May 23 - 25 | 2022 Antwerp | Belgium
09:00 - 17:00

M365 / Azure AD taking a holistic Zero Trust approach to secure your environment

Once upon a time, in a land far, far away, we built a castle with solid walls and a single entrance if we wanted to protect an asset. We may well have enhanced the entrance with a drawbridge, a portcullis and killing boxes. However, once an individual was allowed inside our castle, they were trusted and could move freely. We originally built IT systems like this, and for on-premises Active Directory, we created walls through a combination of our building, network and domain/forest boundaries. As with the castle, once inside the perimeter, trust was assumed.

Today we need to reach out to partner organisations, cloud providers and allow our users to work from home. Our containing perimeter is gone, and we need to adopt a new stance: never trust, always verify (Zero Trust).

A Zero Trust strategy should provide us with stepping stones to work towards an ideal security posture. Microsoft has identified three critical principles for Zero Trust.
Least privilege
o A user's privileges within the ecosystem must never be greater than those required to perform a particular task.
Verify explicitly
o Continuously verify resource access based on user identity, environment, device health, and risk.
Assume breach
o Add defences to minimise the chances of a breach. Use analytics to get operational insights, detect threats and improve protection.

Microsoft Azure AD provides many technologies to help implement Zero Trust systems, but where do you start?

Step one is to make Azure AD your core identity platform for authenticating users to all your applications. Once you have consolidated your IAM with Azure AD, you can implement additional features and services and gradually step towards your Zero Trust goals.
Come to this one-day masterclass, and John Craddock will explain the issues, steps and technologies required to implement a Zero Trust strategy for your Azure AD / M365 environments. He will lead you on a journey that encompasses, hybrid-authentication, B2B, MFA, passwordless authentication, Role-Based Access Control, application management, conditional access, privilege identity management, endpoint management, identity protection, analytics and more. With demos along the way, it is defiantly a day for your diary!

John Craddock

John has designed and implemented computing systems ranging from high-speed industrial controllers through to distributed IT systems with a focus on security and high-availability. A key player in many IT projects for industry leaders including Microsoft, the UK Government and multi-nationals that require optimized IT systems. Developed technical training courses that have been published worldwide, co-authored a highly successful book on Microsoft Active Directory Internals, presents regularly at major international conferences including TechEd, IT Forum and European summits. John can be engaged as a consultant or booked for speaking engagements through XTSeminars.