1 00:00:00,000 --> 00:00:09,600 Welcome to the Azure Security Podcast, where we discuss topics relating to security, privacy, 2 00:00:09,600 --> 00:00:13,280 reliability and compliance on the Microsoft Cloud Platform. 3 00:00:13,280 --> 00:00:15,680 Hey, everybody. 4 00:00:15,680 --> 00:00:17,360 Welcome to episode 105. 5 00:00:17,360 --> 00:00:20,760 This week is myself, Michael, with Mark and Sarah. 6 00:00:20,760 --> 00:00:22,960 And our guest this week is Meryl Fernando. 7 00:00:22,960 --> 00:00:27,360 He's here to talk to us about that kind of Entra ID and some of the tooling that he's 8 00:00:27,360 --> 00:00:29,600 worked on over the years. 9 00:00:29,600 --> 00:00:32,800 But before we get to our guest, let's take a little lap around the news. 10 00:00:32,800 --> 00:00:34,800 Sarah, why don't you kick things off? 11 00:00:34,800 --> 00:00:37,240 Well, it'll depend when you edit this. 12 00:00:37,240 --> 00:00:42,640 But at the time we're recording this, it is next week, it is Microsoft Ignite. 13 00:00:42,640 --> 00:00:47,880 So depending on when you listen to this, that might have already happened. 14 00:00:47,880 --> 00:00:52,960 If it has already happened, then we will upload lots of sessions on YouTube so you can watch 15 00:00:52,960 --> 00:00:54,400 them later. 16 00:00:54,400 --> 00:00:59,120 If it hasn't happened, then of course, remember that the in-person tickets are sold out, but 17 00:00:59,120 --> 00:01:01,600 you can still watch the live stream for free. 18 00:01:01,600 --> 00:01:06,120 For better or worse, you'll get to watch me doing some of the interstitial programming. 19 00:01:06,120 --> 00:01:09,840 That's what it's called, the bits in between the exciting bits. 20 00:01:09,840 --> 00:01:11,760 But I get to interview some cool people. 21 00:01:11,760 --> 00:01:14,420 So of course, go check out Ignite. 22 00:01:14,420 --> 00:01:21,880 And if this is post-Ignite, which is the 18th to 22nd of November 2024, you can go and catch 23 00:01:21,880 --> 00:01:23,520 up on sessions online. 24 00:01:23,520 --> 00:01:27,040 And of course, there's lots of announcements about things. 25 00:01:27,040 --> 00:01:29,000 That's all I can say. 26 00:01:29,000 --> 00:01:30,480 So go and check that out. 27 00:01:30,480 --> 00:01:32,320 So that's my first one. 28 00:01:32,320 --> 00:01:37,160 That's taking up a lot of my time at the moment, pretty much every waking hour, actually. 29 00:01:37,160 --> 00:01:40,880 Then next up, we have support for FIDO 2 authentication. 30 00:01:40,880 --> 00:01:44,760 In fact, our guest probably knows more about that than I do. 31 00:01:44,760 --> 00:01:51,360 But we're of course supporting pass keys for passwordless authentication. 32 00:01:51,360 --> 00:01:55,240 We're all trying to move there and non-fishable creds. 33 00:01:55,240 --> 00:01:59,600 So of course, the more you can use that, the better. 34 00:01:59,600 --> 00:02:04,760 And then finally, last but not least for me, confidential containers are now in public 35 00:02:04,760 --> 00:02:07,980 preview on Azure Red Hat OpenShift. 36 00:02:07,980 --> 00:02:12,080 So we love a confidential container because it means that it's cloud-native confidential 37 00:02:12,080 --> 00:02:15,600 computing and there's a trusted execution environment. 38 00:02:15,600 --> 00:02:20,780 So you can have everything nice and secure and it runs in its own little enclave, I believe 39 00:02:20,780 --> 00:02:22,380 is the correct word. 40 00:02:22,380 --> 00:02:23,800 So go check that out. 41 00:02:23,800 --> 00:02:27,160 If that's something you're interested in using. 42 00:02:27,160 --> 00:02:29,000 And that's me done for the news. 43 00:02:29,000 --> 00:02:30,000 All right. 44 00:02:30,000 --> 00:02:31,120 I have a few items. 45 00:02:31,120 --> 00:02:37,360 The first one is there's now REST endpoints, REST APIs for managing private endpoints in 46 00:02:37,360 --> 00:02:38,680 Fabric. 47 00:02:38,680 --> 00:02:44,140 This allows you ultimately to help sort of automate and streamline workflows because 48 00:02:44,140 --> 00:02:48,120 now you have access to these APIs, which historically you didn't have. 49 00:02:48,120 --> 00:02:51,440 Next one is Application Insights, Availability Tests. 50 00:02:51,440 --> 00:02:56,000 TLS 1.0 and 1.1 is being retired. 51 00:02:56,000 --> 00:02:59,880 This will take effect, I believe, March the 1st, 2025. 52 00:02:59,880 --> 00:03:02,240 So you do have plenty of time. 53 00:03:02,240 --> 00:03:05,760 But at the end of the day, that day is going to creep up on you. 54 00:03:05,760 --> 00:03:09,840 And if you're not ready for it, then any client code that you have that's not using TLS 1.2 55 00:03:09,840 --> 00:03:12,320 or 1.3 is going to break. 56 00:03:12,320 --> 00:03:13,320 There's no fallback at that point. 57 00:03:13,320 --> 00:03:17,400 And in fact, there's going to be a note as well because there's another item, which is 58 00:03:17,400 --> 00:03:24,360 just an overarching update on the retirement of TLS 1.0 and 1.1 across various Azure services. 59 00:03:24,360 --> 00:03:29,200 Again, this is something that you're going to see across every single Azure service. 60 00:03:29,200 --> 00:03:34,320 So you really need to start working on all your clients, verify that your client code 61 00:03:34,320 --> 00:03:36,920 is using TLS 1.2 and above. 62 00:03:36,920 --> 00:03:40,520 What that really means from a programmatic perspective is make sure you're not hard coding 63 00:03:40,520 --> 00:03:45,400 things like TLS 1.0 and 1.1, or you're using, for example, really, really old runtimes 64 00:03:45,400 --> 00:03:51,400 or really old versions of browsers or operating systems or mobile operating systems that don't 65 00:03:51,400 --> 00:03:54,360 support TLS 1.2 and 1.3. 66 00:03:54,360 --> 00:03:58,280 The original announcement for this was actually made in November the 10th, 2023, so a year 67 00:03:58,280 --> 00:03:59,280 ago. 68 00:03:59,280 --> 00:04:05,200 So I'll give you a list or a link to a page that just has some updated information about 69 00:04:05,200 --> 00:04:08,520 how you can make sure that you're ready for this transition. 70 00:04:08,520 --> 00:04:12,940 I think the overarching transition is going to be end of August 2025. 