View Recording: Latest Innovations in Microsoft Security: Strengthening Identity Management with Entra

Hey everyone, how’s it going today? We. Have few trick glint in we’re going to give it maybe a minute or so before we kick off. Thanks for joining us. Daniel Stinchcomb 0:44 Man, I hate webinar silences. Does anybody else agree with that? Just that first three minutes of any webinar where it’s just like, OK. Well, how do we fill this gap? Amy Cousland 0:54 I’d say you got to go ahead and get started. It looks like we have a good crowd joining us. Daniel Stinchcomb 0:59 I say so. All right. Even you want to kick us off and I’ll jump in a little bit later on. Ayman Mageed 1:07 That sounds good. Everyone like like we mentioned. Thanks for joining. We have a few people trickling in, but we wanted to hear a little bit of way into a topic that we haven’t touched on in a little bit and this really stems from Daniel and I had the opportunity to go to a Microsoft Security airlift event at red. Washington and we really got the opportunity to. To see what Microsoft was doing today in the security landscape across the different tool sets and products that they had and it made sense to us as we were looking at some of our offerings to just really double click on the starting point or what we believe is. The starting point of any security posture, which is identity. And and kind of the identity and access management tool set or from Microsoft, this would be intra ID so I can make all the promises. But in in my mind and in Daniel’s mind, this would be a kind of a series of different security topics. We’re going to start with Entra, and we’re going to push into other components within the Microsoft Stack that allow you to have a holistic cybersecurity framework built. Off of that ecosystem. So without further ado, we can. We can go into the next slide. And do a little bit of introductions. So my name is Eamon McGee. I’m the cloud practice leader at concurrency and I have the honor of being able to not just work in cloud operating models, but also work across DevOps infrastructure back end in general and then really be able to touch almost all of our IT ecosystem, right? So if you. Think of infrastructure, the backbone, the back end. How does that interface and how do we ensure that there’s security built into everything that we do? Across the IT landscape and and both how it impacts the IT organization as well as how it impacts the business. And I’m joined with joined by Daniel. Daniel Stinchcomb 3:12 Hey, guys. I’m Daniel stenchcomb. I’m one of the technical architects here on the concurrency team. I primarily work in the modern workplace, so typically dealing with things like identity technologies and a lot of the defender stacks. So to interest here, things like Defender for identity and enter tend to be my bread and. Butter. I’ve been working with concurrency for coming up on four years. I’ve got a large wealth of diversity across, you know, different technologies in Azure as well, which is where Eamon and I typically work together quite a bit to make sure that we’re delivering on. Modernizing identity infrastructure, moving people from Active Directory to intra and really helping create that journey for a lot of companies. So I’m really excited to be explaining a lot of these technologies. What we learned at some of the airwift pieces. Unfortunately, some of those things are still under NDA. So the best aim and I can do, is give vague mannerisms that you can look forward to future features, but some of these things should be coming up with big announcements for Microsoft soon, and I gotta say, I’m pretty excited for what the future holds. Ayman Mageed 4:14 Yeah, thanks for that, Daniel. I think when we when we step into this concept and identity, I want to start with, go ahead, go ahead with the next slide. I think want to start with the one concept to kind of level set on collectively as an organization as as a team here is. Identity is the heartbeat of your organization. What that means is we have more or less gone away from traditional perimeter of setting up a perimeter firewall and saying, you know, traditionally once you are in to pass the firewall you have free rein, free access to everything within the organization. And we have moved to a. More modern identity based practice. And so that means that securing our identities is the almost the most crucial. Or is the most crucial aspect of today’s. Modern cybersecurity posturing because it allows us to form a foundation for managing the access and the authorizations that are happening within our systems and our data and data protection for all of us is arguably one of the most important things as far as continuing to produce that value. For for the business. And then it’s the central point for determining. Who gets to see what? Who gets to interface with what and how does that? Data get consumed and so because of that there is a strong posture to understanding what we’re doing today in identity. How can we improve it? Where is the organization? Or sorry, where is the industry going in this space and the the one analogy? Cos I just my mind works very well with analogies. Is this one here on the bottom where you know you wouldn’t necessarily invite me into your home and give me? Free access to everything within within your home, including your personal belongings, your your private. Entities, right and so. What I would say similarly is that your business. Should not or, you know, give unrestricted access to your employees once they’re in the building, right? Just because