1 00:00:00,000 --> 00:00:06,200 Welcome to the Azure Security Podcast, 2 00:00:06,200 --> 00:00:09,380 where we discuss topics relating to security, privacy, 3 00:00:09,380 --> 00:00:13,680 reliability, and compliance on the Microsoft Cloud Platform. 4 00:00:13,680 --> 00:00:16,880 Hey everybody, welcome to Episode 41. 5 00:00:16,880 --> 00:00:18,680 This week, we have the whole gang, 6 00:00:18,680 --> 00:00:22,040 we have myself, Michael, we have Gladys, Sarah, and Mark. 7 00:00:22,040 --> 00:00:24,200 We also have a guest this week, Abbas Kudrati, 8 00:00:24,200 --> 00:00:27,760 who just here to talk to us about the goings on at Microsoft Ignite. 9 00:00:27,760 --> 00:00:29,720 With that, there'll be no news because 10 00:00:29,720 --> 00:00:32,480 basically the whole thing is news from Microsoft Ignite. 11 00:00:32,480 --> 00:00:34,800 Abbas, welcome so much to the podcast. 12 00:00:34,800 --> 00:00:37,760 Would you like to spend a moment and give a little bit of background on yourself? 13 00:00:37,760 --> 00:00:39,800 Thank you very much for having me today here. 14 00:00:39,800 --> 00:00:41,760 My name is Abbas Kudrati. 15 00:00:41,760 --> 00:00:46,240 I'm a Chief Security Advisor for Microsoft APEC based in Melbourne, 16 00:00:46,240 --> 00:00:49,400 Australia and so glad to be here to discuss 17 00:00:49,400 --> 00:00:52,600 what are the new things we have from Ignite this year. 18 00:00:52,600 --> 00:00:54,240 Okay, to get started. 19 00:00:54,240 --> 00:00:59,400 The very first thing we love changing and updating our services name. 20 00:00:59,400 --> 00:01:02,160 Again, surprise, this year as well, 21 00:01:02,160 --> 00:01:03,840 we have quite a few name changes. 22 00:01:03,840 --> 00:01:08,840 For example, the top name changes are from Azure Sentinel, 23 00:01:08,840 --> 00:01:10,240 which is our cloud native SIM. 24 00:01:10,240 --> 00:01:12,360 Now, we call it Microsoft Sentinel. 25 00:01:12,360 --> 00:01:15,280 From Azure Defender and Azure Security Center, 26 00:01:15,280 --> 00:01:19,040 we call that together now as a Microsoft Defender for Cloud. 27 00:01:19,040 --> 00:01:21,400 From Azure Defender for IoT, 28 00:01:21,400 --> 00:01:24,400 now we call it as a Microsoft Defender for IoT. 29 00:01:24,400 --> 00:01:27,560 Last but not the least, Microsoft Cloud App Security. 30 00:01:27,560 --> 00:01:30,720 Now we call it Microsoft Defender for Cloud Apps. 31 00:01:30,720 --> 00:01:35,920 Why are we doing these changes or consolidating everything together under Defender App? 32 00:01:35,920 --> 00:01:40,920 Well, first, we are making it unified because our services are not only 33 00:01:40,920 --> 00:01:45,640 particularly for Windows platform or a Microsoft platform. 34 00:01:45,640 --> 00:01:50,560 Just to give a good example, Microsoft Sentinel is a cloud native SIM, 35 00:01:50,560 --> 00:01:54,320 which you can use it for not only for your on-premises, 36 00:01:54,320 --> 00:01:59,240 for Microsoft services, but also for your third-party applications or products, 37 00:01:59,240 --> 00:02:03,040 including third-party cloud, which is AWS and Google or any other. 38 00:02:03,040 --> 00:02:08,640 Same way, our Microsoft Defender for Cloud, 39 00:02:08,640 --> 00:02:13,560 which is also a cloud native security posture management or thread protection management. 40 00:02:13,560 --> 00:02:16,000 It covers hybrid solution as well, 41 00:02:16,000 --> 00:02:18,960 on-premises, multi-cloud, multiple products as well. 42 00:02:18,960 --> 00:02:23,320 That way, we are making it more simplifying for people to learn that 43 00:02:23,320 --> 00:02:25,440 everything is under Defender umbrella. 44 00:02:25,440 --> 00:02:27,240 That's the whole idea about it. 45 00:02:27,240 --> 00:02:29,760 All I'm going to say is, Abbas, 46 00:02:29,760 --> 00:02:33,520 that I've got to go back to the old name change there, 47 00:02:33,520 --> 00:02:37,720 because I'm sure some people at least are rolling their eyes a bit about name changes, 48 00:02:37,720 --> 00:02:39,440 but it does make a lot of sense. 49 00:02:39,440 --> 00:02:40,840 But there is a reason for it, right? 50 00:02:40,840 --> 00:02:43,640 It is ultimately to streamline some of the naming. 51 00:02:43,640 --> 00:02:45,080 Yeah, absolutely. 52 00:02:45,080 --> 00:02:46,680 Oh, yeah, it does. 53 00:02:46,680 --> 00:02:48,640 I joke and laugh about it, 54 00:02:48,640 --> 00:02:53,640 but it is actually a really important thing to streamline, 55 00:02:53,640 --> 00:02:55,520 and it does make a lot of sense. 56 00:02:55,520 --> 00:03:00,040 So, yeah, I know we always like to laugh a little bit about, 57 00:03:00,040 --> 00:03:03,520 we love to laugh a little bit about the night name changes, 58 00:03:03,520 --> 00:03:06,440 but certainly the ones we've done this time make a lot of sense, 59 00:03:06,440 --> 00:03:08,440 and it is standardizing everything. 60 00:03:08,440 --> 00:03:10,800 So, but you'll probably see, 61 00:03:10,800 --> 00:03:14,200 we'll all refer to the old names for a little bit as normal. 62 00:03:14,200 --> 00:03:17,360 But if you've been following Microsoft stuff for a while, 63 00:03:17,360 --> 00:03:18,640 you know how this works. 64 00:03:18,640 --> 00:03:19,800 This is the deal. 65 00:03:19,800 --> 00:03:23,240 And the big one is as a security sensor from my perspective. 66 00:03:23,240 --> 00:03:25,040 Is that a fair comment? 67 00:03:25,040 --> 00:03:27,640 As well as whenever we talk about Azure Sentinel, 68 00:03:27,640 --> 00:03:28,800 people will ask that, 69 00:03:28,800 --> 00:03:30,320 oh, it only works in Azure? 70 00:03:30,320 --> 00:03:32,400 Can I use it for other things? 71 00:03:32,400 --> 00:03:34,720 But now that we have made it as a Microsoft Sentinel, 72 00:03:34,720 --> 00:03:36,000 it makes much sense that, 73 00:03:36,000 --> 00:03:39,480 hey, yes, it is inside Azure as a service, 74 00:03:39,480 --> 00:03:42,000 but works for everywhere and for everything else as well. 75 00:03:42,000 --> 00:03:44,120 Right. I think that's the important part, right? 