View Recording: Cloud & AI Endpoints: Scaling Secure Hybrid Work

Joe Steiner 0:06 Hello and welcome to our webinar on scaling secure hybrid work. Hope everyone’s having a good day. We’ll be discussing today about how in the modern workplace, you know, given the nature of hybrid work and the nature of. Of AI, how new technologies and strategies have emerged to enable devices, identity and data and basically kind of your core IT infrastructure to operate in those places in a secure fashion. As we do this, we’re going to start by taking a look back at the last 20 years in IT. If you look back at around 2007, at the birth of the iPhone, you have the beginnings of what you might call the mobile revolution where. Mobile phones and apps on mobile devices and smartphones really changed the landscape in terms of IT and what security had to deal with and how things operated. From there you had the cloud wars, if you will, that. Began around 2010 when you first had some larger entrance in there after a WS had started about 2006, 2007 and that you saw the movement towards everything being in the cloud in 2012 and data science had been around for a long time and. Had had its ebbs and foes over the years, but in 2012, data science was declared as the sexiest job title that there is by Harvard at at that point in time. And really there is kind of a a broader and resurgent interest in. Data science at that time, then on to obviously 2020, where hybrid work became the new normal. People were working from home, expecting to be able to work from home, and enabled more and more remote work. And then on to 2023 where we’ve had kind of the emergence of AI with ChatGPT and the many, many AI products and LLM’s out there. So as all those have have come along. We’ve seen kind of the workforce adapt to this too, where yesterday or in pre 2020, maybe not that long ago, but it’s like this for some time. Many, many organizations, when you came to work, you went to an office. People weren’t as remote. They weren’t enabled to to work other places compared to today where you have a hybrid work environment where maybe you’re in the office a couple days a week if or remote full time or there’s a sort of different. Models of that today. Previously, because you’re in the office, you had physical network and device perimeters for security to operate within. You could lock down a lot of things just by making it only available in the office. Obviously with everyone working outside of the office, that changed and you had to enable access across different networks, weren’t always controlled networks and across different devices. Previously again in the office you frequently had org models that. You had pretty well defined work groups. Now with you know kind of movements within agile and and those kinds of methodologies, you’re seeing more dynamic work works where individuals will work with multiple teams over the course of their their work days. You know, previously a lot of data was bound strictly within the confines of the applications that that was tied to, whereas again, as data science extracted a lot of that, you had your data lakes and lake houses that. Made data, you know, more widely available and with a I that’s exposed in a different way now that has to be dealt with. So that’s a new challenge. You know yesterday, you know there was a lot of in IT and just haven’t been operating at the time. There was a little more rigid and limited and. There was a lot of no when security would would talk to things. Now it’s had to be more agile, a little less restrictive in order to enable the new ways of working that everyone has adopted. Today we’re going to talk about. You know, really, how do you enable a cloud and AI in that new workplace via in a secure fashion via zero trust and how that really has emerged from all this as the predominant security strategy? That creates the ability to operate in these new ways. I’ll talk about identity management via Entra, talk about device management via Intune, talk about how the five different architectures. That Microsoft prescribes there in kind of models or phases of your journey to the cloud. Also talk about data protection via purview and how that’s more important than ever, especially as you get into. The realm of AI. Then we’ll talk about how you know these same tools and and capabilities have made working across organization boundaries possible too, whether you’re working with a partner firm or. Clients or even in the mergers and acquisition space, how that’s that landscape has changed overtime with us. I I should stop here and say if anybody has questions, please feel free to post them or raise a hand. Amy will be helping us with with getting those answered as we go here, so. Again, you know, there’s a big change here and I remember having some conversations with some CSO’s and very large organizations in the last, you know, five to even prior to COVID where they’re trying to be more of enabler and less of. Somebody saying no all the time, really moving from no to yes. How can they say that, yes, we can do these things. We can enable you to work remotely. We can enable this data to be available to you in different places, those kinds of things. And really, in order to do that, that we needed to have modern approaches to security mature, much in the way I kind of look at it as you’re looking at raising kids, you know, small kids, you’re locking down the cabinets, you’re keeping the make sure they stay away from the knife drawer. Those kinds of things. As they get older, you have to enable