For those of you that are connected to me socially or read my previous blog post about disruptive technology in Helsinki, you’ll know that 2019 ended on a bit of a health downer. While travelling to attend and speak at SharePoint Saturday in Helsinki (one of the most awesome cool cities I’ve visited), I had a bit of a health issue that resulted in me taking 3 months off work following major heart surgery. Well I’m at the end of that 3 months now and am getting ready to return to work and all things community once more (albeit maybe at a slower pace this year!)
That said, I was stoked to receive an e-mail from the SharePoint Conference team, to say that my session on conditional access had been selected for presentation in Vegas at SharePoint Conference NA – SPC20 in May. I know that they get a lot of submissions of quality sessions from some of the most exceptional speakers from around the world (just take a look at the speaker list so far! SharePointna.com), so to be selected to speak is certainly an honour for me and one I am truly grateful for!
I’ll be presenting a session on using Conditional Access to control access to content in Office 365. This is certainly one of my favourite sessions to deliver and I’ve been giving a session with this title for over a year now, but so far nearly every delivery has been different. We can only thank Microsoft for this as their continual evolution of the platform has meant that I’ve had to continually adapt this session to address the changes and improvements they’ve made in both perimeter security and content security for organisation users, admins and external guests.
I find the subject of access into Office 365 a great topic to speak with customers about. There’s this recurring perception that the cloud is unsafe and that your own on-premises data centre is safer, but I like to challenge that statement in discussions and understand why the person takes that viewpoint. In my experience it’s not the cloud platform that is unsafe, it’s generally the way that it’s been deployed and how access is controlled and granted. Conversely if we look at the perimeter controls on an enterprise data centre, there is generally very little that can match the scale of any cloud provider when it comes to perimeter security and intrusion detection.
On the subject of perimeter security, I read a great security blog last year (apologies but I can’t find the source now) that used the analogy of the Greeks in the battle of Thermopylae, stood outside their mountain fortress, relying on the walls behind them to protect them as they fought off the marauding Persian army. The problem is, they forgot about the locals who had been farming goats in the region for hundreds of years. The Persians used this local knowledge to find these goat paths to get behind the Greeks and destroyed the rear guard, leaving King Leonidas to defend the retreat of the Greeks with 300 Spartans.
In the context of our data centres, the local knowledge is our users at risk of social engineering attacks, malicious e-mails and documents. The goat paths are the holes we need to make in our perimeter for things like ADFS or access to on-premises data for remote workers.
This is where the cloud configuration of a service like Office 365 and Azure can play a very important part in how we control and govern this access. With content stored in Office 365, we get the native protection of the Microsoft data centres, with the massive economies of scale resulting in large scale security infrastructure and a service that learns from millions of signals a day across all of the tenants around the world. Couple this with the duplication of data and the protection such as self-service restores in OneDrive and SharePoint to help mitigate the effects of Ransom Ware attacks.
The signals and information that we receive by being part of the Microsoft eco-system can also be used as we look into the user access side of things. We can make decisions based on the risk of the user’s logon, where they are coming from, is this a usual behaviour for them etc. Take for example a user logging in from a coffee shop in a strange city. If this location is a known location that sources malware attacks, we can use conditional access to restrict the users permissions or completely blocking them out altogether if we choose.
During my SPC20 session in las Vegas, we’ll take a look at what we mean by “Conditional Access”, looking beyond the conditional access product provide by Microsoft and understanding how such access can be controlled at the various licensing levels, from the basic options with ADFS, using location blocking in office 365 through to the more advanced options available through the EM+S E3 license and Intune. We’ll round out the session with a look at controlling guest access using Terms of Use and managing Privileged Identities via the EM+S E5 license.
I hope you’ll join me at SPC20 in Las Vegas in May to absorb the combined knowledge of some amazing people in the warmth of the desert sun at the amazing MGM Grand. If you’d like to save $50 of your registration, use the discount code HUNT (in caps) or click on this link to learn more and register.
Paul.