71 00:04:12,940 --> 00:04:18,240 But again, things in the rear vision mirror are closer than they seem. 72 00:04:18,240 --> 00:04:22,960 So yeah, don't do nothing about this. 73 00:04:22,960 --> 00:04:25,240 When the time comes, stuff's just not going to work. 74 00:04:25,240 --> 00:04:27,520 Okay, that's all I have in the area of news. 75 00:04:27,520 --> 00:04:33,680 So in my world, kind of piggybacking off of what Sarah was talking about, I will be at 76 00:04:33,680 --> 00:04:34,680 Ignite as well. 77 00:04:34,680 --> 00:04:37,800 So I'm going to be speaking on the Friday there. 78 00:04:37,800 --> 00:04:42,580 I'm going to be talking about the top 10 Zerotrust controls that you can implement today. 79 00:04:42,580 --> 00:04:47,200 So I'm very much focused on actionable guidance for Zerotrust there. 80 00:04:47,200 --> 00:04:52,440 And I'm going to be sharing the stage actually with someone from NIST, Maruja Supaya, as 81 00:04:52,440 --> 00:04:56,720 well as from one of our customers in a large Swedish bank. 82 00:04:56,720 --> 00:05:02,520 So really excited to be presenting with Maruja and Ulf and talking through what they've learned 83 00:05:02,520 --> 00:05:05,920 on their Zerotrust journey and their actionable tips as well. 84 00:05:05,920 --> 00:05:14,760 The other thing that happened recently was I spoke at the Open Group Conference in Houston, 85 00:05:14,760 --> 00:05:15,760 Texas. 86 00:05:15,760 --> 00:05:22,000 And we kind of unveiled our vision for what we're setting out to solve with those security 87 00:05:22,000 --> 00:05:23,000 standards. 88 00:05:23,000 --> 00:05:27,440 For those that aren't aware, I'm the security forum chair for the Open Group. 89 00:05:27,440 --> 00:05:32,280 So help guide and steward those standards and figure out what we need to be doing there 90 00:05:32,280 --> 00:05:34,120 and all that kind of stuff. 91 00:05:34,120 --> 00:05:40,560 And very interesting kind of a different role for me to be working through that. 92 00:05:40,560 --> 00:05:44,520 And I figured, hey, if I'm in the role, I might as well do something good with it. 93 00:05:44,520 --> 00:05:47,840 And so we're working on filling the gaps, building on existing standards, kind of connecting 94 00:05:47,840 --> 00:05:52,040 the dots and addressing some of the things that just aren't addressed or aren't addressed 95 00:05:52,040 --> 00:05:53,840 well in industry. 96 00:05:53,840 --> 00:06:01,280 So things like mapping it to the defenders to the attackers activity, defining the security 97 00:06:01,280 --> 00:06:06,560 roles in sort of a relatable kind of normal way, just connecting the dots between a whole 98 00:06:06,560 --> 00:06:07,560 lot of things. 99 00:06:07,560 --> 00:06:08,560 So got some exciting stuff. 100 00:06:08,560 --> 00:06:12,840 We'll have some webinars that we'll be doing here in the next couple of months probably 101 00:06:12,840 --> 00:06:16,160 to kind of reprise that on a live broadcast medium. 102 00:06:16,160 --> 00:06:18,000 So that's the main stuff. 103 00:06:18,000 --> 00:06:21,000 And I'll throw in a few links to some of the existing Open Group standards for folks to 104 00:06:21,000 --> 00:06:22,000 check out. 105 00:06:22,000 --> 00:06:24,200 But that's all I've got. 106 00:06:24,200 --> 00:06:30,320 So now we're going to move on to our guest, Meryl Fernando, who is a principal product 107 00:06:30,320 --> 00:06:32,440 manager in Entra. 108 00:06:32,440 --> 00:06:37,720 He also lives in the same town as me, but ironically, when we're recording this, he's 109 00:06:37,720 --> 00:06:39,400 actually in Sydney. 110 00:06:39,400 --> 00:06:41,960 So Meryl, welcome. 111 00:06:41,960 --> 00:06:47,200 Do you want to tell us, well, quickly introduce yourself to our listeners and tell us a bit 112 00:06:47,200 --> 00:06:48,200 about yourself. 113 00:06:48,200 --> 00:06:49,680 Thanks a lot, Sarah. 114 00:06:49,680 --> 00:06:52,680 So I'm super excited to be here as a guest. 115 00:06:52,680 --> 00:06:54,280 My name is Meryl Fernando. 116 00:06:54,280 --> 00:07:01,600 I'm a CXP, or customer experience, principal product manager in the Microsoft Entra team. 117 00:07:01,600 --> 00:07:08,160 And I love building tools and helping the community and connecting folks in the community 118 00:07:08,160 --> 00:07:11,760 in cybersecurity. 119 00:07:11,760 --> 00:07:19,240 And I spend way too much time than I should on LinkedIn and Twitter and Blue Sky and all 120 00:07:19,240 --> 00:07:21,160 the social media accounts. 121 00:07:21,160 --> 00:07:22,200 That's me. 122 00:07:22,200 --> 00:07:26,920 So while we're talking about what we're going to talk about on this episode, one thing that 123 00:07:26,920 --> 00:07:32,200 became abundantly obvious is that you've worked on a lot of tools over the years. 124 00:07:32,200 --> 00:07:33,760 So we're going to talk about some of those tools. 125 00:07:33,760 --> 00:07:38,480 So let's just get started with the first of those tools, which is Maester. 126 00:07:38,480 --> 00:07:43,040 So my first question is, what on earth is Maester and what does it do? 127 00:07:43,040 --> 00:07:44,040 Thanks. 128 00:07:44,040 --> 00:07:45,040 Yes. 129 00:07:45,040 --> 00:07:49,040 So I'll tell you a story because that's how I like to introduce all these different tools. 130 00:07:49,040 --> 00:07:51,440 They always start with some story. 131 00:07:51,440 --> 00:07:56,080 So with Maester, I was helping a customer. 132 00:07:56,080 --> 00:07:59,360 They were going through troubleshooting some conditional access policy, and we were trying 133 00:07:59,360 --> 00:08:01,000 to work through that. 134 00:08:01,000 --> 00:08:04,720 And while we were looking at that, we just realized that they had a CA policy. 135 00:08:04,720 --> 00:08:09,480 They had targeted for a group, like all the guests in their tenant. 136 00:08:09,480 --> 00:08:14,400 And that group, they had a policy which said guests need to sign in every day because they 137 00:08:14,400 --> 00:08:19,280 could be coming in from unmanaged devices and their tokens could be stolen and they 138 00:08:19,280 --> 00:08:20,840 needed to secure it. 139 00:08:20,840 --> 00:08:27,800 So they had created this policy and they thought it was all good and their tenant was secured. 140 00:08:27,800 --> 00:08:32,360 But about 10 months ago, someone had gone in and either they deleted the group or they 141 00:08:32,360 --> 00:08:35,100 just cleared out all the users in that group. 