Articles

Building apps that integrate automate and manage security operations – BRK3085

September 11, 2019


BIT LOUD, THOUGH. HOPEFULLY, WE’LL MAKE THIS LAST HOUR OF BUILD WORTH IT TO YOU ALL. WE’RE GOING TO START OFF BY TALKING ABOUT THE RAPIDLY EXPANDING SET OF OPPORTUNITIES FOR DEVELOPERS IN CYBER SECURITY. WE’RE NOT GOING TO TAKE A LOT OF TIME ON THIS. I KNOW YOU GUYS WANT TO GET INTO LOOKING AT THE CODE AND THE DEMOS. SO JUST A FEW MINUTES TO KIND OF COVER THIS. I THINK IT’S AN IMPORTANT TOPIC, AS YOU THINK ABOUT WHERE TO INVEST IN YOUR OWN CAREER AND PROFESSIONAL DEVELOPMENT, OR WHERE YOUR ORGANIZATION CAN FOCUS IN TERMS OF EXPANDING INTO NEW PRODUCTS OR SERVICE AREAS. I’LL ALSO INTRODUCE YOU TO THE WAYS THAT MICROSOFT CAN HELP YOU TO CAPITALIZE ON THESE OPPORTUNITIES WITH APIs AND SERVICES AND COMMUNITIES. NEXT PREETI WILL DEMO HOW YOU CAN BUILD SECURITY SOLUTIONS TO CONNECT WITH MICROSOFT, TO USING SAMPLE CODE AND CONNECTORS AND QUERIES. AND WE’RE GOING TO REALLY SPEND THE BULK OF OUR TIME ON THESE DEMOS, REALLY DRILLING DOWN INTO SOME SPECIFIC SCENARIOS. WE HAVE THE PLEASURE OF HEARING FROM OUR RECENT GRAPH SECURITY HACK-A-THON WINNER DARREN, ABOUT HIS EXPERIENCES BUILDING THE WINNING APPS. HE’S GOT WHAT I THINK ARE SOME REALLY GREAT TIPS AND TOOLS AND TECHNIQUES THAT YOU GUYS CAN APPLY TO YOUR OWN APPLICATION DEVELOPMENT. AND THEN WE’LL LEAVE YOU WITH SOME RESOURCES TO HELP YOU GET STARTED ON YOUR OWN SECURITY DEVELOPER JOURNEY. SO WE’LL JUMP RIGHT IN. THE MOVE TO THE CLOUD AND THIS INCREASING ANY MOBILE WORK FORCE HAVE REALLY PUSHED OUT THE BOUNDARY OF AN ENTERPRISE BEYOND THE PHYSICAL PERM I PERIMETER, WHICH USED TO REALLY SERVE AS THAT BOUNDARY IN THE PAST. DATA AND USERS AND SYSTEMS ARE EVERYWHERE. MEANWHILE, THE SECURITY AND SOPHISTICATION AND VERACITY OF ATTACKS ARE REALLY GROWING. SO ORGANIZATIONS TODAY ARE TASKED WITH THIS INCREASINGLY HARD JOB AT SECURING THIS EXPANDED DIGITAL ESTATE. I’M SURE THIS ISN’T NEWS TO ANYONE IN THIS ROOM, BUT I DON’T KNOW IF YOU’VE SEEN THIS NUMBER, WHICH IS THAT AS A RESULT ORGANIZATIONS ARE RAMPING UP THEIR SECURITY INVESTMENTS TO THE TUNE OF $124 BILLION IN 2019. THIS IS UP FROM AROUND $20 BILLION ABOUT A DECADE AGO FROM THE BEST NUMBERS THAT I COULD FIND. IT’S A HUGE OPPORTUNITY THAT EXISTS IN THE AREA OF CYBER SECURITY. AND TODAY ORGANIZATIONS ARE INVESTING IN LITERALLY DOZENS OF DIFFERENT SOLUTIONS ACROSS MULTIPLE CATEGORIES