them more. They have to be able to operate and live their lives, but you still need to maintain some semblance of control over that. Maybe not control so much as just ensure that that things are happening the the right way. So you know, that all involves kind of a less focus on network and device restrictions and more on identity and access controls, hence why we’re going to talk about entry in a little bit. You know, data devices and users are all far more mobile. Security needs to follow them rather than just establish this perimeter around them when they’re in the office. And with AI agents, the best thing to do with those is to treat those as users. And ensure that you’re securing them just as if that’s another person in in some manner as it it has the power to operate with data much like people do as you start to enable agents in the in the enterprise. So from all this you have zero trust that. That came into being and like I said with the the child analogy, my wife and I say this all the time. Trust but verify. And that’s you you you can’t and zero trust. You actually don’t trust you assume breach. You assume that that things are happening and then you verify what what you what you believe to be the case and make sure that you verify the people that are operating within your your environment. So with with that the kind of the core principles of this are. Again, verify explicitly. This becomes very important when you get into identity, making sure that the people placing the request to operate against the data are who they say they are. Provide least privileged access so you can do things where it’s more you allow. For access in a more dynamic fashion rather than having standing accounts for things, ensure that they’re particularly in the admin accounts that those are shut down and only available when somebody needs to perform a task and then is shut down again. Prevents a lot of security incidents by by doing that. And then the assume breach principle where you’re you’re assuming that people are operating with your data in that. How do you then protect the data wherever it is? Let’s say somebody has exfiltrated it. How do you ensure that that’s that’s that’s not dangerous to to you and your organization? So we’ll start with identity management today. You know, user identity is again the kind of cornerstone of of zero trust and verifying who is accessing your data apps and devices. You avoid static standing access again, you know, with the principle of least privilege access. Where possible, obviously most of your user accounts will be. It will exist and have their permissions. However, you can control what they can access when they’re in different situations, which we’ll talk about. Then log everything and frequently you know trust identity is is kind of the key to that as to what actor was was operating against the data with any applications or whatever action that that that is being logged there and how do you. How can you trust that? OK, I know that that’s or have high confidence that that is was the individual that was operating here. Again, AI agents are data consuming and producing entities just like humans. So again. Managing them through your identity platform is equally as important. Microsoft Entra is the Microsoft platform that controls this, you know, kind of evolving from Azure AD as their cloud based identity management architecture. The nice thing with that, the enter platform compared to on-premise AD is it’s far more powerful, is ever evolving in it with its dynamic security control. So in the cloud you have that kind of Evergreen capability there that’s just next to impossible to do in an on-premise environment. And you can bring in assorted cloud technologies into into bear on your activities in that space too. You can enable people to get more done wherever they are being cloud based. They don’t have to connect back to your office, they can connect. To the cloud frequently over Internet connections that allows them to to operate where again wherever they are. You also have vastly increased logging analytics capabilities in the cloud giving. The additional cloud infrastructure that can be brought to bear on the your identity management platform and it’s far easier to manage and administer. So again it’s kind of the key key things with Entra being cloud based, it’s ready for AI. They have a model there where you. Create an entity ID for your AI agents and now you can track what they’re doing, how they’re operating within your environment. Multi vendor authentication, you know, kind of classic for being able to handle a requirement of identity management for single sign on and. Being able to broker connections across all the different applications in the environment. Conditional access, which is a E3 feature for those keeping track of licensing here allows for you know, access control in different situations. You can say if somebody’s coming in from a mobile, they have access to this. They’re on a computer on the corporate network. We can trust them to do these extra things that also can be made to to operate on a dynamic basis using risk scoring, which is part of the E5 platform which. You don’t have to set those if then rules in the same way. It will assign risk scoring to different situations and and manage that for you. You also have privilege identity management as as part of that where again that least privilege access concept comes into play where you can say hey. These administrators, they’re using their same personal logins. We don’t have standing admin accounts