Sander Berkouwer discusses moving away from passwords towards passwordless authentication. He argues that passwords are problematic because they can be cracked, intercepted, stolen or breached. 81% of digital incidents in 2018 involved weak or leaked credentials. 20% of IT costs go towards facilitating password resets. Windows Hello for Business provides a passwordless authentication option using a PIN, fingerprint or authentication app on Windows 10 devices. It supports single sign-on and multi-factor authentication. FIDO 2.0 security keys provide a unique key per application that cannot be reused. Berkouwer outlines Microsoft's journey towards passwordless authentication and the changes needed to processes like Azure AD join that currently rely on initial passwords.
SPSNL17 - Azure AD B2B - Safe collaboration has never been that easy!Anco Stuij
Safe and easy collaboration with third parties, it’s possible for every organization with Azure AD B2B. This solution is even more powerful through integration with Line of Business applications such as Salesforce, SAP, Exact and Dynamics 365. We will show you this during this interactive presentation. After adding a contact in Dynamics 365, a personalized invitation is automatically sent through an Azure Function that invokes the Microsoft Graph invitation manager. Upon acceptance of the invitation, the contact has access to a SharePoint Online customer portal with its own account. After this interactive presentation you have insight into account provisioning via Azure AD B2B in combination with Dynamics 365.
Global Azure Bootcamp 2016 completed recently across the world with a great success and I got an opportunity to deliver a session on this great event hosted in Chennai, India. Uploaded the Session slide deck for you.
SPSNL17 - Azure AD B2B - Safe collaboration has never been that easy!Anco Stuij
Safe and easy collaboration with third parties, it’s possible for every organization with Azure AD B2B. This solution is even more powerful through integration with Line of Business applications such as Salesforce, SAP, Exact and Dynamics 365. We will show you this during this interactive presentation. After adding a contact in Dynamics 365, a personalized invitation is automatically sent through an Azure Function that invokes the Microsoft Graph invitation manager. Upon acceptance of the invitation, the contact has access to a SharePoint Online customer portal with its own account. After this interactive presentation you have insight into account provisioning via Azure AD B2B in combination with Dynamics 365.
Global Azure Bootcamp 2016 completed recently across the world with a great success and I got an opportunity to deliver a session on this great event hosted in Chennai, India. Uploaded the Session slide deck for you.
[Dux Raymond Sy] So you’ve made the decision to move to Office 365 – now how do you ensure your critical business information is secure in the cloud?
In this interactive session, you will learn how to reduce risk and ensure your users do the right thing by employing industry best practices for information governance, risk, and compliance. We’ll also explain how recent enhancements from Microsoft – including Office 365 Security & Compliance Center and Azure Information Protection – as well as other related technologies can help.
This session will empower you to implement proven tactics to ensure your Microsoft Cloud investment meets business needs while protecting your most sensitive data.
ITPROCEED_TransformTheDatacenter_ten most common mistakes when deploying adfs...ITProceed
Active Directory Federation Services (AD FS) is the Microsoft technology to bridge your on-premises Identity systems towards cloud Identity providers like Azure Active Directory. Colleagues depend on a reliable, yet cost effective deployment of AD FS and it’s our jobs as IT Pros to make it happen. This session covers the 10 most common mistakes we see in the field In organizations that have deployed AD FS and performed a hybrid identity deployment. Learn from their mistakes, so you don’t have to make them.
Engage in effective collaboration with Azure AD B2BAnco Stuij
In this time of disruption companies focus more and more on their core business, so the need to partner with other businesses increases. Companies need to easily and securely share access to corporate applications with their partners to engage in effective collaboration. That’s why Azure Active Directory B2B is designed. In this session you will learn everything you need to know about this exciting new feature of Azure Active Directory. In the demo we will share a hybrid SharePoint environment with external partners via Azure AD B2B and compare it with the standard external sharing feature of SharePoint. Afterwards, you will be able to apply this technique with your customers. By using this simple, safe and free solution your customers will be able to collaborate more effectively with their partners. A must have in this cloud and mobile-first era!
