TCA Podcast Episode 40: "There is one docs place and one training place.."

docs.microsoft.com is the new home for all Microsoft documentation and Microsoft Learn is a free, online training platform that provides interactive learning for Microsoft products - There has been significant investment in these platforms in recent years. We caught up with Erin Rifkin to talk about these platforms, the success of Microsoft Learn and how they’ve grown from 80 to over 700 modules in one year.

For more information on The Cloud Architects podcast, check us out on SoundCloud

Passwordless security and the evolution of authentication

This post was originally published on the ENow Software Blog, you can view the original post here

I still remember the first password I ever had; it was for my GeoCities account in the late ‘90s before they were purchased by Yahoo!. The password was a randomly generated string of six lowercase characters – that was it, no uppercase, numbers or special characters. I memorized it and thought it was great, no one would ever guess that random password – unlike the passwords my friends used, which were usually the name of their girlfriend or their nickname. By today’s standards though, it is clear that a lot has changed since then, and I’d be willing to bet that any decent authentication system would actually prevent you from using such a trivial password.

The trouble is, we have more passwords than ever before – almost everything we do today is connected to the internet in some way and requires a set of credentials. For those of us who work in technology, it comes with the territory and over time we’ve become numb to it through the use of password managers and the like. I recently helped my non-technical brother move into a new home and we had to create at least four different accounts in order to manage the smart home products that had been installed by the previous owner. You may be thinking that this all sounds like a consumer problem and many organizations have solved this problem for their end-users by making use of single sign-on (SSO) technologies and you’d be right to a certain extent. SSO doesn’t solve for human behavior though and password reuse has long been a problem. The 2019 Verizon Data Breach Investigations Report found that 80% of hacking-related breaches still involve compromised and weak credentials with 29% of all breaches involving the use of stolen credentials. A quick look at haveibeenpwned.com reveals that it currently has more than nine billion compromised passwords in its database.In 2004, Bill Gates famously predicted the demise of passwords when he said “There is no doubt that over time, people are going to rely less and less on passwords.” because “they just don’t meet the challenge for anything you really want to secure.” and while it may have taken 15 years for Bill’s prediction to come true, passwordless authentication is starting to become a reality.

What is Passwordless Authentication?

Let me start by telling you what is not - passwordless authentication does not mean that all your user objects will no longer have passwords associated with them, instead it is a type of multi-factor authentication (MFA) that replaces the traditional password with something you have with something you are (biometric) or something you know (pin) provides the second factor. Microsoft currently supports three passwordless authentication options:

  • Windows Hello for Business: Supported on Windows 10 devices.
  • Microsoft Authenticator app: This option is especially convenient for those organizations already making use of the Authenticator app for MFA. Users can sign in on any platform or browser by getting a notification to their phone, matching a number displayed on the screen to the one on their phone, and then using their biometric or PIN to confirm.
  • FIDO2 Security keys: FIDO2 Security keys are hardware keys that are standards-based and are available in many different form factors from a number of different providers. These keys are a great option for those organizations who are unable to make use of the Authenticator app on a mobile device. FIDO2 Security keys also work on any platform.

How to get started with passwordless authentication

In this walk-through, we’ll enable passwordless authentication and configure a FIDO2 Security key for a user called John Smith. For an up to date list of supported FIDO2 Security key providers see this link.The first step required to deploy passwordless authentication is to enable the ‘Combined security information registration (preview)’ in Azure AD. To do this,

  1. Sign into the Azure portal as a user administrator or global administrator.
  2. Go to Azure Active Directory > User settings > Manage user feature preview settings.
  3. Under Users can use preview features for registering and managing security info, you have the option of choosing to enable for a ‘Selected’ group of users which is useful for test scenarios or for ‘All‘ users.

Next, we need to enable the FIDO2 security key method:

  1. Go to Azure Active Directory > Security > Authentication methods > Authentication method policy (Preview).
  2. Under the FIDO2 Security Key method, select, ‘Enable’ and once again you have the option of targeting ‘All users’ or ‘Selected users’.
  3. Don’t forget to Save the configuration.

The final step before being able to sign in is user registration. An important note here: If they don’t have at least one MFA method registered, they will need to add one before registering their FIDO2 Security key. To register your FIDO2 Security key:

  1. Browse to https://myprofile.microsoft.com.
  2. Click Security Info.
  3. Click Add method and choose Security key to add a FIDO2 Security key
  4. Choose USB device or NFC device.
  5. Have your key ready and choose Next.
  6. A box will appear and ask the user to create a PIN and perform the required gesture for the key, either biometric or touch.
  7. Finally, the user will be asked to provide a meaningful name for the key so it can easily be identified if they have multiple. Click Next.
  8. Click Done to complete the process.

