29:56,750 --> 00:29:58,910 you know, like, you have all these Social 818 00:29:58,910 --> 00:30:01,309 Security numbers over in the SharePoint site here? 819 00:30:01,309 --> 00:30:03,869 Like, Purview picked them up, and I it 820 00:30:03,869 --> 00:30:06,029 took me, like, five minutes. I was able 821 00:30:06,029 --> 00:30:06,850 to go in 822 00:30:07,154 --> 00:30:08,215 through Purview, 823 00:30:08,595 --> 00:30:10,674 go to the Content Explorer, pull up some 824 00:30:10,674 --> 00:30:12,674 social Social Security numbers. I was like, are 825 00:30:12,674 --> 00:30:14,755 these false positives? Clicked on a couple of 826 00:30:14,755 --> 00:30:17,494 them and was like, nope. Those are actually 827 00:30:18,515 --> 00:30:19,494 those are actually 828 00:30:19,955 --> 00:30:21,839 Social Security numbers, and it took me, like, 829 00:30:21,919 --> 00:30:24,240 five minutes to find them. And I brought 830 00:30:24,240 --> 00:30:25,599 it up to the company. They're like, oh, 831 00:30:25,599 --> 00:30:27,759 our policy says no Social Security numbers are 832 00:30:27,759 --> 00:30:28,659 allowed in SharePoint. 833 00:30:29,119 --> 00:30:31,359 Yeah. That's what your policy says. You didn't 834 00:30:31,359 --> 00:30:33,359 block it, though, so here we are. Right. 835 00:30:33,359 --> 00:30:35,299 So what are you doing from that perspective 836 00:30:35,440 --> 00:30:35,940 to 837 00:30:36,240 --> 00:30:37,059 not just 838 00:30:37,644 --> 00:30:39,325 set a policy of that or make that 839 00:30:39,325 --> 00:30:41,404 your policy, but to go through and verify 840 00:30:41,404 --> 00:30:43,184 that people are following the policy 841 00:30:43,644 --> 00:30:45,644 and or if you do allow that in 842 00:30:45,644 --> 00:30:48,144 there that it's being properly labeled and categorized 843 00:30:48,605 --> 00:30:51,404 so you can put DLP policies in place 844 00:30:51,404 --> 00:30:54,240 to prevent that exfiltration of that data, to 845 00:30:54,240 --> 00:30:55,539 prevent it being inadvertently 846 00:30:55,840 --> 00:30:58,720 shared with somebody it shouldn't be. And this 847 00:30:58,720 --> 00:31:00,400 was a new one. I I was gonna 848 00:31:00,400 --> 00:31:02,720 mention that I don't know how it's done. 849 00:31:02,720 --> 00:31:04,160 I'll find the blog post to it in 850 00:31:04,160 --> 00:31:05,440 the YouTube video and put it in the 851 00:31:05,440 --> 00:31:08,184 chat. There is I think it was just 852 00:31:08,184 --> 00:31:10,105 last week. It was about a week ago. 853 00:31:10,105 --> 00:31:11,164 Microsoft announced 854 00:31:11,785 --> 00:31:12,765 network level 855 00:31:13,304 --> 00:31:13,804 DLP 856 00:31:14,424 --> 00:31:17,545 coming to Microsoft three sixty five. So actually 857 00:31:17,545 --> 00:31:19,409 being able to, like, pick up if I 858 00:31:19,409 --> 00:31:22,210 copy and paste a Social Security number from 859 00:31:22,210 --> 00:31:23,750 my machine into a website, 860 00:31:24,609 --> 00:31:26,769 the picking it up in my network traffic 861 00:31:26,769 --> 00:31:29,970 that I'm copying and pasting sensitive information or 862 00:31:29,970 --> 00:31:33,109 that sensitive information is going from my device 863 00:31:33,674 --> 00:31:36,154 somewhere. No they didn't announce how they're doing 864 00:31:36,154 --> 00:31:37,515 it. I don't know if this is gonna 865 00:31:37,515 --> 00:31:39,595 be part of Global Secure Access or part 866 00:31:39,595 --> 00:31:41,055 of Microsoft Defender, 867 00:31:41,515 --> 00:31:43,375 but there is absolutely, 868 00:31:44,394 --> 00:31:47,595 like, that level of data security coming as 869 00:31:47,595 --> 00:31:50,279 well from a DLP perspective, sensitive information. 