Following on from my previous blog on Microsoft Ignite 2017, I thought it worthwhile wrapping up and summarising what has been a particularly interesting week. Data analytics, Machine learning, AI and Mobility were discussed in a variety of sessions. Office 365 and associated services were also hot topics with much discussion on Office 365 best practice, extending Office 365 using the Graph API and integrating disparate systems using Azure integration services.
The Graph API essentially consolidates a whole bunch of Azure and Office 365 APIs under a single unified endpoint. It provides an excellent set of tools to discover and test API features including the Graph Explorer and a rich set of sample documentation, not to mention SDKs for all the popular developer languages. It really is an excellent example of ensuring the developer experience is meaningful and intuitive. This is something I would like to see more of from other service providers in the market.
Azure AD Pass Through Authentication
Could AD PTA signal the demise of ADFS infrastructure, possibly, one day! The premise for PTA being that authentication is still managed from your on premise AD infrastructure using outbound connections to an Azure Service Bus queue. A simple agent running on the AD server(s) to make an outbound connection to a queue is all that is required. This also ensures that your AD infrastructure and authentication workflow can be deployed in a highly available configuration making outbound connections to a scalable queuing service. This clearly has many benefits, passwords do not have to be submitted across the internet, it uses Kerberos wherever possible ensuring seamless SSO but defaults to username/password. It greatly simplifies your authentication requirements and ultimately reduces the number of services to manage.
Office 365 governance
Governance was a hot topic, here are some interesting and somewhat disturbing statistics from the Microsoft compliance website:
- On average, each employee uses 17 cloud apps, but many organisations don’t know what is in use, or whether these apps meet security, privacy and compliance requirements
- In 91% of organisations, employees grant their personal accounts access to the organisation’s cloud storage
- 70% of the organisations allow cloud admin activity from non-corporate, unsecured networks
- 75% of privileged cloud accounts are not in use. These accounts might be eating up the cost of a license, or worse, increasing the attack surface of the organisation
- On average, an organisation shares 13% of its files externally, of which 25% are shared publicly
Microsoft offer a suite of compliance services:
Azure Data Loss Prevention
To comply with business standards and industry regulations, organisations need to protect sensitive information and prevent its inadvertent disclosure.
Office 365 compliance centre
If your business has legal, regulatory, and technical standards to meet for content security and data use, you’re in the right place. You can also use Office 365 security and compliance features if your business has specific security requirements for controlling sensitive information. In this section, you can also find out how Office 365 uses encryption and other security technologies to protect your data.
Azure Cloud App Security (CASB – Cloud access security broker)
The solution provides a set of capabilities to help companies design and enforce a process for securing cloud usage; from discovery and investigation capabilities, to granular control and protection
Azure information protection (RMS – Rights management system)
Protect corporate data by allowing more secure access to company resources and enabling safe sharing of sensitive information inside and outside your organisation.
In this blog, I have briefly summarised the topics that are relevant, or should be relevant, for any organisation. As we steadily advance to a more open, collaborative model where enterprises are no longer “siloed” and hindered by needless bureaucracy. Indeed, how we utilise, collaborate and integrate with external services and platforms and expose our own digital footprint, drives the governance, security, and management overhead for our environments. This must be balanced against customer experience, brand promise, omnichannel integration and ease of use and will be the tenets on which applications are developed and new experiences created.
Microsoft have made significant investments into its cloud platforms and services, its analytics and machine learning capabilities and the seamless interoperability between Azure and on premise Azure Stack. This results in a powerful set of tools and services for us to build out and host our own products and services or migrate existing ones.