- Видео 8
- Просмотров 27 100
Adam Brewer
США
Добавлен 2 май 2006
I'm Adam, an Information Security and Compliance Technical Specialist at Microsoft. Join me as I brew up new videos highlighting our tools and how you can them use them to protect, empower, and enable your business.
Azure Active Directory Identity Protection and Risk-Based Conditional Access discussion and demo
Azure Active Directory Identity Protection assigns a risk score to every sign-in to your organization. You can use this risk score as one component of a Conditional Access policy in order to prompt users for Multi-Factor Authentication (MFA), deliver a Limited Session, block the sign-in entirely, or any other control you want to implement.
In this video, we walk through the concepts of Azure AD Identity Protection, build a simple Conditional Access policy, and walk you through a demo of the user experience.
In this video, we walk through the concepts of Azure AD Identity Protection, build a simple Conditional Access policy, and walk you through a demo of the user experience.
Просмотров: 641
Видео
Microsoft Intune App Protection Policies demo and discussion
Просмотров 21 тыс.3 года назад
Most people know that Microsoft Intune is a full-featured modern/mobile device management (MDM) solution across iOS, iPadOS, macOS, Android, and Windows 10. But what many people don't know is that Intune also offers the ability to manage *just* the applications on an iOS, iPadOS, or Android device through the use of Mobile Application Management (MAM). The policies that make MAM possible are ca...
Microsoft Defender for Endpoint and Microsoft Cloud App Security integration -- demo and discussion
Просмотров 8833 года назад
Adam Brewer walks you through the integration between two Gartner Magic Quadrant and Forrester Wave leading solutions: Microsoft Cloud App Security and Microsoft Defender for Endpoint (formerly Microsoft Defender ATP). Microsoft Defender for Endpoint can act as your discovery agent on client devices, helping Microsoft Cloud App Security to ingest your user behavior and understand what kinds of ...
Microsoft Endpoint Data Loss Prevention (DLP) discussion and demo
Просмотров 1,1 тыс.3 года назад
Microsoft has entered into the Endpoint Data Loss Prevention (Endpoint DLP) category, with a new product that's built right in to the Windows 10 operating system. There's no new agent to install, no conflicts to resolve, and minimal performance impact. Plus, it leverages all of the work and investments you've made into the Microsoft 365 Data Loss Prevention service that you're already using to ...
Microsoft Information Protection demo and discussion
Просмотров 2723 года назад
Microsoft has a long heritage of protecting sensitive documents, dating back to technologies like Active Directory Rights Management Service, moving to the cloud as Azure Rights Management Service, adding visual marking and classification of all documents as Azure Information Protection, and finally, to today's Microsoft Information Protection. Microsoft understands that today's organizations a...
Azure Active Directory and Device-Based Conditional Access demo and discussion
Просмотров 5233 года назад
Azure Active Directory and Microsoft Endpoint Manager (including ConfigMgr and Intune) practically grew up together. From the beginning, Microsoft has understood that the interplay of device and identity will deliver the most powerful security control plane as we move to a Zero Trust model. In this video, I discuss the two models of device management that can be used by Azure Active Directory: ...
Microsoft Passwordless with Azure Active Directory: FIDO2, Windows Hello for Business, and more
Просмотров 2 тыс.3 года назад
Learn about Microsoft's trio of Passwordless technologies that are available for use with Azure Active Directory and Windows 10: FIDO2 security keys, Windows Hello for Business, and the Microsoft Authenticator app. I walk through the use cases and benefits of all three technologies, why passwords can never be truly secure, and demonstrate all of them in action.
Microsoft Cloud App Security - Conditional Access App Control demo and discussion
Просмотров 9153 года назад
Microsoft Cloud App Security enables enterprises to add additional monitoring and control of first-party Microsoft and third-party SaaS apps through the use of Conditional Access App Control. This feature puts a cloud proxy between the user and their application, allowing Microsoft Cloud App Security to inspect traffic, and if needed, take corrective action. Azure Active Directory's powerful Co...
I just notest that this video 3 years back - we just start to use MDM and MAM we are very late 😂😂 many thanks
No worries!
Concise! Thanks Adam. 🇰🇪
Thank you
Would the reverse proxy URL also be used for managed/company owned devices accessing the federated cloud app? Is it possible to only utilize that when it is an unmanaged device accessing the federated cloud app?
Yes, it is me
what licnses i need to enable to be able to use MAM?