76 00:03:44,120 --> 00:03:45,960 I mean, ultimately, that's the most important part. 77 00:03:45,960 --> 00:03:48,560 These things are not just products 78 00:03:48,560 --> 00:03:50,440 that necessarily work solely inside of Azure. 79 00:03:50,440 --> 00:03:53,240 The fact that we host them in Azure is important, 80 00:03:53,240 --> 00:03:57,120 but they could be looking across to AWS or GCP, 81 00:03:57,120 --> 00:03:59,080 and even on-prem in some instances. 82 00:03:59,080 --> 00:04:00,680 Is that true? 83 00:04:00,680 --> 00:04:02,760 Absolutely. And with that, 84 00:04:02,760 --> 00:04:04,560 we have quite a few great announcements 85 00:04:04,560 --> 00:04:06,600 on Defender for Cloud and Azure, 86 00:04:06,600 --> 00:04:09,320 and see, again, I go Azure Sentinel, 87 00:04:09,320 --> 00:04:11,640 Defender for Cloud and Microsoft Sentinel. 88 00:04:11,640 --> 00:04:13,240 So, Sarah, we would love to hear from you. 89 00:04:13,240 --> 00:04:14,800 What are the new things we have? 90 00:04:14,800 --> 00:04:17,240 Defender for Cloud, as we said, 91 00:04:17,240 --> 00:04:19,600 that's combining what was Azure Defender 92 00:04:19,600 --> 00:04:22,320 and Azure Security Center just into one name, 93 00:04:22,320 --> 00:04:26,520 which is going to be much easier for folks to understand. 94 00:04:26,520 --> 00:04:29,440 But it is our Cloud Security Posture Management, 95 00:04:29,440 --> 00:04:33,520 or CSPM tool, and Cloud Workload Protection tool. 96 00:04:33,520 --> 00:04:34,880 What we're going to do now with it 97 00:04:34,880 --> 00:04:38,040 is it's also not just going to be for Azure. 98 00:04:38,040 --> 00:04:41,600 Hence why we took Azure out of the name, 99 00:04:41,600 --> 00:04:45,280 because it's also going to be protecting against, 100 00:04:45,280 --> 00:04:49,840 it's going to do this job for AWS and other clouds as well. 101 00:04:49,840 --> 00:04:53,480 And so, what that means is you'll be able to monitor 102 00:04:53,480 --> 00:04:56,880 and onboard and secure things from just a single place. 103 00:04:56,880 --> 00:05:00,120 So, if you're an organization that uses more than one cloud, 104 00:05:00,120 --> 00:05:01,920 because we know people do, 105 00:05:01,920 --> 00:05:06,320 now you can still just use Microsoft Defender for Cloud 106 00:05:06,320 --> 00:05:07,080 to do all of that. 107 00:05:07,080 --> 00:05:09,760 So, the name change definitely makes sense. 108 00:05:09,760 --> 00:05:13,000 So, there's a lot of AWS things in there, 109 00:05:13,000 --> 00:05:15,800 so it can now assess AWS configurations 110 00:05:15,800 --> 00:05:17,680 against best practices. 111 00:05:17,680 --> 00:05:20,120 You'll remember when it was Azure Security Center, 112 00:05:20,120 --> 00:05:22,840 we just had a focus on the Azure thing. 113 00:05:22,840 --> 00:05:26,560 So, if you're using it just for Azure, 114 00:05:26,560 --> 00:05:29,000 but you do have other cloud environments, 115 00:05:29,000 --> 00:05:31,560 it's definitely worth going to revisit. 116 00:05:31,560 --> 00:05:34,560 Now we've had these new announcements, it's very cool. 117 00:05:34,560 --> 00:05:37,200 Absolutely, and I love all those new connectors we have added. 118 00:05:37,200 --> 00:05:40,320 I remember last year we had a very limited set of connectors, 119 00:05:40,320 --> 00:05:41,720 but when I looked at recently, 120 00:05:41,720 --> 00:05:44,480 I mean, it goes up more than 30, 40, 50, 121 00:05:44,480 --> 00:05:45,720 I don't know, I lost the count, 122 00:05:45,720 --> 00:05:48,680 but that's something which our customers always look for. 123 00:05:48,680 --> 00:05:50,080 Can we have the connector for this 124 00:05:50,080 --> 00:05:51,800 and can we have the connector for that? 125 00:05:51,800 --> 00:05:54,720 And yeah, here we go, we have that. 126 00:05:54,720 --> 00:05:58,120 One more important thing most of our customers are asking is, 127 00:05:58,120 --> 00:06:01,840 how do we benchmark, security benchmark 128 00:06:01,840 --> 00:06:03,840 for all the resources what we have? 129 00:06:03,840 --> 00:06:06,120 And Mark, I really would like to pick your brain in terms of, 130 00:06:06,120 --> 00:06:08,680 what do we have in terms of benchmarking side? 131 00:06:08,680 --> 00:06:11,680 This is, I guess this is my baby. 132 00:06:11,680 --> 00:06:16,240 I did a lot of work on the Azure Security Benchmark, 133 00:06:16,240 --> 00:06:19,920 all the versions of it, and then the V3 just came out. 134 00:06:19,920 --> 00:06:22,320 And so, a couple different things. 135 00:06:22,320 --> 00:06:26,280 The first is just adding a couple of industry compliance mappings 136 00:06:26,280 --> 00:06:32,440 to PCI DSS 321 and CIS Controls V8 were added. 137 00:06:32,440 --> 00:06:39,040 Of course, we already have CIS 7.1 and the 853 from NIST as well. 138 00:06:39,040 --> 00:06:40,440 So that was one of the things that was added, 139 00:06:40,440 --> 00:06:43,600 but we actually spent a little time on the structure of it. 140 00:06:43,600 --> 00:06:45,160 One of the things that we realized is, 141 00:06:45,160 --> 00:06:46,680 we could get a lot more clarity out of it 142 00:06:46,680 --> 00:06:50,040 if we broke up kind of like the what versus the how. 143 00:06:50,040 --> 00:06:52,120 So like here's the principle, here's the best practice, 144 00:06:52,120 --> 00:06:53,920 and then this is how you apply it 145 00:06:53,920 --> 00:06:56,800 and adapt it to Azure specifically. 