Child pages
  • 2019-09-09 azuread-govteam mtg
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 20 Current »


Summary agenda:


-Updates on past topics & items of interest (10-15m)


-Discussion topics (50m)

  1. Enable PHS sync option - Brian
    1. Provides business continuity option
    2. Enables Microsoft signaling of known pwned accounts
    3. Required for Azure AD Domain Services
    4. May be chosen architecture via MFA project. We may be able to demo this configuration (on a per user basis) after enabling this.
  2. AAD role approval practices - Brian

      Notes on where we left this: 
      -Scott raises concern about Compliance Administrator not have a more stringent recommended account type like tadm. Brian explains that Compliance Administrator has a scope limited to Office 365 apps, with something close to read permissions, so has same recommendation as the O365 roles. Brian extends compromise to include Compliance Administrator in higher security account grouping.
  3. AAD-only groups or Cloud only Exchange Distribution Lists or template for briefing - Scott and Nathan


-Input on backlog & possible future discussion topic input (5m)

  • MI activities - high level summary is high-level summary of current, planned and possible future investments, given resourcing & priority
  • Possible future discussion topic list:
    • Azure AD join/hybrid join/InTune
    • Azure AD Conditional Access management (this is likely to grow & there is huge potential to break things)
    • AAD token lifetime review compared to other UW tokens
    • Hybrid Cloud update
    • Current service design
    • Vendor mgmt: what are our top 10 requests for Microsoft?
    • Azure AD service catalog entry review
    • Token revocation
    • External user - what's new & current status


Discussion Notes:


  • No labels