they’re in the building doesn’t mean they need to be able to access every single piece of HR data. Every single piece of payment data, etcetera. And so it’s all about limiting. You know allowing allowing access but then focusing in on the need to know or the the need the functional aspect of what your job and and that employee’s job and capability. Is for that space, so I’m gonna pass it over to Daniel and Daniel kind of go through kind of an overview and we’ll kind of bounce back forth a little bit as we go through this. And then at some point time dependent, we do want to try to. Get into some sort of demo concept just so that we can have a little bit of interactive discussion here with the group. Daniel Stinchcomb 7:01 Yeah. Thanks, amand. So kind of going forward with said, when we look at the idea of using something like Microsoft Intro, we’re talking about modernizing our identity landscape. There’s still plenty of use cases for Active Directory out there. There’s still lots of infrastructure use cases. I know plenty of organizations are still in the process of trying to even upgrade to something like Active Directory 2025. But when we look at the idea of modernizing our security posture with a lot of the cloud technologies that Microsoft’s coming out Entra has a lot to offer. So with intro we get the idea of unifying our security services, which allows us to use things like defender for identity, but also makes it so that we can encapsulate other tools with defender for endpoint, defender for cloud apps, and tell a story about what’s going on with. Our users that isn’t restricted at just the identity layer. Because Microsoft puts everything back on the back end through, you know, graph API, making sure that everything talks together, we get a more seamless I guess security experience. Which actually creates a better user experience. Many of these technologies are adopted with the idea of conditional access policies, where we’re trying to make it so users can be secure without having to jump through several hoops to get access to the data they need to do their jobs successfully, while still maintaining a security post. That can satisfy regulatory requirements and keep our security team from, you know, getting too antsy every time a user’s potentially logging in from home. Additionally, with that protection of organizational assets is becoming. Much easier through automated positions, using things like Microsoft Information protection. Being able to make it so that users can only get access to certain things based off of role based permissions. So RBAC is still alive and well in intra and it’s been enhanced and through intro’s utilization of a flat landscape makes it so that assignment can be more based around the idea of specific users and groups that may need access as opposed to needing to hunt through. Things like organizational units. Needing to worry about nested capabilities. It begins very simplified through intra, which ultimately simplification and security is probably one of the greatest strengths that entra and the whole Microsoft STACK provides. A lot of the key capabilities that we see that come out of Ventra. So again, going back to that integration with security frameworks, you know, we look at the idea of things like Nest CIS, if you have to fall under HIPAA, FERPA, any of those general regulatory authorities, Microsoft’s already usually satisfied. A lot of these requirements on the back end, so whenever we’re talking about organizational security coming into any type of compliance mechanism. Usually we do have the ability to deviate from those things if we’re not careful. But as long as we follow general best practices, we’re usually gonna fall in line with most regulatory authorities because Microsoft bills with security in mind. Now, I mean, Microsoft themselves have said they’re no longer just a software company. They are a security and AI company and they’re putting lots of investment and lots of evolution into making sure that as they continue their journey, everything’s built with security in mind. And so with that, we also look at the idea of identity verification. Identity verification is becoming extremely important, with an increasing trend in things like man in the middle attacks. When we look at the idea of lateral movement, you know there’s so many ways for threat actors to actually get access to a user’s identity these days, and so the. Constant challenge is trying to keep up with threat actors constantly evolving their own ways and using our the technologies that are supposed to be enhancing our security and creating workforce multipliers. Against us and so. All the more reason why when we look at the idea of where do we need to focus on security, the most identity is where you need to focus. So we wanna verify things through practical, but also very advanced models and we’ll get into some of the services that offer how you can enhance your identity verification. And then, of course, what that user has access to, how do we make sure that we’re modernizing? What a user can access once they’ve said that they, or once they’ve proven they are who they say they are, how can we make sure we minimize their access and make sure that at the end of the day they’re not getting, you know, Joe, who’s working frontline at. One of your retail shops doesn’t get access to you know H Rs back end, personnel profiles. We we want to make sure that all this data is separated and secure both from external threats and internal negligence. Ayman Mageed 11:36 And folks there, this is a a topic that Daniel