What: Microsoft Technology Community – Interactive Overview of Emerging MS Technologies at UW
When: 4/18/2018 1:30-3p
Where: Odegaard 220
Who: Brian Arkills
The focus here will be informal interaction. If you’ve got something you want to discuss, bring it. Lacking audience-provided topics, Brian will bring a set of material on the following:
- Azure AD applications: the power OAuth’s app to app interaction brings & user consent
- Azure AD tokens: how they work, lifetime, revocation, and Azure AD domain join
- AAD Conditional Access: controlling token issuance for an application
- Azure Info Protection: encrypting data with short-lived cloud-issued tokens, labels, and custom protections
- Azure AD Domain Join and hybrid registration: moving beyond on-premises and traditional management
- Windows Hello for Business: FIDO 2.0 compliant MFA finally arrives for Windows! Explore possible directions we may take at the UW to pair this with Duo to bring MFA to the UW Microsoft ecosystem. Important point to explore: Azure AD legacy authentication.
- Roles – Privileged Identity/Access Management & RBAC futures: Important roles aren’t permanently assigned, but instead must be activated just-in-time with resulting tokens that are time-limited. Coming AAD Administrative Units and more flexibility for AAD roles will light up opportunities for more delegation.
- Pass the Hash Mitigations: UW has already deployed ATA and PAM is around the corner, but Privileged Access Workstations (PAWS) are the next frontier. Should we also sync AD pwd hashes to AAD to allow Microsoft to inform us of known compromised username/password combinations?
- I want NETID DCs on public internet. Some level of desire for this gets raised continually. We generally think this is a bad idea for NETID because of the legacy endpoint domain detection process, but Azure AD Domain Services could be a solution.
- Inactive Users (NETID and AAD) update
- InTune service? Starting to think about this …