The Azure Security Podcast Episode 105: Azure and Entra ID Security Tools
Nov 22, 2024
Merill Fernando, Principal Product Manager at Microsoft Entra, shares his expertise on open-source security tools designed to enhance Azure and Entra ID security. He discusses recent developments from the Microsoft Ignite event, including FIDO2 authentication and the retirement of older TLS versions. Insights on Zero Trust principles and the new security tool, Maester, highlight the importance of collaboration in tech solutions. Merill emphasizes the urgent need for Multi-Factor Authentication across organizations to bolster security awareness and frameworks.
AI Snips
Chapters
Transcript
Episode notes
Empty Group Policy
- Meryl Fernando helped a customer troubleshoot a conditional access policy that targeted all guests in their tenant.
- The group targeted by the policy was empty, leaving guest tokens unsecured for 10 months.
Securing Entra ID with SecDevOps
- Meryl's experience led him to apply SecDevOps practices to identity and access management.
- He collaborated with MVPs to create Maester, a PowerShell-based test automation framework for Entra ID.
Collaboration is Key for Zero Trust
- Zero Trust requires collaboration across different teams, including identity, devices, SIEM, and security architects.
- Bring all stakeholders together to assess the current security posture and define a Zero Trust roadmap.