Tweet review #2

How many more breaches?

  • Do Azure Identity Protection
  • Do Advanced Threat Analytics
  • Do Privileged Access Management
  • Do Privileged Identity Management

Amongst all the key messages from Ignite this year was ‘assume breach’. Networks, directories, points of entry etc. are all so vast in almost any environment. Even with the best security policies it is folly to assume these are enough. These tools from Azure allow you to know when something isn’t right. Check out this session video from Ignite for more on ATA, IdP and PIM!

Teams. Glorious, glorious Teams.

If you’re using Office 365, and you think you might get too much email, you need to be using Teams. There’s plenty more to say but this problem was, in nutshell, what Sway was built to answer – which really saw massive growth, proving the concepts of team-based chat, and is why Microsoft Teams has been built to provide the same functionality with far greater integration with the rest of the Microsoft Office 365 stack. Use it, be happy.


I have an admission to make. I need get myself on the PFE bandwagon at some point and get into some proper performance analytics. For too long have I skirted around this subject and never fully dived in. My intention was to catch the legendary the case of the unexplained session at Ignite but with so much content it was missed somehow. Maybe now with an update being released, now is a good time…

Jen Stirrup is a data wizard

My interest in ‘big data’ is entirely selfish. PowerBI is something I desperately want to plug into everything associated with my day job and dataviz my world. Jen is someone I came across at Ignite via this session and has since become someone I follow more avidly on Twitter than is perhaps healthy!

Bold adoption, big gains

I live in the identity world, which is pretty pervasive throughout the Azure suite. EMS is a close subject matter; Whole Foods and Unilever are two hyper-scale organisations I know of that have undertaken bold adoption plans and are now seeing the fruits of their labour. Learn how Unilver modernized IT.

ARM Templates, DSC, yes please

This is very relevant to a pet project of mine and these areas are so central to managing resources in Azure IaaS/PaaS, thoroughly interesting!

Office 365 Groups – The File Report

I’m clearly a big fan of what Microsoft is doing with Azure, and Office 365, and Office 365 Groups. But one thing which is clearly not quite ‘there’ yet is the file experience. I’ve long converted from attaching files to linking to a shared file in OneDrive, and I’m quickly getting used to the O365 Group Team Site file sharing experience. But the way files are surfaced across the apps feels a little ‘disjointed’ somehow. And I think Tony is getting to similar points in his post here.

A bit like how Teams still has the chat blade, which should either be incorporated into the Skype app proper, or removed. Otherwise it’s just another interface into the Skype experience which will just cause confusion for the average user.

Features are there, they just need tying up and some consistency.

Use the Azure AD Graph to generate amazing collaboration opportunities

Dynamic Groups

For many years, we’ve had the capability to drive dynamically generated Active Directory groups using what we might, for the purposes of this post, call the ‘on-prem AD graph’ – in Microsoft Identity Manager (MIM).

MIM maintains a view of a person through the lens of data collected about that person from disparate systems such as HR, AD, Exchange, IP telephony, local apps and so on.

Dynamic Groups are superb for driving access or experiences based upon the data available in MIM. But the data in MIM is often a subset of the whole. Rarely are all on-prem apps integrated, and of those which are, only the attributes selected when the app was integrated is available. So for organisations this lens of person data may be bigger or smaller.

The Azure AD Graph

Today it’s already possible to flow the data we have about people to the Azure AD Graph, which is great; with this new functionality it means we can use Azure AD to drive creation of these groups (automatically if necassary) without consuming processing cycles in the MIM Service or having people manage and maintain these assets in the MIM Portal.

But the really interesting addition is in SaaS; Where MIM is limited to the data sources it is connected to (and the attributes flowed from each), the Azure AD Graph can contain identity-related data generated by over two and half thousand SaaS apps.

The richness this provides is going to dramatically increase the capabilities we have and it’s reaching the point where identity professionals must rely far more on the contextual knowledge and experience of people within the business to extract greater value from our capabilities.

Adoption of identity

Imagine being told that using data that means something to you – about your team, where you work, the department you work in, the applications you use, that you could drive a set of collaborative assets for your specific workloads. Perhaps automatically. Dynamic management of Office 365 Groups using the Azure AD Graph is an incredibly interesting prospect… Hopefully Microsoft Teams isn’t too far from General Availability!

Try out some of the functionality using this tutorial here.

November 03, 2016 at 09:59PM