142 00:08:35,100 --> 00:08:36,600 So this policy was sitting there. 143 00:08:36,600 --> 00:08:40,720 They thought the policy was working, but there was no protection for them. 144 00:08:40,720 --> 00:08:46,160 The guests were happily signing in and staying on with long-lived tokens, which could be 145 00:08:46,160 --> 00:08:51,480 stolen as we know, and people could be replaying them and their tenant was not secure. 146 00:08:51,480 --> 00:08:58,040 So this got me thinking about how I can bring some of my DevOps, SecDevOps practices to 147 00:08:58,040 --> 00:09:05,580 identity and move the industry forward in applying SecDevOps practices to identity and 148 00:09:05,580 --> 00:09:09,320 things like the control plane and conditional access. 149 00:09:09,320 --> 00:09:15,400 So I got together with a few MVPs, Fabian, who had created something for Sentinel based 150 00:09:15,400 --> 00:09:18,240 on PowerShell Pestor testing framework. 151 00:09:18,240 --> 00:09:25,120 And Thomas, his name is another MVP in Germany who did a lot of Entra config settings, like 152 00:09:25,120 --> 00:09:27,560 how to harden your environment. 153 00:09:27,560 --> 00:09:33,160 So we got together and we built out Maester, which is like a PowerShell based test automation 154 00:09:33,160 --> 00:09:34,160 framework. 155 00:09:34,160 --> 00:09:37,280 We started with Entra, but it's like we launched in March last year. 156 00:09:37,280 --> 00:09:40,640 It's grown so much that we have people contributing. 157 00:09:40,640 --> 00:09:45,580 We have like 50, 60 plus contributors, bought 200 plus checks. 158 00:09:45,580 --> 00:09:47,240 People have written ready-made checks. 159 00:09:47,240 --> 00:09:53,400 I built it for writing tests for your own config, but people have started plugging in 160 00:09:53,400 --> 00:09:58,280 like the CESA tests for Exchange, for Azure, for Intune. 161 00:09:58,280 --> 00:10:04,120 And so it's become this huge open source framework and folks are starting to use it in really 162 00:10:04,120 --> 00:10:10,120 new and innovative ways to make sure their cloud config is what they think it is. 163 00:10:10,120 --> 00:10:14,560 But not hoping that no one went in and made a change that they don't know about. 164 00:10:14,560 --> 00:10:15,560 So that's Maester. 165 00:10:15,560 --> 00:10:19,120 So, Meral, I do have to ask, where does the word Maester even come from? 166 00:10:19,120 --> 00:10:20,120 Cool. 167 00:10:20,120 --> 00:10:21,120 Yes. 168 00:10:21,120 --> 00:10:22,840 So Maester comes from the Game of Thrones. 169 00:10:22,840 --> 00:10:30,520 And for those who watched the show or read the books know that Maesters in the Game of 170 00:10:30,520 --> 00:10:36,280 Thrones world, they were the learned people, the wisest folks. 171 00:10:36,280 --> 00:10:39,100 That's who people went to to get advice. 172 00:10:39,100 --> 00:10:44,000 And they lived in this tower with a light, with a fire that always kept burning and they 173 00:10:44,000 --> 00:10:45,280 held all the knowledge. 174 00:10:45,280 --> 00:10:51,840 So I needed something that I could get the domain on and something that people could 175 00:10:51,840 --> 00:10:52,840 easily remember. 176 00:10:52,840 --> 00:10:57,720 So yeah, all of that combination came together. 177 00:10:57,720 --> 00:11:03,520 I didn't want to name it Microsoft Cloud Security Test Automation Framework, which would have 178 00:11:03,520 --> 00:11:04,920 been the typical name. 179 00:11:04,920 --> 00:11:09,200 So we just came up with Maester for that. 180 00:11:09,200 --> 00:11:12,880 I may actually be the only person in the world who has not seen Game of Thrones or read the 181 00:11:12,880 --> 00:11:15,080 books, but it is what it is, I guess. 182 00:11:15,080 --> 00:11:19,220 So Michael, you're not alone in not having seen or read Game of Thrones. 183 00:11:19,220 --> 00:11:25,400 So you have company, so at least two of us on this podcast share that. 184 00:11:25,400 --> 00:11:30,680 So something that's near and dear to my heart is I really love the work that your team has 185 00:11:30,680 --> 00:11:36,200 done on the Zero Trust workshop that recently was announced and released publicly. 186 00:11:36,200 --> 00:11:39,640 So can you tell our folks about that? 187 00:11:39,640 --> 00:11:40,640 Yes, absolutely. 188 00:11:40,640 --> 00:11:45,040 So the team that I'm in, I'm part of the Entra product group and we focus on Entra and we 189 00:11:45,040 --> 00:11:50,800 help customers deploy Entra, secure Entra, harden it, you know, what are the right conditional 190 00:11:50,800 --> 00:11:54,800 access policies, what they need to do and how they can plan out. 191 00:11:54,800 --> 00:12:00,480 Because a lot of our customers don't know how like they've got Entra when they got M365. 192 00:12:00,480 --> 00:12:06,120 They don't really, they haven't really done the work to go through and look at how they've 193 00:12:06,120 --> 00:12:09,080 deployed, whether they've deployed all of the features that are there. 194 00:12:09,080 --> 00:12:14,200 Like my day job is literally getting folks to deploy and use the features they've already 195 00:12:14,200 --> 00:12:17,520 paid for and secure their tenant. 196 00:12:17,520 --> 00:12:25,240 So I'm from the Entra team and we have counterparts in the Intune team, in Defender, in Purview, 197 00:12:25,240 --> 00:12:27,400 like the whole of the security org. 198 00:12:27,400 --> 00:12:31,840 Our day job is helping a lot of our customers deploy things. 199 00:12:31,840 --> 00:12:36,800 And what we found out over time is we had a lot of knowledge in what someone needs to 200 00:12:36,800 --> 00:12:37,800 do. 201 00:12:37,800 --> 00:12:42,080 Like we could go through and ask questions and then come up and say, okay, you need to 202 00:12:42,080 --> 00:12:44,120 do this first before you can do this. 203 00:12:44,120 --> 00:12:49,000 For example, if you want to do like device compliance checks in conditional access, then 204 00:12:49,000 --> 00:12:52,400 you first need to do hybrid join or Entra join. 205 00:12:52,400 --> 00:12:56,320 And then, you know, you might not have configured the Connect Sync properly. 206 00:12:56,320 --> 00:12:59,160 So you need to do that first if the devices are not being synced. 207 00:12:59,160 --> 00:13:02,320 So there's a sequence to do things. 