[Archived] Teams Real Simple with Pictures: Deploying Microsoft Entra Internet Access in Preparation for Teams

Ok - 17 days to the holiday and counting! But before I get to a beach on the Atlantic one of the things I really wanted to do is ensure I get the opportunity to get a blog down on Microsoft Entra Internet Access. I think it's going to be an important solution moving forward. So this begs the question - what exactly is it? And why do I think it's important? Microsoft Entra Internet Access (MEIA) is part of Microsoft Entra Global Secure Access service defined as 'securing access to Microsoft 365, SaaS, and public internet apps while protecting users, devices, and data against internet threats...". Announced alongside Private Access at the Microsoft Entra moment prior to Inspire back in July, it's an '..identity-centric, device-aware, cloud-delivered Secure Web Gateway (SWG)' which is part of Microsoft's SASE/SSE strategy alongside Defender for Cloud Apps. Chances are you've already seen something like this from the likes of Z-Scaler and Palo Alto. But this is Microsoft's proprietary gateway built right into Microsoft Entra. That's awesome. But aside from being a net new proprietary feature what's its value? The importance of the SWG is, amongst other things, its ability to prevent attacks such as token replay attacks and attacker in the middle (AITM) attacks by ensuring conditional access to Microsoft 365 services through compliant networks and endpoints. Therefore, as attacks are becoming more sophisticated and we are seeing things such as token theft to breach tenants, or bypassing MFA, new defences such as a SWG are as timely as they are necessary. For me? This could become as fundamental as MFA and Conditional Access. Now at the time of writing this solution is actively being developed and Teams itself isn't supported. But we know it will be. And it will be soon. The point is this shouldn't be a blocker to implementation - it'll still cover Exchange, SharePoint, OneDrive and other things such as the Graph so let's not wait - let's get it in for Teams. So this blog is an exploratory one. It's the tip of the iceberg and you'll want to investigate your own scenarios, read others blogs and bear in mind that whilst for Windows only, it'll cover more in the future. I know this is something that we'll be collectively working on and writing more about in the future.

[Archived] Teams Real Simple with Pictures: Making Teams Just in Time with PIM for Groups

So I booked a holiday to Gran Canaria last week. The positives: time with the family, late summer sun, changing it up with the scenary and a great package and price. Negatives: it's on 20th September so large parts of my workload are now super time sensitive. It's going to be wild. For real. But here on the bank-holiday weekend in the UK I've got a little time to write: and today I have decided to do it on the idea of making Teams Just in Time (JIT) which, I guess, is a concept very applicable to my own situation. So why would we do this? Well, one of the issues we have in Teams is that we don't need access to all Teams all the time, and also we have access to Teams that sometimes we don't need to have access to all the time. In other words, there could be reasons why we need Just in Time access, and not need whats called standing access. For example, I need to access a Team for a day in order to access specific assets in that team, or apps built within that team. I am sure you can think of your own. Now, we could go down another route and use Entitlement Management, Access Packages and Access Reviews right? Yeah, we could. But let's say I only want to give access for a specific period of time, to do something specific and then the user is removed and has to apply again to be added to it, and that's all auditable at the same time. This is where PIM for groups will come into it's own, especially where Entra ID roles are group specific. A team which shows for a specific period of time to do what's needed and collaborate with others, and disapears again when the time limit is reached. I personally think this one is worth exploring as it could really change the way we think of Teams.

[Archived] Teams Real Simple with Pictures: Implementing System Preferred MFA

Ok time is of essence! There is a ton on. Corp wise. Community wise. You may have seen it on social this week that Teams Nation is coming back. Yes, Vesku and I were asked many many times. And yes, we decided to get onboard that crazy train again. But whilst it may seem like an eon away given it's February 2024 and a million things will happen between now and then; you'll have to believe me when I say that I'll soon be sitting here the weekend prior doing last minute speaker checks. So this week is a real quick one. And it's really following on from the blogs on Entra that I have covered the past few weeks. This is looking at System Preferred MFA in the context of Teams. So what is it? By definition, 'System-preferred multifactor authentication (SPMFA) prompts users to sign in using the most secure method they registered'. In other words, if you have registered Authenticator and SMS as two methods to sign-in using MFA then SPMFA is going to prioritise the more secure method which is Authenticator over SMS. It doesn't stop the choice of the other, but it does set precedence when signing into an app such as Teams or into the Microsoft 365 portal. Why is this important? Two reasons. The first is as described - it sets the most secure sign in method and that's ultimately what we as admins want to see for our users in Teams. The second is that by setting precedence, this could facilitate user behavioural change over time, with a view to removing less secure registered methods in the future. Now this feature should be set to enabled by default in time, but today in my Ring 4 test tenant it's set to Microsoft Managed. Could be lit up. May not. But it's not enabled. So here's a twist. Lets enable the methods for Authenticator and SMS, then enrol to MFA, then enable System-preferred MFA by default. Just for laughs, but also because I have a nice fresh tenant after my old one went into grace 😀

[Archived] Teams Real Simple with Pictures: Launching an Attack Simulation in Teams with Collaborative Security

It's done. Vuzion is now Infinigate Cloud. And from my own practice perspective the Teams, and the SharePoint Sites have been rebuilt. The lists, and the flows, and the loops, and the Power BI reports. And all has been migrated. There has been legal to do. There has been some architectural to do. There has - truly - been an obscene amount of DevOps tasks. And there has been burndowns the like of which could very much be considered ones for the ages. But it's done. And I never intended to go six weeks off of the blog, but neither did I anticipate having to practically suspend my community and MVP inputs whilst I had to focus and hone in on what needed to be done on the business end. Now, I am very much looking forward to the next few years at Infinigate Cloud. In the immediate future whilst I am holidaying out on the Isle of Wight with the family, I am looking forward to simply writing this blog. It's going to be about launching attack simulations within Microsoft Teams which is part of the new Collaborative Security functionalities announced at Secure and which is currently in preview. This'll need Microsoft Defender for Office 365 Plan 2, of which Attack Simulation Training (AST) is a part, and whilst I'll only run through a straightforward credential harvest, I hope that it will whet the appetite enough for you to go on and test it and explore more. One note right off the bat - in the context of Teams messages are defined strictly as private 1:1 chat messages. No group chat. No channels. No guests. For now.