During the 24th of October CollabDays BeNeLux, I did a session on the current and new functions for Information Protection. Including endpoint DLP. These are the slides for this session.
FIDO2 : vers la fin des mots de passe ? - Par Arnaud JumeletIdentity Days
L’authentification sans mot de passe est en passe devenir réalité. En effet, Azure AD propose le support des clés de sécurité FIDO2 pour s’authentifier. Connaissez-vous le projet FIDO2 et l’authentification sans mot de passe ? Savez-vous que Windows Hello est un authentificateur FIDO2?
Au cours de cette session, découvrez FIDO2 et les étapes pour aller vers un monde sans mot de passe.
Digital Signatures in the Cloud: A B2C Case StudyiText Group nv
If you are a solution architect, or a business strategist new to digital signatures, this webinar will give you an overview of the components needed to build an end-to-end digital signature solution in-house, including PDF document workflows and document signing certificates.
[Dux Raymond Sy] So you’ve made the decision to move to Office 365 – now how do you ensure your critical business information is secure in the cloud?
In this interactive session, you will learn how to reduce risk and ensure your users do the right thing by employing industry best practices for information governance, risk, and compliance. We’ll also explain how recent enhancements from Microsoft – including Office 365 Security & Compliance Center and Azure Information Protection – as well as other related technologies can help.
This session will empower you to implement proven tactics to ensure your Microsoft Cloud investment meets business needs while protecting your most sensitive data.
ITPROCEED_TransformTheDatacenter_ten most common mistakes when deploying adfs...ITProceed
Active Directory Federation Services (AD FS) is the Microsoft technology to bridge your on-premises Identity systems towards cloud Identity providers like Azure Active Directory. Colleagues depend on a reliable, yet cost effective deployment of AD FS and it’s our jobs as IT Pros to make it happen. This session covers the 10 most common mistakes we see in the field In organizations that have deployed AD FS and performed a hybrid identity deployment. Learn from their mistakes, so you don’t have to make them.
Engage in effective collaboration with Azure AD B2BAnco Stuij
In this time of disruption companies focus more and more on their core business, so the need to partner with other businesses increases. Companies need to easily and securely share access to corporate applications with their partners to engage in effective collaboration. That’s why Azure Active Directory B2B is designed. In this session you will learn everything you need to know about this exciting new feature of Azure Active Directory. In the demo we will share a hybrid SharePoint environment with external partners via Azure AD B2B and compare it with the standard external sharing feature of SharePoint. Afterwards, you will be able to apply this technique with your customers. By using this simple, safe and free solution your customers will be able to collaborate more effectively with their partners. A must have in this cloud and mobile-first era!
During the 24th of October CollabDays BeNeLux, I did a session on the current and new functions for Information Protection. Including endpoint DLP. These are the slides for this session.
FIDO2 : vers la fin des mots de passe ? - Par Arnaud JumeletIdentity Days
L’authentification sans mot de passe est en passe devenir réalité. En effet, Azure AD propose le support des clés de sécurité FIDO2 pour s’authentifier. Connaissez-vous le projet FIDO2 et l’authentification sans mot de passe ? Savez-vous que Windows Hello est un authentificateur FIDO2?
Au cours de cette session, découvrez FIDO2 et les étapes pour aller vers un monde sans mot de passe.
Digital Signatures in the Cloud: A B2C Case StudyiText Group nv
If you are a solution architect, or a business strategist new to digital signatures, this webinar will give you an overview of the components needed to build an end-to-end digital signature solution in-house, including PDF document workflows and document signing certificates.
PKI in DevOps: How to Deploy Certificate Automation within CI/CDDevOps.com
DevOps and CI/CD make for faster code releases, but they also create new challenges for security practices. Think about TLS and code-signing certificates. Almost every component in CI/CD – binaries, builds, web servers and containers – needs certificates to authenticate and verify trust, but traditional PKI processes just can't scale in DevOps environments.
Join Keyfactor and Infinite Ranges to learn how PKI and certificate management fits within the CI/CD pipeline and why an integrated and automated approach is key to success. In this webinar, we'll discuss:
How applications in the DevOps toolchain use PKI (i.e. Jenkins, Kubernetes, Istio, etc.)
