What: Microsoft Technology Community – Interactive Overview of Emerging MS Technologies at UW
When: 4/18/2018 1:30-3p
Where: Odegaard 220
Who: Brian Arkills
More Info:
The focus here will be informal interaction. If you’ve got something you want to discuss, bring it. Lacking audience-provided topics, Brian will bring a set of material on the following:
- Entra ID applications: the power OAuth’s app to app interaction brings & user consent
- Entra ID tokens: how they work, lifetime, revocation, and Entra ID domain join
- Entra ID Conditional Access: controlling token issuance for an application
- Azure Info Protection: encrypting data with short-lived cloud-issued tokens, labels, and custom protections
- Entra ID Domain Join and hybrid registration: moving beyond on-premises and traditional management
- Windows Hello for Business: FIDO 2.0 compliant MFA finally arrives for Windows! Explore possible directions we may take at the UW to pair this with Duo to bring MFA to the UW Microsoft ecosystem. Important point to explore: Entra ID legacy authentication.
- Roles – Privileged Identity/Access Management & RBAC futures: Important roles aren’t permanently assigned, but instead must be activated just-in-time with resulting tokens that are time-limited. Coming Entra ID Administrative Units and more flexibility for Entra ID roles will light up opportunities for more delegation.
- Pass the Hash Mitigations: UW has already deployed ATA and PAM is around the corner, but Privileged Access Workstations (PAWS) are the next frontier. Should we also sync AD pwd hashes to AAD to allow Microsoft to inform us of known compromised username/password combinations?
- I want NETID DCs on public internet. Some level of desire for this gets raised continually. We generally think this is a bad idea for NETID because of the legacy endpoint domain detection process, but Entra ID Domain Services could be a solution.
- Inactive Users (NETID and Entra ID) update
- InTune service? Starting to think about this …