Microsoft 365 Zero Standing Access with Customer Lockbox

I am studying for one of the Microsoft 365 Certifications. I am using the free “Microsoft Learn”* offerings or paths. They are excellent. I already went through the “Azure Fundamentals” and passed that exam. But now I want to work on some Microsoft 365 or “M365” certification [Office 365, but with EMS – “Enterprise Mobility and Security”].

In Unit 5 of the Compliance Module, Microsoft points out that the most dangerous attack vector is compromised credentials. One way to fight this is with “Zero Standing Access”: it is a “users don’t get permissions by default” approach to data access within their Office 365 space. If they need access, there is a request process available. This needs to be set up accordingly. I absolutely love this.

M365 Zero Standing Access
Zero Standing Access

They also apply this concept to their Data Centers, by way of “Lockbox Workflow”. The point is that not everyone and anyone can simply open a file, or (in the case of a Microsoft Data Center) walk on into a tenant space and ‘look around’. They have safeguards to stop that and help customers get more organized around the matter of access and data security. IT and Auditors especially love this.

M365 Customer Lockbox
Lockbox

* Microsoft Docs, Microsoft Learn

Switzerland Welcomes Azure Region

“Microsoft Azure available from new cloud regions in Switzerland” – business is booming for Microsoft Azure.

In Switzerland, where we’ve been operating for 30 years, Azure is now available from new cloud datacenter regions located near Zurich and Geneva. More than 30 customer and partner organizations are already using these Azure services. Companies becoming more efficient, innovative, and productive through their usage of Azure in Switzerland include:

  • UBS Group, the world’s largest wealth manager, is using Microsoft Azure cloud technology to modernize many critical business applications, to leverage digital channels, and to rethink how its global workforce collaborates.
  • The Swiss Re Group, one of the world’s leading providers of reinsurance, insurance, and other forms of insurance-based risk transfer, has chosen us as a strategic partner and preferred public cloud provider. Through their use of technology and our partnership, Swiss Re strives to make insurance simpler and more accessible than ever.
  • Swisscom, the national telecommunications provider, is now offering its customers managed public cloud services delivered via our global infrastructure and new Swiss cloud regions. Swisscom will be the first Swiss telecommunications provider to offer ExpressRoute, a secure, highly available, high-performance, and private connection to Azure services.”

https://azure.microsoft.com/en-us/blog/microsoft-azure-available-from-new-cloud-regions-in-switzerland/

The Kids are Alright

It is not so much that teenagers or “tweens” are so tech-savvy that they can all hack, black hat style, straight into school systems and networks. It’s more akin to walking around the building’s back area and discovering an unlocked door in plain sight. Why waste time breaking in or breaking down the front door when you can simply open the unlocked door in the back? Anyway, this article by “The Atlantic” demonstrates clearly that some teens will stop at nothing in order to communicate with each other during school. And to think … we used to throw paper balls containing messages when we were young.

“The Hottest Chat App for Teens Is … Google Docs”

How a writing tool became the new default way to pass notes in class

https://www.theatlantic.com/technology/archive/2019/03/hottest-chat-app-teens-google-docs/584857

Kubernetes Clusters on Google Cloud Platform

I had a chance recently to dig into the Google Cloud Platform, in particular Kubernetes clusters and virtual machine instances. This is the “Compute Engine” offering of the GCP, or Google Cloud Platform. The GCP also offers much more, for example, Cloud Storage [data, object storage], Cloud SQL [MySQL/PostgreSQL], and App Engine [building web + mobile apps]…

Read the full story here …

Top Cloud Services Compared

This is a great resource that compares the top dogs of Cloud Computing: Amazon Web Services (AWS), Microsoft Azure, and Google Cloud. It turns out they all have various strengths and weaknesses. It is hard to bet against Google with all of its Mega Billions of dollars in cash at its disposal. On the other hand, AWS has the upper hand overall with customer base and raw Cloud products, but Microsoft is very strong in bridging the gap for customers between public and private cloud (or hybrid scenarios), in addition to having its long Server and Support history along with Office 365.

https://www.datamation.com/cloud-computing/aws-vs-azure-vs-google-cloud-comparison.html

Google Cloud Platform Pitch

Kind of Marketing, kind of sales pitchy, kind of, “Rah-rah, go Google, go”, but I cannot say these observations are wrong. This not only applies to Google Cloud but to Amazon Web Services and Microsoft Azure as well.

Per the author of this Medium article:

“More often than not, it is because, coming from other platforms, they have gotten used to some features requiring multiple steps, or some operations being complicated, etc. And often they find out that in GCP you can do this specific operation in a couple of clicks, or by setting up a simple text-based configuration. Then you see that light bulb turning on in their head, and there you go… happy customer.

A few of these happen so often that I compiled them in a list to share with others who might also benefit from these “aha!” moments. You could say these are the five things I wish they told me when I started using Google Cloud.”

Full article here.

Identity Offerings in Azure Marketplace

The services and products available in Azure Marketplace is always growing. It is a very impressive market, with offerings in categories ranging from “Compute” [of course!], to Analytics, Databases and to Security and Identity. In fact, Identity services look very intriguing: “Alert Logic” and “ZScaler” target a relatively new acronym: “BYOL” (Bring your own license). The “ZScaler” service in particular is interesting in that its service can “create fast, secure connections between users and applications, regardless of device, location, or network”. Their connector can be installed within the Azure Cloud instance. “ZScaler” looks to be very useful for both private and hybrid clouds.