AS PART OF THEIR DEFENSE IN DEPTH APPROACH. SO THIS INCLUDES THINGS LIKE IDENTITY AND ACCESS CONTROL, DATA PROTECTION, END POINT PROTECTION, NETWORK PROTECTION, AND MUCH, MUCH MORE. AS A RESULT, THOUGH, THE ABILITY FOR ORGANIZATIONS TO QUICKLY EXTRACT VALUE FROM THIS DIVERSE AND SOMEWHAT SILOED SOLUTION SET HAS BECOME EVER MORE CHALLENGING. THIS CREATES SIGNIFICANT OPPORTUNITY FOR DEVELOPERS TO BUILD SOLUTIONS THAT AUGMENT THEIR EXISTING SOLUTIONS BUT ALSO THAT INTEGRATE THE SECURITY ACROSS THEIR PRODUCTS, SERVICES, ACROSS THEIR TOOLS AND THEIR WORK FLOWS. IT’S A VERY GOOD TIME TO BE A DEVELOPER IN THE SECURITY SPACE. SO LET’S TALK ABOUT SOME OF THOSE SPECIFIC OPPORTUNITIES. WHAT ARE WE HEARING FROM DEVELOPERS ABOUT SORT OF HOW THEY ENVISION THE OPPORTUNITY, WHAT AREAS THEY’RE EXPLORING AND INVESTING IN. FIRST IS AROUND THE INTEGRATION CHALLENGES. SO FOR ORGANIZATIONS THAT ARE DEPLOYING, AGAIN, LITERALLY DOZENS OF DIFFERENT SECURITY SOLUTIONS, INTEGRATING EACH OF THESE CAN BE QUITE CHALLENGING. IN MOST CASES, EACH OF THESE SOLUTIONS HAS THEIR OWN API, THEIR OWN SCHEMA THAT YOU HAVE TO UNDERSTAND AND WRITE AGAINST, WHICH MAKES IT REALLY HARD TO INTEGRATE THESE SOLUTIONS, TO MAINTAIN THOSE INTEGRATIONS OVER TIME, AND ATTACKERS ALSO TAKE ADVANTAGE OF WHAT THEY KNOW ARE GAPS THAT EXIST ACROSS THE SILOED SOLUTIONS. SO WE BELIEVE THAT, BY CONNECTING A CUSTOMER’S SECURITY TECHNOLOGIES, DEVELOPERS CAN PLAY AN IMPORTANT ROLE IN STREAMLINING SECURITY OPERATIONS AND ALSO JUST IMPROVING THE ORGANIZATION’S OVERALL SECURITY POSTURE BY CLOSING THOSE GAPS. ORGANIZATIONS ALSO OFTEN HAVE UNIQUE OPPORTUNITIES SPECIFIC TO THEIR INDUSTRY OR THEIR OPERATING MODEL OR THE REGULATORY REQUIREMENTS THAT THEY OPERATE UNDER. THINK ABOUT THE DIFFERENCE BETWEEN SECURING A RETAILER WITH A NUMBER OF POINT OF SALE UNITS VERSUS A UTILITY ORGANIZATION, WHICH IS GOING TO BE HEAVY ON CLOSED INFRASTRUCTURE. VERY, VERY DIFFERENT SETS OF CHALLENGES, DIFFERENT TYPES OF ATTACKERS, TARGETING THEIR ORGANIZATIONS. SO AS A RESULT, THERE ARE LOTS OF OPPORTUNITIES TO SORT OF BUILD OR AUGMENT OR EXTEND EXISTING SECURITY CAPABILITIES TO REALLY MEET THOSE CUSTOMER INDUSTRY SPECIFIC REQUIREMENTS. FINALLY, IF YOU HAVEN’T HEARD, THERE’S A SIGNIFICANT STAFFING SHORTAGE IN THE SECURITY SPACE. ORGANIZATIONS CANNOT HIRE ENOUGH PEOPLE TO MANAGE ALL OF THESE SECURITY SOLUTIONS OR TO MANAGE ALL OF THE SECURITY ALERTS BEING GENERATED BY THESE