Ignite 2019 - Day 3
AzureSecurityComplianceIdentity GovernancePower PlatformWork Management
IgniteProjectSharePointSentinelAzure Active DirectoryMicrosoft Defender ATPData classificationContent labelsEndpoint Manager
On Monday 4th November, Microsoft released new exams including PL900 - Power Platform Fundamentals. As part of Ignite it is possible to take an exam, I figured it would be a good opportunity to take this beta exam. As I booked it in the evening to take it at 07:15, there was no time to revise other than reviewing the syllabus.
The exam isn’t massively difficult, but it does require you to have an understanding of Model Driven Apps and Dynamics 365. There are also, as always, some very strangely worded questions. I reckon I will either scrape through with 801 or fail with 799!
Protecting sensitive information in Office apps and Office 365 services: A deeper look at the latest enhancements
Sensitivity labels are common place in a lot of organisations, but many organisations are yet to implement this essential tool in the security arsenal.
Labels will be used to drive the conditional access policies applied from a content perspective meaning that the factors like the device compliance can be set to be applied to all content with the label.
Making the automated labelling appears to have been a priority as there are several improvements to the UI that make the whole process much more intuitive and easier to interpret.
Once policies are used to apply the labels, a big piece of the puzzle has been the lack of visibility of the number of items with the label. While this capability has been coming, the new interface that was shown had much more useful information presented.
One of the big challenges with information protection has been the support across the different platforms.
Support for multiple platforms is now almost complete which makes for a much better conversation with security and compliance teams.
The power of the new Microsoft Project and Microsoft 365
This session was the first I attended on the new Microsoft Project and, having seen some of the early releases and being passionate amount productivity and task management, my expectations were very high.
This was my first session, but was not my last and I will be putting together a blog about my views of the new Microsoft Project and the integration and extensibility of the solution separately as there is more to write than I can put in to this post.
Endpoint security management with Microsoft Defender ATP and Microsoft Endpoint Manager
This session and the next session were the ones that I watched in “The Hub”. With 10 different sessions all being shown at one time, and having the ability to switch easily between the sound for each of them, it was sometimes difficult to stay focused on a particular session. During the 45 minutes that I was trying to watch about Windows Defender, I was regularly distracted and ended up splicing it together with other sessions including the following session.
SharePoint updates for teamwork: Sites, pages, lists, and libraries
There were a bunch of different UI improvements to make the Modern experience even better, but the clear highlight for me was the ability to link web parts so that selecting an item in one will filter in the other. This was one of the sessions that also had roadmap slides but a disadvantage of being in The Hub was quality of the photos of the slides - I will try to get that information into a later blog.
Modernize your SIEM in the cloud with Azure Sentinel
This was another Hub session so minimal screen shots. It was also a security session so the normal scary numbers were rolled out at the start, the most striking of which was that 44% of security alerts are not investigated!
The fact that so many alerts are not investigated really makes the case for more proactive responses and also for more consolidation of data to produce more insightful alerts. This is where Azure Sentinel comes in.
Sentinel uses log spaces so it can ingest data from all of the Microsoft services easily, but also pretty much any non-Microsoft service, including the security appliances and edge hardware.
This session consisted of 10 steps to modernise your SIEM:
- Collect security data at cloud scale from any source
- Use workbooks to power interactive dashboards
- Leverage analytics to detect threats
And then the feed dropped out :-(
Hopefully the online version of the session will have the full feed.
Govern your workforce and guest user access with Azure Active Directory
This session was close to my heart as I went to pretty much the same session last year and since then have implemented a solution based on guest access, conditional access and access reviews, all automated using Microsoft Flow and Site Designs.
The key message was about how to use Entitlements.
This is an exciting new feature that allows resources to be allocated to Access Packages. Access Packages can then be published to internal and external users and can be managed with approval and reviews resulting in a governed, audited lifecycle of the allocation and revocation of permissions to users.
Not enough organisations know about these capabilities, let alone actually use them.