POPULARITY
Strengthen your security posture in Microsoft Entra by following prioritized Secure Score recommendations. Enforce MFA, block legacy authentication, and apply risk-based Conditional Access policies to reduce exposure from stale accounts and weak authentication methods. Use built-in tools for user, group, and device administration to detect and clean up identity sprawl—like unused credentials, inactive accounts, and expired apps—before they become vulnerabilities. Jeremy Chapman, Microsoft 365 Director, shares steps to clean up your directory, strengthen authentication, and improve overall identity security. ► QUICK LINKS: 00:00 - Microsoft Entra optimization 00:54 - New Recommendations tab 02:11 - Enforce multifactor authentication 03:21 - Block legacy authentication protocols 03:58 - Apply risk-based Conditional Access 04:44 - Identity sprawl 05:46 - Fix account sprawl 08:06 - Microsoft 365 group sprawl 09:36 - Devices 10:33 - Wrap up ► Link References Watch part one of our Microsoft Entra Beginner's Tutorial series at https://aka.ms/EntraBeginnerMechanics Check out https://aka.ms/MicrosoftEntraRecommendations ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Azure IAM can now help you create stunning front-facing customer login portals by combining Okta's toolkit with Azure Active Directory. To find out how you can easily keep your customers' data safe and secure, visit https://azureiam.com/ Azure IAM, LLC City: Sterling Address: P. O. Box 650685 Website: https://azureiam.com
In this episode, Lois Houston and Nikita Abraham continue their deep dive into Oracle GoldenGate 23ai, focusing on its evolution and the extensive features it offers. They are joined once again by Nick Wagner, who provides valuable insights into the product's journey. Nick talks about the various iterations of Oracle GoldenGate, highlighting the significant advancements from version 12c to the latest 23ai release. The discussion then shifts to the extensive new features in 23ai, including AI-related capabilities, UI enhancements, and database function integration. Oracle GoldenGate 23ai: Fundamentals: https://mylearn.oracle.com/ou/course/oracle-goldengate-23ai-fundamentals/145884/237273 Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X: https://x.com/Oracle_Edu Special thanks to Arijit Ghosh, David Wright, Kris-Ann Nansen, Radhika Banka, and the OU Studio Team for helping us create this episode. ----------------------------------------------------------------- Episode Transcript: 00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:25 Lois: Hello and welcome to the Oracle University Podcast! I'm Lois Houston, Director of Innovation Programs with Oracle University, and with me is Nikita Abraham, Team Lead: Editorial Services. Nikita: Hi everyone! Last week, we introduced Oracle GoldenGate and its capabilities, and also spoke about GoldenGate 23ai. In today's episode, we'll talk about the various iterations of Oracle GoldenGate since its inception. And we'll also take a look at some new features and the Oracle GoldenGate product family. 00:57 Lois: And we have Nick Wagner back with us. Nick is a Senior Director of Product Management for GoldenGate at Oracle. Hi Nick! I think the last time we had an Oracle University course was when Oracle GoldenGate 12c was out. I'm sure there's been a lot of advancements since then. Can you walk us through those? Nick: GoldenGate 12.3 introduced the microservices architecture. GoldenGate 18c introduced support for Oracle Autonomous Data Warehouse and Autonomous Transaction Processing Databases. In GoldenGate 19c, we added the ability to do cross endian remote capture for Oracle, making it easier to set up the GoldenGate OCI service to capture from environments like Solaris, Spark, and HP-UX and replicate into the Cloud. Also, GoldenGate 19c introduced a simpler process for upgrades and installation of GoldenGate where we released something called a unified build. This means that when you install GoldenGate for a particular database, you don't need to worry about the database version when you install GoldenGate. Prior to this, you would have to install a version-specific and database-specific version of GoldenGate. So this really simplified that whole process. In GoldenGate 23ai, which is where we are now, this really is a huge release. 02:16 Nikita: Yeah, we covered some of the distributed AI features and high availability environments in our last episode. But can you give us an overview of everything that's in the 23ai release? I know there's a lot to get into but maybe you could highlight just the major ones? Nick: Within the AI and streaming environments, we've got interoperability for database vector types, heterogeneous capture and apply as well. Again, this is not just replication between Oracle-to-Oracle vector or Postgres to Postgres vector, it is heterogeneous just like the rest of GoldenGate. The entire UI has been redesigned and optimized for high speed. And so we have a lot of customers that have dozens and dozens of extracts and replicats and processes running and it was taking a long time for the UI to refresh those and to show what's going on within those systems. So the UI has been optimized to be able to handle those environments much better. We now have the ability to call database functions directly from call map. And so when you do transformation with GoldenGate, we have about 50 or 60 built-in transformation routines for string conversion, arithmetic operation, date manipulation. But we never had the ability to directly call a database function. 03:28 Lois: And now we do? Nick: So now you can actually call that database function, database stored procedure, database package, return a value and that can be used for transformation within GoldenGate. We have integration with identity providers, being able to use token-based authentication and integrate in with things like Azure Active Directory and your other single sign-on for the GoldenGate product itself. Within Oracle 23ai, there's a number of new features. One of those cool features is something called lock-free reservation columns. So this allows you to have a row, a single row within a table and you can identify a column within that row that's like an inventory column. And you can have multiple different users and multiple different transactions all updating that column within that same exact row at that same time. So you no longer have row-level locking for these reservation columns. And it allows you to do things like shopping carts very easily. If I have 500 widgets to sell, I'm going to let any number of transactions come in and subtract from that inventory column. And then once it gets below a certain point, then I'll start enforcing that row-level locking. 04:43 Lois: That's really cool… Nick: The one key thing that I wanted to mention here is that because of the way that the lock-free reservations work, you can have multiple transactions open on the same row. This is only supported for Oracle to Oracle. You need to have that same lock-free reservation data type and availability on that target system if GoldenGate is going to replicate into it. 05:05 Nikita: Are there any new features related to the diagnosability and observability of GoldenGate? Nick: We've improved the AWR reports in Oracle 23ai. There's now seven sections that are specific to Oracle GoldenGate to allow you to really go in and see exactly what the GoldenGate processes are doing and how they're behaving inside the database itself. And there's a Replication Performance Advisor package inside that database, and that's been integrated into the Web UI as well. So now you can actually get information out of the replication advisor package in Oracle directly from the UI without having to log into the database and try to run any database procedures to get it. We've also added the ability to support a per-PDB Extract. So in the past, when GoldenGate would run on a multitenant database, a multitenant database in Oracle, all the redo data from any pluggable database gets sent to that one redo stream. And so you would have to configure GoldenGate at the container or root level and it would be able to access anything at any PDB. Now, there's better security and better performance by doing what we call per-PDB Extract. And this means that for a single pluggable database, I can have an extract that runs at that database level that's going to capture information just from that pluggable database. 06:22 Lois And what about non-Oracle environments, Nick? Nick: We've also enhanced the non-Oracle environments as well. For example, in Postgres, we've added support for precise instantiation using Postgres snapshots. This eliminates the need to handle collisions when you're doing Postgres to Postgres replication and initial instantiation. On the GoldenGate for big data side, we've renamed that product more aptly to distributed applications in analytics, which is really what it does, and we've added a whole bunch of new features here too. The ability to move data into Databricks, doing Google Pub/Sub delivery. We now have support for XAG within the GoldenGate for distributed applications and analytics. What that means is that now you can follow all of our MAA best practices for GoldenGate for Oracle, but it also works for the DAA product as well, meaning that if it's running on one node of a cluster and that node fails, it'll restart itself on another node in the cluster. We've also added the ability to deliver data to Redis, Google BigQuery, stage and merge functionality for better performance into the BigQuery product. And then we've added a completely new feature, and this is something called streaming data and apps and we're calling it AsyncAPI and CloudEvent data streaming. It's a long name, but what that means is that we now have the ability to publish changes from a GoldenGate trail file out to end users. And so this allows through the Web UI or through the REST API, you can now come into GoldenGate and through the distributed applications and analytics product, actually set up a subscription to a GoldenGate trail file. And so this allows us to push data into messaging environments, or you can simply subscribe to changes and it doesn't have to be the whole trail file, it can just be a subset. You can specify exactly which tables and you can put filters on that. You can also set up your topologies as well. So, it's a really cool feature that we've added here. 08:26 Nikita: Ok, you've given us a lot of updates about what GoldenGate can support. But can we also get some specifics? Nick: So as far as what we have, on the Oracle Database side, there's a ton of different Oracle databases we support, including the Autonomous Databases and all the different flavors of them, your Oracle Database Appliance, your Base Database Service within OCI, your of course, Standard and Enterprise Edition, as well as all the different flavors of Exadata, are all supported with GoldenGate. This is all for capture and delivery. And this is all versions as well. GoldenGate supports Oracle 23ai and below. We also have a ton of non-Oracle databases in different Cloud stores. On an non-Oracle side, we support everything from application-specific databases like FairCom DB, all the way to more advanced applications like Snowflake, which there's a vast user base for that. We also support a lot of different cloud stores and these again, are non-Oracle, nonrelational systems, or they can be relational databases. We also support a lot of big data platforms and this is part of the distributed applications and analytics side of things where you have the ability to replicate to different Apache environments, different Cloudera environments. We also support a number of open-source systems, including things like Apache Cassandra, MySQL Community Edition, a lot of different Postgres open source databases along with MariaDB. And then we have a bunch of streaming event products, NoSQL data stores, and even Oracle applications that we support. So there's absolutely a ton of different environments that GoldenGate supports. There are additional Oracle databases that we support and this includes the Oracle Metadata Service, as well as Oracle MySQL, including MySQL HeatWave. Oracle also has Oracle NoSQL Spatial and Graph and times 10 products, which again are all supported by GoldenGate. 