and I could probably do a full day workshop on. And so if there is something specific that you are looking to to get out of this or have any questions, drop EM in the chat and we’ll try to get them and we can even steer the conversation depending on the direction that the chat kinda goes. So feel. Free to do that. Daniel Stinchcomb 11:56 Absolutely. And on top of that too, I wanna make sure that everybody understands like we are, we will make time for some questions at the end of this too. So if you have questions about specific technologies or things that may interest you that come up throughout the conversation, please be sure to track those questions. You know Eamon and I, as we bounce back and forth and try to field some of them, but you know we will try to make time at the end to go through any questions you may have. So we look at the sheer importance of this. You know, it’s no secret to anybody. Buddy, we’re seeing a massive rise in cyber threats. I mean, at the end of the day, it doesn’t seem that we can go a week without someone getting compromised without someone getting breached. It’s almost an inevitability. When we look at things from the idea of a potential breach being an inevitability, it makes it a little bit easier to be able to try to go in and say why do I need to secure this or what do I need to secure because we’re playing a. Game of trying to make it so that we’re as protected as possible, but making sure that if there is a breach, we’re reducing our vulnerability. That’s why identity becomes so important, especially in today’s cloud methodologies. We look at the idea that you are going to be breached, then we become more cognizant of what data is this user going to have access to if they’re breached, how? What are the mechanisms that minimize their ability to move around in my environment once they’re compromised and so? With the constant I guess landscape or just the threats constantly rising, going through the motions, everything’s changing. Rapidly, AI has been huge in this method. I mean, we’re already seeing AI being adopted by the enemy coming at us every which direction and making it so that as fast as we can evolve AI, the threats are evolving with it. And so that’s where things like Microsoft enter comes in. Because Microsoft Entra is also using AI or evolving to use AI to respond to those threats, to be able to make it so that your response team isn’t limited by human interaction. There’s machine interaction there as well. And that’s also going to make it so that we can continue to protect our sensitive information because no longer. Or do we have to rely on the idea of your information protected by your user’s ability to protect it and identify when they’re sending something that they shouldn’t probably be sending outside of the organization, or when they’re potentially sharing a chat? Something like Social Security numbers. We can automate a lot of this. Now we have protections in place through some of the tools that intra and just general defender stack provide that allow us to be able to say OK. That’s not information we need to be sharing. That’s not information that this user should have access to. In general, and we can build in so that antra and defender can work together to be able to say, hey, let’s not allow this to be shared. Let’s block this message before it’s sent. Let’s make it so that the users are aware of the fact that they’re sending bad data, so it becomes not only a prevention tool, but also an education tool which is honestly one of my favorite parts of how Microsoft’s been moving through things lately is when we. Look at the idea of. I know it’s not necessarily a tool related, but if we look at the idea of like a sensitivity label, we can actually make it so that users understand. If they’re potentially putting bad data into an e-mail or a document, we can have them be informed like hey, I noticed you put a credit card number here. Maybe you should apply a better label to this, and that’s also something where the user’s identity can be play a role in that are users able to apply sensitivity labels within basic certain groups. Is that user allowed to access data that’s labeled a certain way? It all plays together and it creates part of their whole cybersecurity story. So what does this mean for the future? Well, we look at the idea of the future identity. We learned a lot of cool things at the air lift. Again, there’s not a whole lot that we can share, but I can tell you throughout the next year we’re going to see a lot through security Copilot Security copilot is going to turn into the way that we receive information, making it so that we can actually create. Data funnels that allow us to pretty much create security analysts that work through the console we can create. Response actions. That are automated using the copilot mechanism. Because we have AI constantly scrutinizing data, it gives us the ability to respond more quickly and potentially even be proactive in a lot of our approaches. When we look at the idea of things like the secure score that you get through a defender, through defender for identity. When we put the idea of putting a copilot agent in front of that type of resource, well, then at that point, now we can make it so that security team can focus on remediation. They can focus on the idea of actually analyzing things from a logistical sense and continuing to enhance your security posture rather than constantly fighting fires. On top of that. Ayman Mageed 16:45 I think one of the greatest aspects of this component and what really stood out