Sr. Product Manager
Understanding the Enterprise Attack Surface
Attackers have a number of ways to compromise your organization, ranging from web application attacks down to our users. The attack surface is vast, and the ability for an attacker to find one system and move laterally to others increases exponentially the further down the exploitation cycle an attacker gets. Active Directory plays a large role in many organizations and is often the method attackers use to piggy back single-sign-on and centralization in order to access a plethora of systems. This talk will dive into the various techniques attackers use in order to compromise an organization and how to best effectively prioritize and combat the threats we face today. Let's dive down into attack patterns, how they work, and how to best design your organization in a way that combats the threats we face today.
Founder & CEO
Q&A Panel with Sean Metcalf
Microsoft Certified Master, Founder & CTO
Trimarc Security, LLC
Q&A Panel with Randy Franklin Smith
Windows Security Subject Matter Expert
Hybrid Active Directory Security
Protecting Office 365 with Azure AD Conditional Access
With your data in Office 365, how can you control when, where, and how your users access data? Azure AD conditional access is a critical part of Microsoft’s answer to protecting Office 365 tenants and even third-party applications. With conditional access, you can make decisions like ensuring your users are using company issued devices, restricting downloads from SharePoint when using personal devices, inspecting documents in real time with Cloud App Security, or only allowing access to email from approved apps. In this session you’ll learn how the conditional access engine in Azure AD works. We will walk through creating conditional access policies for common scenarios and review how to troubleshoot them when something goes wrong. You’ll walk away with the knowledge you need to start enforcing effective controls to protect Office 365.
Ravenswood Technology Group
Best Practices for Hybrid Identities with Azure AD
As organizations embrace digital transformations through the cloud, a hybrid enterprise infrastructure is emerging as mainstream. Come and join the Microsoft Identity Engineering team to learn patterns and best practices from the largest and most complex enterprise scenarios all over the world using Azure Active Directory to simplify, optimize and secure on-premises environments with cloud-powered Identity Services.
Principal Program Manager
Senior Program Manager
AD in the Cloud: Untangling the Security Implications of the Many Variations of Hybrid AD
AD and the cloud is simple right? Just install Azure AD Connect to link your on-prem AD to Azure AD and you are good to go, right? If only it were that simple. What if you have cloud resources and users in different sovereign jurisdictions? You have to build into your risk planning that some of these jurisdictions have very different laws are sometimes at odds your organization’s main country. You can easily create a situation where a foreign government can access resources in your native country’s data centers or even on-prem networks because of credentials that replicate or sync to cloud resources on their soil.
And if you have more than a few VMs in the cloud, things get more interesting. Because you are going to want to manage them with group policy and Azure AD’s group policy capabilities are just beginning to bloom. And you probably hope to have single identity management. Then again, if you VMs are in different jurisdictions the risk complexity level goes up again. And availability factors in to these decisions too because you can inadvertently nobble cloud resources that are ostensibly highly available by a simple WAN connection outage between them and your domain controllers.
Here are some of the decisions you have to make as more of our resources are in the cloud
• For other regions with sovereign security concerns, will you use your existing Azure AD or stand up a new one?
• New domain or extend your existing domain across VPN/ExpressRoute connections?
• If extending your domain, will you place DCs in the cloud or depend on the VPN/ExpressRoute to carry authentication traffic
• If you deploy new domains, will you synchronize user identities (and credentials) or, especially in the case of foreign jurisdictions, fall back to requiring users to have multipole accounts – either way is a tradeoff of risks
In this session we’ll dive into the arcane and subtle details of security dependencies between DCs, domains, forests, synchronization, replication and the other issues that arise in a global hybrid AD environment.
Randy Franklin Smith
Windows Security Subject Matter Expert
Hybrid Cloud Security
Cloud services are exploding in popularity and more organizations are taking advantage of economies of scale that cloud provides every day. Often the move to the cloud is pushed at the executive level and operations and security are left trying to figure out how to properly operationalize their cloud footprint and security posture. The reality is that companies can fully move into the cloud and on-premises applications and systems will remain. This configuration is reasonably referred to as "hybrid"; in the cloud and not at the same time. Hybrid cloud requires integration and communication between the remaining on-prem infrastructure and the new(er) cloud services. This talk explores hybrid cloud scenarios highlighting security implications and concerns as well as providing recommendations. Also covered are scenarios that appear to subvert typical security and protections which involve federation configuration, Identity Access Management (IAM), and interaction between SaaS and IaaS.
Microsoft Certified Master, Founder & CTO
Trimarc Security, LLC
Aligning AD Security Best Practices to the MITRE ATT&CK Framework – Identifying and Protecting Where You’re Most Vulnerable
While the state of cyberattacks are constantly morphing, the environment in which an attack takes place limits activity down to a common set of threat actions. The use of Active Directory as an asset to threat actors is an effective tool to propel ransomware, island hopping, espionage, and data theft attacks forward to a “successful” end.