208 00:13:02,320 --> 00:13:03,320 And we knew it. 209 00:13:03,320 --> 00:13:05,280 We could just explain it to people. 210 00:13:05,280 --> 00:13:08,600 But most folks didn't know where they should start. 211 00:13:08,600 --> 00:13:14,160 And Zero Trust has always been people sell it as, you know, just deploy this one product 212 00:13:14,160 --> 00:13:15,960 and you have Zero Trust. 213 00:13:15,960 --> 00:13:20,880 But it's like a more holistic thing that you would need to do, especially the Microsoft 214 00:13:20,880 --> 00:13:21,880 Security Suite. 215 00:13:21,880 --> 00:13:23,600 We have so much. 216 00:13:23,600 --> 00:13:26,600 And folks don't know where they should begin. 217 00:13:26,600 --> 00:13:32,840 So that's how we came up with this idea of let's help people and make it really short 218 00:13:32,840 --> 00:13:35,680 and succinct and give them a blueprint. 219 00:13:35,680 --> 00:13:42,840 Let's help them assess and give them a roadmap for the next like two to three years on how 220 00:13:42,840 --> 00:13:50,600 they can be well deployed with a proper Zero Trust framework across all of the products. 221 00:13:50,600 --> 00:13:55,280 And so that's how we got together and started brainstorming ways how we can do this. 222 00:13:55,280 --> 00:13:59,680 And we really wanted to scale it like it was not scalable with me doing like two or three 223 00:13:59,680 --> 00:14:02,280 customers at a time. 224 00:14:02,280 --> 00:14:08,480 We wanted it to help our whole industry move forward in adopting these practices. 225 00:14:08,480 --> 00:14:13,480 So the Zero Trust workshop, we just launched it last week. 226 00:14:13,480 --> 00:14:18,480 And there are lots of options people can self-serve and go through the workshops. 227 00:14:18,480 --> 00:14:22,840 We do like one to two hour workshops with each pillar in Zero Trust. 228 00:14:22,840 --> 00:14:28,080 Right now it's launched with identity devices and data. 229 00:14:28,080 --> 00:14:29,440 And we plan to add the others in. 230 00:14:29,440 --> 00:14:31,640 So it could be a self-service thing. 231 00:14:31,640 --> 00:14:35,960 It could be you could bring in a Microsoft partner who we trained on and they can help 232 00:14:35,960 --> 00:14:37,240 guide you through. 233 00:14:37,240 --> 00:14:41,960 It can be through our teams like Microsoft Fast Track, etc. 234 00:14:41,960 --> 00:14:45,440 You can reach out to Microsoft account team and they can help you with that. 235 00:14:45,440 --> 00:14:49,800 And for our own customers who we manage, we run these as well with them. 236 00:14:49,800 --> 00:14:56,560 So at the end of these workshops, they get like a ready-made customized map of what they 237 00:14:56,560 --> 00:14:57,760 should do. 238 00:14:57,760 --> 00:15:01,880 It's broken down into first, then next and sort of guides them. 239 00:15:01,880 --> 00:15:05,400 So they have it's really useful. 240 00:15:05,400 --> 00:15:10,120 Some of my customers got like funding from their stakeholders by showing this. 241 00:15:10,120 --> 00:15:16,400 And they were able to then actually go ahead and implement it over the next two years. 242 00:15:16,400 --> 00:15:22,320 So we've been running this in private preview for about two years and refining it with like 243 00:15:22,320 --> 00:15:26,960 70 plus large customers who gave us a lot of feedback. 244 00:15:26,960 --> 00:15:30,320 And it's a continuous like it's a living thing that we're building. 245 00:15:30,320 --> 00:15:36,680 And we're going to keep on evolving this as new threats come on board and we have new 246 00:15:36,680 --> 00:15:39,720 features and so on. 247 00:15:39,720 --> 00:15:44,720 So that's aka.ms slash ztworkshop. 248 00:15:42,840 --> 00:15:47,840 If I can add on there, one of the things that just always fascinates me about security, 249 00:15:47,440 --> 00:15:52,440 because we also have a set of workshops that we deliver through our unified around the 250 00:15:51,000 --> 00:15:56,000 security adoption framework or SAF. 251 00:15:53,200 --> 00:15:58,200 And those generally hang out at the architecture level and at the program and metrics and 252 00:15:57,320 --> 00:16:02,320 success and architecture and how it all fits together kind of thing. 253 00:16:01,200 --> 00:16:06,200 But then there was this entire layer that we missed that your team did a great job on 254 00:16:06,200 --> 00:16:11,200 sort of, okay, what are the technical features and capabilities that need to be turned on? 255 00:16:10,080 --> 00:16:15,080 And then of course there's the how to actually turn them on. 256 00:16:11,960 --> 00:16:16,960 And it's just one of the things that I'm always amazed at is just how complex security is 257 00:16:16,360 --> 00:16:21,360 because there's so many different people that need to be doing those jobs. 258 00:16:19,480 --> 00:16:24,480 And that doesn't even get into all the business teams and all the other things that 259 00:16:24,160 --> 00:16:29,160 need to happen as well. 260 00:16:25,240 --> 00:16:30,240 So it's just it's always amazing to me how much needs to get done and how important it is 261 00:16:30,240 --> 00:16:35,240 to have those prescriptive first, next, later kind of checklists for those different 262 00:16:35,240 --> 00:16:40,240 abstraction levels and roles. 263 00:16:37,240 --> 00:16:42,240 Yeah, one of the key things we do in the workshop, we ask that they bring all the stakeholders. 264 00:16:41,800 --> 00:16:46,800 Like when you're doing zero trust, it can't be just identity. 265 00:16:45,080 --> 00:16:50,080 So even though we might be doing an identity workshop, it can't be just the identity folks. 266 00:16:49,480 --> 00:16:54,480 You need the devices, folks, because you need to protect the device they're coming in from. 267 00:16:53,680 --> 00:16:58,680 You need the SIEM and the SOC team. 268 00:16:58,680 --> 00:17:03,680 You need the architects in there. 269 00:17:00,120 --> 00:17:05,120 And a lot of the times we notice that this was the first time that all of them sat in one room. 270 00:17:07,680 --> 00:17:12,680 Because you end up with a lot of folks working in silos, especially in large enterprises. 