to us was the fact that we have always talked about automation. We’ve been talking about automation for at least a decade now, and one of the struggles that we find is that some organizations don’t have either the skill set or the ability to automate at at the scale that they want to. There, there’s a few things few pieces of automation. But when we think about a practical. Assessment that we’re doing when an security. Event happens, I can. I think we can all imagine like a trace route happening. Certain components that we just need to be able to download first before we can start reacting to the incident and. In a. In a like a language model, you’re able to use your native speech essentially and type out what you’re looking for and have security copilot or some sort of agentic model go and do that as opposed to you having to. Set up the automation in in a more technical fashion and so it it doesn’t get rid of that need or that skill set, but it does open up an ease of use for more users so that you can get to that information that’s critical. That’s gonna allow you to react to the real problem, which is the real problem is not that I can or can’t do automation. The real problem is that there’s an incident and I need to be able to react to it. Daniel Stinchcomb 18:11 Absolutely, yeah. That spot on him. And thank you that that that’s absolutely the case. We want to make sure that at the end of the day you have the ability to get the information you need fast, and that’s what AI is going to enable you to do. We’re we’re we’re going to see security copilot continue to have its enhancements. It’s going to integrate with, you know, the typical M365 copilot where you’re going to see data access be streamlined, making it so that you can actually get. Assessments based off of again, when actually hit on something that was really important that I think is. One of the biggest advantages to AI is plain language ability to analyze data. You don’t need to know a special coding language like kql in order to get to the data you want. You don’t need to build advanced scripts, you can just tell AI what are you looking for. Give me an incident. Involving this user OK, this user was working on this device. Have any other users use this device and you can speak plainly to security copilot to be able to get to the root of these things to be able for it to be able to walk you through. Through step by step without having to navigate 3 different consoles without having to pull two different reports or go searching through your seam logs. That’s probably one of the biggest advantages to AI by comparison to most models today. And plenty of tools are offering that, but the big difference between how Andro helps versus what. Something like a just a strictly an AV tool may do is the fact that it’s a holistic picture. When we embrace the whole defender stack we’re seeing. A picture that’s painted not just through your endpoints, not just through your identity system. Not just through your e-mail, it’s looking for the full kill chain. It’s looking for the full picture, saying the user received this e-mail. Open this up on their device and that then detonated on that device, making so devices breached. That device caused XYZ number of user hashes to be intercepted and you can talk through this rather than needing to again switch through three different consoles. Needing to switch between Rapid 7. For your log analysis and being able to having to go to, you know your AV provider. Such as a carbon black for what happened on the endpoint. And then need to try to scroll through endless miles of ad logs to try to figure out where that user’s logged in AI will simplify all of that. Moving past AI, another one of the cool features that’s coming into Antra is Microsoft is really doubling down on the idea of enhancing identity verification. So you may have seen the tool verified ID. I’m not sure how many of you may actually be implementing in that. If you are awesome. If you’re not, I highly recommend you look into entra verified ID. This is a methodology that Microsoft is building more and more enhancements around that are making it so that you can enhance your user experience. And give them control. The role of features that make it so that they don’t have to engage in your help desk, as often they can actually self-service many things and verified ID is becoming just ingrained with so many different pieces to allow users to self manage and reduce risk and att. That’s necessary from your help desk. I can. I got to be very careful with my words here because I don’t believe it’s gone in public statement yet, but I can say that when it comes to verified ID. It’s. I was blown away by the capabilities that it introduces for user management and some of the things that it’s going to be making a streamlined experience also for enrolling and verified ID, being able to use things like your government ID to say who you are, making sure. That you have to take a picture of yourself to verify that you are who you say you are. I think it’s game changing for MFA because that’s going to make it so that we’re going to reduce the idea of man in the middle attacks or tokens being hijacked because. User’s going to have to physically be present in whatever picture they’re taking to actually save who they are. So again, one of those technologies that I highly recommend digging into and if it’s something that you’re interested in, obviously we’d love to talk more about it with you. Ayman Mageed 22:14 I had a really engaging round table discussion with the intro product team