Time
6 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
7

Video Transcription

00:00
the lowest barbarians. Welcome back to the S 3 65 Security Administration course
00:05
I'm your instructor, Jim Daniels.
00:08
And today we're a model to identity and access Lesson three access management
00:14
or to device access.
00:17
Let's get started
00:19
in this lesson. I have the ultimate confidence that you will learn
00:24
how device compliance policies function within intern
00:27
conditional access with device compliance as a signal.
00:31
Remember prior lessons
00:33
we discussed what conditional Isis was We talked about signals
00:37
this lesson. We're going to focus on the vice compliance
00:42
compliance policies defined the settings that should be configured one device
00:48
somewhat like a baseline.
00:50
Either you made it or you don't.
00:52
You have to have something to number one. Set the baseline
00:57
and number two, shake the baseline
01:00
for that and invest for 65. We're going to use intern
01:03
in Tune right now is currently being phased into point manager.
01:08
So whenever I say in tune with the point manager, just know they are one the same
01:15
again. Microsoft loves to update and change names of their cloud services. Ornate right. Your basis
01:22
compliance policies are platform specific.
01:25
If you have a compliance policy for IOS, the voice
01:27
they're not going to run that run on Windows 10
01:30
machine.
01:32
It doesn't make sense
01:34
just to have a standard in a baseline
01:37
for your compliance policy
01:38
For each platform that you have enrolled in the engine,
01:42
here's uncommon device compliance settings
01:47
encryption. You require local data to be encrypted on the device
01:51
Password If you have a minimum lines.
01:53
Were you even required a device to have a password to start with
01:57
threat?
01:57
Maybe there is a mobile threat, defence level or risk analysis.
02:02
Kind of a I type analysis that you won't perform based on actions and configuration of that device Tampering.
02:12
If the device is jail broken were routed.
02:15
You can no access
02:17
of this Min Max version.
02:21
So if there is a mess
02:23
that has security vulnerabilities,
02:24
you can say OK, it needs to be minimal. This s Orson. If you have the other one, your noncompliant,
02:30
you can get access to why you want this conditional access to give you access to until you fix it and you're marked as compliant.
02:39
After you enroll your device and answered begins to sink the details of that device into mentum.
02:46
You can view device information and insane blade on the azure portal
02:51
user and device groups. Static or dynamic
02:54
can be created and assign policies by answer.
02:59
You have to have a population of devices
03:01
before you can create a device group
03:05
to a sign of policy to
03:07
some of the ways you can use device policies you can use. It was conditional access again if then, then that you could make sure condition is met before access is given.
03:17
You can use it without conditional access. If you want to gather numbers and information about your environment devices that are enrolled in the intern,
03:25
it doesn't take any action, but the devices or more
03:29
and the policy. You can see the logs and the analysis of it
03:32
sometimes
03:35
the policies or great to stage
03:38
because you don't want to create it
03:40
and then just enable it without understanding exactly how it's gonna affect your users. That's where a policy without conditional access is really handy
03:52
to toxic. Conditional access with Intern
03:53
Device, based at based
03:57
compliance criteria, is used as a conditional access signal.
04:01
Condition is a compliant isn't not. That's the condition,
04:05
creating conditional access policies based on compliance.
04:10
It's pretty simple,
04:12
so we're gonna get into the Microsoft in point Manager Admin Center were on click on devices
04:16
because we're doing it. Based home devices
04:19
on the policy would go to compliance policy
04:23
when that comes up with cooking policies and create policy.
04:26
Simple is that
04:28
when you create a policy, it'll immediately ask you about the platform because their platform specific right? So in this ring shot, we can choose what platform we want this device policy to apply to.
04:41
For example, we're gonna use IOS compliance policy,
04:45
give it a name, give a description when we go to compliant settings. This is where we can actually take our signals and craft them into a policy
04:54
for this example. We want to block Joburg and devices.
04:59
We don't want them aloud, so we're going to select that as a compliance policy.
05:03
If it's Joe Birkin,
05:05
we don't want it. You're gonna not be compliant as part of this policy.
05:11
Actions for noncompliance
05:14
is we want a market noncompliant.
05:15
We want to say that Hey,
05:17
this job working devices not compliant
05:20
once is Martin noncompliant. Then we can use that
05:25
as a measuring stick, and we can apply the trigger to it.
05:29
We're sign it we have all users a sign and then we're gonna review and create.
05:33
So we're gonna create a
05:35
noncompliant policy for Joe Birkin devices with Iris.
05:41
If you have a android job working device you're rolling into this policy will not apply
05:46
because it doesn't follow under the eye of this platform.
05:49
Quist on. Write me out.
05:53
I cried myself up sometime. You can't picture crystalline me out, right? Right. Me out.
06:00
Hopefully I've got our old room. Yes.
06:02
So I deep saw it. Oh,
06:05
all of that would be wonderful. Quist
06:10
device based and at base for the two types of conditional access with an intern.
06:15
True
06:16
or false? What do you think?
06:18
Great answer is true.
06:21
Four device
06:24
based conditional access
06:25
that is really two times
06:27
and
06:29
device
06:30
monitor and roll devices in tune stores. Audit logs of all activities that generate changes.
06:36
History of devices are available as well as the history of actions
06:41
such as actions by policy
06:44
taken against or for those devices.
06:46
So recaps the lesson
06:48
the vice compliance policies could be using in tune To make sure specific settings or configured
06:55
by spineless, he's gonna have conditional access associations
06:59
or no action associate ID to be a reporting or discovery policy.
07:03
Both have their unique cases and both of beneficial in their own
07:09
in tune audits and logs device events.
07:13
Have you learned a little bit about
07:15
the vice policies?
07:15
Hope to see for the next lesson. Thank you.

Up Next

MS-500: Microsoft 365 Security Administration

The Microsoft 365 Security Administration course is designed to prepare students to take and pass the MS-500 certification exam. The course covers the four domains of the exam, providing students with the knowledge and skills they need to earn their credential.

Instructed By

Instructor Profile Image
Jim Daniels
IT Architect
Instructor