Daddy, it’s you
hey, we are facing an issue where we need to have an app before we can make a session/access policy in the cloud app defender portal. How do we add this? can we add a generic one so we are able to create the policies? we simply need the policy to reference in a CA policy to use the Certificate for authentication towards Sharepoint.
Hi, can I install personal software in my laptop even thoug is connected to intune?
Why would you need biometric or pin for Outlook? Are Access Requirements really necessary?
Yes. At least on Personal device if some one who knows device password can be stopped from reading corporate data.
On intune installed mobile, if we add multiple accounts to outlook or office or ms teams --- will this info be captured ? Thanks in advance.
Love this adam ❤️ thanks for the info
Who has the permission to label a document? How it’s controlling to prevent data classification labeling?
Im from 2 years into the future and this is the right way to do it.
i cannot understand, maybe you can help, if you can still use normal password autentication(key icon in 5:38) mfa turn useless right?
👍🏼
can anyone let me know about the Screenshot?? Is it possible that we can block screenshots through app protection policy in iOS devices like Android devices
Hi Adam, If i have created a conditional access policy for blocking high risky sign-in user. my question is 1) if this policy is enabled, high risky sign-in user would see what notification screen. 2) It is a false positive case, how to resume that accounts. thanks
Adam can this help my employees log into website URL's without having to log into the site with a user name and password? We sell insurance. So I log into my insurance company(ies) websites. How can this help me instead of using a password manager?
no only for Windows sign on
The video is missing where you talk about assigning the application policy to a user or device, and what requirements there are for it to go into effect on the device. Some discussions around devices already signed into apps that will have the controls applied, vs. Net new devices, would also be helpful I mention that because I'm working through testing MAM-WE on an Android device and it seems like the Company Portal app might be required, though I am not positive.
You create a policy for unmanaged devices first, then you assign to a group with users in it as MAM works at application level, not device level. You then build a configuration for managed apps. If you need to troubleshoot something, go to Apps>Monitor>Application Controls and download a report and filter in Excel. Start small and note, it can take up to 8 hours for MAM to sync changes.
Let’s say there was someone with criminal intent and admin-level privileges on my employer’s IT staff…. What type of damage, hacking, or spying can they do with Intune on iOS/iPadOS? Can they screen capture, remote access my device’s cameras/microphones, keylog an iPad keyboard, read personal texts/emails, access non-work app data (like AppleID/iCloud, banking, medical records, non-work notes)? What type of Big Brother stuff does Intune enable under the worst of circumstances? 🙏
Endpoint Manager is not a spying tool. Yes an admin can enable remote access to a device and depending upon the circumstances, monitor and control. But you'd be well aware of this on an iPad. That being said, what exactly convinced you of criminal intent and theft was to follow?
@@Schnitzer325ci I’ve been paranoid since being at an employer who had a system admin who used their privileges to spy and harass a female colleague. He’s in prison now (for later crimes).
Superb!!!
Thank you. It’s been long since you posted, I haven’t been on YT for a long time too. I hope everything is fine. Stay safe
Why does this not have more thumbs up? This short video gives me more useful info about Intune then the same repetitive "sales pitch" info on the MS website and other YT vids. Thanks Adam.
Hey, really awesome demo was super helpful!
Thanks Adam ! Great video that points the attendee to the most important points. Would be great to have one or two other videos that show "hoe to set up" the policies.
Hi Adam, I'm in the process of testing the app protection policies using the public apps under Microsoft office. However, none of the controls seem to be working. Are there other profiles or policies required?
Check if the device is enrolled with intune and if the user has the required licence.
@@marvinnerio9931That’s literally the opposite of what MAM only is for.
Could you still screenshot the corporate data and share that image elsewhere?
Hello, I've been working with these policies and no, you can't take a screenshot and share it. You can configure a policy so you can't take a screenshot of any kind of content inside the protected applications.
Great video
This is a great overview!
i dont mean to be so off topic but does someone know a way to log back into an Instagram account?? I was dumb forgot my account password. I would love any help you can give me!
@Thiago Kareem Instablaster =)
@Samuel Dwayne I really appreciate your reply. I got to the site thru google and I'm in the hacking process now. Seems to take a while so I will get back to you later when my account password hopefully is recovered.
@Samuel Dwayne it did the trick and I now got access to my account again. Im so happy! Thank you so much, you saved my account !
@Thiago Kareem glad I could help :D
Great demo!
Thanks for sharing this video!
Hi Adam, Thanks for the video. I have set up the endpoint DLP on my tenancy but it wont kick in. I have my pc domain joined with endpoint management. Are there anything else that I have to check? Thanks.