here, but using their personal login, we know who’s logging in and we give them admin access temporarily to perform tasks and then retract that. And then Defender for Identity which you know kind of protects against and helps monitor the logs and and and that to identify where you maybe have some some breaches. Again assuming that that you might be attacked this way it it helps you identify. Baby, where you need to shore some things up. You know, alongside identity management, device and application management is just as important and it’s really kind of more the enforcement arm of any kind of zero trust approach across your fleet of devices and applications. And the the new thing here compared to prior to five years ago is that you know those. May not be all owned by the organization. Those may be user devices. A mobile device is certainly is the case in many organizations these days. They we’re not a lot frequently. They’re not corporate issued. You also have bring your own device models at work where people are bringing their own PC to work. To provide the compute there and how do you manage those things when they’re not yours? So how do you then in a slightly different way and still enabling secure access, being able to manage devices, but also managing the applications and that was a big shift we’ll talk about here in just a second. 2nd and restrict the use of certain cloud based apps. Perhaps there’s a lot of of apps out there now with the App Store models and that and not all those can be trusted and maybe not all those are. Apps that you want your users using in a work setting because it can lead to data exfiltration. So Defender for Cloud Apps is a big piece of that where it can discover the app usage, it can block access to apps. Those within the organization and can allow limited access for select individuals. So you might block an app for everybody, but for most people, but allow it for certain others and that can be managed through here. And you can also monitor copilot for any suspicious usage using this capability. Again, this is part of the E5 suite that’s out there. Microsoft Intune provides cloud based device. And or application management and here is you know where you had the kind of a lightweight method of managing those user owned devices. Mobile devices was was a big one to start by managing the applications instead of the devices themselves. You know, provides the same time it can provide, you know, robust organization managed devices across all kinds of devices, not just mobile, but PCs, Macs, et cetera, and providing a method to. To manage and deploy apps across your fleet of devices that are out there while still protecting the app data where you can, particularly mobile devices, you can control certain apps to say, hey, I can operate with data within this app, but I can’t copy and paste things outside of it and again helping with. Data exfiltration and some of those issues. Now those two platforms together form a progression that Microsoft has mapped out as their road to the cloud where there’s different architectures possible with these. We’re gonna talk about here. Main components are how are user accounts handled, how are devices handled, applications, management, security groups really provide the foundation for enabling 0 trust with that as your kind of core principle along these. Along with kind of a core of a broader enterprise AI and automation foundation, where having this architecture in place then enables you to do more with AI and automation in a trusted fashion. The progression moves from, you know, cloud attached where you maybe have your on premise AD attached to Entra just to enable the Microsoft applications but not really using it for much else. Onto more of a hybrid model, which I’m guessing many of you out there will be along those first three here models where hybrid you’re starting to do a little bit more with intra. Now you still are doing a lot with the on premise infrastructure. That shifts further with cloud first where I’m starting to manage more devices up there. I’ve moved most of my people to to the cloud and and enters managing most of those things and then on to kind of the next. Phase of this which is AD minimized and on to 100% cloud where at 100% cloud I don’t have any on premise identity management infrastructure. All of it is cloud based. AD minimized is probably the reality for more organizations where I’ll still have. I have some legacy applications there. I have my AD on premise just to handle those, but everything else is managed in the cloud and there are a lot of benefits to moving along that again in the cloud attached. As we discussed, you have you’re really using Entra ID for it’s kind of minimum functional, which is being able to access Microsoft 365, Azure, Microsoft Cloud tools. Those are frequently. Synchronize through interconnect which copies the your Active Directory records up to and synchronizes those up to the cloud and allows for you know federation from there. A hybrid you start to move more towards leveraging the fact that Entra can be used to provide those single sign on capabilities to other applications, particularly software as a service ones that can be easily set up in inside of there. Or relatively easy, I should say. I didn’t make it too simple, but you can then start leveraging some additional capabilities across anything that’s managed by that using self-service password reset and password protection. That’s built into the the cloud-based enter platform and then you know kind of most of your devices