on fraudulent identities in their. In their scenario they were talking about like a business to customer scenario where you could have bots that were just flooding your identity provider with fraudulent identities and verified ID was. Daniel Stinchcomb 22:15 Again. Ayman Mageed 22:36 Their go to solution for using something like what Daniel’s talking about, your government ID items that you can’t easily reproduce that can be points of entry for your identity. So like just to be clear, the authentication is still happening through your identity provider. In this case it would be enter ID, right? But the the creation, the registration of that user. Has to go through a more robust process that is less. Likely to be a fraudulent end user which creates significant amount of. Like alleviation of burden in in the in understanding how do I. How do I ensure that there are not no fraudulent users in my getting past my registration phase of of this application or this or this organization? Daniel Stinchcomb 23:29 Yeah, it really is an incredible technology to be investing in. Just be looking into again overall just and also one of the cooler parts about verified ID and I wanna make sure everybody’s aware of this. You can ingratiate verified ID into your own apps. There are APIs that allow, so if you are an app creator, you can actually utilize verified ID in your own app to authorise users to services they may not otherwise have access to. So making it so that users have to say, prove who they are within an application that you’ve developed. For external utilization, is also a huge advantage to using something like verified ID cuz everything’s built for you. You no longer have to go in and create back end resources. Create your own custom code or create your own algorithms for dealing with user verification process. You just ingratiate it into your Azure B2C type connection or B to B depending on how your app’s built and making so that you can build authorizations using Azure verified ID. So the last point to kinda touch on on this slide and kind of takes us into what we’ll be working through for the rest of this session is the idea of how do we get to this modernized strategy. Many of you who may be here or just general organizations. In practice, we want to modernize. How do we get from Active Directory out into antra if we’re already in Andro, how do we ensure that we’re embracing proper zero trust methodologies? I mean, it’s hard. There’s a lot of data out there. There’s a lot of different designs and a lot of different. Methodologies for getting from point A to point B. And zero trust is a methodology. I mean, how do you work in an area where you technically can’t trust anybody? I mean, the whole idea on zero trust is assume compromise. Well, Microsoft’s actually done a pretty good job of trying to road map that for you. So we see here now this is a lot to digest, but it’s also one of my favorite diagrams because effectively this is the idea on Microsoft is already aligned to NIST. And again, similar things exist for CIS for various other regulatory authorities, but we can see all the areas that are filled in under NIS guidelines and what tools actually help in the ANTRASTACT and the defender stack to actually meet every one of these needs. And while there’s a lot here, I want to focus in mostly on the idea of antra. We can see that there are services, meaning the idea of policy enforcement, your identity, credentials, and access management. Going through and using our back for protected resources and so while this seems like a lot, the journey for this has actually been made really easy by Microsoft. Well, I say that subjectively, when I say easy, I’m saying they’ve made it so that we can make a road map for you using their zero trust assessment. And so I’m going to take a break from slides here for a second and instead I’m going to bring up this. This is the Microsoft Zero Trust assessment. This tool makes it so that we can actually road map your environment to actually become a more compliant zero trust ready environment and so all this is generated by using a simple PowerShell script. This PowerShell script looks at your environment and it helps build out the road map for everything you need to do to get into Azure trust security posture. As we go through this, we get broken down to various sections. We’ve got identity devices and data now. I ran this in a test environment of mine, so I don’t quite have all the, you know, bells and whistles and all the services enabled, because I mean, I don’t have a few thousand extra dollars to spend on a loud environment every month. But that being said, it is a good insight into ways that I can potentially improve the security posture of my environment because there’s a lot of things here. Now this is your Rd. mapping tool. This is how we decide. Where do we start? These are all the components that we should be moving through to adopt A zero trust security posture. You can see we’ve got our timeline up here on where we should start. 