271 00:17:13,080 --> 00:17:18,080 And half of the time it's mostly folks talking to each other for the very first time 272 00:17:19,560 --> 00:17:24,560 and collaborating and thinking about what their overall security posture should be 273 00:17:24,560 --> 00:17:29,560 and what's the best way to do that. 274 00:17:25,560 --> 00:17:30,560 So it's a very complex process. 275 00:17:29,560 --> 00:17:34,560 It's all if you're in mining versus education or in fintech, you have different challenges 276 00:17:34,560 --> 00:17:39,560 and the priorities and what you consider as your zero trust baseline differs. 277 00:17:40,560 --> 00:17:45,560 But yeah, this bringing of all of the folks together is a thing that I learned has not been happening quite a lot. 278 00:17:45,560 --> 00:17:50,560 And the workshops are really powerful when you can bring all of those key stakeholders and those different teams together 279 00:17:53,560 --> 00:17:58,560 to go through what zero trust means for them and then help them look at what their gaps are in where they stand today. 280 00:18:03,560 --> 00:18:08,560 Yeah, we see the same thing. 281 00:18:05,560 --> 00:18:10,560 It's so important to break the silos apart. 282 00:18:07,560 --> 00:18:12,560 There's almost like a joke in there around the one thing that we all have in common is that we don't talk to each other. 283 00:18:12,560 --> 00:18:17,560 But yeah, we see that dynamic a lot and it's just amazing how much magic happens 284 00:18:17,560 --> 00:18:22,560 when people start talking to each other about, hey, how do we drive this outcome 285 00:18:22,560 --> 00:18:27,560 that requires your expertise, my expertise, and each of the tools that we manage and technology and whatnot. 286 00:18:28,560 --> 00:18:33,560 All right, so a couple of other tools that you have, Merrill. 287 00:18:31,560 --> 00:18:36,560 The first one is, I don't know if these two are related or if they're sort of back to back or whatever, 288 00:18:35,560 --> 00:18:40,560 but Graph X-Ray and Graph Permissions Explorer. 289 00:18:40,560 --> 00:18:45,560 What problem are you trying to solve with those and how you go about it? 290 00:18:43,560 --> 00:18:48,560 Yes, Graph X-Ray is a tool. 291 00:18:46,560 --> 00:18:51,560 It's a Chrome extension. 292 00:18:48,560 --> 00:18:53,560 You can think of it like Fiddler for Microsoft Graph. 293 00:18:52,560 --> 00:18:57,560 You can run Fiddler to see what's happening behind the scenes. 294 00:18:56,560 --> 00:19:01,560 So when you go to the portal and when you click on different things, 295 00:19:00,560 --> 00:19:05,560 you can, you know, you do something, right? 296 00:19:03,560 --> 00:19:08,560 So my struggle I had was I was writing PowerShell scripts and I would go and create a group, 297 00:19:08,560 --> 00:19:13,560 like a dynamic group, or I would go and create a conditional access policy 298 00:19:14,560 --> 00:19:19,560 or going to Intune and configure whole compliance policy and so on. 299 00:19:19,560 --> 00:19:24,560 And then I knew how to do it in the UI, but then to write the script took me a while. 300 00:19:25,560 --> 00:19:30,560 And we didn't have ChatGPT like a few years back, 301 00:19:28,560 --> 00:19:33,560 but even that I had to tell it, you know, describe all of what I wanted to do even today. 302 00:19:33,560 --> 00:19:38,560 So I knew how to do things in the UI and I wanted to get to the code as soon as possible 303 00:19:38,560 --> 00:19:43,560 from that point. 304 00:19:40,560 --> 00:19:45,560 And it took a while to go search the docs and find out the API and find out the parameters I needed to pass 305 00:19:46,560 --> 00:19:51,560 and would take me like half an hour to an hour to figure out like how to do something. 306 00:19:52,560 --> 00:19:57,560 So with Graph X-Ray, it's an extension you install and you just do the action in the portal. 307 00:19:57,560 --> 00:20:02,560 And if the portal is, you know, using Graph X-Ray, 308 00:20:02,560 --> 00:20:07,560 it'll give you the PowerShell command for the action that you just did. 309 00:20:07,560 --> 00:20:12,560 So if I created a dynamic group, it'll give you the exact command for doing that. 310 00:20:12,560 --> 00:20:17,560 It also supports multiple languages, C Sharp, JavaScript, Go. 311 00:20:17,560 --> 00:20:22,560 So you can just flick through and get to the code just from the portal itself. 312 00:20:22,560 --> 00:20:27,560 So it helps quite a lot when it comes to DevOps and automation 313 00:20:27,560 --> 00:20:32,560 and you need to create like a hundred access packages. You can do one and use Graph X-Ray 314 00:20:32,560 --> 00:20:37,560 to see what's happening behind the scenes. 315 00:20:37,560 --> 00:20:42,560 So it's more like a DevOps tooling that I built to help in that. 316 00:20:42,560 --> 00:20:47,560 It came out as part of like a hackathon we did about three, three, four years ago. 317 00:20:47,560 --> 00:20:52,560 Graph Permissions is a website that I built. 318 00:20:52,560 --> 00:20:57,560 The problem I was trying to solve there is the docs in the Microsoft docs for the Graph APIs 319 00:20:57,560 --> 00:21:02,560 are all focused for developers. So you can go find out an API like 320 00:21:02,560 --> 00:21:07,560 create a conditional access policy 321 00:21:07,560 --> 00:21:12,560 or some other config in Graph, maybe create a Microsoft Teams site. 322 00:21:12,560 --> 00:21:17,560 But you couldn't find out, like if I give something permission like 323 00:21:17,560 --> 00:21:22,560 sites.read.all, what is it that a developer can do? 324 00:21:22,560 --> 00:21:27,560 Like what are all the APIs they have access to? So I had a security architect come and ask me, 325 00:21:27,560 --> 00:21:32,560 hey, someone's asking me for this permission, which is files.read.write.all 326 00:21:32,560 --> 00:21:37,560 or directory.read.all. What I'm actually giving them when I give them this access? 327 00:21:37,560 --> 00:21:42,560 And the answer that I had to give him was you need to go through search for this and look at all the 328 00:21:42,560 --> 00:21:47,560 APIs and any of those APIs, what they can call. 329 00:21:47,560 --> 00:21:52,560 So this got me thinking and then I sort of wrote a script that 330 00:21:52,560 --> 00:21:57,560 passed all the markdown files in GitHub for Microsoft Graph. 