146 00:06:56,800 --> 00:07:00,760 And so, we did that through every single control, 147 00:07:00,760 --> 00:07:04,800 and it led to a lot more clarity in the language 148 00:07:04,800 --> 00:07:07,480 of each of the specific ones. 149 00:07:07,480 --> 00:07:11,040 And then, we added and removed a few controls here and there, 150 00:07:11,040 --> 00:07:14,400 and we added a couple of sort of control families, 151 00:07:14,400 --> 00:07:16,160 I think we're calling them. 152 00:07:16,160 --> 00:07:18,080 Essentially, the groupings of controls 153 00:07:18,080 --> 00:07:21,640 focused on DevOps security was one of them. 154 00:07:21,640 --> 00:07:26,440 And then, key and certificate management was another one. 155 00:07:26,440 --> 00:07:29,720 And I'm going to step aside because I will not challenge 156 00:07:29,720 --> 00:07:33,120 Michael on the knowledge in that space. 157 00:07:33,120 --> 00:07:36,480 One of the typical questions I've been asking the field 158 00:07:36,480 --> 00:07:40,080 that is Azure security benchmark or security benchmark 159 00:07:40,080 --> 00:07:41,440 only for Azure infrastructure, 160 00:07:41,440 --> 00:07:43,800 or we can do benchmarking for other cloud services 161 00:07:43,800 --> 00:07:44,920 provided as well? 162 00:07:44,920 --> 00:07:48,040 So right now, we've sort of made that first step 163 00:07:48,040 --> 00:07:51,720 where we can start going into different spaces 164 00:07:51,720 --> 00:07:53,840 now that we have sort of the principle of what 165 00:07:53,840 --> 00:07:56,560 versus how to apply it to Azure specifically. 166 00:07:56,560 --> 00:07:58,360 And so, we've got the foundation of that late. 167 00:07:58,360 --> 00:08:01,080 We haven't specifically gone out and called out, 168 00:08:01,080 --> 00:08:03,760 here's how to do this particular thing in AWS or GCP 169 00:08:03,760 --> 00:08:04,600 or what have you. 170 00:08:04,600 --> 00:08:06,960 I'm not sure if we're going to do that or not. 171 00:08:06,960 --> 00:08:12,000 But that helps apply these same best practices a lot easier 172 00:08:12,000 --> 00:08:14,440 because it's clear on which things are Azure specific 173 00:08:14,440 --> 00:08:16,920 and which things are what you're trying to achieve 174 00:08:16,920 --> 00:08:19,600 regardless of whether it's on-prem or third-party cloud 175 00:08:19,600 --> 00:08:21,320 or Azure or whatever. 176 00:08:21,320 --> 00:08:25,520 But I believe we do have a CS benchmark for AWS and GCP 177 00:08:25,520 --> 00:08:26,600 if I'm not mistaken. 178 00:08:26,600 --> 00:08:29,720 CS ones, yes, they do publish for multiple different 179 00:08:29,720 --> 00:08:31,800 cloud providers, is my understanding of. 180 00:08:31,800 --> 00:08:32,760 Yeah, absolutely. 181 00:08:32,760 --> 00:08:35,440 Just to sort of add a bit more information. 182 00:08:35,440 --> 00:08:37,320 So one thing that Mark and I worked on together 183 00:08:37,320 --> 00:08:41,000 was adding something that was, is critically important, 184 00:08:41,000 --> 00:08:43,920 and that is the role of server authentication. 185 00:08:43,920 --> 00:08:46,120 It's interesting if you look at different compliance programs, 186 00:08:46,120 --> 00:08:48,480 very few actually call out server authentication. 187 00:08:48,480 --> 00:08:49,880 If you actually look at the word authentication, 188 00:08:49,880 --> 00:08:51,880 it's always about authenticating the client, 189 00:08:51,880 --> 00:08:53,360 authenticating the user. 190 00:08:53,360 --> 00:08:56,840 And then even when you look at how they reference TLS, 191 00:08:56,840 --> 00:08:59,840 it's always about protection of data 192 00:08:59,840 --> 00:09:01,040 as it flies across the wire. 193 00:09:01,040 --> 00:09:03,120 So it's all about channel protections. 194 00:09:03,120 --> 00:09:05,560 Yet one of the most important services that TLS actually 195 00:09:05,560 --> 00:09:07,360 provides is server authentication. 196 00:09:07,360 --> 00:09:09,920 So we made that really explicit that, hey, 197 00:09:09,920 --> 00:09:11,920 TLS doesn't just provide channel protections, 198 00:09:11,920 --> 00:09:13,720 it also provides server authentication. 199 00:09:13,720 --> 00:09:15,800 And in some cases, it may not be the authentication mechanism 200 00:09:15,800 --> 00:09:16,640 you use, right? 201 00:09:16,640 --> 00:09:18,880 You could use SSH, you could use IPsec, 202 00:09:18,880 --> 00:09:21,480 you could use Kerberos, depending on the environment. 203 00:09:21,480 --> 00:09:24,080 But we made sure that that was explicit in the Azure Security 204 00:09:24,080 --> 00:09:25,520 Benchmark this time around. 205 00:09:25,520 --> 00:09:28,440 Yeah, and that's something that a lot of people do forget. 206 00:09:28,440 --> 00:09:30,400 I mean, I remember one time that there was a password 207 00:09:30,400 --> 00:09:34,600 synchronization app or component this is years ago. 208 00:09:34,600 --> 00:09:36,960 We jokingly called everybody's entitled to admin. 209 00:09:36,960 --> 00:09:40,360 I have no idea what the original letter stood for that didn't 210 00:09:40,360 --> 00:09:43,120 actually do either side of mutual authentication. 211 00:09:43,120 --> 00:09:46,120 So I was like, you could be taking passwords from anywhere, 212 00:09:46,120 --> 00:09:49,920 and then you can, oh my gosh, no. 213 00:09:49,920 --> 00:09:52,280 So I love that we added in there, 214 00:09:52,280 --> 00:09:54,600 because it's easy to forget that, because we always 215 00:09:54,600 --> 00:09:56,720 think client first. 216 00:09:56,720 --> 00:09:58,760 The next favorite topic these days 217 00:09:58,760 --> 00:10:01,360 or talk of the town these days is zero trust. 218 00:10:01,360 --> 00:10:05,120 And when we talk about zero trust in Microsoft ecosystem, 219 00:10:05,120 --> 00:10:09,240 one thing we always touch upon is our heart of our zero trust 220 00:10:09,240 --> 00:10:11,680 concept is a conditional access engine. 221 00:10:11,680 --> 00:10:14,040 Now, Microsoft is continuously working 222 00:10:14,040 --> 00:10:17,880 on creating lots of updates and new features and policies 223 00:10:17,880 --> 00:10:21,920 within conditional access, which is a part of our Azure 224 00:10:21,920 --> 00:10:23,040 Active Directory. 