10:23 Lois: Wow, that's a lot of information! Nick: One of the things that we didn't really cover was the different SaaS applications, which we've got like Cerner, Fusion Cloud, Hospitality, Retail, MICROS, Oracle Transportation, JD Edwards, Siebel, and on and on and on. And again, because of the nature of GoldenGate, it's heterogeneous. Any source can talk to any target. And so it doesn't have to be, oh, I'm pulling from Oracle Fusion Cloud, that means I have to go to an Oracle Database on the target, not necessarily. 10:51 Lois: So, there's really a massive amount of flexibility built into the system. 11:00 Unlock the power of AI Vector Search with our new course and certification. Get more accurate search results, handle complex datasets easily, and supercharge your data-driven decisions. From now through May 15, 2025, we are waiving the certification exam fee (valued at $245). Visit mylearn.oracle.com to enroll. 11:26 Nikita: Welcome back! Now that we've gone through the base product, what other features or products are in the GoldenGate family itself, Nick? Nick: So we have quite a few. We've kind of touched already on GoldenGate for Oracle databases and non-Oracle databases. We also have something called GoldenGate for Mainframe, which right now is covered under the GoldenGate for non-Oracle, but there is a licensing difference there. So that's something to be aware of. We also have the OCI GoldenGate product. We are announcing and we have announced that OCI GoldenGate will also be made available as part of the Oracle Database@Azure and Oracle Database@ Google Cloud partnerships. And then you'll be able to use that vendor's cloud credits to actually pay for the OCI GoldenGate product. One of the cool things about this is it will have full feature parity with OCI GoldenGate running in OCI. So all the same features, all the same sources and targets, all the same topologies be able to migrate data in and out of those clouds at will, just like you do with OCI GoldenGate today running in OCI. We have Oracle GoldenGate Free. This is a completely free edition of GoldenGate to use. It is limited on the number of platforms that it supports as far as sources and targets and the size of the database. 12:45 Lois: But it's a great way for developers to really experience GoldenGate without worrying about a license, right? What's next, Nick? Nick: We have GoldenGate for Distributed Applications and Analytics, which was formerly called GoldenGate for big data, and that allows us to do all the streaming. That's also where the GoldenGate AsyncAPI integration is done. So in order to publish the GoldenGate trail files or allow people to subscribe to them, it would be covered under the Oracle GoldenGate Distributed Applications and Analytics license. We also have OCI GoldenGate Marketplace, which allows you to run essentially the on-premises version of GoldenGate but within OCI. So a little bit more flexibility there. It also has a hub architecture. So if you need that 99.99% availability, you can get it within the OCI Marketplace environment. We have GoldenGate for Oracle Enterprise Manager Cloud Control, which used to be called Oracle Enterprise Manager. And this allows you to use Enterprise Manager Cloud Control to get all the statistics and details about GoldenGate. So all the reporting information, all the analytics, all the statistics, how fast GoldenGate is replicating, what's the lag, what's the performance of each of the processes, how much data am I sending across a network. All that's available within the plug-in. We also have Oracle GoldenGate Veridata. This is a nice utility and tool that allows you to compare two databases, whether or not GoldenGate is running between them and actually tell you, hey, these two systems are out of sync. And if they are out of sync, it actually allows you to repair the data too. 14:25 Nikita: That's really valuable…. Nick: And it does this comparison without locking the source or the target tables. The other really cool thing about Veridata is it does this while there's data in flight. So let's say that the GoldenGate lag is 15 or 20 seconds and I want to compare this table that has 10 million rows in it. The Veridata product will go out, run its comparison once. Once that comparison is done the first time, it's then going to have a list of rows that are potentially out of sync. Well, some of those rows could have been moved over or could have been modified during that 10 to 15 second window. And so the next time you run Veridata, it's actually going to go through. It's going to check just those rows that were potentially out of sync to see if they're really out of sync or not. And if it comes back and says, hey, out of those potential rows, there's two out of sync, it'll actually produce a script that allows you to resynchronize those systems and repair them. So it's a very cool product. 15:19 Nikita: What about GoldenGate Stream Analytics? I know you mentioned it in the last episode, but in the context of this discussion, can you tell us a little more about it? Nick: This is the ability to essentially stream data from a GoldenGate trail file, and they do a real time analytics on it. And also things like geofencing or real-time series analysis of it. 15:40 Lois: Could you give us an example of this? Nick: If I'm working in tracking stock market information and stocks, it's not really that important on how much or how far down a stock goes. What's really important is how quickly did that stock rise or how quickly did that stock fall. And that's something that GoldenGate Stream Analytics product can do. Another thing that it's very valuable for is the geofencing. I can have an application on my phone and I can track where the user is based on that application and all that information goes into a database. I can then use the geofencing tool to say that, hey, if one of those users on that app gets within a certain distance of one of my brick-and-mortar stores, I can actually send them a push notification to say, hey, come on in and you can order your favorite drink just by clicking Yes, and we'll have it ready for you. And so there's a lot of things that you can do there to help upsell your customers and to get more revenue just through GoldenGate itself. And then we also have a GoldenGate Migration Utility, which allows customers to migrate from the classic architecture into the microservices architecture. 16:44 Nikita: Thanks Nick for that comprehensive overview. Lois: In our next episode, we'll have Nick back with us to talk about commonly used terminology and the GoldenGate architecture. And if you want to learn more about what we discussed today, visit mylearn.oracle.com and take a look at the Oracle GoldenGate 23ai Fundamentals course. Until next time, this is Lois Houston… Nikita: And Nikita Abraham, signing off! 17:10 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.
How can Entra ID Protection help keep your organization resist security breaches? Richard talks to Corissa Koopmans about thinking beyond authentication and authorization and into conditional access - knowing what is normal and abnormal behavior for your users. Corissa recommends looking at the Entra ID Protection Dashboard - whether you have configured anything or not - to see what potential risks you have today. Whether it's logins from places where you have no workers or some "impossible travel" or weird browser connections, ID Protection detects and identifies those events. When combined with conditional access, Defender for Cloud, or even Microsoft Intune - you get a "better together" effect that makes it easier to know when something bad is happening!LinksMicrosoft Entra ID ProtectionAzure Active Directory Conditional AccessEntra ID Protection DashboardLog Analytics AgentMicrosoft IntuneMicrosoft Defender for CloudMicrosoft SentinelRecorded December 10, 2024
In episode 211 of our SAP on Azure video podcast we talk about Single Sign-On with SAP API Management and Power Platform. A few months ago we had Vinayak from SAP on the show to talk about SAP API Management on the SAP Business Technology Platform. We talked about several Single Sign-On scenarios with Entra ID (or Azure Active Directory as it was called before). Then we also had Martin with us a few weeks back where he talked about Single Sign-On to Power Platform!Well, today will be a great episode because we bring both colleagues together to talk about Single Sign-On from SAP via SAP Business Technology Platform API Management and Power Platform. Find all the links mentioned here: https://www.saponazurepodcast.de/episode211Reach out to us for any feedback / questions:* Robert Boban: https://www.linkedin.com/in/rboban/* Goran Condric: https://www.linkedin.com/in/gorancondric/* Holger Bruchelt: https://www.linkedin.com/in/holger-bruchelt/ #Microsoft #SAP #Azure #SAPonAzure #PowerPlatform #SSO #APIManagement #SAPBTP
In this episode, we catch up with Tom Rice for another update on his deployment project with a large retail customer. The project involves transitioning to iOS devices for handheld point-of-sale terminals and providing Macs to back-office employees. Tom discusses the customer's network setup across all their retail locations and shares insights on overcoming connectivity issues using the Mac Evaluation Utility. Next, Steve Weiner, Principal Architect at SHI and recently awarded Microsoft MVP, joins the conversation to talk about the latest updates in Microsoft Intune. Steve explains how the new Platform SSO feature allows users to log into a Mac using their Microsoft Entra ID (formerly Azure Active Directory) credentials, providing a seamless single sign-on experience. This integration simplifies Mac management and enhances security, particularly for organizations with mixed Mac and Windows environments. This episode of We Got Your Mac is presented in collaboration with SHI's Mac Readiness Assessment. For a limited time, eligible customers who complete the assessment get a free trial of top-tier MDM solutions like Jamf Pro or Kandji. Visit SHI.com/MacAssessment today to see how SHI can unlock the full potential of your Apple fleet. Discussed in this episode Automatic network connection for new devices using a certificate chain of trust. Provisioning network setup for initial device configuration. Troubleshooting network connectivity issues using the Mac Evaluation Utility. Overview of enrolling Macs in Microsoft Intune. Explanation of the new Platform SSO feature allowing users to log into Macs using Microsoft Entra ID (formerly Azure Active Directory) credentials. Benefits of Platform SSO for seamless single sign-on experience and improved security. Security enhancements and zero-touch deployment options with Platform SSO. Impact on user adoption and ease of use for organizations with mixed Mac and Windows environments.