and that are still operating on against your on-premise AD and the cloud first. Intune starts to come into play as you’re managing mobile devices through there, but also some Windows clients there. I’m using provisioning users and groups. On premise, but I’m starting to do more and more things in the cloud as my users are up there. A lot of my devices are up there and I’ll kind of broker that that management across the two in more of a hybrid fashion. We’ve moved more and more apps to leveraging the Entra as the primary authentication mechanism. Once we get to this, it allows us to one manage groups. Inside of the cloud based entry ID which has has some benefits. It also allows us to start using the business to business collaboration capabilities which are important. We’re trying to work outside and across organizations as we’ll talk about in a little bit. So cloud first is kind of the first level for for doing that. AD minimize is really where you take that next step forward where as described, Active Directory is less and less important in your broader infrastructure as you’ve moved as many things off of there as you can. At that point you maybe still have AD there. For a couple of kind of core things, but a lot of those can be moved off there too. You may just have a couple of legacy apps that until those apps are replaced or remodeled for the cloud, it’s only serving those purposes. All of your management, all of your most of your authentication, all occurring in the cloud and then you’re taking advantages of all the additional cloud capabilities there. And then at 100% cloud, you’ve gotten rid of your on-premise infrastructure altogether. There I’m managing everything in the cloud. I’m Active Directory on premise is a thing of the past and I’m managing everything through Entra or other systems in the cloud. So those are the core kind of underlying architectures for identity, device and application management that assists with data protection and ensuring that you know identity and devices are trusted and even not copying data outside of select applications. But where you really need is to be able to have data protection that operates within the files and data itself to prevent data from being exfiltrated either on purpose and or accidentally. Accidental is probably the bigger threat. Organizations, to be honest. You do this by tagging and encrypting data sources natively, whether it’s documents or databases, and ensuring that if data is exfiltrated in the case of documents, somebody copies a bunch of documents down. If the sensitive ones are encrypted, those can be made to be, you know, worthless bits out there as they no longer will function for anybody that doesn’t have the right access to those. You know the proper tagging and you know the being smart about enforcement here. So you don’t what you don’t want to do is go too heavy-handed with this because then you’re going to stop the organization from being able to function. So there’s a balance to this that needs to be maintained that. That you can be helped along with, but really prevents, you know, accidental data exposures not only by humans, but again by 8I tooling too. This is vitally important for any AI agent work to ensure that you’re not surfacing sensitive information. In responses to AI prompts that that individual shouldn’t be seeing and or any other individuals down the line shouldn’t be seeing the tagging actual follow through the Microsoft AI. Tooling copilot and what have you into the into the what’s generated from the responses as well. Microsoft Purview is how is the set of tools and this is kind of a family of of different tools that. Provide for that data security, data governance, and then risk and compliance. It would be clear here the purview comes in a couple of different offerings. One is targeted more at. Unstructured data via documents. That Licensing is included at different levels with M365E3 and E5 Licensing as opposed to structured data and databases which is handled most generally as a pay as you go. Inside of of Azure as those databases that exist in Azure, you can then tag and select records and and get very detailed in terms of how you are protecting the data inside of those structured data structures. And that can be unstructured data in inside of those databases as well. But it’s more that kind of database versus document is the difference between where those these two different models of purview operate, but yet still use the same broader management plane and. And provide for some consistency across there in terms of labeling and that. Microsoft has a kind of a model of they call secure by default, which again ties right in and built off of zero trust where you’re building security in in the core of of what you’re offering so that. As you’re building other apps, you have to think a little less about security, particularly when you’re dealing with AI agents. If you’ve protected the data at its source and then that follows along with the data wherever it may go, you can be confident and allow people to be a little more creative with what they’re doing with agents. And it really is an enabler within the organization. Kind of recommended approach here is start with some kind of core default labels, maybe put some file protection on. There might be kind of a second step to that. Train users on labeling, how it works, what your labeling model is, and begin to turn on DLP for data loss protection for labeled content. So hereby you’re you’re starting to. Provide some level of protection to the to your data