Note-to-self: Short URL for app password in Azure MFA

When you enable MFA (Multifactor Authentication) in Azure, you can configure app passwords for applications that cannot work with the code generators, applications, phone apps to logon with MFA…

The source URL for it is: https://account.activedirectory.windowsazure.com/AppPasswords.aspx

But it’s very likely you can’t remember it anymore after a while, so train your brain for these bookmarks:

Also, these point to the same URL.

 

June 2017: @TroyHunt is back in Belgium for his workshop ‘Hack Yourself First’. Wanna join?

ZIONSECURITY will be welcoming Troy Hunt again. The 1st and 2nd of June, he will be leading a ‘Hack Yourself First’ workshop where he will teach professionals how to break into their own applications. Find out the program and register here!

#update: download the flyer with program and details here: Flyer Troy Hunt June.

I have been there the last time, it was great fun, lots of interaction. And I certainly would recommend you to join.

What if you really wanna join, but your boss is not willing to sponsor? (While he SHOULD!).
Or any other silly reason you can’t attend?

Well, you know, if you can provide me a very good, strong, original and unique argument why you MUST be at this workshop, you might be lucky.

You know the channels to reach out to me and test your luck.

Some suggestion, send me a direct message:
1. Comment on this post,

2. mail me, tweet me (direct message!), F@ceBook me, LinkedIn …

Convince me and it could be you sitting at the first row.

#FIM2010 / #MIM2016 not so dead, and what you didn’t hear.

What seemed to be a small note on a MPN blog, landed on LinkedIn and finally got into a pretty… eh how would you name it … disappointing, bizar, vicious, mean, deviant, misunderstood .. nah .. just a wrong direction, has caused quite some confusion.

And looking at the IM and messages I get, it still is.

Let me spoil the clue of the story: Microsoft Identity and Access, FIM, MIM,… IS … ALIVE. VERY MUCH ALIVE. (NOT DEAD)
If you need more detail, continue…

Lots of things have been said and I don’t want to repeat too much stuff, and certainly don’t want to take credit for it.
But let me pick some core components of the discussion and get a few things straight.

Why not refer to the sources first, by chrono. (If you want to have them in a short list all together, quickly read through the post till the end.)

It started here (by Gavriella Schuster on 12 April 2016):

https://blogs.partner.microsoft.com/mpn/microsoft-partner-network-evolution/?ln=en-US

In essence Gavriella discusses MPN (Microsoft Partner Network) competencies and mentions the “The retiring competencies”, which include: “Identity and Access”.
She doesn’t mention any product specifically, but she doesn’t mention either that “Identity and Access” is being moved to the Enterprise Mobility Management (EMM) competency.
This is clearly a cause for confusion, disappointment and misunderstanding.

But if you continue to read her post and check the next paragraph, you’ll see:

  • Interactive MPN Evolution Guide – This NEW interactive tool is your first step to guide your decision process. Use this to explore all of the new paths and options and easily identify which is the best fit for your business.
  • MPN Evolution Page – This is an overview of the changes, including the full list of impacted competencies and timeline.
  • FAQ – We have received feedback from some of your peers in our advisory councils and compiled answers to some of the questions we anticipate you might have. We will continue to build on these as we receive new questions.

 

After a few clicks in the MPN evolution guide, you’ll see that “Identity and Access” is now in the Enterprise Mobility Management (EMM) competency. But it takes a few pages to find out. Right.

Also the MPN Evolution FAQ (downloadable PDF) says:

“Identity and Access Competency

Q) Where can I find more information about Enterprise Mobility Suite and partner opportunities?
A) For Enterprise Mobility Suite information, go here. For competency information, go here.

Q) Where can I find more info around Enterprise Mobility Suite incentives eligibility via the Enterprise Mobility Management Competency?
A) To learn more about EMS Incentives, visit the portal page, here. ”

A few days later a post on LinkedIn interpretes the competency change as “It marks the end of MIIS, ILM, FIM, and MIM“.
This opinion/ interpretation ignited a discussion or list of comments that even got vicious and mean if not incorrect. But I’ll leave that to your own interpretation.

But I can certainly advise to read all of it.

One of the key comments is posted by Alex Simons (Director of PM, Microsoft Identity Division): (quote)

“This focus area has just been combined with Mobility as we believe the overall category is merging as part of the shift we are seeing among customers to a modern end-user productivity model which merges Identity, Mobiltiy and Information Protection together to enable workers to get their jobs done wherever they are. So don’t let the merger fool you! We have more engineers working on Identity and Access Managemebt today (600+ across the cloud and on-premises) than we have ever had before at Microsoft!”

Apparently, due to some technical issues, an important comment of David Steadman never got posted to that thread. And probably for that reason, it got disconnected.
But it’s a damn important insider-note or add-on to Alex’ message.

“Identity within Microsoft not Dead!!”

“/../ this is not the end to identity platform. It simply transforming to what customers are demanding, just like MIIS changed and ILM. Merging the assets makes sense, As we have seen with this product and others. If you do not change you will be left behind it is a strategic change that meets the demand of our Azure Customers and On-premise Customers. Also the MIM product group has release a few new additions to MIM CTP4 /../”

“… Because Microsoft is the Identity platform and as this merger of Identity, Mobility and Information Protection continues you will see great add to the story and services.”

