Showing posts from 2016

New survey shows hybrid is leading approach, security waning as blocker to cloud adoption

A posting by Julia White on the key findings from a survey of cloud use in 2016. Notably, hybrid deployments will continue to be the deployment model for years to come; vendor lock-in and privacy are moving up in terms of concerns; and security in the cloud remains a hot topic, but the nature of it has changed, with 50% of respondents seeing it as a benefit to cloud adoption, and the other half seeing it as a blocker.

Risk-based Conditional Access now in the new Azure portal

Microsoft now allows you to apply risk-based conditional access policies at the Azure AD application level, providing you with real-time detection and automated protection that is fueled by the vast data in Microsoft’s Intelligent Security Graph.

Today, several improvements to conditional access in have been published through the new Azure Portal:

Risk-based access policies per application: Leverage machine learning on a massive scale to provide real-time detection and automated protection. Now you can use this data to build risk-based policies per application.Greater flexibility to protect applications: Set multiple policies per application or set and easily roll out global rules to protect all your applications with a single policy.All these capabilities are now available in a unified administrative experience on the Azure portal. This makes it even easier to create and manage holistic conditional access policies to all your applications.…

Will Advanced Threat Analytics help me with all operating systems?

Short answer is yes, but there is a qualifier.  The activity still needs to hit Active Directory (AD), whether by connecting to the network via AD, querying the DNS servers, or authenticating with AD.  All that activity is inspected for anomalous activities, regardless of the operating system.

More enhancements to the Azure AD Admin experience in the new Azure Portal

Introducing Azure AD Pass-Through Authentication and Seamless Single Sign-on

Now in public preview, Azure AD Pass-Through Authentication is a 3rd alternative in the options for “single sign-on” between Active Directory and Azure AD.  Designed to remove the infrastructure requirements of AD Federation Services, it provides a more seamless SSO experience than the Password Hash Sync through AAD Connect.   

With the use of AAD Connect and a simple connector, AAD PTA relies on secure outbound communication to validate username  and password credentials against your on-premises Active Directory.  No need to sync AD passwords to AAD, nor deploy AD FS!

Microsoft Intune in the Azure portal Preview

Microsoft Intune is moving to the Azure portal and the public preview has started.  The initial release includes the following capabilities:

Deploy and manage apps from a store to iOS, Android, and Windows devicesDeploy and manage line of business (LOB) apps to iOS, Android, and Windows devicesDeploy and manage volume-purchased apps to iOS, and Windows devicesDeploy and manage web apps for Android, iOS, and Windows devicesVolume-purchased apps for iOS (business and education)iOS managed app configuration profilesConfigure app protection policies, and deploy LOB apps to devices that are not enrolled with IntuneVPN profiles, per-app VPN, Wi-Fi, email, and certificate profilesCompliance policiesConditional access for Azure ADConditional access for On-Premises ExchangeDevice enrollmentRole-based access control

An Introduction to Microsoft Azure Information Protection

As Azure Information Protection evolves from its Microsoft Rights Management Services roots, I’m sure we’ll start seeing a lot more uptake, especially the auto-classification features baked into the Office suite.  

Check it out!

Azure AD Identity Protection and Azure AD Privileged Identity Management Subscription Requirements

With Azure AD Identity Protection and Azure AD Privileged Identity Management now generally available as part of AAD Premium P2, starting Monday December 5 2016 (TODAY!!), Microsoft is enabling license enforcement for existing tenants using Azure AD PIM.  Without an AAD P2 subscription or trial, tenants with AIP and PIM will see those capabilities disabled/removed.
Azure AD PIM will no longer be available in your tenant if:
Your organization was using Azure AD PIM when it was in preview and does not purchase Azure AD Premium P2Your organization had an Azure AD Premium P2 trial that expiredYour organization had a purchased subscription that expired
When an Azure AD Premium P2 subscription expires, or an organization which was using Azure AD PIM does not obtain Azure AD Premium P2:
Permanent role assignments to Azure AD roles will be unaffected.The Azure AD PIM extension in the Azure portal, as well as the Graph API Cmdlets and PowerShell interfaces of Azu…

Cloud Platform Roadmap

Microsoft's public Cloud Platform roadmap that provides high-level insights into what features were recently made generally available and what's in public preview and in development. It covers Cloud Infrastructure, Enterprise Mobility, Data Management and Analytics, Application Development and the Internet of Things:

EMS Scenario-Based Content

Microsoft has added scenario-based guidance to their Enterprise Mobility + Security (EMS) documentation,  to help clients understand how to use EMS services to deliver secure productivity.  The catalog of use cases is supposed to grow over the coming months.

Real world Azure AD Connect: multi forest user and resource + user forest implementation

Insightful post about deploying AAD Connect in a truly multi-forest scenario and having to deal with precedence issues:

Disrupting the Cyber Kill Chain

Great blog describing the cyber kill chain (how attackers infiltrate and compromised an organization’s networks and systems) and how Microsoft Secure and Productive Enterprise (SPE) offerings can be used to disrupt the kill chain.

Microsoft Teams: How to overcome challenges with Windows Information Protection & Conditional Access

Ronny De Jong, over at Modern Workplace, provides some great insight in how to deploy Microsoft Teams alongside Windows Information Protection and Conditional Access:

New to Office 365 in November—new collaboration capabilities and more

Collaboration and cloud are on the menu!  Updates this month include real-time co-authoring in PowerPoint, shared cloud documents in Outlook, and mobile notifications of changes to shared documents.

Application built on Hello.js with Azure ADB2C

Code sample showing how to build a web application using Hello.js that performs identity management with Azure AD B2C:

New and Enhanced Azure AD Access Panel is now Generally Available

New look and feel to the AAD Access Panel @, which is more mobile-friendly and improves the user experience.

New in Intune: More conditional access, App SDK updates, and Android for Work

Android for Work is now GA, you can block Windows PC from Exchange Online and SharePoint Online, MAM support is now built into all the Intune SDK tools and more.

Check it out!

New in Intune: More conditional access, App SDK updates, and Android for Work!

Microsoft Cloud App Security - Shining the light on Shadow IT

Microsoft's Cloud App Security allows you to Discover, Control and Protect your organization from an internal Shadow IT.  What is Shadow IT?  It's your employees' unsanctioned use of Cloud applications, which could expose you to breaches through compromised credentials or the loss of sensitive corporate data.

Read on to see how CAS can help your organization deal with the Shadow IT.

Shadow IT leaves you vulnerable – Learn how to get control now



And we're back!

After a long hiatus, I'm looking to get this blog up and running again.  I'll be posting about interesting blogs and articles in the space of identity, mobility and security.

Stay tuned for more!