1st we should be starting with designing conditional access. We should stop buying or building any Active Directory dependent apps. We need to understand our posture before we can move forward. This helped do that. Ayman Mageed 27:49 I think one of the most important aspects of this this was probably my favorite, probably Daniel and I’s favorite part of the entire event. Was this because it is completely free. Daniel Stinchcomb 28:03 Yeah. Ayman Mageed 28:03 It is a component that allows us to have that conversation and overlaying it over NIST security framework really showed that Microsoft has been developing their products to meet all the gaps, so if there was a gap in their in that framework. Where Microsoft didn’t have a solution, they went out and they built something where they made an adjustment of feature to be able to meet that parity with this assessment. Maybe Daniel, if you can hit on like one of the not started and show that there is a third party application option, right? So like as we go through this, it’s not that we want you to only be in the Microsoft ecosystem and that’s the only solution. Microsoft shifted their focus on. We want to protect what you want to protect. Right. And so there is functionality where you can integrate with AWS, GCP, Azure. There is the ability to use some of those third party tool sets that are in the market like Wiz, crowd strike, etcetera. The most important part though is that you have a framework and underst. Of what? Your zero trust strategy looks like because it’s not going to be a, you know, two-month exercise where you know you do 2, you do a few things here and there and then now you’re you’re fully zero trust. Compliant. And so. What what? This allows us to do is to have a very methodical conversation on the different areas. It stems good conversations where we can then have discussions on, well, what do we want to do about password protection or you know, et cetera and and really one of the questions that we have seen is when you start to see a lot of third party tool set. The question does come how do I get that extended? Detection and response context view. If I’m using these different tool sets, how am I integrating these different tool sets to get that single pane of glass? And I’m actually probably gonna call out that. I think single pane of glass was the old buzzword. Context is gonna be the new buzzword. But we every tool set is going to want to enable context across different silos that exist today. I want to know what’s happening in the network and feed that context into the endpoint. Detection tool set so that they are aware and maybe that changes the way that the response is to prevent a threat as opposed to. I only have this information, this information alone is not going to be sufficient for me to block a threat actor and so this allows. Us to start having that conversation and map out that extended context. Daniel Stinchcomb 30:42 Absolutely. Moving through that as well, I want to make sure that this isn’t just being looked at as just a road mapping utility. It’s also an understanding utility. As we run this assessment, it will actually go through and actually look through all of your tenant configurations and it will list them out here. So it’s show you your conditional access policies. It’s gonna show your device configuration policies, so we can actually look at what do we have in motion right now so that we can actually compare and contrast against the road map. And the cool thing about this assessment is it’s not something that you necessarily need to run once and then just, you know, figure it all out as you go. You can rerun this assessment as many times as necessary to be able to get the complete picture of your data as you’re progressing as well. So if you feel like you’ve made an improvement, you can potentially run the assessment again and see where you’re going or where you’re at. And it does give you an assessment so you can see here we do see currently my lab environment as a garbage security score I. Got things I need to work on. Ayman Mageed 31:39 What a hypocrite. Daniel Stinchcomb 31:40 What’s that? Ayman Mageed 31:42 So what a hypocrite. Daniel Stinchcomb 31:43 Yeah, I know. I’m giant hypocrite. I just built this environment man. Give me a break anyways. So as far as this goes, this is just a quick snapshot of what are some of the things that I need to work on. So right here I’ve got a configure conditional access policies for my workloads. That’s an absolute must. One of the cooler features about this too that I particularly like about this tool. I know it’s the details and people are probably going to call me a nerd, but I love that it calls out the license you need too, to complete some of these things. That’s extremely informational to me. So when I’m looking at workload identities, this is a test environment for me. I don’t have AP license. I wanna address this. I need to get that on track IDP one license or I need to get AP2 license to use recommended authentication methods for all my users because I can’t use all authentication methods for my users in this environment because I’m not licensed appropriately. Moving throughout is as well. It’s going to give you the breakdown for every one of those call outs that it makes in the assessment. Going to give you information on where to get more information. It’s a great utility that is offered at no charge to you that takes literal seconds to run, to the point where I’m confident enough I can actually run a brand new assessment right now in the next minute. Now I will say I’ve already installed the zero Trust assessment model, so I don’t got to do that, but that’s literally the only command you need to run. No special repository assignments. The only requirement is that you’re running a PowerShell 7. That being said, once it’s installed, I just have to invoke it. It’ll ask me to sign in. They’ll tell me my authentication is complete and it’ll run the zero trust assessment. Once this is completed. It’s gonna drop it in a folder on my local desktop and from there I can take a look at all the configuration policies I can look