The risks of unmanaged or untracked certificates in DevOps environments
Best practices to support visibility, compliance and automation of certificates in CI/CD
MGT300 Using Microsoft System Center to Manage beyond the Trusted DomainLouis Göhl
Numerous Microsoft technologies are now taking advantage of digital certificate-based authentication to enable the support for and management of systems outside trusted networks and domains. Join us to learn how you can use digital certificates with System Center to extend your management capabilities beyond your immediate environment, and enable a single management infrastructure to manage systems and IT services across multiple trusted and untrusted domains.
How EverTrust Horizon PKI Automation can help your business?mirmaisam
Seamless Certificate Lifecycle Automation Hub
RNTrust presents EverTrust Horizon which extends your current PKI(s) capabilities so that you can manage certificate lifecycle automatically. Supporting various automation protocols such as ACME as well as management protocols from a wide range of third party appliances and cloud services, Horizon will take care of the issuance, renewal and revocation of certificates hosted on servers, appliances or in PaaS solutions. Seamlessly integrated in your information system, Horizon allows PKI teams to control certificate lifecycle management, while keeping service administrators in charge of the data of the certificates they need. Check out this video https://www.youtube.com/watch?v=Kurermln7nQ&t=67s
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CloudIDSummit
Rajiv Dholakia, Nok Nok Labs
Basics of how FIDO protocols work, how they fit into the broader identity ecosystem, the benefits of the design and the state of implementation/deployment in the market; appropriate for both technical and non-technical individuals, giving orientation before diving into the details of the specific FIDO protocols.
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...Morgan Simonsen
A common trend in today’s cloud based world is identity driven security. As the name implies this makes user identity really important; user identity is now the key to unlock everything. Building the infrastructure to support this trend is very hard; you bear all the responsibilities and can rely on only your own signal data and threat detection. With Azure AD there is a better way! Come join this session to see how Azure AD Identity Protection is using signals from the global Microsoft cloud, Big Data and Machine Learning to protect your users’ accounts, and also how Azure AD Conditional Access makes it easy to enforce application access policies based on things like location and device. We will show you how to set it all up, what works and what doesn’t and how it integrates with other Microsoft protection services in the cloud, and your existing systems. Come and be safe!
SPS Sydney - Office 365 and Cloud Identity – What does it mean for me?Scott Hoag
Office 365 brings a host of productivity options, but one of the most overlooked components is how we'll authenticate to The Cloud™. With Microsoft Azure Active Directory driving access and authentication to our Office 365 tenants, it is important to understand how we can interact with it. Join us as we explore Cloud Identity, identity federation, directory synchronisation, and most importantly Azure and its impacts on user experience and access Office 365. Throughout this session, we'll answer the questions that impact you and how your decisions around identity shape your Office 365 experience.
Similar to O365Con19 - A Life Without Passwords Dream or Reality - Sander Berkouwer (20)
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
3. Introduction
Sander Berkouwer
I live in the Netherlands
I work at SCCT scct.nl
@SanderBerkouwer
#O365Connect
I have a passion for Active Directory
and Azure Active Directory.
I’m a Microsoft MVP, Veeam Vanguard
and VMware vExpert
I wrote the AD Administration Cookbook
5. Why passwords are bad
Passwords are problematic
They can be:
• Cracked
• Intercepted, shoulder-surfed and phished
• Stolen, breached and re-used
Passwords are in the way
People aren’t designed to remember passwords
Password resets cost organizations lots of productivity
and thus money
6. How bad?
81% of all digital
incidenten in 2018 were
caused by weak, leaked and
standard credentials.
20% of IT costs spent by
organizations is to facilitate
password resets.