In this episode, hosts Lois Houston and Nikita Abraham continue their exploration of Oracle Database 23ai's database security capabilities. They are joined once again by Ron Soltani, a Senior Principal Database & Security Instructor, who delves into the intricacies of the new hybrid read-only mode for pluggable databases, the flexibility of read-only users and sessions, and the newly introduced developer role. They also discuss simplified schema-level privileges and the integration of Azure Active Directory with Oracle Database. Oracle MyLearn: https://mylearn.oracle.com/ou/course/oracle-database-23ai-new-features-for-administrators/137192/207062 Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X: https://twitter.com/Oracle_Edu Special thanks to Arijit Ghosh, David Wright, and the OU Studio Team for helping us create this episode. --------------------------------------------------------- Episode Transcript: 00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:26 Lois: Hello and welcome to the Oracle University Podcast. I'm Lois Houston, Director of Innovation Programs with Oracle University, and with me today is Nikita Abraham, Principal Technical Editor. Nikita: Hi everyone! In our last episode, we discussed database security, why it is so important, and all its different components. Today, we're going to be continuing that conversation by looking at all the new features related to database security that have been released in Oracle Database 23ai, previously known as 23c. 00:59 Lois: And we're so happy to have Ron Soltani back as our guide. Ron is a Senior Principal Database & Security Instructor with Oracle University. Hi Ron! Thanks for joining us again! We have a list of the new features related to database security and we'd like to ask you about them one by one, starting with the new mode for pluggable databases. What's that about? 01:21 Ron: With the hybrid read-only mode for pluggable database, the database could be in the read/write mode or read-only mode, depending on the user that is actually connected. So one of the things we have to realize is the regular read-only mode has one major issue. The major issue is everything, including data dictionary, including SysAux and all of the other elements are also locked up read-only. So we cannot do any database maintenance. We cannot collect statistics to monitor anything. So you pretty much have to hard tune everything for the load you want and maintain everything. And this happens in many warehouse environments, in environments where the data itself is generally loaded. And then just heavily read. So it requires to be in a read-only mode to protect it. So with a hybrid read-only mode, if you are a local user in the PDB, even a PDB administrator-- so I can create a local user in the PDB as a PDB administrator. And grant that PDB administrator even sysdba privilege. But once the PDB is open hybrid read-only mode, even for that user, the PDB is read-only. However, if a common user connect, who is, as you know, is a CDB user. Generally, CDB-level privileges granted and considered CDB administrators. If they connect to the PDB, then the PDB is actually in read/write mode. So now, they can take snapshots. They can use all of the database tools to monitor how things are going. They can perform maintenance. So this allows us to be able to perform patching, maintenance, and other database-related operation. 03:17 Nikita: So you don't have to flip back and forth between read-only, read/write, read-only, read/write… Ron: Because you know if we have database read/write to go to read-only, generally, we would have to shut down the database, then go to read-only. Then from read-only, we can go to read/write. But then going back to read-only, we have to shut down again. Lois: Which was the issue with the normal read-only on the pluggable database, right? I'm glad that's been made easier. Ok… Moving on to the next new feature, which is read-only users and sessions. What can you tell us about this one, Ron? 03:51 Ron: As we previously discussed, you can put the PDB in the hybrid read-only mode. But then now the PDB is read-only for all local application users. However, let's say we have an environment where you have multiple application users. One needs to be able to perform maintenance and perform updates where other sessions who are just reading the data to protect against all security element, and then better performance and operation management. We are going to set up read-only. So setting up read-only at the pluggable database, that can be very high level depending on the application need. So with the read-only users and session, this will give you capability of setting read-only either for a particular user. So when the user connects, all the user can do is read-only process. We do a lot of testing, for example. And we have users that may have read/write privilege in the test environment, then we want to go ahead and perform other operation. So we would have to take privileges away, set the read-only, then go back and change again to read/write. So performing all of those different type of tests and even with the development has always been an issue. So having granular capability of managing at a user or a session level can give us a major benefit of better granularly managing all application needs without sacrificing either security or having extra components that would have to be done by administrators. 05:33 Nikita: Yeah, this gives you a lot of flexibility and you don't have to keep temporarily changing privileges or configuring specific types of sessions. It's also an easy way to control user behavior, right? Ron: An application, as we said, have the schema owner that today we want to have a schema-only user for the schema owner. That is usually nobody connect us. But then we have multiple schema users that one may be used for performing updates, one is used for administration, and one can be used for read-only. So this can give me a mechanism to manage that, or if a particular operation needs to run and for security purposes, that particular session needs to be set to read-only. So that gives us major control over it. And in the cloud environment, this can be a very, very good component for better managing all of the security levels, where you can enable very fine-grained control while supporting all functionality of the application. 06:39 Lois: Ok. So, can you tell us about this new developer role in the database? Ron: If we think about application administration, usually we create a schema owner. And we start by giving that the schema owner privileges-- grant them a resource role. By having resource role, they can create simple objects. But when you design an application, you need to implement it, test that, and then deploy it. Today, there are many, many complex objects that can be used at the application level to manage the application. So today, we grant the resource role to the schema owner. Then we wait until they complain. They don't have privilege for certain object they want to create. Then we're going to have to grant them privileges as needed, and that used to be the way the security had worked. But today since we have a schema only account where we can only enable the account when we want to do any type of schema work, and then it's locked up so the schema is protected, giving the schema owner the application role, the DB application role, now that has all the privileges in it, should not cause any security issue when managed properly, and will provide them with all of the privileges that they need to perform their work, including there are many complex schema structure like analytical views, hierarchies, dimensions, data-specific types that you can create. And many of these type of privileges are not just assigned through a regular privilege assignment. Some of them are assigned through procedures. 08:21 Lois: And could you give us some examples of how this feature could be used? Ron: So there are many different ways of granting all of these granule privileges. So at the time that we go ahead and perform development of the schema and all of that depending on what's available, we don't know really what privileges do we need. And as we said, there are many packages that we may be able to use to create complex objects that then gradually have to go ahead and get privileges on executing those packages and to be able to use them. And as we said at the time we actually performed the application, many of these objects, we may not even know we're going to use them until later on becomes evident or it may be a better structure to represent what we want. So having to add and continuously deal with these type of changes can become extremely kind of cumbersome and tedious. It also delays all of the operations, especially now that the application schema owner can be secured. So we can grant this developer role to the schema owner, give the schema owner all privileges that is needed very quickly that they can now manage their schemas and manage all complex objects for that schema operation. So the role is called db developer role. And just like any other role, you would connect as an administrator, grant db developer role to the schema owner. Now, we don't need to grant the resource role and all other things, because everything here is included in the db developer role. 10:01 The Oracle University Learning Community is an excellent place to collaborate and learn with Oracle experts and fellow learners. Grow your skills, inspire innovation, and celebrate your successes. All your activities, from liking a post to answering questions and sharing with others, will help you earn a valuable reputation, badges, and ranks to be recognized in the community. Visit www.mylearn.oracle.com to get started. 10:28 Nikita: Welcome back! Ron, how have schema-level privileges been simplified in 23ai? Ron: To be able to understand this, first we can review the privilege assignment in Oracle Database. First, you can be granted a privilege at an object level, so you can perform certain work on a particular object. However, let's say I have a user account that I'm going to use an app user who's going to have to read from multiple objects within a particular schema. Now this granting at the object level is too low because I have to go at each object and assign the privileges needed on that particular object to the user. Or we had our system privilege, for example, grant create any table to a user. The problem with that is now you can create any table within the schema that I want you to work with. But that privilege goes across all the schemas in the database, of course, not the database schemas itself-- those are protected, but across all user schemas. 11:34 Lois: Right. So, you're getting that privilege on other schemas that you may not really need that privilege for... Ron: So now the gap is kind of met with creating a schema-level privilege that allows you to grant the same any privilege but on all objects of a particular schema and not granted across all the schemas. So this now allows us to much better be able to manage schemas, have schema user accounts with different level privileges on all the objects that they need to perform the type of work that they need to, without having to granularly assign each one of those privileges as we used to create many different roles with different privileges needed, then try to control the users by granting them those roles. Here, these are much better simplified by going through the schema-level privilege. 12:34 Nikita: Ron, I want to ask you about the new feature on creating audit policies at the column level. Ron: So if you remember, in the past, we talked about we can create audit policies with the old system where you would identify what to audit. But then you had to manage a whole bunch of parameters and security. And protecting audit even from the administrator were major issues. In 12, Oracle identified or added the unified audit, which gives you protection on the audit schema. Even administrators cannot access it. You manage it through privileges that are assigned specifically to users who are going to manage the audit. And it also allow you to audit Oracle operations, tools like Data Pump, like RMAN. So you can create a really secure audit environment monitoring everything in the database using unified audit and then maintain and manage those audits. One of the important aspect of auditing is generating the minimal amount of audits. So this way, audits can be reviewed because if you generate too much audit, it is very hard to automate either using an automated system to review the audits or having users to review those audits. Furthermore, if we wanted to then audit specific columns and different operation like SELECT, DML, we would have had to use the row-level security and build additional policies to be able to then individually monitor those columns, which not very simple to use and manage. And then the audits are put in different tables. Having to maintain all of those, relate them has always caused major issue overall. So the benefit of having now this column-level audit added to the normal unified audit policies is that you can go ahead and build now your audits instead of at the table level, only for a particular column. This is going to reduce the false positive results that are generated because if I'm going to put update on a table, not updating any column can generate an audit. But if I put update on the column salary, then only if the salary is updated, the audit is generated. So that can give me just the audits that are needed without the additional false positive audits that are generally generated. 