So, what steps should you take to secure AD to stop aiding the bad guys?
In this interactive session, join cybersecurity expert and Microsoft Cloud and Datacenter MVP, Nick Cavalancia, as he discusses the recent state of cyberattacks and how using the MITRE ATT&CK Framework as a guide can help to identify where you are most vulnerable and dictate real-world AD security best practices that can be implemented to keep AD from being a cyberattack asset.
Microsoft Datacenter and Cloud MVP, Founder and Chief
FIDO2 in Hybrid Environments
Have you ever wondered how Microsoft implements FIDO2 in a hybrid environment? Join Aakashi Kapoor and Pamela Dingle as they tour through everything an architect needs to know about WebAuthn, CTAP2 and the internal workings of Microsoft's hybrid FIDO2 implementation. You'll walk away understanding the security model and the integration steps needed to get you started, with demos and discussion of how FIDO2 can fit in the context of a multi-factor authentication strategy.
Senior Program Manager
Director of Identity Standards
Hiding In the Cloud: How attackers can use application consent for sustained persistence and how to find it.
Applications are modernizing. With that, the way permissions for these applications are granted are also changing. These new changes can allow an attacker to have sustained persistence in plain sight if we don’t understand how these work and where to look. What’s the difference if an application has permissions or an application has delegated permissions? Why did that admin account consent to that application, should I be worried? Is that application overprivileged? I have thousands of apps, how do I account for this? In this session we will look to demystify and bring clarity to these questions. You’ll understand these new application models and how they can be abused for sustained persistence, how these permissions work and what overprivileged looks like and finally, how to find them in your environment.
The Ins and Outs of Office 365 Sensitivity Labels
Office 365 Sensitivity Labels support marking and encryption of confidential information and are supported by the Office apps (desktop, online, and mobile). They’re a great way of protecting the most important information within an Office 365 tenant and when sharing content with partners. But before you can use sensitivity labels effectively, you should understand the good and bad points of the technology and build a plan that works for your organization. Following this session, you’ll understand how sensitivity labels work, their relationship with Azure Information Protection and Office 365 apps (including SharePoint Online), and what needs to be done to build a deployment plan.
Microsoft Office Apps & Services MVP, Consultant
Redmond & Associates
It’s Time to Modernize Your Company FAQ with a No-Code Bot in Microsoft Teams
The thought of creating a bot may sound like a daunting task to anyone without a technical background. I know as a developer when I was tasked with writing a Question and Answer bot I was apprehensive as to what all it would entail. It turns out the process is extremely simple and requires no technical abilities whatsoever. In fact, after creating the bot it struck me that the Question and Answer bot is the ideal bot to replace your company’s FAQ. We all have them. Frequently Asked Questions. Have you ever found a FAQ usable though? It’s a lot of search and reading and unless you search for the exact right keyword then you may not even find what you are looking for.
Attend this session and learn:
- How ANYONE can create a QnA Bot and deploy it to Teams
- How to source FAQ information from spreadsheets, web pages, and other sources
- How to take advantage of AI Cognitive Services to determine user intent when they ask questions
ALL without writing a line of code! It’s time that you modernize your company’s FAQ
Microsoft Office Apps & Services MPV,CSO
Power Apps Form Building Essential Tips
In SharePoint, lists are commonly used to create simple request forms, and do quick collaboration on lists of items. Power Apps is a powerful tool in Office 365, with one of its capabilities being form customization. Business requirements for forms and processes can become complex, or sometimes forms just need a nice touch with some visual appeal and company colors. PowerApps is a powerful tool that can be used to customize the look of forms, and add logic. There are a few important tips to know about, so that you can save time, and design forms in the most efficient way. In this session, learn how to use the form control, along with many pro tips, such as common form logic functions and curb appeal. In this session, Laura Rogers will build a Power Apps form in a live demo of a travel request form, which will include examples of form logic, such as showing and hiding fields per data conditions, pre-populating user information fields, and dynamic controls and validation.
SharePoint & Power Apps MVP, CEO
Teams Governance Quickstart
Teams Adoption can quickly get out of control. In this session we'll cover best practices and proven techniques on settings, configuration, and customer implementations of Microsoft Teams. We'll explore governance techniques and tactics that work to handle archiving, provisioning, lifecycle management, and successful deployment. No matter where you are in your deployment we'll help you understand what success looks like and how to get there.
Microsoft Office Apps and Services MVP and Regional Director
Policy, Alerting and Control with Microsoft Cloud App Security
Microsoft Cloud App Security (MCAS) is a hugely powerful tool that not only alerts you to bad activity, but also allows you to control what happens next.In this session, we’ll explore MCAS in depth with live demo. Using policies we’ll create here we can manage attacks, use behavior issues and more. Do you re-confirm identity or suspend the user or something else? I’ll also show how to create MCAS policies from your activity logs. This results in better security and alerting on what’s important to you.
