Event banner

Protecting your user identities

Event Ended
Thursday, Apr 13, 2023, 08:00 AM PDT
In-Person

Event details

Explore Microsoft identity security features. From password attacks to token replay, we will guide you through the technologies we have in place to help defenders like yourselves mitigate, investigate and use up to date best practice to protect your users and business.

This session is part of the Microsoft Secure Tech Accelerator. RSVP for event reminders, add it to your calendar, and post your questions and comments below! This session will also be recorded and available on demand shortly after conclusion of the live event.

 

Trevor_Rusher
Updated Nov 15, 2024
Identity
Tech Accelerator
  • Trevor_Rusher's avatar
    Trevor_Rusher
    Icon for Community Manager rankCommunity Manager
    Apr 13, 2023
    Welcome to Protecting your user identities and the Microsoft Secure Tech Accelerator. Let's get started! Have a question? Post here in the Comments so we can help. Let’s make this an active Q&A!
  • SigurdWerner's avatar
    SigurdWerner
    Iron Contributor
    Apr 13, 2023
    It would be great if Windows would allow an order in the Credential Providers. If you still have demand for passwords in limited scenarios, you can't disable the password Credential Provider. So, e.g. in UAC credential prompt Password is always on top and end-users must scroll down and select a different Credential Provider by themselves. Allowing us to put e.g. Windows Hello for Business on top would help the adoption.
    • KoprowskiT's avatar
      KoprowskiT
      MVP
      Apr 13, 2023
      Great Point. I think it is a future which will land in our systems sooner than later. However, many businesses are not ready yet for this. Windows Hello is great - but requires a compliant device. Windows Hello requires as well compliant, modern OS - some of my clients are still working on old OS (from before Vista 8.1 time). I would say: observe the space.
      • SigurdWerner's avatar
        SigurdWerner
        Iron Contributor
        Apr 13, 2023
        On Manufacturing Floors we introduced FIDO2 keys per user, this is even easier since it doesn't net to be setup per device and doesn't need camera or finger sensor so works also on older PC boxes, but of cause w/ a current OS
  • Richard_Horton's avatar
    Richard_Horton
    Brass Contributor
    Apr 13, 2023
    We are currently going fhrough a lift-n-shift migration of on premise AD and Microsoft server in a physical data center to Microsoft Azure. We will continue on premise AD until post migration to convert. How can we get advise on switching to Azure AD and leveraging the Microsoft App MFA and the services shown today for our organization to develop a strategy.? We don;t have an assigned Microsoft Rep at this time.
    • Dan_Istrate's avatar
      Dan_Istrate
      Icon for Microsoft rankMicrosoft
      Apr 13, 2023
      Hi Richard, in order to get the best recommendations and best practices in order to migrate from on prem AD to Azure AD you should try to contact your local Partner that provides you with current assistance, if they cannot handle, they can reach us out for further assistance. We do have a lot of materials and workshops where we talk about the ADFS to AAD migration, your Partner should be able to assist you enrolling to one session, if not let us know so that we can assist.
    • KoprowskiT's avatar
      KoprowskiT
      MVP
      Apr 13, 2023
      Great question. I think the best option would be to hire an external consultant for the day, two or a week. Consultants have knowledge that your org may not have and could help navigate you through the process of moving to the cloud. In my opinion, Lift-n-shift is not always the best approach. Do not know where are you based, but you can start here: https://www.microsoft.com/en-gb/security/business/find-a-partner
  • Dean_Gross's avatar
    Dean_Gross
    Silver Contributor
    Apr 13, 2023
    how can i easily find all of the CA policies in a tenant that have a Session control?
  • Dean_Gross's avatar
    Dean_Gross
    Silver Contributor
    Apr 13, 2023
    I thought that this session was going to be about new announcements from the recent Microsoft Secure event, this seems like a review of existing functionality. Did I misunderstand the purpose of this event?
    • Yochana_Henderson's avatar
      Yochana_Henderson
      Icon for Microsoft rankMicrosoft
      Apr 13, 2023
      Hi Dean, thank you for the feedback. The first half was just some level/scene setting. We are now getting into the new token theft detections/preventions.
  • Trevor_Rusher's avatar
    Trevor_Rusher
    Icon for Community Manager rankCommunity Manager
    Apr 13, 2023

    Thanks for joining us today! We’ll continue to answer questions here in the chat for the rest of the half hour and we’ll check back through the end of the week. Thanks to everyone who was able to join us live - and to those catching up on demand!

    Up next: The value of Identity Governance

  • Deleted's avatar
    Deleted
    Apr 13, 2023
    How does conditional access stand in this comparison, maybe in combination with other methods? Is e.g. username&password + CA comparable to some MFA methods?
    • KoprowskiT's avatar
      KoprowskiT
      MVP
      Apr 13, 2023
      Yes. We can mix all of these features, like checking the risk of the user + checking the risk of the session + forcing the MFA challenge, and then when passed, granting access to the system, application or even document.
      • Deleted's avatar
        Deleted
        Apr 13, 2023
        What I mean is, is CA better than for instance SMS MFA, considering the sim swapping?
Location
Microsoft Tech Community
Date and Time
Apr 13, 20238:00 AM - 8:30 AM PDT