15:08 Lois: Ron, can you talk to us about the management of authorization for Unified Audit administration, especially when using Database Vault? Ron: So first as we know for the Unified Audit, you have audit admin privilege and audit viewer privilege. If you want to be able to create and administer and manage all of the audit information, including the audit purging and time periods and all of that, you have to have audit admin privilege. If you want to be able to read and generate the reports or things like that from the audits that have been created, you have to have audit viewer privilege. Now we also have Oracle Database Vault. Database Vault kind of uses a row level security, but not on the end user data. It applies this row level security and administration on Oracle data dictionary. And allows you to control when particular object can be used, at what level can they be used? And give you complete control over how the actual database and the objects are used and become available to other users in the database, including other administrators, even schema owners. So when the Database Vault is then applied and enabled, in the past, we could have managed the Unified Audit, which was kind of very funky to put one of the major security functions outside the main security Administration utility of the database. So now, the Unified Audit has been incorporated into the Database Vault. So you can now use Database Vault to go ahead and set up the privileges and configuration for the authorizations required for managing Unified Audit. This also controls all the high-level users, including SYS, SYSTEM, and anyone who may have DBA roles or other high-level privileges. So this allows us to now enable the Database Vault, and then manage the authorizations for the Unified Audit through Database Vault. Therefore, all authorization administration is unified under the same security tool, which is Database Vault. 17:28 Nikita: The final new feature to discuss is the integration of Microsoft Azure Active Directory with the Oracle database environment. What can you tell us about it, Ron? Ron: This has been requested by many of the clients who use other platforms and active directories and then need to access either the Oracle OCI, Oracle Cloud where the databases are running or having Oracle databases even in a local environment. So wanted to be able to now allow this to happen. So if you remember, originally we had capability of mapping users from the database into Oracle Active Directory. So this way the user's role privileges can be centrally managed and the user does not inherit any privileges in the database. So if the user directly connect to database, has no privileges. Connect properly through Active Directory, everything enabled. Then in Database 18, they created the commonly managed users, the CMUs. Where we could now map a third party Active Directory and then be able to use that into connecting to Oracle database for authentication and user administration. However, many of our clients use Microsoft Azure Active Directory. And they wanted to be able to integrate that particular Active Directory into Oracle environment, especially in the Oracle OCI Database as a service environment. So to be able to do that, Oracle has multiple components that they have built to allow this to be able to now be configured and used. So the client can use these Active Directory for their user administration centrally. 19:20 Lois: With that, I think we've covered all the new features related to database security in 23ai. Thanks so much for taking us through all of them and giving us some context. Nikita: Yeah, it's really been so helpful. To learn more about these new features and watch some demonstrations on them, visit mylearn.oracle.com and search for the Oracle Database 23ai New Features for Administrators course. Join us next week for a discussion on some more Oracle Database 23ai new features. Until then, this is Nikita Abraham… Lois: And Lois Houston signing off! 19:54 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.
The common refrain after an incident is “We could and should learn from this”. To me, that alludes to the need for a robust learning culture.We might think we already have a good learning culture because we talk about problems and deep-dive them into retrospectives.But how often do we explore the nuances of how we are learning?Sorrel Harriet is an expert in supporting software engineering teams to develop a stronger learning culture. She was a “Continuous Learning Lead” at Armakuni (software consultancy) and now does the same work under her own banner.Her work ties in well with the ideas shared by Manuel Pais in episode #45 about how enabling teams can support a continuous learning culture. We tackled issues like the value of certifications, comparing technical with non-technical skills, and more. You can connect with Sorrel via LinkedInLearn more about what Sorrel does via LaaS.consultingHere's a bonus section because you read all this way. It covers 5 public outages and how the affected teams could improve their learning culture: 1. Slack Outage (February 2023)Slack experienced a global outage disrupting communication for hours due to backend infrastructure issues. Perhaps the team could focus their learning on more robust infrastructure management and resilience improvement.2. Twitter Algorithm Glitch (April 2023)A glitch in Twitter's algorithm caused timeline issues, stemming from a problematic software update. Perhaps the team could focus their learning on thorough testing and game days to rectify critical system errors swiftly.3. Microsoft Azure AD Outage (March 2023)Azure Active Directory faced a significant outage due to an internal configuration change. Perhaps the team could focus their learning on the importance of rigorous change management and how to address misconfigurations quickly.4. Google Cloud Platform Networking Issue (May 2023)Google Cloud Platform experienced widespread service disruptions from a software bug in its networking infrastructure. Perhaps the team could focus their learning on the need for comprehensive testing and preventing disruptions.5. GitHub Outage (June 2023)GitHub suffered a major outage caused by a cascading failure in its storage infrastructure. Perhaps the team could focus their learning on robust fault-tolerance mechanisms and ways to address the root causes of failures. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit read.srepath.com
Most people sign into Windows 11 with a personal Microsoft account (MSA), and so we focus almost exclusively on that obvious use case in this book. But some people also have what Microsoft calls a work or school account, which is a special kind of Microsoft account managed by an organization and typically uses Entra ID (formerly Azure Active Directory, or AAD) authentication and authorization technologies. Host: Paul Thurrott Want access to the video version and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
We're all using zero trust - but are we using it well? Richard talks to Nicolas Blank about his work helping to develop the Zero Trust Adoption Framework. Nicolas talks about resisting the buzzword effect and avoiding looking at zero trust as a set of products because it isn't - it's really about the people and processes in your organization that keep things secure. The conversation also digs into the tabletop exercises needed to create priorities for security - not everything in your organization needs the same level of protection or effort. It pays to work through scenarios!Links:Zero Trust Adoption FrameworkMicrosoft Entra IDRansomware Recovery ReadinessMimiKatzRecorded October 12, 2023
So, what's Microsoft Entra all about? Richard chats with VPN guru Richard Hicks about his experiences with Microsoft Entra. More than just a new name for Azure Active Directory, Entra includes essential tooling to provide secure access to all sorts of services - and not only Microsoft ones! Richard talks about how Azure Conditional Access can be applied across all types of Microsoft products and with Entra Application Proxy, you can access your internal services and servers. Many of the capabilities are in preview now - but the future looks bright for Entra and Conditional Access!Links:Microsoft EntraMicrosoft Global Secure Access ClientAzure Conditional AccessMicrosoft Entra Private AccessMicrosoft Entra Application ProxyRDP using NPS and EntraMicrosoft Secure Access Service EdgeImplementing Always On VPNRecorded October 10, 2023
Microsoft Intune now has built-in native controls so you can manage your Macs similar to how you manage Windows PCs across the device lifecycle, without third party integrations or extensions. This decreases complexity and overhead and increases security, to help achieve your Zero Trust goals. Jeremy Chapman, Director of Microsoft 365, walks through the highlights: • Automated device enrollment • Microsoft Entra ID based single sign-on experience • Extended configuration management controls • Support for common DMG and PKG app package types • Declarative Device Management (DDM) for updates • Upcoming capabilities like Remote Help for macOS within the Intune Suite ► QUICK LINKS: 00:00 - Manage your Macs similar to Windows PCs 01:12 - Admin configurations: Device Enrollment 03:16 - User experience for setup 05:50 - Device configuration for admins 07:13 - Declarative Device Management (DDM) 07:50 - Security settings 08:35 - Distribute and install DMG and PKG app packages 10:23 - Remote Help for macOS coming soon 10:54 - Wrap up ► Link References Get more information at https://aka.ms/IntuneforMac ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Welcome back, loyal Data Center Therapy listeners! As summer gives way to fall, we're dropping another fresh and topical episode onto the hot podcast grill for your informational delight (with a dash of fun thrown in for good measure.) Your host, Mr. Matt “My Stack Overflowed” Cozzolino joins IVOXY End User Compute specialists Ryan "Universal Broker" Grelck and Aaron "Auto-Scaling" Hagman for a deep dive into the new and cloud-enabled world that is Microsoft Azure Virtual Desktop, and Windows 365. In just thirty-two minutes, you, our listeners will get to learn about: What Azure Virtual Desktop is, why it exists, and what the implications are for mobility and security. What kinds of capabilities AVD has for integration with VNETs, storage, profiles, domains and Entra ID (formerly Azure Active Directory.) Why some organizations use multi-session desktops. How Windows 365 differs from AVD, and how it's two flavors (Business and Enterprise) differ from each other. What MSIX App Attach is, how it's similar to Horizon's AppVolumes, and how Horizon on Azure is now a thing. What the future of Windows Software Update Services is, how Intune and Group Policy interact, and what ADMX/ADML templates are. And many of the reasons businesses ultimately choose to implement AVD, including a focus on budget, CAPEX/OPEX, security or performance considerations. Along the way the crew also discusses Azure Arc, VPN tunnels and Express Routes, GPU-enabled cloud desktop instances, Windows Update for Business, thin clients and much more. If you like what you hear, please be sure to like, subscribe and share wherever you find quality podcasts like Data Center Therapy. If you're interested in learning more about AVD or Windows 365, please reach out to your IVOXY Account Manager and we'd be happy to help guide you on your journey. Thanks for listening! Be safe, be informed, manage your virtual desktop environment like a boss, and catch you on the next fresh episode!