SOLUTIONS, AND THAT CREATES LOTS OF OPPORTUNITIES FOR ORGANIZATIONS TO DELIVER SERVICES ON TOP OF THESE MANAGED SECURITY SERVICE PROVIDERS, BOTH BIG AND SMALL, ARE REALLY GETTING GOOD TRACTION AND BEING ABLE TO DELIVER SERVICES TO FILL THESE STAFFING GAPS. THE OTHER AREA WE SEE THIS IMPACTING IS AUTOMATION. IT’S A BIG, BIG PUSH TOWARD AUTOMATION AND LOTS OF OPPORTUNITIES TO HELP ORGANIZATIONS AUTOMATE SECURITY OPERATIONS AND THREAT RESPONSE, BUILDING AUTOMATION WORKFLOWS AND RELATED KINDS OF ACTIVITIES. SO THIS CERTAINLY ISN’T EXHAUSTIVE, BUT THOSE ARE SOME OF THE KEY OPPORTUNITIES THAT WE SEE FOR DEVELOPERS. SO WE KEEP TALKING ABOUT THIS OPPORTUNITY FOR YOU, BUT I WANTED TO TAKE JUST A MINUTE TO EXPLORE THIS QUESTION ABOUT WHO YOU ARE. THIS IS NOT AN EXISTENTIAL QUESTION. IT’S TOO LATE IN THE DAY FOR THAT. BUT I DID WANT TO TALK A LITTLE BIT ABOUT THE KINDS OF ORGANIZATIONS AND THE KINDS OF ROLES AND THE KINDS OF DEVELOPERS THAT COULD TAKE ADVANTAGE OF THESE OPPORTUNITIES WE JUST TALKED ABOUT. SO FIRST, LET’S TALK ABOUT THE KINDS OF ORGANIZATIONS. SO, OF COURSE, THERE ARE SECURITY ISVs, PEOPLE THAT ARE BUILDING SECURITY APPLICATIONS, COMMERCIAL SECURITY APPLICATIONS THAT THEY DEPLOY TO THEIR CUSTOMERS. SO LOTS OF OPPORTUNITIES TO INTEGRATE THEIR SECURITY TECHNOLOGIES WITH MICROSOFT AND OTHERS TO STREAMLINE THINGS FOR OUR MUTUAL CUSTOMERS. WE TALKED ABOUT MANAGED SECURITY SERVICE PROVIDERS, MANAGED SERVICE PROVIDERS THAT ARE DEVELOPING APPLICATIONS TO SUPPORT THESE SECURITY MANAGEMENT AND MONITORING SERVICES. SO, YES, THERE’S A GREAT OPPORTUNITY TO DELIVER SERVICES TO CUSTOMERS, BUT MSSPs WANT TO DO THAT IN THE MOST EFFICIENT WAY THEY CAN, SO THEY’RE BUILDING APPLICATIONS AND TOOLS AND WORKFLOWS TO HELP SUPPORT THEIR DELIVERY OF THOSE SERVICES TO CUSTOMERS IN A COST EFFECTIVE WAY. THERE ARE I. T. SERVICE AND SYSTEMS INTEGRATORS THAT ARE HELPING CUSTOMERS INTEGRATE SECURITY TOOLS AND WORKFLOWS ARCHITECTING THE SECURITY DEPLOYMENTS AND HELPING ORGANIZATIONS FIGURE OUT HOW TO CONNECT THESE DIFFERENT SOLUTIONS, AND THEN, OF COURSE, DEVELOPERS THAT EXIST WITHIN SPER PRIZES, YOU’RE BUILDING CUSTOM SECURITY APPS, SPENDING A LOT OF TIME INTEGRATING SECURITY TOOLS, AND A LOT ARE FOCUSING ON AUTOMATING SECURITY FORCES WITHIN THEIR PARTICULAR ORGANIZATION. IN ADDITION TO SUPPORTING A LARGE — CREATING OPPORTUNITIES FOR LARGE SET OF ORGANIZATIONS WITHIN THOSE ORGANIZATIONS, WE SEE KIND OF A