225 00:10:23,040 --> 00:10:25,000 So Gladys, I would love to hear from you 226 00:10:25,000 --> 00:10:26,840 in terms of what are the new things we 227 00:10:26,840 --> 00:10:29,200 have as a part of conditional access. 228 00:10:29,200 --> 00:10:34,240 I was really happy to hear all the announcements at 8 229 00:10:34,240 --> 00:10:35,200 night. 230 00:10:35,200 --> 00:10:39,920 Late September or early October, we had Daniel Wood 231 00:10:39,920 --> 00:10:41,080 as part of the podcast. 232 00:10:41,080 --> 00:10:44,880 And he hinted a lot about these announcements. 233 00:10:44,880 --> 00:10:51,360 And mainly, the focus of conditional access 234 00:10:51,360 --> 00:10:53,280 had been on the user side. 235 00:10:53,280 --> 00:10:56,880 And I like the fact that we are extending further 236 00:10:56,880 --> 00:10:59,120 to application and device filtering, 237 00:10:59,120 --> 00:11:02,840 which is extending further our zero trust strategy. 238 00:11:02,840 --> 00:11:05,320 So some of the announcements included 239 00:11:05,320 --> 00:11:11,000 a new conditional access overview dashboard, which 240 00:11:11,000 --> 00:11:14,440 allows the customer to get more insight 241 00:11:14,440 --> 00:11:17,960 of what's happening with the different conditional access 242 00:11:17,960 --> 00:11:21,880 policies that are being implemented. 243 00:11:21,880 --> 00:11:26,640 There's pre-built templates that were constructed 244 00:11:26,640 --> 00:11:30,800 based on Azure AD security best practices. 245 00:11:30,800 --> 00:11:33,280 Again, the conditional access filters 246 00:11:33,280 --> 00:11:35,920 for application and devices, I think 247 00:11:35,920 --> 00:11:41,600 that is really awesome, is a way that we could start protecting 248 00:11:41,600 --> 00:11:47,440 against attacks like some of the different things that 249 00:11:47,440 --> 00:11:51,840 happen, especially with the solar winds. 250 00:11:51,840 --> 00:11:56,520 There were also conditional access for workload identities. 251 00:11:56,520 --> 00:11:59,320 And the last but not least, there 252 00:11:59,320 --> 00:12:02,760 were a lot of announcements regarding conditional access 253 00:12:02,760 --> 00:12:06,840 evaluation, which extends the conditional access 254 00:12:06,840 --> 00:12:11,760 into each individual session itself and enforces 255 00:12:11,760 --> 00:12:14,120 the policies in near real time. 256 00:12:14,120 --> 00:12:16,120 A couple of things that I love about these, 257 00:12:16,120 --> 00:12:17,640 I mean, it's not some set of announcements, 258 00:12:17,640 --> 00:12:20,280 but like that continuous access evaluation, 259 00:12:20,280 --> 00:12:23,040 I mean, that's basically real time if your risk changes. 260 00:12:23,040 --> 00:12:24,760 Sorry, you just lost access to the app 261 00:12:24,760 --> 00:12:26,640 because you just got infected mid-session. 262 00:12:26,640 --> 00:12:29,120 Don't care about your token lifetime. 263 00:12:29,120 --> 00:12:30,720 And that's that one I love. 264 00:12:30,720 --> 00:12:33,560 And then the other one is the conditional access device 265 00:12:33,560 --> 00:12:34,080 filters. 266 00:12:34,080 --> 00:12:36,960 And just to link a few terms together, 267 00:12:36,960 --> 00:12:41,920 that is where you specify that not only do people coming in 268 00:12:41,920 --> 00:12:44,960 need to be on a device that isn't infected 269 00:12:44,960 --> 00:12:46,640 and is compliant and blah, blah, blah. 270 00:12:46,640 --> 00:12:49,960 But it's actually a pre-specified device grouping. 271 00:12:49,960 --> 00:12:51,960 Like, hey, it's a paw. 272 00:12:51,960 --> 00:12:53,760 Or it's a paw for cloud admin. 273 00:12:53,760 --> 00:12:56,600 Or it's a paw for on-premises admin, a privileged access 274 00:12:56,600 --> 00:12:58,680 workstation as paw. 275 00:12:58,680 --> 00:13:00,520 So that's one of the things that I really 276 00:13:00,520 --> 00:13:04,120 like is that feature is shining out now. 277 00:13:04,120 --> 00:13:06,240 That feature really helps, especially 278 00:13:06,240 --> 00:13:09,120 when you're dealing with so many third party vendors. 279 00:13:09,120 --> 00:13:11,240 So for that part, I think that it is 280 00:13:11,240 --> 00:13:12,800 one of the very good feature. 281 00:13:12,800 --> 00:13:16,560 And Gladys, I also would like to, I read somewhere, not 282 00:13:16,560 --> 00:13:18,360 somewhere, but actually on a book of news 283 00:13:18,360 --> 00:13:21,840 that we have a new dashboard called policy gap dashboard 284 00:13:21,840 --> 00:13:22,880 and template. 285 00:13:22,880 --> 00:13:24,240 Would you like to touch upon that? 286 00:13:24,240 --> 00:13:25,880 That's something really interesting 287 00:13:25,880 --> 00:13:27,320 which caught my attention. 288 00:13:27,320 --> 00:13:29,480 I think that's the same thing that they 289 00:13:29,480 --> 00:13:33,240 call the Condictional Access Overview dashboard, 290 00:13:33,240 --> 00:13:36,760 where basically it's identifying opportunities 291 00:13:36,760 --> 00:13:40,120 to strengthen the policy based on analysis 292 00:13:40,120 --> 00:13:44,080 of the organization's signing patterns. 293 00:13:44,080 --> 00:13:48,280 You could quickly deploy protection via templates, 294 00:13:48,280 --> 00:13:52,760 again, constructed by the security best practices. 295 00:13:52,760 --> 00:13:54,760 Right now, it's in public preview, 296 00:13:54,760 --> 00:13:57,960 but the dashboard is looking really awesome 297 00:13:57,960 --> 00:14:00,600 and providing quite a bit of analysis. 298 00:14:00,600 --> 00:14:02,360 When we touch upon Conditional Access, 299 00:14:02,360 --> 00:14:04,560 I mean, we cannot ignore the identity part. 300 00:14:04,560 --> 00:14:08,520 And I know Mark, your favorite topic identities, 301 00:14:08,520 --> 00:14:10,480 one of the other announcements which caught my attention 302 00:14:10,480 --> 00:14:13,600 was on our Azure AD identity protection. 