870 00:31:50,579 --> 00:31:52,099 So that's gonna be really cool to see 871 00:31:52,099 --> 00:31:54,419 where that goes because that is questions that 872 00:31:54,419 --> 00:31:56,980 come up. We'll see when it comes, how 873 00:31:56,980 --> 00:31:58,980 it comes, what the cost is when it 874 00:31:58,980 --> 00:32:01,460 comes, etcetera. I hadn't heard about that. Oh, 875 00:32:01,460 --> 00:32:03,805 Pirate posted that. Browser Network. Yeah. I think 876 00:32:03,805 --> 00:32:05,805 that's the one, Pirate, without actually looking at 877 00:32:05,805 --> 00:32:08,045 that article that looks because it was on 878 00:32:08,045 --> 00:32:10,205 Microsoft Mechanics where they posted that video and 879 00:32:10,205 --> 00:32:13,585 that article about doing network browser based DLP. 880 00:32:13,805 --> 00:32:15,904 It's okay, Scott. It's only a week old. 881 00:32:15,965 --> 00:32:18,169 You're excused for not knowing it. Whew. That's 882 00:32:18,169 --> 00:32:19,849 good. And I think kind of what brings 883 00:32:19,849 --> 00:32:23,049 us all together too is I've mentioned it 884 00:32:23,049 --> 00:32:25,210 a few times. We've talked about it. I 885 00:32:25,210 --> 00:32:28,669 will never back down from my statement that 886 00:32:28,970 --> 00:32:32,269 conditional access is worth the cost of EntraID 887 00:32:32,410 --> 00:32:34,335 plan one if all you got with that 888 00:32:34,335 --> 00:32:36,994 is conditional access. But to me that's really 889 00:32:37,295 --> 00:32:39,454 like the bow that ties all of this 890 00:32:39,454 --> 00:32:41,454 together, is going in and setting up a 891 00:32:41,454 --> 00:32:44,335 lot of those conditional access policies, looking at 892 00:32:44,335 --> 00:32:46,575 who you are, what identity you're logging in 893 00:32:46,575 --> 00:32:47,075 with, 894 00:32:47,419 --> 00:32:49,179 are you coming in as an admin, are 895 00:32:49,179 --> 00:32:51,819 you coming in with a service principal, so 896 00:32:51,819 --> 00:32:54,140 that identity aspect of it. And then looking 897 00:32:54,140 --> 00:32:56,880 at all those different signals from your devices, 898 00:32:57,419 --> 00:32:59,579 looking at different properties of the device, different 899 00:32:59,579 --> 00:33:01,599 trust types, compliance of the device. 900 00:33:01,964 --> 00:33:03,085 That's where you can go set up your 901 00:33:03,085 --> 00:33:05,005 network level. What network am I coming in? 902 00:33:05,005 --> 00:33:06,924 What IP address am I coming in from? 903 00:33:06,924 --> 00:33:09,565 What applications am not only am I accessing 904 00:33:09,565 --> 00:33:12,625 in Microsoft three sixty five, but what applications 905 00:33:12,765 --> 00:33:14,525 am I using to access my data in 906 00:33:14,525 --> 00:33:16,384 Microsoft three sixty five? 907 00:33:16,799 --> 00:33:19,860 Setting up all those conditional access policies to 908 00:33:20,240 --> 00:33:23,360 help you segment out how users are allowed 909 00:33:23,360 --> 00:33:25,759 into your environment, where they're allowed in from, 910 00:33:25,759 --> 00:33:26,960 all of that. There's a lot to think 911 00:33:26,960 --> 00:33:28,720 about in that one. There's absolutely a ton 912 00:33:28,720 --> 00:33:30,644 to think about. There's a reason you can 913 00:33:30,644 --> 00:33:33,204 create hundreds and hundreds of conditional access policies, 914 00:33:33,204 --> 00:33:35,044 Scott. I still wanna see a tenant that 