and be able to educate your user base in terms of how data labels should be used. Allow them to start the process of of labeling those and begin to protect particularly you know your most sensitive stuff. From there you get into kind of the manage area where we are specifically creating a labeling and enforcement therefore. Priority content, the most sensitive stuff, which again doesn’t limit people’s ability to work as much as not everyone should be accessing that data anyways. We might start looking at auto labeling, which is kind of the next level of capabilities in purview. Where it’s examining the data itself, the system is and is then applying labels based on what it sees inside of there and tuning that over time. You may or may not turn on enforcement for the next layers of of sensitivity quite yet. But once you have that auto labeling on on clients, you can and feel comfortable that you have that labeled properly. Then you can start ramping up enforcement and expand it across your broader Microsoft 365 data state, all the documents that are contained. And stored within Microsoft 365. Then beyond that you start expanding that to other labeling capabilities and start. Frequently we’ll see organizations move into data labeling with their SQL and database modeled storage. After that. So that’s kind of the progression that we have seen over time here of people taking that again, trying to not limit the business from being able to get things done, but still beginning to provide that data protection for everybody that. Eats it out there. So same thing applies to we’re dealing with a I how do you provide you know some capabilities for using this. And again you’ll see this leverages all of the capabilities we’ve talked about so far. Defender for Cloud apps, Entra, Intune, Purview. Purview. How do you put all this together to with data labeling, with identity enforcement, with discovery of apps? How do we start managing our world when we’re dealing with AI agents? 1st place is to start and discover AI apps that are in use out there. Then you move on to blocking use and for you know some if not all of your employees to ensure that they’re being used responsibly. That can be done using again Defender for Cloud apps using Entra, then starting to use for purview there. If you blocked your sensitive data, then as I’m securing the data we can trust that that’s going to be enforced. Throughout the AI tools, if you’re using trusted tools and you’re ensuring that your sensitive data is not sent to to AI apps where you don’t want it to be, I kind of move into that secure data port. That’s where we’re blocking. More and more of that data, but I have to have my data labeled at that point in order to do that properly. So those two are are intertwined. From there I can go on to govern my data, be able to, you know, investigate prompts, be able to audit the interactions. Be able to determine if people are behaving inappropriately with data on on there and and be able to manage that in a much more sophisticated, mature fashion. So all of that allows us to, you know, kind of operate as a single organization within this new world, being able to, you know, ensure that we trust who people are, being able to, you know, track their movements within the the. Broader IT infrastructure and data and interactions with data and apps. Being able to lock down certain apps, devices and that in order to provide some core security perimeters, but it’s out at the device now, not just at the facility level. And being able to, you know, trust that my data is being is being secured in the manner that I see fit as an organization. Now these same things help us. To deal with what we’re seeing is an increased demand for users to be able to use applications and data across tenants and across organizations. You know, tenants kind of that core infrastructure within your organizations. And maybe even just your business units, Microsoft Cloud services, but we’re seeing more and more need to be able to work across those. So whether I’m in that working for one company and I’m trying to interact with another and I want to be able to. Operate as seamlessly as I do with employees with my own company or you’re seeing as we have companies being brought in through mergers and acquisition or companies being divested where they’re being put into a separate tenant. How do you manage all of this while, you know, enabling work but in a secure fashion? Again, maintaining that same zero trust approach. But now we’re doing this as we’re trying to do more work across, you know, trusted organization connections. Couple of kind of core concepts here are within the Microsoft tenant. Specifically, you have the concept of internal versus external users. Internal users are those users that by default authenticate against. Your own internal enter ID structure in the tenant external are those that come from the outside. So if I’m here at Concurrency, I’m an internal member here. If somebody from one of our clients wants to interact with us, you would be. Outside of the tenant and external, as far as our tenant is concerned, there’s also a separate concept of guest versus member guest. Typically, if I’m bringing in an external party by default, they would be a guest. We would have limited permissions. What they can access, it’s not going to be the same as an employee, whereas a member would be more of a internal user by default and would have the standard permissions that are allowed for the member. Obviously it’s not going to be the same for everything, but they’re