BROADER SET OF FOLKS ENGAGED IN DEVELOPMENT OF SECURITY SOLUTIONS, BUILDING VALUE ON TOP OF THOSE SOLUTIONS. OF COURSE, YES, THERE ARE TRADITIONAL DEVELOPERS USING APIs AND SDKs, KIND OF A TRADITIONAL DEVELOPER SORT OF FOLKS, BUT WE ALSO SEE INCREASINGLY TOOL SMITHS OR SECURITY ANALYSTS THAT MAY SIT WITHIN A SECURITY OPERATIONS CENTER WHO ARE SECURITY EXPERTS WHO ARE TASKED WITH HELPING TO FIGURE OUT HOW TO AUTOMATE THE WORK THEY DO ON AN ONGOING BASIS OR BUILDING TOOLING TO HELP THEIR PARTICULAR JOB ROLE OR FUNCTION TO BE MORE EFFECTIVE. THOSE FOLKS THAT ARE SECURITY EXPERTS BUT NOT NECESSARILY CODERS. AND THEN EVEN WE SEE SOME STRETCHING INTO THIS AREA OF DATA SCIENCE. MAYBE LESS DATA SCIENTISTS, FEEDBACK WE GOT AT A ROUNDTABLE WE HAD JUST YESTERDAY, BUT CERTAINLY BUILDING THE INFRASTRUCTURE THAT’S NEEDED TO SUPPORT THEIR DATA SCIENTIST INS DOING SECURITY ANALYTICS, ANALYZING LARGE SETS OF SECURITY SIGNALS, TO IDENTIFY POTENTIALLY MALICIOUS ACTIVITIES. I’VE KIND OF ALLUDED TO THIS ALREADY, A DIVERSE SET OF THINGS THAT FOLKS ARE DEVELOPING. IT’S WEB APPS, NATIVE APPS, BOTS, BACKGROUND PROCESSES, KIND OF THE MORE TRADITIONAL STUFF, BUT WE ALSO SEE THEM BUILDING OUT DASHBOARDS AND REPORTING. WE MAY DO THAT, NOT IN A CUSTOM WEB APPLICATION, BUT IN POWER BI OR IN A SECURITY INFORMATION AND EVENT MANAGEMENT SYSTEM. THEY MAY BE HELPING TO POWER DATA ANALYTICS AS WE MENTIONED, SO MAYBE NOT ACTUALLY DOING THE DATA SCIENCE, BUT MAKING SURE THEY’RE SUPPORTING THOSE EFFORTS. AND AGAIN THE LAST ONE BEING AUTOMATION, BIG, BIG THING IN THE SECURITY SPACE AROUND AUTOMATION, AS WE DISCUSSED. THERE ARE WAYS TO DO THAT BOTH IN CODE, AND ALSO WE’RE GOING TO TALK ABOUT CODELESS OPTIONS TO SUPPORT THAT. REGARDLESS OF WHO THE YOU IS, MICROSOFT IS HERE TO HELP YOU ACHIEVE MORE AND REALLY THINK ABOUT THAT ACROSS THREE DIMENSIONS. FIRST BUILDING SOLUTIONS AT MICROSOFT REALLY HELP YOU TO UNLOCK VALUE FOR MICROSOFT CLOUD CUSTOMERS, AND THERE ARE A LOT OF THEM. SO 19 MILLION MICROSOFT CLOUD CUSTOMERS EXIST TODAY, AND THAT INCLUDES 95 OF THE FORTUNE 500, GOVERNMENTS, AS WELL AS STARTUPS. SO THERE’S A BIG POOL OF MICROSOFT CLOUD CUSTOMERS, CLOUD SECURITY CUSTOMERS, AND THAT YOU CAN TAP INTO THAT HAS A VALUE YOU CAN BUILD ON TOP OF MICROSOFT SOLUTIONS. WE ALSO HOPE TO HELP YOU ACCELERATE AND SIMPLIFY THE WORK YOU DO IN TERMS OF BUILDING APPLICATIONS. WE’LL TALK MORE ABOUT THAT, BUT THERE’S THINGS LIKE THE UNIFIED