Once user registration has been completed, the sign in process is really simple – instead of entering a password you can select the ‘Sign in with a security key’ option as shown in the brief demo below:

As you can see from the walk-through above, getting started with passwordless authentication in Azure AD is really simple, however, it should go without saying that doing this in a large organization would require careful planning and thought.

References: https://enterprise.verizon.com/resources/reports/dbir/

TCA Podcast Episode 39: "Do I really need to monitor Office 365?"

A move to the cloud is almost always accompanied by change. Sometimes these changes are pretty obvious and easy to grasp while other times they are more of paradigm shift - one such shift is in the way we monitor out deployments. Monitoring your tenant and supporting services won’t prevent a service problem, but it will help you to respond proactively when one occurs and let your users know about the problem before they start alerting you. In this episode we’ll talk to Justin Harris, CTO of ENow Software about how monitoring cloud services is radically different from monitoring traditional on-premises infrastructure and why it is important to get it right. We’ll also delve into the built-in tools you can use in your own Office 365 tenant and why you may way to consider augmenting those with some third-party monitoring tools.

For more information on The Cloud Architects podcast, check us out on SoundCloud

TCA Podcast Episode 38: Outlook for Mac - No longer a second-class citizen..

Outlook for Mac has come a long way since it’s humble beginnings as Microsoft Entourage. As avid Outlook for Mac users ourselves, Nic and I were excited to sit down with Alessio and Jessica to talk about the history, the much anticipated new version of the product and how important your feedback is to the team building it!

For more information on The Cloud Architects podcast, check us out on SoundCloud

TCA Podcast Episode 37: "Rumors of the death of email have been greatly exaggerated"

Message transport in Office 365 “Just works” and is often considered to be the plumbing of the service. Despite the rise in popularity of social messaging apps, 62% of business professionals prefer email for business communications and the number of emails delivered daily worldwide is forecast to grow 18% by 2023. In this episode we chat to Kevin Shaughnessy about some of the message transport enhancements and innovation announced at Microsoft Ignite recently.

For more information on The Cloud Architects podcast, check us out on SoundCloud

TCA Podcast Episode 36: All about Microsoft FastTrack

Ever heard of Microsoft FastTrack? FastTrack helps customers deploy Microsoft cloud solutions - customers with eligible subscriptions can use FastTrack at no additional cost for the life of their subscription. We sat down with Jennifer Burdett from the FastTrack Team to talk about what FastTrack is, how you can make the most of this benefit and how partners can compliment this offering.

For more information on The Cloud Architects podcast, check us out on SoundCloud

TCA Podcast Episode 35: Calendar - Outlook's unsung hero!

If you’re like me, your Outlook Calendar is the first thing you look at every morning and the last thing you look at before heading off to bed - days seem to get more and more busy and we need some way to organize and schedule our daily lives. For many of us though, the calendar functionality built into Outlook is something we all take for granted. In this episode, we’ll talk to Julia Foran who is a Program Manager on Outlook Calendar and works on the server-side features that are consumed by the Outlook clients. We talk about Ignite announcements and some of the improvements coming to Outlook Calendar.

For more information on The Cloud Architects podcast, check us out on SoundCloud

TCA Podcast Episode 34: Azure for AWS Professionals

With the explosive growth of cloud services, many organizations suddenly find themselves having to manage multiple cloud environments, either intentionally or by coincidence due to mergers, acquisitions or other such events. With Azure and AWS being two of the most popular choices, we talk to Azure MVP Mike Pfeiffer who is also AWS certified about the parallels between the two services, things to consider when running two clouds and discuss if multi-cloud makes more sense as a transitional state or long-term mode of operation.

For more information on The Cloud Architects podcast, check us out on SoundCloud

TCA Podcast Episode 33: Data warehousing, data lakes and big data with SQLChick

Data warehousing is a massive topic! We’ve all heard of data lakes, data swamps and big data in general, but what does it all mean? We sat down with Melissa Coates (a.k.a SQLChick) in an attempt to gain an understanding of this complex topic and definitely learned a thing or two in the process.

For more information on The Cloud Architects podcast, check us out on SoundCloud

TCA Podcast Episode 32: Adoption vs Consumption (and feeding your kids broccoli)

Adoption is top of mind for many organizations at the moment - be it adoption of a particular workload (like Microsoft Teams) or cloud services in general. Warren and Nic sat down with the always entertaining Tracy van der Schyff to talk about the difference between adoption and consumption and the concept of user empowerment.

For more information on The Cloud Architects podcast, check us out on SoundCloud