Update: AAD/O365 2FA project, including quick demo of PHS + Duo logon
- Update: AMC conversations
- CHG0037718: AAD role approval practices and new roles
- Discuss: Enable hybrid AAD join & office proplus device licensing
Input on backlog & Future discussion topic input
Possible future discussion topic list:
- Azure AD Strategy on a Page
- Azure AD join/hybrid join/InTune
- Azure AD Conditional Access management (this is likely to grow & there is huge potential to break things)
- AAD token lifetime review compared to other UW tokens
- Hybrid Cloud update
- Current service design
- Vendor mgmt: what are our top 10 requests for Microsoft?
- Azure AD service catalog entry review
- Token revocation
- External user - what's new & current status
- Extended discussion of 2FA. General agreement that option 1a is inevitable, but we might do 5a first. Becky & Mick have questions about implementation, which we aren't really ready to deal with, but have some sense of how to deal with.
- Some discussion of AMC. Discussion branches out to access control, agreement that data controls (via AIP & DLP) are what they need.
- Agreement that this CHG should be approved. Scott has concerns about tadm accounts & discoverability of group membership. Comprehensive CHGs as noted will remain in CHG. Routine CHGs can be REQs, provided adequate tagging to provide discoverability is in place.
Agreement to use msappproxy.washington.edu for Azure AD App Proxy domain name.
- Agreement that MWS/MI should look at staged hybrid join to move device proplus forward.
Attending: James, Roland, Nathan, Brian, Kevin, Scott, Becky, Joshua, Jonathan, Mick