MICROSOFT GRAPH SECURITY API, WHICH HELPS YOU STREAM INTEGRATION ACROSS MULTIPLE MICROSOFT AND SECURITY TECHNOLOGIES. THEY’RE CONNECTORS THAT WE’RE BUILDING FOR AZURE LOGIC APPS AND OTHER SECURITY ORCHESTRATION SYSTEMS. THERE’S SAMPLES AND GUIDANCE WE PUBLISHED TO HELP YOU GET STARTED AND TO COMMUNICATE AND SHARE WITH YOUR PEERS. AND THEN, OF COURSE, BY VIRTUE OF BEING MICROSOFT, YOU HAVE THE BENEFIT OF ALL OF THE MICROSOFT CLOUD PLATFORMS AND SERVICES TO HELP YOU COLLECT AND ANALYZE LARGE AMOUNTS OF VARIED SECURITY DATA AND BUILD APPS AT GLOBAL SCALE. LET’S GO A LITTLE BIT INTO THE SPECIFIC THINGS WE MAKE AVAILABLE TO HELP YOU GET THIS JOB DONE. WE OFFER A COMBINATION OF APIs AND SERVICES THAT CAN BE USED BY DEVELOPERS TO BUILD THESE CONNECTED SECURITY SOLUTIONS, AND BOTH OF THOSE ARE SUPPORTED BY A COMMUNITY WHERE DEVELOPERS CAN ENGAGE WITH PEERS, SHARE CODE SAMPLES, AND THAT SORT OF THING. SO THEY CAN FIRST LEVERAGE THOSE APIs TO DEVELOP INTEGRATED APPLICATIONS, AND THOSE APPLICATIONS CAN BE PRETTY VARIED, BUT WE SEE THINGS LIKE STREAMLINING SECURITY MANAGEMENT, IMPROVING THREAT PROTECTION, SPEEDING RESPONSE. AND THERE ARE A COUPLE OF WAYS THEY CAN DO THAT. FIRST, AGAIN, FOR THOSE CROSS-PRODUCT SCENARIOS, THE MICROSOFT GRAPH SECURITY API PROVIDES A UNIFIED INTERFACE AND A COMMON SCHEMA FOR INTEGRATING, LET’S SAY, SECURITY ALERTS ACROSS MULTIPLE SECURITY TECHNOLOGIES. IT’S ALSO PART OF MICROSOFT GRAPH, SO IT MAKES IT SUPER EASY TO PLUG INTO OTHER DATA OR OTHER KIND OF WORKLOADS LIKE OFFICE OR ACTIVE DIRECTORY, WHICH ARE ALSO PART OF MICROSOFT GRAPH. AND THERE ARE SOME CASES WHERE YOU REALLY NEED TO GO DEEP INTO A PARTICULAR MICROSOFT SECURITY PRODUCT OR SERVICE, AND EACH OF THOSE OFFER NATIVE APIs AND CAPABILITIES THAT HELP YOU TO DO THAT. IN ADDITION TO KIND OF THE TRADITIONAL SET OF APIs AND SDKs THAT ARE AVAILABLE TO DEVELOPERS, THERE ARE A GROWING SET OF AZURE CLOUD SERVICES THAT HELP WITH SECURITY, ANALYTICS, AND AUTOMATION. THE FIRST IS AZURE SENTINEL. I DON’T KNOW IF YOU GUYS ARE FAMILIAR, WE ANNOUNCED THAT AT RNA JUST A MONTH OR SO AGO. IT’S THE FIRST SECURITY AND INFORMATION EVENT MANAGEMENT SOLUTION, AND IT COMES WITH LOTS OF MICROSOFT CLOUD EVENT DATA, SORT OF BAKED IN OR CAN BE ENABLED IN A SIMPLE CLICK. SO YOU’VE GOT THIS CLOUD SCALE ANALYTICS AND INFORMATION AND EVENT MANAGEMENT SOLUTION, WHICH LOTS OF DATA FLOWING IN, WHICH YOU CAN CONNECT OTHER DATA SOURCES