331 00:21:57,560 --> 00:22:02,560 And then I created a page which says, okay, if it's sites.read.all, these are all 332 00:22:02,560 --> 00:22:07,560 the APIs that someone can call. So it's sort of like a different view into the 333 00:22:07,560 --> 00:22:12,560 Graph permission. So it's been really useful for a lot of the cybersecurity teams and the architects 334 00:22:12,560 --> 00:22:17,560 to really know what permission, what the permission does and 335 00:22:17,560 --> 00:22:22,560 what it is that they're doing when they're consenting to an access permission in the tenant. 336 00:22:22,560 --> 00:22:27,560 You know, what are the things that developer can do? Are they the least privileged 337 00:22:27,560 --> 00:22:32,560 permissions that they can have if they need to? So this was just a stopgap 338 00:22:32,560 --> 00:22:37,560 that the product team is looking into having this built into our 339 00:22:37,560 --> 00:22:42,560 tools itself so it will make it easier. So for now, the site lets you 340 00:22:42,560 --> 00:22:47,560 find out whether you're giving a big scary permission or 341 00:22:47,560 --> 00:22:52,560 is it the right fit for what the app is trying to do? 342 00:22:52,560 --> 00:22:57,560 I'm really glad that you brought that up about least privilege. So you do actually 343 00:22:57,560 --> 00:23:02,560 find things that could be violations of least privilege because right now, this is something that 344 00:23:02,560 --> 00:23:07,560 we're heavily focused on as you're in general, especially under the 345 00:23:07,560 --> 00:23:12,560 if you look at the Zero Trust, sort of the three pillars of Zero Trust at Microsoft, one of them is 346 00:23:12,560 --> 00:23:17,560 least privilege. And we're certainly spending a lot of time looking at applications and looking at 347 00:23:17,560 --> 00:23:22,560 privileges that they've been assigned. So this could be used as a tool, as a general tool, to start 348 00:23:22,560 --> 00:23:27,560 saying, okay, you know, what does our set of permissions look like 349 00:23:27,560 --> 00:23:32,560 across the whole of our Azure environment? I mean, could you use the tool for that? I mean, is it designed for that? 350 00:23:32,560 --> 00:23:37,560 Or is it really something that requires a little bit of interpretation? 351 00:23:37,560 --> 00:23:42,560 This is a little bit of interpretation and this one is only focused on graph permissions, so not really 352 00:23:42,560 --> 00:23:47,560 the Azure graph, which is a slightly different 353 00:23:47,560 --> 00:23:52,560 API endpoint to the next one. Okay, okay. All right. Yeah, that makes sense. 354 00:23:52,560 --> 00:23:57,560 Yeah, we're still reviewing graph permissions as well. 355 00:23:57,560 --> 00:24:02,560 So, okay, that's cool. So the next tool is 356 00:24:02,560 --> 00:24:07,560 ID Power Toys. What on earth is that? 357 00:24:07,560 --> 00:24:12,560 The key part of this tool is something I call the conditional access visualizer. 358 00:24:12,560 --> 00:24:17,560 So we have a really good blade UI to create conditional access policies 359 00:24:17,560 --> 00:24:22,560 and it's really easy to create them. But when you want to understand 360 00:24:22,560 --> 00:24:27,560 what your security config is in your conditional access settings, 361 00:24:27,560 --> 00:24:32,560 you know, it's the gateway to all of your Microsoft environment, 362 00:24:32,560 --> 00:24:37,560 right? Like whether you're going into Azure or into Graph or into any of the apps that you have 363 00:24:37,560 --> 00:24:42,560 set up, the conditional access policies are the gateway and they define 364 00:24:42,560 --> 00:24:47,560 whether you do MFA or not, who is excluded and what's happening. 365 00:24:47,560 --> 00:24:52,560 I was helping a customer troubleshoot a conditional access another time and it was 366 00:24:52,560 --> 00:24:57,560 really hard to figure out what the policies were doing because you have to click 367 00:24:57,560 --> 00:25:02,560 about six times or seven times to get an idea of what one policy is doing. 368 00:25:02,560 --> 00:25:07,560 And conditional access is a combination of all of the policies put together. 369 00:25:07,560 --> 00:25:12,560 So it is really hard to figure out what exactly is happening in this 370 00:25:12,560 --> 00:25:17,560 customer's config when it came to conditional access. 371 00:25:17,560 --> 00:25:22,560 So that got me thinking about like how can I visualize it? Like people 372 00:25:22,560 --> 00:25:27,560 might know me from my posts on LinkedIn and so on. I try to always make it simple and easier 373 00:25:27,560 --> 00:25:32,560 to understand with sort of a very visual way. And that got me thinking and I came 374 00:25:32,560 --> 00:25:37,560 up with this whole way to export it into PowerPoint where you get a visual view of 375 00:25:37,560 --> 00:25:42,560 the whole CA policy in one deck, in one slide, and then all of the 376 00:25:42,560 --> 00:25:47,560 CA policies put together so you can quickly scroll through and see, 377 00:25:47,560 --> 00:25:52,560 okay, I like print them up, put them up on a wall, and you can see 378 00:25:52,560 --> 00:25:57,560 what is happening in your tenant, what's configured, who is excluded from 379 00:25:57,560 --> 00:26:02,560 policies, what's included. And it's been quite popular with a lot of 380 00:26:02,560 --> 00:26:07,560 folks to help as they have 50, 100 policies to know 381 00:26:07,560 --> 00:26:12,560 what's really happening in their security landscape. 382 00:26:12,560 --> 00:26:17,560 It's with identity, we see identity as a new control plane, conditional 383 00:26:17,560 --> 00:26:22,560 access policies are the way to get there, and this was just my contribution to make it 384 00:26:22,560 --> 00:26:27,560 a lot easier to visualize what's happening in your settings. 385 00:26:27,560 --> 00:26:32,560 So, Meral, I know because I have seen you post about it on 386 00:26:32,560 --> 00:26:37,560 socials and you have tagged me many times, thank you, that you also 387 00:26:37,560 --> 00:26:42,560 have a newsletter that you like to, that you send out 388 00:26:42,560 --> 00:26:47,560 pretty regularly. Do you want to tell the folks who are listening about that? 389 00:26:47,560 --> 00:26:52,560 Yes, yeah, absolutely. So, like I'm working at Microsoft and I read all of the 390 00:26:52,560 --> 00:26:57,560 internal things and I'm across what Entra does, but even I struggle with all of the 391 00:26:57,560 --> 00:27:02,560 different, just in my product, in Entra, all of the different features and new 392 00:27:02,560 --> 00:27:07,560 things that come out. And I read a lot of what 393 00:27:07,560 --> 00:27:12,560 IVPs and the folks who write about Entra and the different features. 