915 00:33:35,044 --> 00:33:36,184 has hundreds of them. 916 00:33:36,964 --> 00:33:38,884 I haven't. No? I have heard of tenants 917 00:33:38,884 --> 00:33:40,244 hitting the limit. Did you know there's a 918 00:33:40,244 --> 00:33:43,380 limit to conditional access policies? I probably 919 00:33:44,000 --> 00:33:45,679 work for one of those companies that's at 920 00:33:45,679 --> 00:33:47,759 the limit. You probably do. I think it's 921 00:33:47,759 --> 00:33:49,039 995 922 00:33:49,039 --> 00:33:51,200 is the number of conditional access policies you 923 00:33:51,200 --> 00:33:53,279 can have. That's what I thought. Pirate said 924 00:33:53,279 --> 00:33:56,019 we've had the conversation before. So, anyways, 925 00:33:56,400 --> 00:33:57,255 and then the last 926 00:33:58,134 --> 00:34:00,375 I can do logs and signals. We talked 927 00:34:00,375 --> 00:34:02,634 about the verification aspect of this too, 928 00:34:03,015 --> 00:34:03,755 being alerted. 929 00:34:04,295 --> 00:34:07,095 There's a lot of verification you can do, 930 00:34:07,095 --> 00:34:08,534 but I would say a lot of it 931 00:34:08,534 --> 00:34:11,590 does cost money, whether it's spinning up Sentinel 932 00:34:11,890 --> 00:34:12,630 or another 933 00:34:13,170 --> 00:34:15,890 SIEM to capture all these logs, be able 934 00:34:15,890 --> 00:34:17,269 to query all these logs, 935 00:34:17,650 --> 00:34:19,190 set alerts on these logs, 936 00:34:19,570 --> 00:34:22,530 take automated actions based on them. Maybe you 937 00:34:22,530 --> 00:34:24,974 want to be able to peruse your logs 938 00:34:24,974 --> 00:34:26,994 or ask questions about it with 939 00:34:27,375 --> 00:34:29,554 Security Copilot or some other 940 00:34:29,855 --> 00:34:30,355 AI 941 00:34:30,815 --> 00:34:33,054 tool based on where all these logs are 942 00:34:33,054 --> 00:34:33,875 being captured. 943 00:34:34,414 --> 00:34:36,719 But not just setting up all these controls 944 00:34:36,719 --> 00:34:38,559 and then not ever keeping an eye on 945 00:34:38,559 --> 00:34:40,500 what people are doing or 946 00:34:40,800 --> 00:34:43,039 what's going on in your environment. So you 947 00:34:43,039 --> 00:34:45,039 could go set all of this up. Someone 948 00:34:45,039 --> 00:34:46,719 finds a way around it. Someone finds a 949 00:34:46,719 --> 00:34:49,519 way around our backdoor. We're all human. We're 950 00:34:49,519 --> 00:34:51,734 not perfect. We're gonna miss something. We're gonna 951 00:34:51,734 --> 00:34:54,394 make mistakes. So do you have that logging, 952 00:34:54,454 --> 00:34:57,674 that signaling, that alerting set up so that 953 00:34:57,815 --> 00:34:59,734 if something does go wrong or if you 954 00:34:59,734 --> 00:35:01,574 need to go back and look at what 955 00:35:01,574 --> 00:35:03,640 somebody did, you have that ability 956 00:35:04,579 --> 00:35:07,140 to go in and look at it, adjust 957 00:35:07,140 --> 00:35:09,480 it, make changes to your security 958 00:35:10,099 --> 00:35:12,140 based on what may come out of some 959 00:35:12,140 --> 00:35:14,579 of that logging, that signaling, and that alerting. 960 00:35:14,579 --> 00:35:16,034 What may come out of it? Good luck 961 00:35:16,034 --> 00:35:17,474 interpreting it most of us. What may come 962 00:35:17,474 --> 00:35:19,155 out of it? Okay. That's the other thing 963 00:35:19,155 --> 00:35:20,675 is like, yeah, like, what may come out 964 00:35:20,675 --> 00:35:22,355 of it? Now now go interpret it. Good 965 00:35:22,355 --> 00:35:24,855 luck. Yeah. That's what Security Copilot's for, Scott. 