Child pages
  • 2020-01-13 azuread-govteam mtg

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

2020/01/13

Agenda:

  • Update: AAD/O365 2FA MFA project & Expand MFA 2FA project [time boxing this to 15m max]

    • Conditional Access design/operations; for MFA? (includes CHG expectations)
    • Azure MFA remember me settings to match emerging Duo remember mePer-User opt-in & per-org requirement, with UW requirement following UW Identity Provider (IdP) remember me
    • Early adoption period for individuals and organizations to always use 2FA; required to always use 2FA later in year
    • Both Shib UW IdP & AAD likely to share same opt-in groupor coordinate implementation groups, but still need to work out how to handle exceptions
    • Likely to prevent MFA requests to Shib UW IdP at ADFS from AAD relying party (to prevent "double" MFA logons; count=1K users?)
    • Timing still unclear, but as you know we have some users already in place (count<=100), so timing is about being ready at scale
  • Discuss: MS recommendation to remove user consent [time boxing this to 15m max]
    • Current status: no change has been made.
    • Acknowledgement that we should consider adding additional conditions to monitor/alert.
    • Is there broad agreement that removing user consent is too disruptive w/o better rationale?
    • What additional conditions might we alert on? And/or what additional review practices should we implement?
  • Discuss: Azure AD Strategy on a Page [time boxing this to 20m max]
    • Topic relates to AAD govteam purpose: to help guide AAD design and implementation; to explore and evaluate proposed designs
    • Topic relates to ITI division's resourcing practices; help staff who take on too many current commitments/initiatives related to AAD strategy
    • Goal of one-pager is to create a living strategy document for service design changes; linking initiatives to business needs and outcomes
    • One-pager document helps decide, communicate, and align resources with current, planned, and future initiatives
    • One-pager document also enables communication with across teams, with customers, and vendors/suppliers
    • What does the AAD govteam want to communicate through the AAD Strategy on a Page?
      • Some needs/outcomes come from Microsoft
      • Some needs/outcomes come from MI/MSCA service teams
      • Some needs/outcomes come from AAD customers
      • Some needs/outcomes come from AAD end users
      • Does every new need immediately become a current initiative?
      • Examples throughout this agenda, e.g.: consent topic, "MS recommendation", "we should", "broad agreement", "might we alert?", "should we implement?"; now, planned, future?
  • Discuss: Enable hybrid AAD join & office proplus device licensing [time boxing this to 10m max]
    • Some very limited exploration of hybrid join happening today.
    • Would like agreement we can expand exploration as broadly as all MWS computers to explore the impacts in a semi-well understood environment before we consider flipping to a default of all NETID joined are hybrid joined.
    • Hybrid joined is needed for Office ProPlus device licensing, and also enables a variety of security controls and scenarios
  • Update: AMC SSO conversations [time boxing this to 5m max]
    • Draft report written by UWM staff presented to Slayton/Cris; unclear what will happen next
    • Solutions require significant resourcing and/or strategy shift from UWM
  • Update: Hybrid Cloud for AD joined: Expressroute hub vnet project to get resourcing [time boxing this to 5m max]
  • Input on backlog & Future discussion topic input

...