394 00:27:12,560 --> 00:27:17,560 I love reading that because these folks are in the forefront and they're deploying things, 395 00:27:17,560 --> 00:27:22,560 they come across issues and they are thankfully sharing their knowledge of, 396 00:27:22,560 --> 00:27:27,560 I came across this, this is how I fixed it, or this is a better way to do it, and so on. 397 00:27:27,560 --> 00:27:32,560 And this, like that knowledge and experience is not something that I as one person 398 00:27:32,560 --> 00:27:37,560 can gain from what I do in my day job with the few customers I help. 399 00:27:37,560 --> 00:27:42,560 So, it helps really to scale your knowledge and I spend a lot of time 400 00:27:42,560 --> 00:27:47,560 reading and staying up to date and all of that. And I was collecting all these links 401 00:27:47,560 --> 00:27:52,560 and then I thought, I'm sure others would find this useful as well. And I'm a huge 402 00:27:52,560 --> 00:27:57,560 fan of Hacker News. There's this Hacker News newsletter which just sends you 403 00:27:57,560 --> 00:28:02,560 a weekly list of links of interesting things and every week I'll just scan it in 404 00:28:02,560 --> 00:28:07,560 five, ten minutes and click on things that interest me. So, I was like, let me do this 405 00:28:07,560 --> 00:28:12,560 because the community, we need one place to go in and read about 406 00:28:12,560 --> 00:28:17,560 what happened this week in Entra. So, that's how it started. I started putting 407 00:28:17,560 --> 00:28:22,560 it together and sending it out, like I started last year. We have like 408 00:28:22,560 --> 00:28:27,560 70 plus issues out right now. So, every week I send out 409 00:28:27,560 --> 00:28:32,560 on Sunday for me in Australia, a newsletter that lists, like these are 410 00:28:32,560 --> 00:28:37,560 the new features that Microsoft officially announced. These are all the things that 411 00:28:37,560 --> 00:28:42,560 the community created and shared about Entra and then I summarize some of my 412 00:28:42,560 --> 00:28:47,560 LinkedIn posts and things that I've shared as well. So, just a way to share 413 00:28:47,560 --> 00:28:52,560 like, hey, this new podcast came in about Entra, this new 414 00:28:52,560 --> 00:28:57,560 toolkit, someone released a new tool or a red team tool or a blue team tool 415 00:28:57,560 --> 00:29:02,560 and I just sort of summarize that and send through. And yeah, it's become 416 00:29:02,560 --> 00:29:07,560 quite popular there. We have like more than 11,000 plus subscribers and I get my son 417 00:29:07,560 --> 00:29:12,560 to help me out with it. So, I get to spend some time with him as well. 418 00:29:12,560 --> 00:29:17,560 So, it's been a really fun experiment. I didn't think I could 419 00:29:17,560 --> 00:29:22,560 keep it up, but yeah, we've been doing it for about a year plus now and one of my highlights 420 00:29:22,560 --> 00:29:27,560 for the week is creating that and sending it out. 421 00:29:27,560 --> 00:29:32,560 Yeah, and we'll pop in the show notes how you can go and subscribe to Merrill's 422 00:29:32,560 --> 00:29:37,560 there if you want to. Yeah, we'll add links to all the tools that we've spoken about so far as well. 423 00:29:37,560 --> 00:29:42,560 And there's other tools as well, so you'll see other tools that are up there. On the newsletter thing, 424 00:29:42,560 --> 00:29:47,560 you've made a phrase that I use a lot, which I'm a big fan of. But back in the day when I 425 00:29:47,560 --> 00:29:52,560 first started at Microsoft, I worked on the C++ compiler for Windows 426 00:29:52,560 --> 00:29:57,560 developers basically, back when everyone knew what a message pump was in Windows. 427 00:29:57,560 --> 00:30:02,560 Because I had access to a lot of latest updates to the compiler, 428 00:30:02,560 --> 00:30:07,560 latest updates to Windows, tips and tricks from the SDK, all that sort of good stuff. 429 00:30:07,560 --> 00:30:12,560 It was really appreciated by the development community. 430 00:30:12,560 --> 00:30:17,560 Never underestimate how something that you think may be simple and quite straightforward to put together. 431 00:30:17,560 --> 00:30:22,560 Never underestimate how useful that is to other people. So, yeah, I applaud you a lot 432 00:30:22,560 --> 00:30:27,560 for doing the newsletter. I know that a lot of people will find that of use. 433 00:30:27,560 --> 00:30:32,560 Thanks. It's a fun part of my weekend. I learn more than, 434 00:30:32,560 --> 00:30:37,560 like I learned so much more from all the MVPs and the folks who share content. 435 00:30:37,560 --> 00:30:42,560 They give their time freely to help us 436 00:30:42,560 --> 00:30:47,560 as a community, as an industry to be better and help improve 437 00:30:47,560 --> 00:30:52,560 our products as well. So I'm super grateful for all of the time 438 00:30:52,560 --> 00:30:57,560 and effort folks put into all of this. And even like, you know, talk going out 439 00:30:57,560 --> 00:31:02,560 and giving out presentations on all these different various topics. 440 00:31:02,560 --> 00:31:07,560 So I just want them to be highlighted. 441 00:31:07,560 --> 00:31:12,560 So this is my way of giving back. So, Meryl, what does 442 00:31:12,560 --> 00:31:17,560 a typical day, this is something we started asking our guests, what does a typical day look 443 00:31:17,560 --> 00:31:22,560 like for Meryl when you're at work? What do you get up to? Yes, yeah. 444 00:31:22,560 --> 00:31:27,560 So I'm remote. I'm in Australia and I'm like 100% remote. 445 00:31:27,560 --> 00:31:32,560 So it starts with we are in different time zones. 446 00:31:32,560 --> 00:31:37,560 So I'm in Australia and a lot of my team are in Redmond and 447 00:31:37,560 --> 00:31:42,560 actually spread across the globe. So my days usually start really early in the morning and 448 00:31:42,560 --> 00:31:47,560 I have lots of meetings with teams learning about what are the new features 449 00:31:47,560 --> 00:31:52,560 that we are building, talking with different feature PMs and so on. 450 00:31:52,560 --> 00:31:57,560 So most of that happens during the day, during my early morning. 