966 00:35:25,074 --> 00:35:27,954 Or Copilot for security. Security Copilot? Which one 967 00:35:27,954 --> 00:35:30,030 is it? Something like that. One of those. 968 00:35:30,269 --> 00:35:31,730 So there is an assessment. 969 00:35:32,030 --> 00:35:34,110 Pirate mentioned it before. We'll put a link 970 00:35:34,110 --> 00:35:35,409 to this in the chat too. 971 00:35:35,710 --> 00:35:38,449 There is a Zero Trust workshop out there 972 00:35:38,590 --> 00:35:41,150 that Microsoft has. Oh, you're not gonna be 973 00:35:41,150 --> 00:35:42,349 able to see it in that window though 974 00:35:42,349 --> 00:35:43,550 if I put it in the chat. We've 975 00:35:43,550 --> 00:35:45,070 just had one window up in the one 976 00:35:45,070 --> 00:35:47,125 browser window up. But a whole zero trust 977 00:35:47,125 --> 00:35:48,424 workshop around identity 978 00:35:49,045 --> 00:35:51,284 devices, and part of that workshop, they do 979 00:35:51,284 --> 00:35:54,324 have a an assessment tool as well, a 980 00:35:54,324 --> 00:35:56,884 PowerShell script that you can go run on 981 00:35:56,884 --> 00:35:57,545 your environment 982 00:35:57,844 --> 00:35:59,065 that will give you 983 00:35:59,444 --> 00:36:00,424 some of that configuration 984 00:36:00,964 --> 00:36:03,519 of how close are you to Zero Trust. 985 00:36:03,519 --> 00:36:05,359 There's some other tools in here to help 986 00:36:05,359 --> 00:36:08,400 you work through implementing Zero Trust. So this 987 00:36:08,400 --> 00:36:10,719 is another good resource. I think this workshop 988 00:36:10,719 --> 00:36:13,280 is easily a day long, if not a 989 00:36:13,280 --> 00:36:14,339 multi day 990 00:36:14,800 --> 00:36:16,980 workshop, if you were going to 991 00:36:17,424 --> 00:36:19,824 work through it with somebody. Again, there's tools 992 00:36:19,824 --> 00:36:21,344 in here you can take and run-in your 993 00:36:21,344 --> 00:36:23,585 own environment to see where you stack up, 994 00:36:23,585 --> 00:36:26,144 what you should think think about, configurations you 995 00:36:26,144 --> 00:36:28,464 may need to make, again, based on what 996 00:36:28,464 --> 00:36:31,119 licenses you have, what's available for you to 997 00:36:31,119 --> 00:36:33,039 actually go turn on and light up. Yeah. 998 00:36:33,039 --> 00:36:36,000 What's the scope of that workshop? So is 999 00:36:36,000 --> 00:36:37,380 it all things Microsoft? 1000 00:36:37,760 --> 00:36:39,679 It it looks like it's pretty expansive. Like 1001 00:36:39,920 --> 00:36:42,559 Yes. I'm pretty sure this one will look 1002 00:36:42,559 --> 00:36:44,019 at all things 1003 00:36:45,094 --> 00:36:46,875 Microsoft. I should go find 1004 00:36:47,574 --> 00:36:49,574 where this is. I mean, it's yeah. Like, 1005 00:36:49,574 --> 00:36:50,474 you have DevSecOps 1006 00:36:50,775 --> 00:36:52,315 in here. You've got identity 1007 00:36:52,934 --> 00:36:53,434 devices. 1008 00:36:54,214 --> 00:36:56,315 That's talking about the Intune data warehouse. 1009 00:36:57,414 --> 00:37:00,359 What else in here? Conditional launch. There's stuff 1010 00:37:00,359 --> 00:37:01,819 around backing up to iCloud. 1011 00:37:03,000 --> 00:37:04,380 Yeah. Here's ARM provisioning, 1012 00:37:04,920 --> 00:37:06,059 RBAC stuff, 1013 00:37:06,519 --> 00:37:09,079 VPN tunnel. Someone asked me too, VPN tunnel 1014 00:37:09,079 --> 00:37:11,900 versus global secure access. I think they're both 1015 00:37:12,039 --> 00:37:14,195 in there. It wouldn't surprise me if the 1016 00:37:14,195 --> 00:37:16,434 VPN tunnel goes away. Yeah. All the stuff 1017 00:37:16,434 --> 00:37:17,335 around Samsung 1018 00:37:18,514 --> 00:37:19,815 AR, VR devices. 