303 00:14:13,600 --> 00:14:16,440 We have something like token theft detection. 304 00:14:16,440 --> 00:14:18,240 Mark, would you like to touch upon that before we 305 00:14:18,240 --> 00:14:19,760 move to the next topic? 306 00:14:19,760 --> 00:14:22,080 Yeah, I mean, just the fact that there, 307 00:14:22,080 --> 00:14:24,120 it's actually been a little while since I've seen them. 308 00:14:24,120 --> 00:14:26,120 I had to add a new token detection. 309 00:14:26,120 --> 00:14:29,040 Most of our effort has gone into other features 310 00:14:29,040 --> 00:14:31,240 in making sure that people are actually using MFA 311 00:14:31,240 --> 00:14:32,440 and using Conditional Access. 312 00:14:32,440 --> 00:14:35,240 But this is actually a new detection 313 00:14:35,240 --> 00:14:38,880 that they added to identify suspicious activities that 314 00:14:38,880 --> 00:14:42,080 could indicate, hey, a token has been stolen and reused 315 00:14:42,080 --> 00:14:44,120 elsewhere without authorization. 316 00:14:44,120 --> 00:14:47,400 And so it's great to see that capability built in 317 00:14:47,400 --> 00:14:48,840 for those specific attacks. 318 00:14:48,840 --> 00:14:51,080 One of the most discussed area within the health care 319 00:14:51,080 --> 00:14:54,080 and many of the sensitive and government environment 320 00:14:54,080 --> 00:14:57,240 is encryption and confidential computing. 321 00:14:57,240 --> 00:14:59,800 And Michael, your favorite area, what 322 00:14:59,800 --> 00:15:02,200 do we have new updates on confidential computing 323 00:15:02,200 --> 00:15:05,480 at hardware and OS and database level? 324 00:15:05,480 --> 00:15:08,360 I mean, anyone who's listened to my ramblings in the past 325 00:15:08,360 --> 00:15:11,200 knows that I'm a huge fan of confidential computing. 326 00:15:11,200 --> 00:15:13,120 So basically what this is, they're 327 00:15:13,120 --> 00:15:17,720 specific VM types that support specific CPUs 328 00:15:17,720 --> 00:15:19,280 from both Intel and AMD. 329 00:15:19,280 --> 00:15:21,400 We just announced recently a partnership with, 330 00:15:21,400 --> 00:15:24,480 actually, it was beginning of the year with AMD. 331 00:15:24,480 --> 00:15:27,760 And more recently with Intel on some of their all-memory 332 00:15:27,760 --> 00:15:29,160 encryption mechanisms. 333 00:15:29,160 --> 00:15:31,840 What's really nice about this is that these are basically 334 00:15:31,840 --> 00:15:34,480 a new type of DC series VM. 335 00:15:34,480 --> 00:15:37,880 And you can take your current workloads, 336 00:15:37,880 --> 00:15:39,680 essentially lift and shift, and put them 337 00:15:39,680 --> 00:15:44,600 into a virtual machine that has all-memory encrypted. 338 00:15:44,600 --> 00:15:46,840 So this is going above and beyond the SGX, 339 00:15:46,840 --> 00:15:48,720 the software guard extensions that's 340 00:15:48,720 --> 00:15:52,880 been available in the DC series of late. 341 00:15:52,880 --> 00:15:55,000 That technology is used in products 342 00:15:55,000 --> 00:16:01,080 like SQL Server using always encrypted with secure enclaves, 343 00:16:01,080 --> 00:16:03,640 where basically the query engine is running 344 00:16:03,640 --> 00:16:05,160 in a secure enclave. 345 00:16:05,160 --> 00:16:07,200 So we're sort of broadening the scope 346 00:16:07,200 --> 00:16:09,840 of confidential computing. 347 00:16:09,840 --> 00:16:11,800 It's not just secure enclaves. 348 00:16:11,800 --> 00:16:14,760 We've now got essentially full memory encryption. 349 00:16:14,760 --> 00:16:17,400 The encryption mechanism that's used on the Intel VMs, 350 00:16:17,400 --> 00:16:21,360 the new VMs, is the same crypto that we use in BitLocker. 351 00:16:21,360 --> 00:16:23,000 It's called AES XTS. 352 00:16:23,000 --> 00:16:26,520 It's designed so that you can basically do random seeking, 353 00:16:26,520 --> 00:16:30,200 which a lot of other ciphers you can't do random seeking. 354 00:16:30,200 --> 00:16:31,920 So this is actually really good to see. 355 00:16:31,920 --> 00:16:33,280 So again, for lift and shift, people 356 00:16:33,280 --> 00:16:37,560 want to have encrypted memory, where the keys are actually 357 00:16:37,560 --> 00:16:39,360 held in hardware as well. 358 00:16:39,360 --> 00:16:46,040 And the attackers are basically admins, both on the Azure side 359 00:16:46,040 --> 00:16:48,480 and on the subscriber side. 360 00:16:48,480 --> 00:16:50,120 So this is really great to see. 361 00:16:50,120 --> 00:16:54,080 So I'm just curious, anyone seeing interest from customers 362 00:16:54,080 --> 00:16:58,560 in like specific building their own secure enclaves 363 00:16:58,560 --> 00:17:02,320 or interested in VMs with crypto? 364 00:17:02,320 --> 00:17:04,160 Is this something that we're hearing from customers? 365 00:17:04,160 --> 00:17:07,080 I know I am, but I do a lot of work in health care. 366 00:17:07,080 --> 00:17:10,040 So I'm speaking to a bunch of customers who are interested, 367 00:17:10,040 --> 00:17:14,160 at least learning more not just what is available in SQL Server, 368 00:17:14,160 --> 00:17:15,800 but going beyond that, perhaps even writing 369 00:17:15,800 --> 00:17:17,280 their own custom code. 370 00:17:17,280 --> 00:17:19,840 I have a few financial customers here 371 00:17:19,840 --> 00:17:25,920 who have a similar question for encryption at various level, 372 00:17:25,920 --> 00:17:29,440 especially from Bangkok, Malaysia, Singapore, 373 00:17:29,440 --> 00:17:31,000 because they work in the epic region. 374 00:17:31,000 --> 00:17:33,400 There are some of the very much queries 375 00:17:33,400 --> 00:17:35,000 I get regularly on that. 376 00:17:35,000 --> 00:17:36,800 Yeah, I mean, the biggest focus, I think, today, 377 00:17:36,800 --> 00:17:39,520 is still SQL Server with always encrypted, 378 00:17:39,520 --> 00:17:40,520 with secure enclaves. 379 00:17:40,520 --> 00:17:42,320 That's by far the most common. 