kind of core things that you can access within there. Different applications with the Microsoft 365 suite and and the data underlying those you know. Typical examples here you kind of your standard licensed user again would be an internal member. Unlicensed external guest would be a external guest. You could, however, also set up an external participant as a member. This is something to be very careful about and selective with who you do this with. But very useful in organizations where maybe overtime because of mergers and acquisition and or now divestiture, you need to have that trusted connection still in order to operate and conduct business but. They are technically in another tenant and so how do we broker collaboration across those different environments? Couple different methods of doing that. One is external sharing. The cloud services have long had the ability to share documents and SharePoint sites and different things with external parties. I do that kind of on a one off basis. Where they’re a guest inside of the environment for the purpose of that file, that site, that team in some cases, things like that. Another commonly used. Method is by federating teams that allows you for interacting across teams, sharing chat, being able to share presence, and it’s been done for years, but that’s all that that provides you. You don’t. So I get to see the global address list. You can’t access, you know, files off of that, things like that. The next level of all that is really business, business collaboration or B2B collaboration, something brokered by Entra ID. Provides for a certain amount of general access to an external user, and this is where you define whether they have guest or member rights and which will dictate what they can and cannot do. Within the within the environment, highly useful for again when I’ve got multiple business units within under the same corporate umbrella now that maybe need to operate more like a single organization, but we’re not ready to combine the tenants yet. And or being able to work with trusted partners in a more seamless and less seamless way with less friction. cross-tenant synchronization helps to manage. That B2B collaboration by providing an automated method to manage the establishment of those B2B collaboration, those those guest or member entities across different cloud tenants. Again, all that done without having, you know, additional licensing. The other way some have done this in the past is to just license non employees. I might do that with a contractor who’s not an employee specifically of the. Of the environment, but I then have to provide a license for them and they will have a separate login into when they’re operating within this environment versus maybe what they’re doing in their the rest of their day-to-day if they’re part of another organization, so. Not exactly the most seamless way to do it and there is some additional expense again with the with the licensing for that, but if you need them to be a full internal member that is that is a way to do that. Again, you know within when you’re within the same organization or corporation, single tenant has always been prescribed as the best experience there. Most seamless you have, you don’t have the caveats, but if you do have multiple tenants that exist due to you know kind of the history or we have a. Need for this for some reason. There’s a variety of those by leveraging B to B. Collaboration can allow you to provide for some higher level of functionality between those two organizations. And by leveraging cross tenant synchronization, it makes management of that a little easier than it would be otherwise. So generally we kind of advise to you want to have a decision there as to does it make sense to consolidate tents, particularly if it’s all in the same corporation. And there’s been a fair amount of activity in that overtime as everyone has had their own tendency of mergers. Now, OK, how do we bring these together? Situations where they’re in separate tenants need to collaborate, but are not part of a shared organization. So use the similar technologies when you’re operating with partners and or possibly you know, strategic customers. There’s a variety of different situations there, possibly kind of a trusted vendor of some fashion. This is where you can again leverage B2B collaboration. That’s probably the. One of the best uses of that allows for a little more seamless interaction across different organizations and across all the tooling involved. There are all sorts of solutions like Azure Virtual Desktop, where in some of these scenarios those can be useful if you are going to license that user and you want to just provide them the easy access to this. We’ve seen a lot of organizations use Azure Virtual Desktop for contractors easy to spin up. Inexpensive to operate for short periods of time that it can be taken back down again. Now here’s kind of a broad architectural view of that where again that those Azure virtual desktops are spun up inside of Azure. The end user connects us those from. Wherever they are as a virtual desktop, and that’s all broken in the connection into your internal environment, still with all the controls on what they can and can’t access, but they can be more a part of the organization by leveraging that. So you know in summary, you know zero trust has really enabled this modern hybrid work and and AI environment that we all are operating in today that cloud first. AD minimize 100% cloud I enter an Intune model is really the best for hybrid work and AI is