10 Quick Hybrid Identity Wins

[MUSIC PLAYING] So good afternoon. Welcome back. My thing today is to talk a little bit about hybrid identity, which has become quite the Microsoft buzzword, in particular, specifically everything in this session really focuses around Azure Active Directory. Seven or eight years, ago whenever the last tech was, this was kind of a new thing that nobody wanted to talk about. So we talked about all sorts of fun AD stuff, which oddly enough, I think all still applies but is not nearly as nearly as shiny, so I didn't dig out the slides from last time. Before I get going, one kind of poll question I have, how many of you work for an organization that has Azure AD premium or one of the bundles like EMS or M365 that comes with it? So half-ish, OK. So I will endeavor to call out what requires the premium features-- pretty much everything does on some level. Obviously, Microsoft wants to make money. And if you've been following the news lately, they're doing a pretty good job of making money by selling the stuff. So that's what we'll do. A quick intro-- my name is Brian Desmond. I am a principal of an organization called Ravenswood Technology Group, and we spend a good chunk of our time implementing pretty much everything we're going to talk about primarily for enterprise and mid-market customers, so we should be able to work in a little bit of real-world how this stuff works, as opposed to just some fun stuff on some slides. I've got the Twitter thing on all that. I think I've got a couple thousand followers. I haven't tweeted in years, but you should feel free to follow me in suspense. You never know, but don't get your hopes up. And my email didn't make it on there, but I've got cards. Feel free to grab one at the end if you want to follow-up-- always happy to chat. So before we dive into the fun the cloud stuff. One thing I'd like to talk about is that despite what the salespeople that might come calling on you tell you, everything still starts, especially from an identity perspective, with your on-premises infrastructure, unless you're a really small organization. Maybe that's exclusively in the cloud, but I think pretty much all you probably come from enterprise or thereabout size organizations. So if you don't have a secure foundation with what is probably AS, that whole mess that you have is going to trickle down or up, depending on which direction you want to look at it, to Azure AD. So one of the things that I spend a lot of time talking to my customers about is, how do we make sure that we have that secure foundation on premises so that we can be trusting about what we have in the cloud. So there's a few things around that. Managing privileged access to AD is a really big topic. If you haven't followed the news at all lately, a lot of people are getting themselves into the paper. And a lot of those incidents, at least that we run into, start with really bad hygiene around privileged access. And unfortunately, becomes a wake-up call for people as these things happen. Another one is identity management. If you don't have a solid identity management infrastructure that's provisioning users, that's provisioning groups, that's putting governance around those, as all that synchronizes to the cloud, if what you have on premises is out of date, that infrastructure that you take with you to the cloud is also going to not be up to date-- not going to be timely. And that governance problem just expands two fold from just one place to another. And then of course, as I say that, it sounds like, well, we should spend all this time getting our house in order-- getting things cleaned up. And the answer is probably yes, you have problems. You have technical debt that you need to address. But at the same time, if you've made that investment in cloud services, you're paying every month, whether you're using it or not. So as we look at this, and one the themes for this discussion is, how can we make use of the investment we've made-- get some incremental wins without being completely blocked, maybe with technical debt that we've accrued on premises. And with that in mind, what we see when we do these deployment projects, if we can get really quick wins, we can build a ton of momentum. That creates the foundation to really be able to have a really successful project. The days where we go spend three years implementing a new identity management system, and all the people that are writing the huge checks for this are getting really tired of writing those checks before they even see any value, see any outcomes from that-- Instead, with a lot of these cloud services, because they're super easy to configure, how can we pick one of these features and start getting a lot of value from it really quickly? And that's going to build the momentum that we need to make even bigger investments. And in some cases, longer deployment cycles for some of the more complicated features to consume. So from an Azure AD perspective, one of the first things that we like to tackle is there's the self-service password reset feature that's been there-- one of the early Azure AD Premium features. And this is, of course, from an identity perspective, one of the things that we've been trying to solve, and many vendors have solved in different ways. And it's also really easy to calculate, how much value am I getting from this, if you talk to whichever your favorite analyst is that's coming along. They make a ton of money telling you that it costs probably somewhere between $30 and $100 every time someone calls the help desk and