Simplify and improve security for sign-in experiences with Microsoft Entra ID, the new name for Azure Active Directory. Microsoft Entra ID is a unified identity provider to sign into your non-Microsoft services, like Google, AWS, Salesforce, and ServiceNow. See how it's used to manage service licensing for Microsoft 365, Office 365, Enterprise Mobility + Security, and Microsoft Purview. It features unique capabilities like conditional access, passwordless authentication, Single Sign-on, and Dynamic Groups. Perform the most common day-to-day tasks, like adding and editing user accounts, options for groups and what each do, as well as managed identities, role assignment, admin units, and additional core capabilities. Jeremy Chapman, director of Microsoft 365 and a long-time endpoint management and directory services admin, explains the setup and configuration. ► QUICK LINKS: 00:00 - Simplify identity management 01:05 - Consolidate identity services 02:52 - Admin experience 05:09 - Conditional Access 05:39 - Manage user accounts 07:09 - Edit users 08:16 - Dynamic Groups 10:22 - Admin Roles & Admin Units 11:45 - Single Sign-On 12:34 - Wrap up ► Link References For more information, check out https://aka.ms/EntraDocs ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
In this episode, we're diving into the realm of identity and access management in the cloud. Our guest is Dr. KVN Rajesh, a multi award-winning trainer focused on Microsoft Azure security.With a PhD in deep learning and over 10,000 individuals trained, Dr. Rajesh is a cloud security expert you won't want to miss.Dr. Rajesh explains the concept of identity and access management (IAM) and how it helps protect our digital resources.Imagine your username as your digital ID and access as your role within the organization – all controlled through IAM. IAM helps protect critical data, data privacy, and ensures compliance.Dr. Rajesh talks about creating and managing IAM users, from provisioning to authentication, authorization, lifecycle management, and continuous monitoring.He then explores the power of IAM policies. These digital blueprints govern user permissions and actions, safeguarding the principle of least privilege. Dr. Rajesh sheds light on architecture best practices of these policies and their role in maintaining the balance between security and user experience.As our episode focus pivots to cloud environments, Dr. Rajesh showcases the pivotal role of IAM in Microsoft Azure. You will learn how Azure IAM centralizes access control, leveraging Azure Active Directory and Role-Based Access Control (RBAC) for seamless user identity management.Dr. Rajesh also addresses emerging trends shaping the future of IAM.He discusses zero trust, AI integration, and blockchain-backed identity verification.But every coin has two sides.Dr. Rajesh shares some common pitfalls to avoid – from generic passwords to excessive privileges – and offers a roadmap for troubleshooting IAM issues.Dr. Rajesh recommends a comprehensive IAM strategy to enforce granular permissions, track user activities, and ensure regulatory compliance.In this ever-connected world, cloud-based IAM solutions come with scalability, centralized management, and seamless integration. Dr. Rajesh digs into common benefits and challenges with cloud IAM solutions, to help your organization identity "right fit" solutions.Dr. Rajesh also emphasizes the urgency of implementing IAM best practices because of emerging threats and the reduced barrier to entry for cyber criminals.Be sure to like and subscribe for more episodes of the
In our much-anticipated second interview with James Brundage, marking a year since his last appearance, we delved into a dynamic array of topics. The episode commenced with a rundown of PowerShell Gallery security, addressing listener feedback and concerns. We also spotlighted a curated selection of beneficial modules as suggested by our listeners. The spotlight then shifted to James' latest brainchild, Posh, unraveling its intricacies and potential. The conversation further unfurled to encompass enlightening discussions on EzOut, the nuances of battling typosquatting, the emergence of a new PowerShell user group, and we learned what dynamic polymorphism is and why that matters. James Brundage has been heavily involved in PowerShell for over 15 years. He is a former member of the PowerShell team, working there during v2 and v3. He now works as a consultant with Start-Automating, applying his PowerShell expertise to organizations to help solve large-scale problems all around the world. He also has a lot of great projects on GitHub and regularly shares his knowledge at user groups and conferences. Watch the PowerShell Podcast on YouTube: https://www.youtube.com/watch?v=DVJqnaKJ1VY https://github.com/ctigeek/InvokeQueryPowershellModule https://www.powershellgallery.com/packages/MSAL.PS/ https://github.com/Badgerati/Pode https://github.com/jborean93/PowerShell-Yayaml https://github.com/darkoperator/Posh-SSH https://github.com/StartAutomating/PSSVG https://github.com/StartAutomating https://github.com/StartAutomating/Irregular https://github.com/StartAutomating/EZOut https://github.com/StartAutomating/Posh powershellgallery.com MSAL.PS 4.37.0.0 The MSAL.PS PowerShell module wraps MSAL.NET functionality into PowerShell-friendly cmdlets and is not supported by Microsoft. Microsoft support does not extend beyond the underlying MSAL.NET library. For any inquiries regarding the PowerShell module itself, you may contact the author on GitHub or PowerShell Gallery. MSAL.NET (Microsoft.Identity.Client) is an authentication library that enables you to acquire tokens from Azure AD, to access protected Web APIs (Microsoft APIs or applications registered with Azure Active Directory).
Multiple U.S. government agencies were recently breached after adversaries exploited vulnerabilities in Microsoft's Azure Active Directory. With Microsoft vulnerabilities at the heart of some of the worst breaches in recent history, many in the cybersecurity industry are beginning to wonder: Do the dangers of the Microsoft monoculture outweigh the benefits? In this special bonus episode, Adam and Cristian break down this breach and examine the history of breaches exploiting Microsoft technology on their path to answer a pivotal question: Has Microsoft's monoculture become a national security risk? Learn more: Your choice of security provider is critical to reducing cyber risk. Learn why customers trust CrowdStrike over Microsoft to protect their organization: https://www.crowdstrike.com/microsoft-risk/ Join an upcoming hands-on lab to experience why 8 out of 10 times, when an enterprise runs a proof of value test, they choose CrowdStrike: https://experiencethedifferencebetweencsandmsft.splashthat.com/
Let's talk about NEXT! Agenda's are live and some sessions are already FULL so if you have not done so already, head over to the site and start putting together your agenda. Let's talk about parties! It's numbers time folks, if we did an exclusive Workspace afterparty lounge event would you attend? I need to know numbers so we can actually put this thing together so if you want to attend please RSVP Here: https://forms.gle/NvQydzAnqGHUWqjh7 Thank you to everyone who subscribed to the channel and has allowed us to reach the 500 subscribers milestone, on to 1000! Please share us with your friends!
In Episode 343, Ben and Scott start to tackle the great renaming of Azure Active Directory to Microsoft Entra ID (or MEID). Except for the places that it didn't get renamed. It's not confusing at all. They discuss the implications of the rename and the potential confusion it could cause, as well as explore new product announcements related to Microsoft's foray into the security service edge market. They also provide resources for understanding the rename and navigating Microsoft Intra. Overall, they have some frustration with the renaming exercise, but acknowledge that it probably is a good thing and when it comes down to it, is largely a just a rename of the service. Like what you hear and want to support the show? Check out our membership options. Show Notes Announcing new innovations in Microsoft Entra Microsoft Entra Plans & Pricing Azure AD is being renamed to Microsoft Entra ID New name for Azure Active Directory Azure AD Renamed! Enter Microsoft Entra ID Microsoft Entra External ID? public preview: Developer-centric platform Planning for customer identity and access management (preview) Identity PowerToys https://idpowertoys.com/assets/mindmaps/entra-v1.pdf Microsoft Entra Expands into Security Service Edge with Two New Offerings About the sponsors Intelligink utilizes their skill and passion for the Microsoft cloud to empower their customers with the freedom to focus on their core business. They partner with them to implement and administer their cloud technology deployments and solutions. Visit Intelligink.com for more info.