451 00:31:57,560 --> 00:32:02,560 And then I get to, luckily for me, I work on the Zero Trust workshop 452 00:32:02,560 --> 00:32:07,560 these days. We are building some cool assessments. So I get to write 453 00:32:07,560 --> 00:32:12,560 a lot of PowerShell and a lot of scripts and go through, look at different settings 454 00:32:12,560 --> 00:32:17,560 and try and I sort of get to hack things and build out 455 00:32:17,560 --> 00:32:22,560 all these things. So I do that for much of the day. 456 00:32:22,560 --> 00:32:27,560 We might be working on some new feature that I might be involved in. The last 457 00:32:27,560 --> 00:32:32,560 one I was involved in was this Entra external auth method, which was really fun. 458 00:32:32,560 --> 00:32:37,560 We brought in this integration from other vendors like RSA 459 00:32:37,560 --> 00:32:42,560 and Ping Identity and integrating those with Entra in a plugin model. 460 00:32:42,560 --> 00:32:47,560 So I would sometimes work on features. So we would work on reviewing specs. 461 00:32:47,560 --> 00:32:52,560 And I bring the customer lens. I'm sort of the voice of the customer inside 462 00:32:52,560 --> 00:32:57,560 Microsoft. And I call out saying, hey, this won't work with customers. 463 00:32:57,560 --> 00:33:02,560 We should be doing this. And I look at ways on how we can improve those. 464 00:33:02,560 --> 00:33:07,560 I do spend a lot of time on different forums helping, you know, just replying to the comments 465 00:33:07,560 --> 00:33:12,560 people post and ask advice on. Then I do have in Kenya, 466 00:33:12,560 --> 00:33:17,560 some of our team are based in Kenya where they do a lot of the graph and the PowerShell 467 00:33:17,560 --> 00:33:22,560 work. So evening my time, I do get to sync up with them a few times. 468 00:33:22,560 --> 00:33:27,560 And I love working at Microsoft because I get to do all this 469 00:33:27,560 --> 00:33:32,560 while I'm at home. So I can go drop by four kids, drop them in school in the morning. 470 00:33:32,560 --> 00:33:37,560 Then I go out for like long walks in the middle of the day with my wife. 471 00:33:37,560 --> 00:33:42,560 And it's an amazing life and culture at Microsoft. And I really 472 00:33:42,560 --> 00:33:47,560 love this lifestyle. For me, it's like 473 00:33:47,560 --> 00:33:52,560 I'm in retirement. It's like doing the thing I enjoy the most and I get paid for it as well. 474 00:33:52,560 --> 00:33:55,560 You can't ask for anything better than that. 475 00:33:55,560 --> 00:34:01,560 That's fantastic. What would you like to leave our listeners with as sort of a final thought? 476 00:34:01,560 --> 00:34:06,560 Yeah. So something we've been telling folks quite a lot is, 477 00:34:06,560 --> 00:34:12,560 you know, do MFA. It's amazing the number of people who we still have tried to convince 478 00:34:12,560 --> 00:34:17,560 to do MFA and do MFA everywhere. And now you would have noticed 479 00:34:17,560 --> 00:34:22,560 that Azure has started enforcing MFA for any access into Azure. 480 00:34:22,560 --> 00:34:27,560 I would say for everyone listening in, don't wait till Microsoft starts enforcing 481 00:34:27,560 --> 00:34:32,560 for M365, for Entra, for the security portals. 482 00:34:32,560 --> 00:34:37,560 Just do that now for yourself while the Azure MFA 483 00:34:37,560 --> 00:34:42,560 enforcement is rolling out. I know a lot of orgs have delayed it. 484 00:34:42,560 --> 00:34:47,560 They had the option to push it back by three months. It's going to come for everything. 485 00:34:47,560 --> 00:34:52,560 So try to plan and do this as a once effort 486 00:34:52,560 --> 00:34:57,560 across your org and focus on getting that messaging out to 487 00:34:57,560 --> 00:35:02,560 your stakeholders and then to everyone else to say, let's just roll out MFA 488 00:35:02,560 --> 00:35:07,560 for everyone. Don't have exceptions. It's not your trust when you do that. 489 00:35:07,560 --> 00:35:12,560 And yeah, so that's the one message is, get ready for 490 00:35:12,560 --> 00:35:17,560 MFA and do it all in one go for all of your users, 491 00:35:17,560 --> 00:35:22,560 for all of the apps, so you don't need to do a thousand cuts and just do it 492 00:35:22,560 --> 00:35:27,560 one at a time as Microsoft is enforcing it, if you can, if you are that 493 00:35:27,560 --> 00:35:32,560 luxury. I think everyone who's been on that even touches 494 00:35:32,560 --> 00:35:37,560 Entra ID or touches identity or authentication and authorization, 495 00:35:37,560 --> 00:35:42,560 their final thought has always been use MFA. 496 00:35:42,560 --> 00:35:47,560 So there must be some credence to it, right? If everyone's saying it. I agree 100%. 497 00:35:47,560 --> 00:35:52,560 I also think it's great that you're taking walks with your wife every day. 498 00:35:52,560 --> 00:35:57,560 I do the same, but that's mainly because the doctor told me I had to, but that's a whole 499 00:35:57,560 --> 00:36:02,560 another discussion. Anyway, let's bring this episode to an end. Meryl, thank you so 500 00:36:02,560 --> 00:36:07,560 much for joining us this week. This has actually been a really, for me anyway, 501 00:36:07,560 --> 00:36:12,560 I've learned a lot. I'm certainly going to dig into some of these tools. I'll be frank, my 502 00:36:12,560 --> 00:36:17,560 knowledge of Entra ID is not the best. I know the basics of it, but when it 503 00:36:17,560 --> 00:36:22,560 comes to anything beyond the veneer of Entra ID, that's when I start to get lost. 504 00:36:22,560 --> 00:36:27,560 I'll start to dig around with some of those tools. Alright, so again, thank you for joining us this week 505 00:36:27,560 --> 00:36:32,560 and to all our listeners out there, we hope you found this episode of use. Stay safe 506 00:36:32,560 --> 00:36:37,560 and we'll see you next time. Thanks for listening to the Azure Security Podcast. You can find show notes 507 00:36:37,560 --> 00:36:42,560 and other resources at our website azsecuritypodcast.net. 508 00:36:42,560 --> 00:36:47,560 If you have any questions, please find us on Twitter at Azure Setpod. 509 00:36:47,560 --> 00:36:52,560 Background music is from ccmixtor.com and licensed under the Creative Commons license. 510 00:36:52,560 --> 00:36:57,560 Music playing 511 00:36:57,560 --> 00:37:02,560 Music playing