TO, YOUR OWN DATA SOURCES, YOUR CUSTOMERS’ DATA SOURCES, AND YOU CAN RUN ANALYTICS ON TOP OF THAT. SO YOU KIND OF GET MORE OF A FINISHED ANALYTICS SERVICE THAT YOU CAN CONNECT YOUR DATA TO AND RUN YOUR ANALYTICS ON TOP OF. SO A BIT OF A NEW KIND OF OPPORTUNITY FOR DEVELOPERS BUT CERTAINLY AN IMPORTANT ONE. WE ALSO HAVE SERVICES FOR AUTOMATION. AZURE LOGIC APPS AND MICROSOFT FLOW THAT ENABLE YOU TO AUTOMATE SECURITY WORKFLOWS, AND AGAIN, WE HAVE SOME CONNECTORS THAT ARE AVAILABLE TO MAKE THAT JOB EVEN EASIER FOR YOU. THESE ARE GOING TO BE CODELESS OPTIONS SO WITHIN THE LOGIC APP, DESIGN VIEW, FOR EXAMPLE, YOU CAN CONSTRUCT WORKFLOWS THAT PERFORM A VARIETY OF SECURITY OPERATIONS WITHOUT HAVING TO WRITE ANY CODE. PREETI IS GOING TO SHOW US AN EXAMPLE OF ONE OF THOSE HERE IN A MINUTE. FINALLY, OUR AZURE NOTEBOOKS, WHICH ARE BASED ON JUPITER AND POWER BI. AZURE NOTEBOOKS ENABLES YOU TO GET LOTS OF DATA INTO ONE PLACE TO DO ANALYTICS. WE SEE A LOT OF HUNTING GOING ON THERE, AND YOU CAN BUILD SAMPLES AND QUERIES FOR AZURE NOTEBOOKS, AND FINALLY POWER BI, THERE’S A CONNECTOR FOR THAT AS WELL, WHICH ALLOWS YOU TO VERY, VERY EASILY BRING IN SECURITY DATA INTO POWER BI, MASH THAT UP WITH OTHER DATA THAT YOU MIGHT HAVE TO BUILD THOSE DASHBOARDS AND REPORTS. OKAY. BEFORE WE MOVE ON, THIS IS A LITTLE BIT OF AN EYE CHART. YOU CAN TAKE A PICTURE. IT WILL BE AVAILABLE IN THE DECK AND ALSO AVAILABLE IN A WHITE PAPER WE JUST PUBLISHED. I’LL JUST GIVE YOU A LITTLE BIT OF A FRAMING HERE, SO AS YOU REFER TO THIS LATER, YOU’LL UNDERSTAND A BIT ABOUT HOW THIS IS DESIGNED AND HOW TO READ IT. ON THE LEFT-HAND SIDE ARE THE REST APIs THAT ARE AVAILABLE FROM MICROSOFT. AGAIN, MICROSOFT GRAPH SECURITY API PROVIDES THAT UNIFIED INTEGRATION FOR CROSS-PRODUCT SCENARIOS. THIS IS TODAY PRIMARILY ALERTS AND THREAT INDICATORS. ALERTS, THREAT INDICATORS, AND SECURE SCORE. THERE ARE ALSO SOME ACTIONS AVAILABLE. WE’LL BE BUILDING THAT OUT OVER TIME. AGAIN, KIND OF GO BROAD ON CROSS-PRODUCT SCENARIOS. GO DEEP INTO AZURE SECURITY CENTER IF YOU WANT TO ACCESS INFORMATION ABOUT YOUR AZURE SECURITY POSTURE OR THREAT PROTECTION. GO DEEP INTO AZURE ACTIVE DIRECTORY, IDENTITY THEFT PROTECTION, RISKY SIGN-INS. AZURE SENTINEL TO PUSH EVENT LOGS FOR FURTHER ANALYSIS. GO DEEP INTO AZURE ATP TO FIND OUT ABOUT NETWORKS AND DEVICES AND FILES AND USERS SEEN ON THAT PARTICULAR END POINT. GO DEEP WITH MICROSOFT CLOUD APP SECURITY TO LOOK