A few days later, , posts an interesting reply to the discussion. To jump to his conclusion: “ Success in the cloud is underpinned by a well-engineered Identity and Access infrastructure – and that is usually a hybrid on-premises/cloud infrastructure involving MIM, AD, Azure AD and much more. You can call it what you like, but rumours of its death have been greatly exaggerated.

And to close the discussion, you might want to get up to speed on what Microsoft Identity and Access aka Enterprise Mobility is heading to… with another post by Hugh.
It’s the essence of the whole story: Identity and Acces, now Enterpise mobility is not limited to the ‘identity technology’ anymore: consider”Advanced Threat Analytics, Secure Islands, Adallom, hybrid identity, devices and enterprise mobility management, Microsoft Identity Manager (MIM) including Privileged Access Management (PAM), new features in Microsoft’s Enterprise Mobility Suite, including changes in Azure Active Directory, Rights Management, and Intune… and more.

It’s damn clear that a specialist in Microsoft Identity & Access (eh sorry, Enterprise Mobility), will have plenty of work in the future.

That being said, here’s the short list.

References list of LinkedIn articles:

But that’s not all.
Recheck the Microsoft support lifecycle for the various products and save it for future reference:

 

*EDIT – 13/may/2016 … the discussion continues*
Above was the customer friendly version, as I’ve got quite some queries for details.
So it allows to explain that the pronounced dead essentially was a hoax.

On the FIM/MIM FB group, there was a very pertinent remark by Gil Kirkpatrick which I’m allowed to share here:

I’ve been utterly baffled at the public reaction to all of this… I’ve had probably a dozen people (a Kuppinger-Cole guy for chrissakes) tell me how MSFT has failed to crack the IAM market and how they’ve given up and EOL’d FIM/MIM, and now its a free-for-all and tha datacenter is on fire, and …, well you get the idea. It’s like nobody even bothered to read the announcement, and I don’t know, maybe look up some of the words in the dictionary if they were having trouble understanding it.”

+1

I personally think this is exactly the reason that David, Hugh and others (including me) have been fighting this hoax.

And I’ll not go into the view and recent reports of the market watchers, like Kuppinger-Cole and Gartner on Identity and Access, Identity Governance, .. whatever.
These are valuable if the reports are built on current, solid data.
But if a vendor does not participate in the survey for a year, or two, because their product stack is been overhauled and set ready for the future.. and therefore the ‘product suite’ does not fit to the market watchers categories (so it drops from the reports), it’s no reason to burry a product/vendor.

And certainly if these reports are published one year later…
Things are moving fast, very fast.

Note-to-self: #FIM2010 Stencils & icons

Source: https://social.technet.microsoft.com/Forums/en-US/7a7b3df0-35d1-48a5-9577-e2c435b39128/how-to-become-a-fimster?forum=ilm2

As mentioned by Ross Currie, you need a shortcut to this, as you keep losing this little gem…

https://skydrive.live.com/?cid=b905f742cf6d28e2&id=B905F742CF6D28E2%21164

Note-to-self: free download of the 2015 Cyberthreat Defense Report from CyberEdge Group (and no registration needed)

Source (*): http://www.cyber-edge.com/2015-cdr/

CyberEdge has released the 2015 Cyberthreat Defense Report, which is a very-interesting-read for security professionals.
Among the findings: 52% of respondents expect to fall victim to a cyberattack in 2015.

Although most of these ‘free’ reports don’t cost you a penny, they are not free at all as you’ll need to pay with your personal data.
At minimum with your mail address…

Yes, we know, the registration of your email address is the refund of the marketing these companies need.
But do you want to pay that price?

And a lot of second-line security companies and/or partners of CyberEdge will do the same thing… publishing the free report after you have registered.
(Got the publication notification from Blue Coat systems…, but you can easily find more Bing it yourself.)
The downside of this is that you have no control at all what happens to that registration, despite the privacy and legal regulations (like double opt-in)…

So it’s always fun to look out for really ‘free’ (and legal) downloads… 😉

(*) In this case, stick to the source: http://www.cyber-edge.com/wp-content/uploads/2015/03/CyberEdge-2015-CDR-Report.pdf
[no guarantee how long it will stay ‘free’,…;)  ]

Enjoy!

 

 

Note-to-self: Insider Threat report from Infosecbuddy

Source: http://www.infosecbuddy.com/thank-you-here-is-your-insider-threat-report/

(No, you don’t need to leave your precious dummy contact details…)

From the report:

“Highly publicized insider data theft, such as the recent Morgan Stanley breach or Edward Snowden incident,
highlight the increasing need for better security practices and solutions to reduce the risks posed by insider threats.

This report is the result of comprehensive crowd-based research in cooperation with the
260,000+ member Information Security Community on LinkedIn and Crowd Research Partners to gain more insight into the state
of insider threats and solutions to prevent them.”

Note-to-self: free MS Press eBooks on Microsoft Virtual academy

Looking for some Azure reference material, planning for Azure certification exams, …? Have a look at the eBooks section on Microsoft Virtual Academy (MVA)…
Short url: http://aka.ms/freemspress

It has a quite interesting collection of free eBooks you can download…

 

And while you’re there, also check the learning stuff for identity:

http://www.microsoftvirtualacademy.com/Studies/SearchResult.aspx?q=identity

And bookmark this link for security related learning material:

http://www.microsoftvirtualacademy.com/Studies/SearchResult.aspx?q=security

 

Happy learning!