Migrate from Active Directory Federation Services to Microsoft Entra ID, formerly Azure Active Directory. Many key blockers have been removed with Microsoft Entra ID, including capabilities like certificate-based auth, group filtering, group transformation, and token augmentation. Additional capabilities include conditional access and phish-resistant passwordless authentication. Jeremy Chapman, Director at Microsoft 365, shares the steps to migrate from AD FS to Microsoft Entra, as well as an inside look at the management and IT experience. ► QUICK LINKS: 00:00 - Introduction 01:27 - Why migrate from AD FS? 02:32 - Compare the management experience 03:58 - IT perspective 04:48 - How to migrate from AD FS to Microsoft Entra 05:31 - Walk through the setup 06:35 - Salesforce process 07:22 - Wrap up ► Link References: Tutorials and resources for the most common apps at https://aka.ms/migrateapps Hands-on guidance and detailed documentation for migration at https://aka.ms/adfs2entra ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Automate manual steps to onboard and offboard users as they enter or leave your organization using Microsoft Entra. For onboarding, manage user identities, grant permissions to access necessary information, and provide users with what they need to be productive, such as computer hardware. As people leave the organization, deprovisioning is critical to maintain security and compliance. Lifecycle Workflows in Microsoft Entra ID Governance can help with pre-built templates for common tasks. Microsoft Entra is a complete identity management platform with everything you knew about Azure Active Directory, along with new capabilities. Identity lifecycle management automation removes many of the manual steps of everyday identity management tasks. With Lifecycle Workflows, users experience more consistency for better job satisfaction and reduced risk. It works with HR systems, like Workday and SuccessFactors, as part of the onboarding and offboarding workflow. Jeremy Chapman, Director of Microsoft 365, walks through Identity Lifecycle Management automation in Microsoft Entra. ► QUICK LINKS: 00:00 - Introduction 01:28 - Automate employee onboarding 04:19 - Automate employee offboarding 05:41 - Workflow history 06:58 - Built-in change tracking for version history 08:30 - Wrap up ► Link References: For more on lifecycle workflows, check out https://aka.ms/ILMDocs Try it out at https://entra.microsoft.com ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Moving to Azure Virtual Desktop (AVD) has never been easier! Richard talks to Jen Sheerin about her work with the Azure Virtual Desktop Accelerator tools. Jen describes how moving workloads to AVD is part of the Cloud Adoption Framework that helps you integrate virtual desktop workloads with standard security and licensing practices. The conversation explores the different folks who use the accelerator - even for greenfield implementations of new virtual desktops! There are more great tools to help you optimize your AVD implementation. Check the links in the show notes!Links:Azure Virtual DesktopRemote Desktop ServicesMicrosoft Cloud Adoption FrameworkAVD Remote Desktop Web ClientBicepAzure Virtual Desktop AcceleratorVirtual Desktop Optimization ToolWindows 10 vs Windows 11 BenchmarkLicense Universal PrintRecorded April 7, 2023
What we know about the Red Hat layoffs, highlights of Linux 6.3, and Canonical's bold claim in Ubuntu 23.04.
Configure Azure Virtual Desktop with the enterprise-grade configurations you'll want in place for secure authentication, improved connectivity, flexible user data, and service resiliency. If you're new to Azure Virtual Desktop, check out our overview and quick setup videos in the our playlist at https://aka.ms/AVDMechanicsSeries In this show, we cover: - Your options using Azure Active Directory to achieve single sign on and passwordless authentication - The newest experiences for using Web Authentication (WebAuthn) to redirect additional authentication factors to local devices - RDP Shortpath to optimize connectivity to remote hosts - Your options using FSLogix to manage profile containers - Architecting your Azure Virtual Desktop configuration for resiliency, and - Using Confidential Computing virtual machines to meet even the highest security requirements ► QUICK LINKS: 00:00 - Azure Virtual Desktop enterprise configurations 00:34 - Secure Authentication options in Azure Virtual Desktop 02:15 - Optimizing Connectivity to Azure Virtual Desktop hosts 03:12 - FSLogix user profile container options 05:12 - Architecting for high availability and service resiliency 06:58 - Confidential computing in Azure Virtual Desktop ► Link References: Azure Virtual Desktop playlist on Mechanics: https://aka.ms/AVDMechanicsSeries Azure Virtual Desktop connectivity options: https://aka.ms/AVDConnectivity FSLogix High Availability configuration guidance: https://aka.ms/FSLogixHA ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
In this Their Story podcast, Sean Martin talks with Matthew Vinton and Sergey Medved from Quest about the challenges associated with Active Directory (AD) and the importance of these systems in a company's overall security methodology and posture.Active Directory remains an integral part of an organization's IT infrastructure as it is the pillar of identity that most organizations use to enable their workforce, partners, and business processes. The trio discusses how Quest helps companies manage their AD environment across a variety of functional areas like assessing the environment, detecting changes, putting in preventive controls, and guiding response and recovery.They also cover the growing challenges security leaders face concerning AD and the gap between the people in the trenches and business leaders who may not understand the inherent importance of AD. Exacerbating this reality is the ongoing security talent shortage, where few new entries into the field learn the technology as it is not as forward-looking when compared to Azure.About the Cybersecurity risk management for Active Directory from QuestMicrosoft Active Directory (AD) is under attack. That's why cybersecurity risk management is so important. With 95 million attempted AD attacks every day, it should be no surprise to hear AD was the target of another cybercrime. But these concerns aren't contained to on-prem AD; in 2021 alone, there were more than 25 billion Azure AD attacks. It's clear cybersecurity risk management needs to be a consideration, and even if the issues you've encountered aren't intentional or nefarious, you still need to be prepared for the worst.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuests:Matthew Vinton, Strategic Systems Consultant at Quest [@Quest]On Linkedin | https://www.linkedin.com/in/matthew-vinton/On Twitter | https://twitter.com/Mister_momentumSergey Medved, VP, Product Management and Marketing at Quest [@Quest]On Linkedin | https://www.linkedin.com/in/sergeym/ResourcesLearn more about Quest: https://itspm.ag/quest-adp23Learn more about the Quest Cybersecurity for Active Directory Solution: https://itspm.ag/quest-pp49For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
File Explorer access keys, Edge Workspaces public preview, Xbox Remix Special Edition Controller Happy birthday, Microsoft Microsoft turned 48 this week (April 4). It took a wrong left turn in Albuquerque Windows 11 New Beta channel build adds Access Keys to File Explorer, Content Adaptive Brightness Control (CABC), and, yes, a new Bing button on the Taskbar Microsoft Edge Workspaces now in limited public preview Microsoft 365 Oh you didn't think the new Bing was free, did you? (New) Outlook for Windows Preview gains Gmail support, finally Right before the new Bing launch, Microsoft fixed a major security vulnerability that compromised Bing Google secretly enacted a 5 million file limit on Drive then retracted it after complaints Surface Microsoft announces Surface Thunderbolt 4 Dock (Surface Dock 3) with no Surface Connect connector Xbox Microsoft reveals first Game Pass titles for April New Xbox Wireless Controller contains "some" recycled materials, is very expensive Tips and Picks Tip of the week: Enable split window feature in Microsoft Edge App pick of the week: Google Nearby Share for Windows This week on RunAs: IPv6 and Azure Active Directory with Pierre Roman Brown liquor pick of the week: Auchentoshan Virgin Oak Hosts: Paul Thurrott, Richard Campbell, and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: meraki.cisco.com/twit Melissa.com/twit CDW.com/LenovoClient
File Explorer access keys, Edge Workspaces public preview, Xbox Remix Special Edition Controller Happy birthday, Microsoft Microsoft turned 48 this week (April 4). It took a wrong left turn in Albuquerque Windows 11 New Beta channel build adds Access Keys to File Explorer, Content Adaptive Brightness Control (CABC), and, yes, a new Bing button on the Taskbar Microsoft Edge Workspaces now in limited public preview Microsoft 365 Oh you didn't think the new Bing was free, did you? (New) Outlook for Windows Preview gains Gmail support, finally Right before the new Bing launch, Microsoft fixed a major security vulnerability that compromised Bing Google secretly enacted a 5 million file limit on Drive then retracted it after complaints Surface Microsoft announces Surface Thunderbolt 4 Dock (Surface Dock 3) with no Surface Connect connector Xbox Microsoft reveals first Game Pass titles for April New Xbox Wireless Controller contains "some" recycled materials, is very expensive Tips and Picks Tip of the week: Enable split window feature in Microsoft Edge App pick of the week: Google Nearby Share for Windows This week on RunAs: IPv6 and Azure Active Directory with Pierre Roman Brown liquor pick of the week: Auchentoshan Virgin Oak Hosts: Paul Thurrott, Richard Campbell, and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: meraki.cisco.com/twit Melissa.com/twit CDW.com/LenovoClient