ACROSS USER ACTIVITIES THAT ARE HAPPENING IN SAAS APPLICATIONS. MICROSOFT INFORMATION PROTECTION FOR THINGS LIKE CLASSIFICATION, LABELLING, AND PROTECTION OF DATA, AND OFFICE 365 FOR INFORMATION ABOUT USERS AND ADMINS, POLICIES, AND ACTIONS. SO EACH OF THESE REST APIs ARE AVAILABLE FOR YOU TO LEVERAGE. IF WE KIND OF LOOK ACROSS THE CHART HERE, WE GET A LITTLE BIT OF A VIEW OF WHAT KINDS OF WAYS YOU CAN ALSO INTERFACE WITH THESE AZURE SERVICES. SO SOME OF THEM OFFER SDKs. SOME OF THEM HAVE DATA CONNECTORS AND DASHBOARDS ALREADY BUILT INTO AZURE SENTINEL. SOME OF THEM HAVE CONNECTORS AVAILABLE FOR AZURE LOGIC APPS, MICROSOFT, FLOW, AND POWERAPPS, AGAIN, MAKING IT EASIER TO BUILD THE AUTOMATION WORKFLOWS. MANY OF THEM OFFER POWERSHELL MODULES, POWER BI CONNECTORS, AND THEN SAMPLES FOR AZURE NOTEBOOKS. AGAIN, THIS WILL BE AVAILABLE. FEEL FREE TO GRAB A PICTURE, BUT THIS GIVES YOU A LITTLE BIT OF A ROADMAP OF WHAT IS AVAILABLE TODAY AND WHAT THE INTEGRATION OPTIONS ARE FOR EACH OF THEM. OKAY. WITH THAT, I’M GOING TO PASS IT ON TO PREETI, AND SHE’S GOING TO SORT OF APPLY THIS CHART TO SOME PARTICULAR SCENARIOS. SO ONE OF THE OBJECTIVES WE HAVE IS TO HELP YOU GUYS UNDERSTAND SORT OF WHEN TO USE WHAT BASED ON YOUR PARTICULAR SCENARIO. WE’RE GOING TO TAKE A SCENARIO BASED PIVOT, AND WE’RE GOING TO LOOK AT WHAT APIs, WHAT CAN WE ACTUALLY USE TO ACHIEVE A COUPLE OF FEATURED SCENARIOS. THERE ARE LOTS OF OTHER SCENARIOS, LOTS OF THINGS THAT YOU CAN DO BEYOND WHAT WE’RE GOING TO SHOW YOU, BUT HOPEFULLY THIS WILL GIVE YOU A COUPLE OF EXAMPLES OF HOW TO APPLY THIS SORT OF FRAMEWORK OF CAPABILITIES AND KIND OF GET YOU THINKING ABOUT WHAT YOU CAN DO AS WELL.>>GOING ON TO THE SCENARIOS, THESE ARE THE THREE SCENARIOS WE’LL BE DELVING INTO WITH DEMOS. I’M PREETI KRISHNA, I WORK IN DEVOPS WITH MICROSOFT. SECURITY MANAGEMENT, IT BASICALLY INVOLVES CATEGORIZING THROUGH MULTIPLE SECURITY ALERTS, AND THE VOLUME IS PRETTY HUGE FOR ORGANIZATIONS. SO ORGANIZATIONS THAT ARE CONSTANTLY CHALLENGED WITH CATEGORIZING AND PRIORITIZING THEIR SECURITY ALERTS AND INVESTIGATING AND AUTOMATING THOSE AS WELL FOR THE SECURITY OPERATIONS. SO IT ALSO INVOLVES REPORTING OUT YOUR SECURITY ALERTS THAT YOU’VE CATEGORIZED AND PRIORITIZED AND YOUR INVESTIGATION STATUSES TO. ALL OF THESE ARE KIND OF BASICALLY SUB-SCENARIOS THAT YOU CAN BREAK DOWN YOUR MAIN SCENARIO INTO FOR SECURITY MANAGEMENT. IN THIS PARTICULAR DEMO, WE ARE GOING