Microsoft Office Apps & Services MVP, Consultant and Business Owner
Office 365 Advanced Threat Protection Deep Dive
Want to know how best to trace account compromises? Learn how to do automated incident response? Test if your phishing protection is as good as can be? Want to know if your email is protected from ransomware and other threats? Are you fully using the ATP P1 or ATP P2 license that you have now? In this session we’ll do a deep dive on configuration mistakes that can lead to more attacks, and how you can investigate how you are getting attacked to better protect yourself. We’ll also showcase the CIsecurity.org Office 365 benchmarks and showcase how you compare to best practice recommendations.
GSEC and Microsoft Security MVP
Askwoody.com and CSOOnline.com
Tackling the No. 1 corporate vulnerability used as an exploit: Email
With email being the world’s No. 1 most common exploitation method, system administrators and architects need to understand the scope of the problem. In this session, we will examine the fundamental reasons why email is such a problem in the current security landscape, common exploit methods within cloud or hybrid environments, and what we can do within Office 365 to help protect ourselves and the organizations for which we work.
Principal Technology Strategist
Migration & Modernization
What is the Cost of Migrating to SharePoint On-Premises or Office 365?
Thinking about migrating to SharePoint On-Premises or Office 365? Then you probably want to know how long and how much it is going to cost. Unfortunately, there’s no silver bullet to answer this question. This is because there are several variables influencing the cost of your migration, and understanding the values and how they apply to your organization will help in determining an accurate estimate. Often, companies underestimate the complexity and level of effort required for a smooth and successful migration. After performing dozens of migrations each year, this session is going to share the variables you need in developing a cost and time estimate for migrating to SharePoint On-Premises and Office 365.
Microsoft Office Apps & Services MVP, Practice Manager
Upgrade from Skype for Business to Teams
Many enterprises still have a Skype for Business deployment (either on-premises or online), and have also started adopting Microsoft Teams for chat, voice and video collaboration. You want to move to a single platform, but are unsure about the impact and migration strategies. In this session we will be covering:
- Introduction to the Teams upgrade process
- Starting & planning the journey
- Upgrade scenarios, options, & end user experiences
- Configuring the upgrade process
- End state – Teams-only experience
Microsoft Office Apps and Services MVP, Senior UC Product Architect
Microsoft Office Apps and Services MVP, Principal Architect
WaveCore IT Inc.
Rethinking your SharePoint deployment with SharePoint Online and Office 365!
If you're migrating from SharePoint on-premises or considering implementing SharePoint Online this is the session for you! This isn't the SharePoint on-prem you know, it's new and improved, and bigger than imagined. Migrating from on-premises to the cloud isn't a lift and shift ... there are many legacy features you need to reconsider in the world of SharePoint Online and Office 365. This session will discuss:
- When a SharePoint site isn't just a SharePoint site - legacy team sites, modern team sites, Office 365 group sites, Microsoft Teams team site, hub sites, communication sites, and home sites. So many sites!
- When to use legacy SharePoint apps (lists/libraries) and when to consider applications in Office 365.
- How to transform classic pages to modern client-side pages.
- How to hubify your site collections and embrace a flattened new world.
Microsoft Office Apps & Services MVP
Surviving Office 365 Tenant to Tenant Migrations
You have just been informed that your company has acquired a series of companies that are using Office 365 and now you need to move each to a single, enterprise Office 365 tenant. It’s just cloud to cloud and how hard can that be? Maybe more difficult than it first seems! Take a deep breath and don’t panic, in this session we will cover how to prepare for a tenant-to-tenant migration, common pitfalls that are often overlooked, and share industry best practices that will help you with this mountain of a task.
Quest Professional Services
How to Modernize SharePoint: The Good, The Bad and The Ugly
Using the new Microsoft 365 cloud collaboration services sounds simple, but in reality modernizing infrastructure is time-consuming, out-of-scope or inefficient. Regardless of your organization’s size or source environment, successfully moving into Microsoft 365 Intelligent Workplace requires industry best practices that’s been tested and proven time and again, especially around pre-and post migration tasks. It`s by far not enough just to trigger a migration tool. In this session, we’ll reveal insider tips on how to effectively move sites, templates, workflows, Apps, documents libraries from legacy SharePoint on Premises into SharePoint Online Modern Experience. You’ll also learn how to avoid all of the pitfalls that come with database detach and manual migrations, so you can make the most out of your migration and be on your way. We are going to show you where free migration and assessment tools from Microsoft can help you and for which scenarios and requirements you need more advanced services and tools.
Microsoft Office Apps and Services MVP
You've been handed an Active Directory migration project to manage. Now what?
Mergers, acquisitions, divestitures. These are just a few of the reasons an organization would undertake an Active Directory migration. Point A to Point B, what could be easier, right? Not necessarily. This session will cover the preparation activities, general tasks involved, and the sequencing of those tasks to ensure a successful migration. We will also discuss the additional activities to ensure items like “remote only” users, servers\applications, and Office 365 integration are properly addressed and identified as part of your planning.
Senior Project Manager
Quest Professional Services