File Explorer access keys, Edge Workspaces public preview, Xbox Remix Special Edition Controller Happy birthday, Microsoft Microsoft turned 48 this week (April 4). It took a wrong left turn in Albuquerque Windows 11 New Beta channel build adds Access Keys to File Explorer, Content Adaptive Brightness Control (CABC), and, yes, a new Bing button on the Taskbar Microsoft Edge Workspaces now in limited public preview Microsoft 365 Oh you didn't think the new Bing was free, did you? (New) Outlook for Windows Preview gains Gmail support, finally Right before the new Bing launch, Microsoft fixed a major security vulnerability that compromised Bing Google secretly enacted a 5 million file limit on Drive then retracted it after complaints Surface Microsoft announces Surface Thunderbolt 4 Dock (Surface Dock 3) with no Surface Connect connector Xbox Microsoft reveals first Game Pass titles for April New Xbox Wireless Controller contains "some" recycled materials, is very expensive Tips and Picks Tip of the week: Enable split window feature in Microsoft Edge App pick of the week: Google Nearby Share for Windows This week on RunAs: IPv6 and Azure Active Directory with Pierre Roman Brown liquor pick of the week: Auchentoshan Virgin Oak Hosts: Paul Thurrott, Richard Campbell, and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: meraki.cisco.com/twit Melissa.com/twit CDW.com/LenovoClient
Are you ready for more IPv6 in your life? Richard talks to Pierre Roman about recent support added to Azure Active Directory for IPv6 - specifically around Conditional Access. Pierre talks about how in the past, IPv6 addresses weren't a part of Conditional Access - but now they are. This could cause problems for folks connecting to an Azure tenant via IPv6 if those IPv6 ranges aren't included as named locations. Even if this update hasn't impacted you yet, it can - changes to your ISP or when connecting to the internet can result in IPv6 access being required - don't get locked out!Links:Google IPv6 AdoptionPierre's Blog Post on IPv6IPv6 Support in Azure Active DirectoryAzure DNS FAQRecorded March 27, 2023
File Explorer access keys, Edge Workspaces public preview, Xbox Remix Special Edition Controller Happy birthday, Microsoft Microsoft turned 48 this week (April 4). It took a wrong left turn in Albuquerque Windows 11 New Beta channel build adds Access Keys to File Explorer, Content Adaptive Brightness Control (CABC), and, yes, a new Bing button on the Taskbar Microsoft Edge Workspaces now in limited public preview Microsoft 365 Oh you didn't think the new Bing was free, did you? (New) Outlook for Windows Preview gains Gmail support, finally Right before the new Bing launch, Microsoft fixed a major security vulnerability that compromised Bing Google secretly enacted a 5 million file limit on Drive then retracted it after complaints Surface Microsoft announces Surface Thunderbolt 4 Dock (Surface Dock 3) with no Surface Connect connector Xbox Microsoft reveals first Game Pass titles for April New Xbox Wireless Controller contains "some" recycled materials, is very expensive Tips and Picks Tip of the week: Enable split window feature in Microsoft Edge App pick of the week: Google Nearby Share for Windows This week on RunAs: IPv6 and Azure Active Directory with Pierre Roman Brown liquor pick of the week: Auchentoshan Virgin Oak Hosts: Paul Thurrott, Richard Campbell, and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: meraki.cisco.com/twit Melissa.com/twit CDW.com/LenovoClient
In the latest episode of the Weekly Security Sprint, Dave and Andy covered the following topics: Nashville School Shooting: CNN: https://www.cnn.com/us/live-news/nashville-shooting-covenant-school-03-27-23/index.html Gate 15's Blue Jeans Worksho The Conversation: Watermarking ChatGPT, DALL-E and other generative AIs could help protect against fraud and misinformation, 27 March, shared by BJW Panelist, Todd Helmus Political Violence NBC: Trump warns of ‘potential death and destruction' if he's charged in hush money probe, 24 Mar Newsweek: Jim Jordan's Response to Trump's ‘Death & Destruction' Post, 24 Mar CBS: “Significant increase” in threats online ahead of possible Trump indictment, 20 Mar Breaking 911: Bomb Threats Made Against Manhattan DA, Courts & NYPD HQ As Possible Trump Indictment Nears, 21 Mar NY Post: Envelope containing suspicious powder, death threat sent to DA Alvin Bragg's NYC office, 24 Mar Severe Weather: BBC: https://www.bbc.com/news/world-us-canada-65072195 Cybersecurity Regulations: CISA: CIRCIA at One Year: A Look Behind the Scenes, 24 Mar (Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA)) CISA: JCDC Cultivates Pre-Ransomware Notification Capability, 23 Mar CISA: Getting Ahead of the Ransomware Epidemic: CISA's Pre-Ransomware Notifications Help Organizations Stop Attacks Before Damage Occurs, 23 Mar Ransomware: Palo Alto report: https://unit42.paloaltonetworks.com/multi-extortion-rise-ransomware-report/ DataBreaches.net: Blended Threats! Cyberattack disrupts Spanish medicine distribution, 23 Mar Lawrence Abrams and Bleeping Computer: The Week in Ransomware - March 24th 2023 - Clop overload, 24 Mar Others: Protests: @dave links? Washington Post's Cybersecurity 202: Everything you need to know about Thursday's four cyber hearings, 24 Mar CyberScoop: The pressing threat of Chinese-made drones flying above U.S. critical infrastructure, 23 Mar CyberScoop: Fact or fiction, hacktivists' claims of industrial sabotage in Russia or Ukraine get attention online, 22 Mar and Mandiant: We (Did!) Start the Fire: Hacktivists Increasingly Claim Targeting of OT Systems, 22 Mar DoJ: Justice Department Announces Arrest of the Founder of One of the World's Largest Hacker Forums and Disruption of Forum's Operation, 24 Mar & CyberScoop: The FBI's BreachForums bust is causing ‘chaos in the cybercrime underground,' 24 Mar CISA: Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments, 23 Mar
A CISA tool helps secure Microsoft clouds.JCDC and pre-ransomware notification. CISA releases six ICS advisories. Reply phishing. Cl0p goes everywhere exploiting GoAnywhere. Russian electronic warfare units show the ability to locate Starlink terminals. Betsy Carmelite from Booz Allen Hamilton on the DoD's zero trust journey. Analysis of the National Cybersecurity strategy from our special guests, Adam Isles, Principal at the Chertoff Group and Steve Kelly, Special Assistant to the President and Senior Director for Cybersecurity and Emerging Technology with the National Security Council. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/57 Selected reading. JCDC Cultivates Pre-Ransomware Notification Capability (Cybersecurity and Infrastructure Security Agency CISA) US cyber officials make urgent push to warn businesses about vulnerabilities to hackers (CNN) Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments | CISA (Cybersecurity and Infrastructure Security Agency CISA) New CISA tool detects hacking activity in Microsoft cloud services (BleepingComputer) CISA Releases Six Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA) The Microsoft Reply Attack (Avanan) More victims emerge from Fortra GoAnywhere zero-day attacks (Security | More Clop GoAnywhere attack victims emerge (SC Media) Mass-Ransomware Attack on GoAnywhere File Transfer Tool Exposes Companies Worldwide (Medium) City of Toronto confirms data theft, Clop claims responsibility (BleepingComputer) Canadian movie chain Cineplex among the victims of GoAnywhere MFT hack (Financial Post) Personal data of Rio Tinto's Aussie staff may have been hacked - memo (Reuters) Another GoAnywhere Attack Affects Japanese Giant Hitachi Energy (Heimdal Security Blog) Using Starlink Paints a Target on Ukrainian Troops (Defense One) As CISA chief notes lack of Russian cyberattacks against US, experts focus on enhancing nuclear reactor security (Utility Dive) Using Deception to Learn About Russian Threat Actors (Security Boulevard)
On this episode of The Cloud Pod, the team discusses the AWS systems manager default enablement option for all EC2 instances in an account, different ideas from leveraging innovators plus subscription using $500 Google credits, the Azure Open Source Day, the new theme for the Oracle OCI Console, and lastly, different ways to migrate to a cloud provider. A big thanks to this week's sponsor, Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. This week's highlights
2023 is the year of governance with Marijn and Steve. To get started, we asked ChatGPT for 3 paragraphs describing Governance for M365, which we used to dig deep into the practical aspects of setting up Governance in M365.We conclude that there are practical links between getting governance right that drives the success of a Good Adoption and Change program.Here is what GPT told us about M365 GovernanceMicrosoft 365 Governance refers to the management of policies, procedures, and standards for the use of Microsoft 365 services. It involves defining rules and guidelines for access, use, storage, and dissemination of data and information within an organization using Microsoft 365 services. This helps to ensure the security, compliance, and privacy of sensitive data and information, as well as promote collaboration and productivity.Effective M365 Governance also involves the use of tools and features provided by Microsoft 365, such as Azure Active Directory, Microsoft Intune, Exchange Online, SharePoint Online, OneDrive for Business, Microsoft Teams, and others, to enforce policies, monitor usage, and provide reporting and auditing capabilities. It is critical to have a well-defined M365 Governance plan in place to ensure that all users are aware of their responsibilities and obligations when using Microsoft 365 services and that the data and information within the organization is protected and managed appropriately.Finally, M365 Governance also involves continuous review and updates to policies and procedures to align with changing business requirements, technological advancements, and regulatory compliance requirements. This includes regular risk assessments, security audits, and assessments of user adoption and usage patterns to identify areas of improvement and ensure that the M365 Governance plan is effective in meeting the needs of the organization.