380 00:17:42,320 --> 00:17:43,840 And I think the reason for that is just 381 00:17:43,840 --> 00:17:46,560 because it's relatively straightforward. 382 00:17:46,560 --> 00:17:49,560 We also have a thing called the Azure Attestation Service, 383 00:17:49,560 --> 00:17:51,680 which is to make sure that the code that you're loading 384 00:17:51,680 --> 00:17:54,200 into an enclave is actually the correct code. 385 00:17:54,200 --> 00:17:56,320 If you're familiar with setting it up manually 386 00:17:56,320 --> 00:17:59,480 with SQL Server on-prem, it was a thing we referred to 387 00:17:59,480 --> 00:18:01,680 as the Host Guardian Service. 388 00:18:01,680 --> 00:18:03,680 It was a little bit of a pain to set up, 389 00:18:03,680 --> 00:18:05,280 but with the Azure Attestation Service, 390 00:18:05,280 --> 00:18:07,240 it's actually significantly easier. 391 00:18:07,240 --> 00:18:10,320 And I think now that we're seeing these VMs from both AMD 392 00:18:10,320 --> 00:18:14,360 and from Intel that give essentially all memory encryption, 393 00:18:14,360 --> 00:18:16,320 where the keys are stored in hardware 394 00:18:16,320 --> 00:18:21,280 and managed by the VM, I think that's going to enable 395 00:18:21,280 --> 00:18:23,640 certain kinds of workloads to be moved to Azure, 396 00:18:23,640 --> 00:18:24,960 I think, with a lot more confidence. 397 00:18:24,960 --> 00:18:25,800 It's great to see. 398 00:18:25,800 --> 00:18:30,800 One of the next topic, which is on IoT and OT part, 399 00:18:32,120 --> 00:18:35,160 what we have seen that the number of connected devices 400 00:18:35,160 --> 00:18:38,320 are continuously increasing and dramatically, I would say, 401 00:18:38,320 --> 00:18:42,240 and almost 75% of our enterprise customers today 402 00:18:42,240 --> 00:18:44,880 have at least 5000 IoT device. 403 00:18:44,880 --> 00:18:47,600 What does it mean that CISOs will be more 404 00:18:47,600 --> 00:18:50,200 and more responsible for managing 405 00:18:50,200 --> 00:18:52,200 and for all those attack surfaces, 406 00:18:52,200 --> 00:18:53,920 which are continuously increasing? 407 00:18:53,920 --> 00:18:57,920 And as we know that from 12 billion total device in 2021, 408 00:18:57,920 --> 00:19:01,320 it's going to grow to 27 billion in 2025. 409 00:19:01,320 --> 00:19:05,160 So this is something in a futuristic area of concern 410 00:19:05,160 --> 00:19:08,280 and discussion on IoT and OT security. 411 00:19:08,280 --> 00:19:10,680 And Mark, I know this is one of your favorite topic 412 00:19:10,680 --> 00:19:12,360 or another maybe I would say, 413 00:19:12,360 --> 00:19:14,240 really love to hear from you on that. 414 00:19:14,240 --> 00:19:17,040 Yeah, so this is actually really cool development. 415 00:19:17,040 --> 00:19:20,440 So for those that didn't notice Microsoft a little over a year 416 00:19:20,440 --> 00:19:23,760 ago acquired a company called CyberX, great team, 417 00:19:23,760 --> 00:19:25,720 great set of people, great set of technology, 418 00:19:25,720 --> 00:19:28,160 you get to work with them almost every day. 419 00:19:28,160 --> 00:19:31,440 And so they brought this core capability you need 420 00:19:31,440 --> 00:19:35,040 in the operational technology or ICS space, 421 00:19:35,040 --> 00:19:38,280 which is all the sort of really old and crusty, 422 00:19:38,280 --> 00:19:41,200 like up to 30 or 50 year old electronics 423 00:19:41,200 --> 00:19:43,480 that are like controlling physical processes 424 00:19:43,480 --> 00:19:46,600 for manufacturing and delivery and processing 425 00:19:46,600 --> 00:19:49,520 and power distribution and all that kind of stuff. 426 00:19:49,520 --> 00:19:52,800 And so those OT capabilities is basically just listening 427 00:19:52,800 --> 00:19:54,640 on the network doing deep packet inspection 428 00:19:54,640 --> 00:19:56,400 on everything that passes through 429 00:19:56,400 --> 00:19:58,600 and then generating insights around, 430 00:19:58,600 --> 00:20:01,080 hey, there's an attack, there's a threat going on. 431 00:20:01,080 --> 00:20:05,080 Here's the assets that are on your network, on your environment, 432 00:20:05,080 --> 00:20:07,040 and then the vulnerabilities within. 433 00:20:07,040 --> 00:20:08,480 So that's sort of like where we started, 434 00:20:08,480 --> 00:20:11,000 that's been in market for about a year now. 435 00:20:11,000 --> 00:20:13,680 And then the cool thing about this is that, 436 00:20:13,680 --> 00:20:15,160 that's one kind of device, 437 00:20:15,160 --> 00:20:17,920 and then you've got your IT devices at the other extreme, 438 00:20:17,920 --> 00:20:19,480 which is where a defender for endpoint, 439 00:20:19,480 --> 00:20:21,680 Microsoft defender for endpoint has been bringing 440 00:20:21,680 --> 00:20:26,120 the EDR capabilities, part of the XDR suite. 441 00:20:26,120 --> 00:20:28,680 And now this actually starts bridging us in the middle 442 00:20:28,680 --> 00:20:31,240 of those into sort of the IoT devices 443 00:20:31,240 --> 00:20:34,560 and gives us visibility into the full spectrum. 444 00:20:34,560 --> 00:20:36,800 And what they actually did was kind of, 445 00:20:36,800 --> 00:20:38,440 in my mind, kind of cool, 446 00:20:38,440 --> 00:20:42,280 where they essentially allow the MDE agents 447 00:20:42,280 --> 00:20:45,680 to act as sensors and listen in on the local subnet 448 00:20:46,480 --> 00:20:49,080 and essentially provide insights 449 00:20:49,080 --> 00:20:54,080 on what kind of IoT devices are on those subnets 450 00:20:54,080 --> 00:20:55,720 around those MDE agents. 451 00:20:55,720 --> 00:20:58,240 So it's not necessarily a perfect solution in all things. 452 00:20:58,240 --> 00:21:00,320 We're looking, we've got some other technology 453 00:21:00,320 --> 00:21:02,280 that they're working under the hood, 454 00:21:02,280 --> 00:21:06,640 but ultimately this gives us a really good set of visibility 455 00:21:06,640 --> 00:21:09,880 into the IoT space and what's happening there 456 00:21:09,880 --> 00:21:13,880 and allows us to get closer and closer to that vision 457 00:21:13,880 --> 00:21:17,840 of having IT, IoT and OT all together in one place. 