you know I have the this is business capabilities. I’m more cloud oriented which allows the AI tools to operate inside of the environment. More readily and with a higher degree of of management. And then you know for compute beyond, you know kind of the the hardware options, there are obviously the virtual computer offerings like Windows 365 or Azure Virtual Desktop. Windows 365 is very similar to Azure Virtual Desktop, except that it’s a fully crafted offering, which just makes the spin up of that even that much easier and handles the licensing contained therein. Purview at data protection is essential across anything that you’re doing with mobile work and especially with AI being able to control the data that’s being surfaced to these tools that’s being able to. Be utilized across these tools while having the confidence that it’s being used appropriately. Purviews the the the way to do that because you’re not going to be able to control every interaction. You need to be able to control the source. So that you can trust that you’re being able to your organization is operating with that data as as you would see fit and kind of taking the evolution of the modern workplace a little further if you kind of look forward you know based on you know kind of the. Frontier firm article that Microsoft put out and some others have have stated, you know, really looking at moving from hybrid work to truly working anywhere. You could see where and some organizations have done this where you don’t have offices anymore, people, everybody’s just working remotely. Off of this kind of core cloud infrastructure at that point, and even today I would argue, I think a cloud first networking approach can be more beneficial the more and more you’re doing with the cloud. Cloud first networking is. You know, frequently more of a Internet first networking model, which you know, many organizations have gone to makes operating with cloud infrastructure much easier and also going to, you know, kind of more device independence where. We’re managing applications and data devices. You you know have some management to to assist with. But yeah, it’s gonna you’re gonna see further movement along those lines and we are dynamic work groups are gonna expand. So you’re gonna have dynamic work with both AI agents and people. Where AI agents are like another team member as those continue to evolve across organizations. So again, again, Purview’s so important for for managing that as well as managing the AI just like you would another employee. You know, data’s already generally widely available with AI. It really opens up to really leverage the AI tools. You need to be able to trust your data enough to be able to really open. Open that up so that yes, you know you can query the data, but you’re not going to get results either, whether it’s document form or a database that you shouldn’t be seeing. And that’s where the having a robust data sensitivity model is really important. Again, for what’s next, not only for today and you know today where it’s a little more agile and a little less restrictive than it was in years past, that’s just going to continue to open up. You’re going to see more and more. Kind of broad open creative modes of organizing people and and tooling. You’re also going to see more and more automation where people are managing automation alongside interactions with other people. And so that’s it’s important that you have a trusted framework underlying all of that which we believe this this provides. You know as we talked about licensing kind of mentioned throughout here where the E3 E 5 licensing applies. The important point here is that anybody with. E3 E 5 Licensing owns most of what we’ve spoken about today, and I would, you know, really recommend establishing a road map for yourself for how you take the next steps to modernize your infrastructure and use the licensing you likely already own. There’s a lot contained in those Microsoft 365B3 and E5 licenses that people and different organizations are not using today, but could to improve their posturing. Next steps, we’d certainly invite you to contact us. We can help you with. Cloud identity and device management road maps kind of help you along those five steps, those towards 100% cloud or maybe AD minimized and how do you move along that path? That’s something that we can kind of help you with map your current state and then establish an actionable plan to. Modernize everything so that you are able to take advantage of the next cloud and AI capabilities while still improving your your security posture. We also can offer a road map for how to. Handle data protection. It can be something you want to be very careful about. It’s something you want to be very mindful about how you go about this so you’re not disruptive more than needed to the organization while securing all of your data assets there so that. You’re protected and able to use those next levels of cloud and AI capabilities in a trusted manner. We also can provide a licensing review of your Microsoft Licensing estate. To be able to help you use what you already own, make sure you’re taking advantage of all those things that are included in what you’re paying for already, so. With that, thank you very much. Appreciate your time today and if there are any questions, I’m happy to field those. Amy Cousland 48:30 Thank you so much, Joe. It doesn’t look like we have any questions. Thank you for everybody and we’ll go ahead and end the meeting. Joe Steiner 48:35 All right, thank you. Have a good day, everyone. Bye.