If you missed the webinar, here’s the recording, featuring Paul Collinge, Sr Program Manager from Microsoft & Sean Sweeney, Sr Director & Chief Security Advisor, Microsoft Cybersecurity Solutions Group:
- RECORDING: Alternatives for Security Controls: Elevating Security & Performance for Remote Work
On-Demand session 1, recorded Tuesday 3/31/20 – 9:00 AM Pacific Time
Q&A
Additionally, the Q&A thread is visible in the recording. Notable responses include:
- Top 5 ways your Azure AD can help you enable remote work
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/top-5-ways-your-azure-ad-can-help-you-enable-remote-work/ba-p/1144691 - Q: Do we have a way to just allow the user to access to just open the B2C O365 access for the customer domain, no other one?
A: By using Tenant restrictions https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/tenant-restrictions you can limit which tenants are accessible even with shared namespaces. - Q: A current requirement for this to work in 100% of scenarios is to also add the IP range 13.107.60.1/32. This should not be necessary very shortly due to an update in the latest Teams client due for release w/c March 30 2020.
A: We’re still working on getting this update out and will update the documentation when this is done. Until then adding the /32 you reference will solve the problem where it occurs. Connectivity isnt made to this IP, it’s just used to decide the routing so as long as you add it to the other IP blocks in the route table, routing will work as you wish. - Q: How can we generate a report that documents the conditional access policies?
A: Today there is not a way to export Conditional Access policies to generate a report. Check for updates on this feature here. https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/19198480-support-exporting-and-importing-conditional-access - Q: What security controls required for WVD as many are opting for remote working.
A: Conditional Access can be used to restrict access to the front door of WVD. More complete guidance is being developed and we hope to have it published soon. - Q: Do you have any helpful tools for consultants to help clients do a quick assessment to prioritize actions
A: From a connectivity standpoint, the tool at https://connectivity.office.com should give you a view as to connectivity on a machine and we’re working on updating the tool to capture VPN usage. - Q: Can you comment on how best to do split tunnel with cisco asa (can’t do smart FW yet) and anyconnect 4.7? IT seems like the MS docs for o365 ip addresses are not fully correct
A: https://docs.microsoft.com/en-us/office365/enterprise/office-365-vpn-implement-split-tunnel has a how-to guide for Cisco Anyconnect. The IP addresses published at https://docs.microsoft.com/en-gb/office365/enterprise/urls-and-ip-address-ranges and the corresponding web service is always fully up to date
kurtsh
Kurt Shintaku's Blog 