6 hours 59 minutes
Welcome back, Sudbury ins to the M s 3 65 Security Administration course.
I'm your instructor, Jim Daniels.
In this video, we're still a model to identity and access,
but we're starting Lesson three access management
with part one conditional access.
In this lesson, we're gonna learn what conditional access is how it helps secure your environment,
how conditional access, policies, work
and the principles of the zero trust model.
If this then that if this condition is meant, this action happens,
conditions and actions can be positive. Negative. Working the layered.
You seen the movie, Goonies?
You know what this picture is from
if you haven't seen the movie Goonies, Shame on you,
for this example. Just saw with me
Chung cast to perform the truffle shuffle
as a condition
in order to get in the Mikey's house.
So the condition is when the user
Is the truffle shuffle true or false?
If it's true, he's performed it and he's allowed the action of going into Mikey's house
Conditional access. If this, then that
conditional access is comprised of signals
which include user geo location device, whether the device maybe is compliant. What unless it has road time risk
if it's a risk factors type of analysis in application.
This is just someone of signals that you can use as a foundation for your conditional access.
Every access is
every attended. Access is verified. Based on those signals.
You can either block access, allow access or require M F A
as a second authentication factor before you allow access.
Conditional access policies could be applied based on the vice state application, sensitivity, location and other rules.
Slon We just looked at
this. Is that same slide broken down a little bit more?
These are all signals.
User may be a member of a certain group,
maybe a geo location, maybe a certain i p
The device, maybe if it's marked as compliant, non compliant. If there is an active threat on the device at the platform, maybe it's Windows versus Mac of this.
Maybe he's IOS device. So where goes into a mobile topic? Conditional. Access
all of these different signals, either by themselves or combine and layered
make up an expansive array of conditional access policies that you can create that suits your environment, your organization and your security posture.
So as her 80 conditional Access and Federated Authentication.
When, As Brady has Federated authentication,
the service handles the authentication into Azure 80. Refusing Federated authentication
damp indication doesn't happen in Azure et happens when you're
So if you need to
set up conditional access policies for non m s racist, the final maps
you have to set up via a DFS
that's important. If you just want to have m s straight 65 conditional access policies
you said them right up in that straight 65
zero trust trust no one
basically what it is. Instead of giving people access
and the fun went down, no one gets access
and then slowly verified based on the access that they need.
Explosive verification of every access request if you want access is something is going to verify
least privileged access.
You only get access to do what you need to do for your job.
If your job doesn't dictate it, you will never get access to it. Least privileged. Suggest in Time jit risk based access policies that works with release privilege, access
brief mentality always acts If your organization was breached
80 to minimize the potential damage and that of us. Think semis already inside your network, you need to close off what you can close off that says you're a trust. Those are the three pillars of zero trust
zero Trust with the necessary 65
who goes are three pillars. Each column Explicit verification you can use when this alert. For business, multi factor authentication. Strengthen your past for policies. Conditional access. You extend the management for a moon prim to the cloud within tune or indium
least purples access.
Minimize Adnan assignments.
Regular audits of who has as privileged access
for clothes and then the management pin. We talked about that previously.
Just in time. Controls expiring Rolls Center rolls up to auto expire.
cloud have security. We'll talk about that in the future. Defender. 80 p 03 65. 80 p as your 80 p. That's a lot of 80 piece would talk about all of those 80 piece as well. And as we're in front projection
all of those help with the brief mentality. Pillar off zero Trust.
One tool you may want to use is as your 80 application proxy.
They was access to one premise. Weather applications from a remote client.
The proxy service runs in the cloud,
but the connector runs when one premise server
users are past the sign and token from as rady to weather.
You can replace the need for a VPN or reverse proxy
can use as a radi conditional access for on premise apso. Remember before
where we said, Hey,
if you want one for Miss Applications tohave conditional access, you have to use a D. A office.
Not so fast, my friend.
This is how you get around it.
You don't want to invest in a DFS, but you still have on premise whether applications that you want to do conditional access against this is your answer. As radi at proxy,
you can use it for on premise APS.
It's a proxy
only algo in connection from one premise suffers require, so there's no incoming connection.
Were you paying attention when I talked about zero Trust
What is not a core tenet or core pillar of the zero trust security model?
Assume the breach mentality,
least privileged access
or backup of authentication logs.
What is not a core tenant?
If you said
anything that dear incorrect
dancers de backed up of authentication logs.
That's always a good thing to do. However, it's not a Cortina Zero Trust for zero Trust.
You want explosive verification. You want to always assume you've been breached,
and you won't least privileged access
for your users
to recap this very quick lesson.
Conditional Access takes a variety of signals,
applies criteria to those signals and then forces in action
based upon the results.
Zero Trust model has three main areas. Explosive verification,
least privileged access
and assume you've been breached
as her 80 application proxy allows remote access to one premises application
and then reduces the need for VP and reverse proxy.
Thank you for joining me on this lesson. I look to see you for the next one.