1019 00:37:20,835 --> 00:37:22,355 This is I don't is this I don't 1020 00:37:22,355 --> 00:37:24,195 even know what this is. A hundred and 1021 00:37:24,195 --> 00:37:24,695 twenty, 1022 00:37:25,315 --> 00:37:29,094 fifty, seventy, 80 Just keeps going. 89 1023 00:37:29,639 --> 00:37:30,139 different 1024 00:37:30,760 --> 00:37:33,819 steps, I guess, just in the devices section 1025 00:37:33,880 --> 00:37:35,799 that are things for you to think about 1026 00:37:35,799 --> 00:37:38,199 with devices. But, yeah, DevOps, I bet this 1027 00:37:38,199 --> 00:37:40,940 is Defender. Yeah. Implement Defender for servers. 1028 00:37:41,239 --> 00:37:42,760 So this is 100%, 1029 00:37:42,760 --> 00:37:43,900 like, all things 1030 00:37:44,605 --> 00:37:45,825 Microsoft cloud 1031 00:37:46,285 --> 00:37:49,985 from servers to Azure to ARM provisioning to 1032 00:37:50,525 --> 00:37:51,025 GitHub, 1033 00:37:51,325 --> 00:37:53,184 CodeQL is a part of this, 1034 00:37:54,045 --> 00:37:56,144 Azure DevOps is a part of this, 1035 00:37:56,650 --> 00:37:57,710 Defender for DevOps. 1036 00:37:58,090 --> 00:37:59,610 All of it. You could spend a long 1037 00:37:59,610 --> 00:38:02,090 time on this, Scott. All the things. Everything 1038 00:38:02,090 --> 00:38:04,010 is here. Just a couple of days. Easy 1039 00:38:04,010 --> 00:38:06,010 peasy. Yeah. Just blow through it all quick. 1040 00:38:06,010 --> 00:38:07,130 In and out. And then you get a 1041 00:38:07,130 --> 00:38:08,650 nice pretty docs that you need to go 1042 00:38:08,650 --> 00:38:09,150 implement. 1043 00:38:09,449 --> 00:38:09,949 Exactly. 1044 00:38:10,250 --> 00:38:11,849 Or call Ben, and Ben will help you 1045 00:38:11,849 --> 00:38:14,704 implement. I'm full of shameless self promotion today. 1046 00:38:14,704 --> 00:38:16,625 Yeah. You're doing a good job. Thanks. Appreciate 1047 00:38:16,625 --> 00:38:19,525 it. Alright. Anything else? It is 5PM 1048 00:38:19,664 --> 00:38:21,425 Eastern Time on a Friday. And I think 1049 00:38:21,425 --> 00:38:23,825 that takes us on a whirlwind tour of 1050 00:38:23,825 --> 00:38:25,744 Zero Trust. That was. And if I have 1051 00:38:25,744 --> 00:38:27,045 a workshop at a conference, 1052 00:38:27,380 --> 00:38:29,239 I will self promote that as well. 1053 00:38:30,739 --> 00:38:33,380 You just gotta score one, man. That's it. 1054 00:38:33,380 --> 00:38:35,460 Easy peasy. No sweat. We'll get it. We'll 1055 00:38:35,460 --> 00:38:37,539 get it nailed out. So well, thanks, Scott. 1056 00:38:37,539 --> 00:38:40,019 Appreciate it. Enjoy your weekend. Enjoy the rest 1057 00:38:40,019 --> 00:38:41,295 of your day. You too. And we will 1058 00:38:41,375 --> 00:38:43,474 talk to you again soon. Thanks, Ben. 1059 00:38:45,454 --> 00:38:47,694 If you enjoyed the podcast, go leave us 1060 00:38:47,694 --> 00:38:49,934 a five star rating in iTunes. It helps 1061 00:38:49,934 --> 00:38:51,614 to get the word out so more IT 1062 00:38:51,614 --> 00:38:53,775 pros can learn about Office three sixty five 1063 00:38:53,775 --> 00:38:54,329 and Azure. 1064 00:38:54,890 --> 00:38:56,650 If you have any questions you want us 1065 00:38:56,650 --> 00:38:58,809 to address on the show, or feedback about 1066 00:38:58,809 --> 00:39:01,130 the show, feel free to reach out via 1067 00:39:01,130 --> 00:39:03,309 our website, Twitter, or Facebook. 1068 00:39:03,610 --> 00:39:05,450 Thanks again for listening, and have a great 1069 00:39:05,450 --> 00:39:05,950 day.