26 Sep Highlights from Alan Eardley – Ignite 2018
Day 2 of Ignite has been filled with some very cool updates and new functionality. The sessions that I have attended have covered a wide variety of tools and technology and every single one of them had new features that current clients will be able to make use of.
Azure Active Directory
I attended three sessions that included details of Azure Active Directory, all of them from slightly different angles.
A key tenet of Microsoft vision for Azure Active Directory and the overall approach to security identity, resources and access is to build on the existing tools, and not to introduce new tools which I think is great, as new tools have always created confusion as there are inevitably licence costs and integration challenges.
A core component of the best practice for implementing security is Conditional Access. This is being extended to have more capabilities allowing it to cover many more scenarios, such as limited access to Exchange if a user is on a device that doesn’t meet the compliance criteria – this will mean users can access content but only in a read only format.
Support for OATH tokens will be introduced so that secure environments that prohibit the use of mobile phones will be able to be secured with multi-factor authentication.
The security of identities is crucial in any security strategy and the ability to investigate risks posed by identities is a core requirement. The elements of Identity protection will become easier to use, with an improved interface. There will also be additional links to other tools such as Advanced Threat Protection and Cloud App Security to enable forensic investigation of incidents to be carried out more easily.
Windows Security Centre
A new dashboard will be added to management tools available in Azure.
This dashboard will present an holistic view of the security of the organisation bringing together all aspects of Identity Protection, Cloud App Security and Advanced Threat Protection. It will also integrate directly with Secure Score, providing a single location to review the security health of the organisation.
This will be available by the end of the year.
Longer term, the introduction of incidents that need to be investigated is planned. Incidents will group together security events and will have a lifecycle for investigating, mitigating and resolving the incident.
One of highlights of the day was the last session that introduced the capabilities of Identity Governance. This is a collection of tools that allow for easier governance of the lifecycle of users.
This allows IT to define sets of entitlements, including access to resources and apps, policies to manage the user lifecycle and delegation to business users to take responsibility for authorising access to users.
The building blocks allow for complex rules to be applied that will allow internal and external users to request access to resources. The approval policies can be setup to require approval within a number of days from a business user. Once the approval process is completed and access is granted the policy will determine how long the access is valid for. This means that the access reviews will take place to recertify the access of the user. If the nominated reviewer does not approve the continued access then the user will be blocked, or even have their account removed from the tenant.
The process is fully audited and the logs can be exported so that organisations that have legislative requirements and audits will be able to provide evidence to the process for granting access to particular users.