Do your applications need identities? Richard talks to Martin Ehrnst about how all Azure resources, including your applications, need an identity to function well in the Azure ecosystem. Martin talks about registering an application with Azure AD, a process that includes a manifest showing how it should be authenticated and what resources it needs. Then to the more confusing part - the service principals that show up as enterprise applications to provide access to the application within your tenant or even across tenants! The conversation goes further into managed identities and this emerging world of many-to-many identity relationships. Ultimately it's the most powerful way to deal with access rights, but that doesn't mean it's simple!Links:Azure Active DirectoryAzure EntraAzure AD Application ModelKey VaultManaged Identities for Azure ResourcesBicepRecorded December 14, 2022
Find what you need to get started with the fastest way to deploy Azure Virtual Desktop with a step-by-step guide. This is a streamlined provisioning experience, with automation built-in based on your parameters, and time saved with directory services setup and integration. How to set up a fully-operational Azure Virtual Desktop environment: -Prerequisites -Deployment steps -Configure host pools and Remote Apps -Test it out Matt McSpirit, Azure Expert, walks through the setup, and shares what's notable and unique to the service. ► QUICK LINKS: 00:00 - Introduction 00:46 - Prerequisites 01:12 - Deployment steps 02:35 - Windows Multi-session option 04:27 - Deployed resources and services 05:00 - Configuring Remote Apps 06:46 - Testing everything out 08:19 - Teams AudioVideo-redirect 08:57 - Wrap up ► Link References: Check out the first show in this series for a higher level view at https://aka.ms/AVDMechanics Check out the complete playlist at https://aka.ms/AVDMechanicsSeries ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/website ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Have you used LAPS? Richard chats with Jeremy Moskowitz about the Windows Local Administrator Password Solution (LAPS). Jeremy talks about how the Premier Field Engineers originally developed LAPS at Microsoft to deal with having different local administrator passwords on every workstation in an organization. The passwords change automatically regularly, and sysadmins can retrieve the password for a given machine using PowerShell and other tools. Today there is an updated version of LAPS that works with Azure Active Directory and provides more control over password changes and restrictions - you need this tool!Links:Netwrix Endpoint ManagementWindows Local Administrator Password SolutionRecording December 13, 2022
On Windows Weekly, Paul Thurrott and Leo Laporte talk about Microsoft's announcement of Azure Active Directory CBA on iOS and Android mobile devices. This authentication features uses the YubiKey in another example of passwordless technology. Full episode at twit.tv/ww802 Hosts: Paul Thurrott and Leo Laporte You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/
On Windows Weekly, Paul Thurrott and Leo Laporte talk about Microsoft's announcement of Azure Active Directory CBA on iOS and Android mobile devices. This authentication features uses the YubiKey in another example of passwordless technology. Full episode at twit.tv/ww802 Hosts: Paul Thurrott and Leo Laporte You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/
In this month's Investing in Identity series, we tackle recent deals and trends in digital identity that are shaking up the industry. Topics covered include: Thoma Bravo takes identity and access management platform Ping Identity private for $2.8B. BalkanID, an AI-powered privileged access management platform raises a $2.36M seed round extension. Truework, a fintech company that provides income and employment verification, raises $50M in Series C funding. Microsoft Entra Verified ID goes live, enabling direct integration of DIDs with Azure Active Directory.
Can you migrate group policy objects to Intune? Richard chats with Katy Nicholson about her work modernizing Windows client machines through Microsoft Endpoint Manager, making on-premises Active Directory optional. Katy discusses using the Group Policy Analyzer to understand what policies will work through Endpoint Manager and Configuration Service Providers. The next question is, what policies are irrelevant or obsolete? This leads to a conversation around refreshing security for an organization - why does this policy exist. How is it applied to non-Windows devices? Does it still make sense? Ultimately, all policies are about security, which means getting to zero trust. How does policy work in a zero trust environment, and where do you have to make exceptions?Links:Katy's BlogMicrosoft Endpoint ManagerConfiguration Service ProviderGroup Policy AnalyzerImporting Group Policy Objects into IntuneAzure AD and Windows HelloRecorded July 5, 2022
Nearly every organization is using Microsoft Azure AD services in some respect, but monitoring Azure AD for threats is a significantly different skill that traditional Windows logging. In this episode we have 2 experts from Microsoft, Corissa Koopmans, and 3rd time returning guest Mark Morowczynski, to tell us about the important work that's been done to help organizations understand their data and detect Azure AD attacks. We cover log sources, the new Microsoft security operations guide, standardized dashboards and visualizations you can leverage to jump right in with best practice, and much more. You don't want to miss this one!Corissa Koopmans and Mark MorowczynskiCorissa Koopmans (@Corissalea) is part of the "Get to Production" team in the Microsoft Identity and Network Access Division, focusing on incorporating customer feedback to improve our products. She is very active in driving community contribution to AzureMonitor Log Analytics and increasing awareness of the power of log data by presenting at industry events including BSides, The Experts Conference (TEC), SPARK, & Microsoft MVP Summits.Mark Morowczynski (@markmorow) is a Principal Program Manager on the customer success team in the Microsoft Identity division. He spends most of his time working with customers on their deployments of Azure Active Directory. Previously he was Premier Field Engineer supporting Active Directory, Active Directory Federation Services and Windows Client performance. He's spoken at various industry events such as Black Hat, Defcon Blue TeamVillage, Blue Team Con, GrayHat, several BSides, and more. He can be frequently found on Twitter as @markmorow arguing about baseball and making sometimes funny gifs.Azure AD SecOps - aka.ms/azureadsecopsAzure Monitor Log Analytics and KQL resources: aka.ms/KQLBlueTeamFor community contribution, please follow these prerequisites (these steps are also available at aka.ms/KQLBlueTeaml):1. Have a GitHub account2. Belong to the Microsoft Organization in GitHuba. If you do not yet belong, click on this link: https://repos.opensource.microsoft.com/ and then select “Microsoft” to join their organization3. Be a member of the @azure-ad-workbooks team in GitHuba. if you are not yet a member, go to the Microsoft Organization in GitHub and search for the Join us in Scottsdale, AZ or virtually for the 2022 SANS Institute Blue Team Summit & Training. At the SANS Blue Team Summit, enhance your current skill set and become even better at defending your organization and hear the latest ways to mitigate the most recent attacks!
On The Cloud Pod this week, the team discusses shorting Jim Chanos amid the great cloud giant vs. colo standoff. Plus: Google prepares for a post-quantum world, Amazon EC2 M1 Mac instances are now generally available, and master of marketing Oracle introduces sovereign cloud regions for the European Union. A big thanks to this week's sponsor, Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. This week's highlights
On the second episode of the 4th season of Identity Unlocked, host Vittorio Bertocci, Principal Architect at Auth0, is joined by Stuart Kwan, Partner Product Manager in the Azure Active Directory team. He joins the show to discuss Windows CardSpace, how it ignited the user centric identity revolution and how it influenced so much of what we do today, despite failing to be adopted. Like this episode? Be sure to leave a five-star review and share Identity, Unlocked with your community! You can connect with Vittorio on Twitter at @vibronet, Stuart at @stuartkwan, and Auth0 at @auth0.
Windows Admin Center in Azure? Richard talks to Prasidh Arora about the preview of WAC in Azure - giving admins that familiar Windows Admin Center view of Azure Virtual Machines running Windows Server 2016 or later. Prasidh talks about creating a unified view and admin access to your servers, whether they are running on-premises, in Azure, or even on other cloud infrastructures. Installing Azure Arc on a server makes it available from WAC in Azure. The conversation also digs into the privileges challenges - making sure you have rights on the server for WAC's different capabilities. But with WAC for Azure, we're one step closer to a unified view and control of infrastructure. Links:Windows Admin CenterAzure ArcManage Azure Arc-enabled Servers with WACAzure Stack HCIAzure RBACRecorded June 3, 2022
In this episode, Jeremy Thake talks to Merill Fernando about the work he has done around PowerShell and Azure AD and Microsoft Graph. He talks about the amazing Graph X-ray tool that is super helpful for Identity and Intune developers out there! Links from the show: merill.net Merill Fernando •
Are you ready to turn off your last exchange server? Richard talks with Tony Redmond about the recent announcement by Microsoft around management tools for Exchange Hybrid. Tony discusses how organizations that migrated Exchange to Office 365 are stuck with one last server: The server that hosts management tools. The management tools move to a workstation, but they are PowerShell only. And the process of shutting down your last Exchange Server is very much a one-way trip, at least for now. Should you do it? Tony says it's time to get started!Links:Office 365 for IT ProsRetiring Your Last Exchange ServerProject MonadFastTrack EligibityMicrosoft Replication ServiceRecorded May 2, 2022
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Hikvision Security Cameras Potentially Exposed to Remote Code Execution https://isc.sans.edu/forums/diary/Hikvision+Security+Cameras+Potentially+Exposed+to+Remote+Code+Execution/28056/ Detecting PAM Backdoors https://isc.sans.edu/forums/diary/Backdooring+PAM/28058/ Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem https://dl.acm.org/doi/pdf/10.1145/3460120.3484768 CVE-2021-42306 CredManifest: App Registration Certificates Stored in Azure Active Directory https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-cloud-vulnerability-credmanifest/
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
When Lightning Strikes: What works and doesn't work https://isc.sans.edu/forums/diary/When+Lightning+Strikes+What+works+and+doesnt+work/27766/ Cisco Small Business Router Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5 Blackberry QNX Products Vulnerability https://support.blackberry.com/kb/articleDetail?articleNumber=000082334 SANS.edu Student: Mark Morowcynzski; Decreasing Attacker Dwell Time in Azure Active Directory https://www.sans.org/white-papers/40390/