458 00:21:17,840 --> 00:21:19,880 And we can do that right now at the sim level 459 00:21:19,880 --> 00:21:22,400 with Azure Sentinel, and they added some great playbooks 460 00:21:22,400 --> 00:21:24,480 and some other integration there, which is awesome. 461 00:21:24,480 --> 00:21:25,880 It just, it keeps getting better 462 00:21:25,880 --> 00:21:28,240 to sort of bring all those worlds together, 463 00:21:28,240 --> 00:21:29,920 because the thing that we've learned 464 00:21:29,920 --> 00:21:31,200 is attackers don't care. 465 00:21:31,200 --> 00:21:33,360 They're just, if it's got connectivity, 466 00:21:33,360 --> 00:21:35,200 if they can compromise it, throw some malware on it, 467 00:21:35,200 --> 00:21:36,240 get some data off of it, 468 00:21:36,240 --> 00:21:37,880 they're just gonna play their games 469 00:21:37,880 --> 00:21:42,880 regardless of whatever is kind of a device that actually is. 470 00:21:42,920 --> 00:21:46,440 And so, it was really great to see this kind of come together. 471 00:21:46,440 --> 00:21:50,200 The other thing that I wanted to add is our emphasis 472 00:21:50,200 --> 00:21:54,520 is what you said that we provide the full spectrum, 473 00:21:54,520 --> 00:21:57,960 because now we could bring, okay, 474 00:21:57,960 --> 00:22:01,160 many attacks are happening in the IT 475 00:22:01,160 --> 00:22:03,200 and then jumping onto the OT. 476 00:22:03,200 --> 00:22:06,960 So we are giving end-to-end type of capabilities. 477 00:22:06,960 --> 00:22:10,200 And this is becoming big deal, especially in the US 478 00:22:10,200 --> 00:22:13,440 because there has been a memorandum released 479 00:22:13,440 --> 00:22:17,720 by the White House about protecting OT, IoT. 480 00:22:17,720 --> 00:22:20,640 And there's a lot of guidance that is being developed 481 00:22:20,640 --> 00:22:25,640 by CISA, DOE, and TSA and other organizations. 482 00:22:25,640 --> 00:22:30,160 So there are many critical infrastructure type 483 00:22:30,160 --> 00:22:33,120 of organizations that are looking for these type 484 00:22:33,120 --> 00:22:34,680 of capabilities. 485 00:22:34,680 --> 00:22:38,320 And this is a great capability or solution 486 00:22:38,320 --> 00:22:41,640 that we are providing as part of our Microsoft 487 00:22:41,640 --> 00:22:43,400 security strategy. 488 00:22:43,400 --> 00:22:44,240 Absolutely. 489 00:22:44,240 --> 00:22:47,040 We always touch upon the external threats, 490 00:22:47,040 --> 00:22:50,560 but the insider part also is very, very important. 491 00:22:50,560 --> 00:22:53,000 Mark, you have anything to add from the managing 492 00:22:53,000 --> 00:22:54,360 the insider risk part? 493 00:22:54,360 --> 00:22:57,000 One of the other announcements that kind of caught my eye 494 00:22:57,000 --> 00:23:01,080 that is, first of all, there's some just basic extension 495 00:23:01,080 --> 00:23:06,080 stuff where the insider risk and information protection 496 00:23:06,080 --> 00:23:09,080 effectively have been extended to Mac OS, 497 00:23:09,080 --> 00:23:11,480 which I thought was pretty cool. 498 00:23:11,480 --> 00:23:14,000 And then there was a specific addition 499 00:23:14,000 --> 00:23:16,240 to the Microsoft Information Protection. 500 00:23:16,240 --> 00:23:19,640 And this is our essentially encrypted phone home solution 501 00:23:19,640 --> 00:23:21,960 for your sensitive data. 502 00:23:21,960 --> 00:23:24,400 The auto classification, which has always 503 00:23:24,400 --> 00:23:27,200 been able to do essentially regex and static rules, 504 00:23:27,200 --> 00:23:30,400 now has the ability to do trainable machine learning 505 00:23:30,400 --> 00:23:33,680 classifiers, which allows for a lot more flexibility 506 00:23:33,680 --> 00:23:36,240 and fuzziness in identifying sensitive data. 507 00:23:36,240 --> 00:23:38,480 And so I thought that was kind of a cool piece 508 00:23:38,480 --> 00:23:41,000 on the other end of the spectrum, the data end versus the IoT 509 00:23:41,000 --> 00:23:41,720 end. 510 00:23:41,720 --> 00:23:44,680 That's so many good updates we have. 511 00:23:44,680 --> 00:23:47,480 I'm sure our customers, anyone who is listening 512 00:23:47,480 --> 00:23:52,160 to this podcast, you can go to our Ignite page 513 00:23:52,160 --> 00:23:53,680 and look at the book of news. 514 00:23:53,680 --> 00:23:55,760 We have heaps of other announcements 515 00:23:55,760 --> 00:23:57,400 which due to limitation of time, we 516 00:23:57,400 --> 00:23:59,360 cannot cover everything each and every features. 517 00:23:59,360 --> 00:24:01,280 But there are lots of other updates 518 00:24:01,280 --> 00:24:04,920 in each of the area of threat protection, cloud security, 519 00:24:04,920 --> 00:24:09,800 governance, identities, and IoT OT, as Mark talked about. 520 00:24:09,800 --> 00:24:12,240 OK, well, that brings things to a close. 521 00:24:12,240 --> 00:24:14,080 There's a lot more news that came out of Ignite. 522 00:24:14,080 --> 00:24:16,800 We just covered some of the high level security aspects. 523 00:24:16,800 --> 00:24:19,080 There's a lot of big announcements that were made. 524 00:24:19,080 --> 00:24:21,280 So one thing we're going to do in the show notes 525 00:24:21,280 --> 00:24:23,840 is have a link to a thing that's referred to as the Ignite, 526 00:24:23,840 --> 00:24:26,200 or the Microsoft Ignite, Book of News. 527 00:24:26,200 --> 00:24:28,400 And that will basically have everything in there. 528 00:24:28,400 --> 00:24:31,880 We'll also call out some of the more pertinent, high level 529 00:24:31,880 --> 00:24:33,360 security news as well. 530 00:24:33,360 --> 00:24:35,000 So we'll draw out some of the links 531 00:24:35,000 --> 00:24:36,600 just so they go through the Book of News 532 00:24:36,600 --> 00:24:38,040 and then find the links and then go 533 00:24:38,040 --> 00:24:39,480 to the appropriate sites. 