7. “Do away with passwords
for day-to-day use”
Password-less
8. What we need (~98%)
Credentials that can’t be reused
Multi-factor Authentication is today’s go to solution
Most organizations use One-time Passwords (OTPs) in text
messages
Authentication methods that are easier to use
Multi-factor Authentication is not easy to use for a lot of
people
Non-crackable, non-interceptable credentials
We need a new way to authenticate
• With local storage of (biometric) credentials
• With Quantum-proof encryption
9. What’s available today, technically
Locations and physical security
On- and offboarding procedures
802.1x network security
Devices
Removing local admin rights
Windows Hello for Business
Applications and systems
Azure MFA and Azure MFA Server
Azure AD Conditional Access
Data
OneDrive Personal Vault
Locations
Devices
Applications
and systems
Data
10. How we’re deploying all this technology
G-SuiteAzure AD
Connect
Azure AD
Active Directory
Domain Services
IT personel
Colleagues
Office 365
On-premises
applications
Remote
access
Work from home
Multi-factor
authentication
required
Multi-factor
authentication
required
Colleagues
12. Windows Hello for Business
Look ma, no passwords!
Password-less, strong authentication
Available on Windows 10
Multi-factor Authentication, by default
PIN, fingerprint, AuthN App are 1st factor
Enrollment, linked to TPM, is 2nd factor
Single Sign-On
14. Deployment Scenarios
Azure Active Directory cloud-only
Upon Azure AD Join, you enroll into Windows Hello for Business
Device registration is performed with Azure AD as Identity Provider
Hybrid
Device registration is performed with Azure AD as Identity Provider
Requires Azure AD Connect, synchronizing all colleagues in scope
Active Directory (on-prem only)
Device registration is performed with Active Directory Federation
Services
Requires AD FS 2016 FBL and 3rd Party AD FS MFA Adapter
Requires Windows Server 2016-based Domain Controllers for key trust
Requires a Certificate Registration Authority for certificate trust
15. Trust Options
Key Trust
Uses the raw key for
authentication
Requires at least one Windows
Server 2016 –based Domain
Controller, and thus:
Windows Server 2016 AD Schema
Windows Server 2016-version Domain
Controller certificates
Certificate Trust
Uses a client-side enrolled
certificate for authentication
No Windows Server 2016 Domain
Controllers required, but:
Windows Server 2016 AD Schema
AD FS on Windows Server 2016
Windows Server 2016 AD FS FBL
Device Registration in AD FS
Certificate for each user/client
3rd Party AD FS MFA Provider
17. Windows 10
device
Azure
Active Directory
1 2 3 4
How is a FIDO authentication different?
Kerberos
authentication
FIDO 2.0
authentication
Domain-joined
Windows device
Active Directory
Domain services
1 2 3 4
1. KRB_AS_REQ
2. KRB_AS_REP
3. KRB_TGS_REQ
4. KRB_TGS_REP
5. KRB_AP_REQ
6. KRB_AP_REP
5
6
7
1. Hello
2. Nonce
3. (Nonce)WHfB Key
4. PRT, ID, ST
5. PRT
6. AccessToken
+RefreshToken
7. AccessToken
5 6
Windows 10
device
Azure
Active Directory
1 2 3 4
3
Or: Federation
TPM
3
TPM
3
4
1
2
4
4
1. Request
2. Challenge
3. (Challenge)Private Key
per application
4. (Challenge)Public Key
PRT, ID, AccessToken,
etc.
Windows Hello
authentication
18. FIDO 2.0 gaining traction
The Dutch Cybersecurity Center (NCSC)
advises FIDO 2.0
- Koen Sandbrink, Advisor at NCSC, during his talk
"We Are Going to Kill Passwords (or at Least
Try)“ during the One Conference, October 2019
Source
21. What if…
Everybody uses password-less authentication?
We’ll be moving from password resets to PIN resets
Passwords expire, but people no longer use them regularly
Expect an increase in password resets, until…
Everybody has their passwords cleared
How do we do Azure AD Join without a password?
How do we provision people without an initial password?
… loads of processes will need to be redesigned
23. Windows Hello for Business
Authentication method that is safer and more secure
Authenticate using a PIN, your finger or your face
Authentication with Windows Hello is multi-factor
authentication
Non-crackable, non-interceptable credentials
Storage of (biometric) information is local
When using federation: token-based Single Sign-on
Credentials that can’t be reused
When you use FIDO 2.0 keys you get a secure key per service