Zero Trust - Zero Gap? Spotlight on (new) uncovered aspects of your CA design

Conditional Access is the heart of Microsoft's Zero Trust implementation as its policy enforcement engine and Microsoft introduces constantly new features to cover more and more use cases and integrations. This includes granular conditions and controls for specific authentication methods, restricted sessions and authentication flows but also new capabilities to re-trigger a policy evaluation.

In this session, we will discuss the latest features and their use cases and also challenges that you may not address in your current ruleset. Starting from automation for deployment, exclusion handling and gap monitoring, up to missing strong policy design to prevent rogue devices or protect privileged users.

The End of Passwords: An Introduction to Passkeys in Entra ID

In cyber security we had and still have a lot of trouble with passwords. They are, as a single factor, insecure or difficult to remember and overall inconvenient. While password managers solve some part of this problem, widespread adoption in the enterprise is not available. In the end nobody loves passwords, except hackers 😜

But 2024 is the year the password dies! At least we hope so.

In this talk we want to show you how passkeys can replace not only the password but phishable MFA factors as well.

We will delve in the basic´s behind passkeys, explain the technology that makes them so secure but also what different kind of passkeys there are.

In this session we will focus on how passkeys fit into Microsoft Entra IDs ecosystem, our favorite identity provider, but many aspects are applicable to other IdPs as well.

But where there is light, there is also shadows. We will discuss the risk some of the passkey implementations might hold for you as an enterprise and will show counter measures to mitigate or minimize this risk.

Let us all make 2024 the end of the password!

Level 200-300 ~45 minutes

Walk the walk - explore ways to ensure strong authentication in real life scenarios

Everyone will agree that a solid set of rules for authentication and authorization is one (if not the) cornerstone of a Zero Trust implementation. Furthermore, everyone actually agrees that device compliance and phishing resistant MFA are the best basic measures to implement with Azure Active Directory Conditional Access.

However, when we look at the status quo of many environments we see a different picture and anyone who has tried to roll out these basic measures to all users in a larger environment knows that this is not an easy task.

This session is based on a lot of project experience and shows a collection of strategies, tactics and tools to make a roll-out efficient and as painless as possible.

Topics: Conditional Access, Authentication methods, Logs, Reports & Workbooks, MFA registration methods / policies, Strong Authentication, Passwordless, Zero Trust

Level 200-300, minimum 45 minutes (better more)

1st AID for EID - how to prevent lateral movement to Entra ID when your Active Directory has fallen

Currently, the biggest threat to an Entra ID tenant in the vast majority of environments comes from the connected Active Directory. Attackers are (currently) focusing heavily on on-prem environments, as these are generally much more difficult to protect and are also in a much worse state. And it's often not far from there to the cloud...

Containment is one of the most important measures in an emergency and usually Entra ID, M365 and Azure are at the top of the list as M365 is very important for crisis communication and Azure can be a good platform for the recovery phase.

In this session, we will discuss the steps necessary to block lateral movement for a full compromise of Entra ID from Active Directory in a reasonable order.

We will then look at your users' accounts, the impact of your actions on their ability to work and how you can make decisions in this situation.

We will also discuss what you can do today to be best prepared for this scenario.

Level 200-300, minimum 45 minutes

Let’s replace your VPN with a real Zero Trust Network Access !

We've spent the last few years modernizing clients, kicking them out of Active Directory and optimizing them to run outside the corporate network. The use of modern protocols, conditional access and the integration of MDE and Intune now enables us to access cloud services with access management that largely complies with the principles of zero trust.

However, when it comes to accessing legacy apps in the old data center world, we unfortunately all too often fall back on the old solutions - perhaps enhanced with some SAML and certificates - and features such as microsegmentation and session revocation are sought in vain.

In this session I would like to discuss and show why Microsoft's SSE solution is so much closer to my understanding of Zero Trust Network Access by explicitly checking every session in the network during its establishment, limiting access to the least necessary and disconnecting in case of a breach.

As a security architect who used to deal intensively with networks and in recent years with identity, I am very much looking forward to a deep dive on the topic of Single SignOn when accessing the OnPrem environment with Private Access.

In addition to the way the technology works, you will learn what needs to be considered during POC and rollout and what differences there are to a classic VPN project.

Level 200-300, minimum 45 minutes