Child pages
  • 2019-09-09 azuread-govteam mtg
Skip to end of metadata
Go to start of metadata

2019/09/09

Summary agenda:

------------------------------------------------------------------------------------------

-Updates on past topics & items of interest (10-15m)

------------------------------------------------------------

-Discussion topics (50m)

  1. Enable PHS sync option - Brian
    1. Provides business continuity option
    2. Enables Microsoft signaling of known pwned accounts
    3. Required for Azure AD Domain Services
    4. May be chosen architecture via MFA project. We may be able to demo this configuration (on a per user basis) after enabling this.
  2. AAD role approval practices - Brian
    1. https://wiki.cac.washington.edu/x/BJAzBQ

      Notes on where we left this: 
      -Scott raises concern about Compliance Administrator not have a more stringent recommended account type like tadm. Brian explains that Compliance Administrator has a scope limited to Office 365 apps, with something close to read permissions, so has same recommendation as the O365 roles. Brian extends compromise to include Compliance Administrator in higher security account grouping.
  3. AAD-only groups or Cloud only Exchange Distribution Lists or template for briefing - Scott and Nathan

----------------------------------------------------------------------------

-Input on backlog & possible future discussion topic input (5m)

  • MI activities - high level summary is high-level summary of current, planned and possible future investments, given resourcing & priority
  • Possible future discussion topic list:
    • Azure AD join/hybrid join/InTune
    • Azure AD Conditional Access management (this is likely to grow & there is huge potential to break things)
    • AAD token lifetime review compared to other UW tokens
    • Hybrid Cloud update
    • Current service design
    • Vendor mgmt: what are our top 10 requests for Microsoft?
    • Azure AD service catalog entry review
    • Token revocation
    • External user - what's new & current status

-------------------

Discussion Notes:

On CISO/Medicine O365 log requirements, I believe Becky et al described what meets were met through the recent meeting; and no pressing unmet needs remain?

On CHG0037717 (passwd hash sync), when we discussed which CAB mgr would approve the CHG, I recall saying "go for it" and Scott was going to approve it.

On our MI page describing high-level activities, I said I'd update the category descriptions to align with simpler current, next, future designations.

On AAD-only security groups, distribution lists, and O365 groups, Scott said he can't do business analysis, but we offered to discuss it as a topic at a future meeting.


Attending: 

  • No labels