534 00:24:39,480 --> 00:24:43,080 Yeah, and I wanted to add that the identity team also 535 00:24:43,080 --> 00:24:47,000 released a blog that summarizes everything that 536 00:24:47,000 --> 00:24:51,800 was released with identity, which the Book of News 537 00:24:51,800 --> 00:24:54,000 kind of go a little bit into it. 538 00:24:54,000 --> 00:24:56,720 But there's more detail in this blog. 539 00:24:56,720 --> 00:24:58,560 Yeah, I had a great look at it the other day, 540 00:24:58,560 --> 00:25:00,320 and it certainly goes into a lot more detail. 541 00:25:00,320 --> 00:25:01,280 Yeah, there's a lot. 542 00:25:01,280 --> 00:25:01,960 It's interesting. 543 00:25:01,960 --> 00:25:03,800 There's a lot of stuff that comes out of Ignite. 544 00:25:03,800 --> 00:25:07,000 It's only a few days, but there's so much more depth 545 00:25:07,000 --> 00:25:08,400 to so much more of the material. 546 00:25:08,400 --> 00:25:10,360 And I think the Book of News, what I think 547 00:25:10,360 --> 00:25:13,360 is a good sort of giving a high level summary. 548 00:25:13,360 --> 00:25:15,280 It doesn't really go into the depth 549 00:25:15,280 --> 00:25:17,520 that a lot of people need to know, which is completely 550 00:25:17,520 --> 00:25:18,280 understandable. 551 00:25:18,280 --> 00:25:20,080 Otherwise, it'd be 1,000 pages. 552 00:25:20,080 --> 00:25:22,000 Yeah, if I can just do one more thing. 553 00:25:22,000 --> 00:25:25,040 Sorry, steal a little Steve Jobs technique there. 554 00:25:25,040 --> 00:25:26,520 Yeah, one of the other big announcements 555 00:25:26,520 --> 00:25:30,040 that I'd realized we didn't cover is there was actually 556 00:25:30,040 --> 00:25:32,600 quite a bit of investment for smaller organizations. 557 00:25:32,600 --> 00:25:34,720 So obviously, all of us tend to work 558 00:25:34,720 --> 00:25:36,280 with the larger enterprises. 559 00:25:36,280 --> 00:25:39,080 But there was a Microsoft Defender for Business 560 00:25:39,080 --> 00:25:41,720 for 300 person and smaller companies 561 00:25:41,720 --> 00:25:44,000 that's really tailored to that scenario 562 00:25:44,000 --> 00:25:46,600 and simpler, more straightforward, et cetera. 563 00:25:46,600 --> 00:25:48,600 And then there was also the, I think 564 00:25:48,600 --> 00:25:52,040 it's called the Defender for Endpoints P1. 565 00:25:52,040 --> 00:25:56,720 That's also somewhere between Anti-Mauware and EDR. 566 00:25:56,720 --> 00:25:58,800 And so there was quite a bit of investment there. 567 00:25:58,800 --> 00:26:01,120 I just want to make sure that didn't get lost in all the noise. 568 00:26:01,120 --> 00:26:03,720 And then I do have something to add after all that, 569 00:26:03,720 --> 00:26:05,560 because I've stayed quiet this episode, 570 00:26:05,560 --> 00:26:07,200 but relatively quiet. 571 00:26:07,200 --> 00:26:10,520 As Gladys was saying, a lot of the teams, 572 00:26:10,520 --> 00:26:13,800 they do write their own blogs in more details. 573 00:26:13,800 --> 00:26:16,520 That's also the case for all the, what was, 574 00:26:16,520 --> 00:26:18,080 the Azure security products. 575 00:26:18,080 --> 00:26:20,880 And now it's just Microsoft security products. 576 00:26:20,880 --> 00:26:24,400 So if you check out all the blog posts for Azure Defender 577 00:26:24,400 --> 00:26:27,720 for Cloud, Microsoft Sentinel, oh, Microsoft Defender 578 00:26:27,720 --> 00:26:29,040 for Cloud. 579 00:26:29,040 --> 00:26:31,400 And I nearly, nearly got it right. 580 00:26:31,400 --> 00:26:34,920 Microsoft Sentinel, we have blog posts summarizing 581 00:26:34,920 --> 00:26:36,080 all the announcements. 582 00:26:36,080 --> 00:26:40,160 There's also webinars that are happening, well, this week. 583 00:26:40,160 --> 00:26:42,360 And the week we're recording this. 584 00:26:42,360 --> 00:26:46,160 Next week, obviously, if you're listening to this later on, 585 00:26:46,160 --> 00:26:50,040 we post all those recordings and those webinars 586 00:26:50,040 --> 00:26:53,480 to the security community webinar page. 587 00:26:53,480 --> 00:26:55,880 So you can go listen to them afterwards 588 00:26:55,880 --> 00:26:58,280 if there's a particular product or something 589 00:26:58,280 --> 00:26:59,520 that you're interested in. 590 00:26:59,520 --> 00:27:01,480 Because as we said, the book and news is great, 591 00:27:01,480 --> 00:27:03,680 but there might be a particular thing you really 592 00:27:03,680 --> 00:27:04,720 want to dive into. 593 00:27:04,720 --> 00:27:07,000 So we've definitely got all that stuff too. 594 00:27:07,000 --> 00:27:09,360 All right, with all that, let's bring this to an end. 595 00:27:09,360 --> 00:27:11,600 Abbas, thank you so much for joining us this week. 596 00:27:11,600 --> 00:27:13,760 I really appreciate you taking the time. 597 00:27:13,760 --> 00:27:14,760 Now you're really busy. 598 00:27:14,760 --> 00:27:16,880 There's always a lot to cover with Ignite. 599 00:27:16,880 --> 00:27:19,080 And I would urge everyone who's listening to go and take a look 600 00:27:19,080 --> 00:27:21,440 at at least at the book of news. 601 00:27:21,440 --> 00:27:23,320 And with that, thank you so much for listening. 602 00:27:23,320 --> 00:27:25,240 Stay safe, and we'll see you next time. 603 00:27:25,240 --> 00:27:28,040 Thanks for listening to the Azure Security Podcast. 604 00:27:28,040 --> 00:27:30,600 You can find show notes and other resources 605 00:27:30,600 --> 00:27:34,880 at our website azsecuritypodcast.net. 606 00:27:34,880 --> 00:27:37,160 If you have any questions, please find us 607 00:27:37,160 --> 00:27:39,640 on Twitter at azuresecpod. 608 00:27:39,640 --> 00:27:42,600 Background music is from ccmixter.com 609 00:27:42,600 --> 00:28:01,120 and licensed under the Creative Commons license.