at all the information I just went through with you and I can start building out a road map now. This is how. We like to operate in terms of when we’re actually trying to build out some of the discovery and the environments that we’re approaching. We like to get this road map. We like to see what’s going on in the customer environment. Now. You can see it spit out the assessment. Into my personal folder and then I can go in, open it up and I’ll have all this data readily available to me. So if even if you’re running this by yourselves, this is an amazing opportunity to look into your environment and get a reality check on where you’re at with your security posture, in terms of zero trust. Now, even if it’s not just zero trust, this can be a great. Way to figure out what your conditional access policies look like. What your device configuration policies look like and have that full understanding of your environment through really easy to use tool. Ayman Mageed 34:22 I think I do want to give a chance for for questions. One call out here is that I call this A22 phase approach. What Daniel just showed you is the output. The 2nd and probably more meaty discussions that need to happen is actually setting up a workshop and walking through these with the with the appropriate stakeholders so that you can answer do we have a policy for this? Are we following that policy? Do we need to create a new standard etcetera and then from that you know, because we’re always looking for more work, no shortage of work will will come out from this. So we’ll continue to to add on to our backlog here, but then that allows you to be able to prioritize that backlog, have those discussions. Daniel Stinchcomb 34:59 Yeah. Ayman Mageed 35:06 So anybody, even anybody that’s in a either quarterly review or a financial a year end review right now could benefit from running something like this and then setting their road map up. For the upcoming year or the upcoming quarters, to be able to say, well, we know where our gaps are, this is what our plan is to to account for it. We got a question what permissions role is needed to run the zta tool. Daniel Stinchcomb 35:30 So generally, when it comes to running the DTA, there is a list of permissions out there. I can’t list them off top. My head, I will drop a link or I will put a link in the slide deck that will make available after this. That’ll actually take you to the zero trust assessment page that does actually outline what permissions are necessary so it’ll look like this. So I will make sure to drop the link to this. This will put you on the GitHub page for it. Oh, and here we go. Here are your permissions. So generally it’s gonna be just read permissions making it so it is a little bit more privileged in terms of what they get access to. But you can see here it’s mostly graph driven. Ayman Mageed 36:12 Let’s just drop the in the chat. Good question. Daniel Stinchcomb 36:12 Great question. Ayman Mageed 36:16 We are also partnering with the. Product the principal architect that built out this and is working with the actual Microsoft Zero Trust team on the Microsoft side. He has offered to run a few of these alongside us and so great opportunity for us to partner with Microsoft and really see kind of what they. Envisioned this workshop looking like and then us being able to be that. Partner that implements or helps kind of give that insight and and expertise to the discussion. So with that, I think we are near time. Do wanna open up to any any questions. There is a survey that Amy has posted in the chat if you could leave your comments, leave your feedback on there is super helpful also if you’re looking for any sort of. Support. You wanna continue having this discussion a little bit further? There’s an opportunity in there to to ask for that as well. Daniel Stinchcomb 37:16 Indeed. Ayman Mageed 37:17 Any questions, thoughts, comments. Shame Daniel for his high risk level. No. Daniel Stinchcomb 37:28 Oh, I guess the next time I’m just gonna have to come in. That thing’s gonna be at 100%. I’m telling you, I’m not gonna be able to use my environment, but it’s gonna be at 100%. Ayman Mageed 37:34 I think I think I would believe that one less. Daniel Stinchcomb 37:39 That’s fair. Yeah, I I I’m just gonna. Ayman Mageed 37:41 It might be 100, maybe 99.8. Daniel Stinchcomb 37:45 Just a little bit of smidge of vulnerability. Ayman Mageed 37:48 Yeah. And so I think what we’ll be doing guys is and folks is that the next session at some point will will work with Amy. If there’s a specific topic that you are wanting to know more about like defender for cloud, any of the Defender suite purview, you name. It we can take a look at having. Another webinar in that sense, so please do. Daniel Stinchcomb 38:12 And then of course. Anybody on on still on the session know people kinda dropping off? If you want us to help you out with that zero trust assessment. If you wanna make sure that you know you’re looking at things the correct way and help maybe build that road map, please feel free. To reach out to us, we’d love to work through that with you. You know, it’s one of those things where it tends to be an introductory session for us. So there’s really not a whole lot of obligation. The idea of if you just wanna run that and not work through with us to see how we can help or if you want some assistance understanding things. Please let us know. Ayman Mageed 38:48 Alright, with that, thanks so much. Have a good rest of your day and hope you guys can enjoy your lunch. Daniel Stinchcomb 38:54 Alright, thank you everybody.