TO LOOK AT A WEB APPLICATION DESIGNED USING GRAPH SECURITY API FOR THE BROAD SCENARIOS OF GETTING ALL YOUR ALERTS IN A UNIFIED SCHEMA ACROSS DIFFERENT SECURITY PROVIDERS IN ONE PANE OF GLASS, AND THEN WE ARE GOING TO PIVOT INTO LIKE DEEPER INVESTIGATIONS AND DEEPER CONTEXTS FROM AZURE ACTIVE DIRECTORY IDENTITY PROTECTION. LET’S GET GOING ON THIS. OUT HERE IN THIS DASHBOARD, I CAN SEE ALL MY PROVIDERS, LIKE ALERTS FROM DIFFERENT PROVIDERS, LIKE AZURE SECURITY CENTER, NETWORKS, WINDOWS SECURITY ADP, AND I CAN SEE THE HIGH NUMBER OF SECURITY ALERTS PERTAINING TO THEM. ONE MORE. LET’S ACTUALLY GO AHEAD AND START LOOKING AT SOME MORE QUERIES. NOW, IN THIS PARTICULAR CASE, I’M JUST RUNNING A QUERY OF THIS MOST RECENT ALERT ACROSS THE DIFFERENT PROVIDERS. IT’S A TOP ONE QUERY. SINCE IT’S USING MICROSOFT GRAPH ACROSS THE API, USE ONE QUERY. QUERIES AVAILABLE HERE. THERE IS THE REST API QUERY AND THE SDK QUERY I’LL SPELL OUT HERE. SECOND, YOU CAN SEE ALL THE DIFFERENT ALERTS ARE COMING FROM DIFFERENT PROVIDERS. AND THESE ARE THE ALERTS I HAVE FROM THE DIFFERENT PROVIDERS AS WELL. LET’S PIVOT IT A BIT DIFFERENTLY TO TAKE A LOOK AT SOME ADDITIONAL DATA. SUPPOSE I WANT MY MEDIUM SECURITY ALERTS, AND I’M LOOKING FOR A DIFFERENT SET OF ALERTS ACROSS THE BOARD. I CAN SEE I HAVE QUITE A FEW MASS SHARE ALERTS OUT HERE FROM CLOUD APPLICATION SECURITY. LET’S DRILL DEEPER INTO ONE OF THESE. HMM, SOMEBODY HAS BEEN SHARING A LOT OF FILES RECENTLY. ALDO. OKAY, SO THIS IS THE KIND OF DETAILS THAT I GET FROM THE GRAPH SECURITY API. I CAN GET DETAILS ON HOST INFORMATION, THE USER INFORMATION ASSOCIATED WITH THE ALERT, INFORMATION ABOUT THE SEVERITY ITSELF OF THE ALERT, THE CATEGORY OF THE ALERT, AND ADDITIONAL DETAILS THAT YOU CAN USE TO DO YOUR INITIAL INVESTIGATIONS. NOW, I WANT TO FIND OUT MORE ABOUT THIS USER ALDO SO I CAN INFORM MY NEXT TYPE OF INVESTIGATIONS. SO WHAT I’M DOING OUT HERE IS I’M GETTING ADDITIONAL DETAILS, BUT TAPPING INTO THE AZURE ACTIVE DIRECTORY IDENTITY PROTECTION RISK USERS API TO GET THE DETAIL ON THE RISK LEVEL AND THE RISK STATE AND RISK DETAILS OF ALDO. NOW I CAN SEE THAT ALDO IS A HIGH RISK USER, AND HE’S CONFIRMED TO BE COMPROMISED. HIS ADMIN HAS ALSO CONFIRMED THAT. SO THERE NEEDS TO BE AN ACTIONABLE STEP OUT HERE FOR ALDO JUST SO WE CAN ENSURE WE REDUCE THE VOLUME OF ALERTS. SO THIS IS KIND OF AN EXAMPLE OF A SCENARIO WHERE YOU GET THE BROAD CONTEXT FROM THE MICROSOFT GRAPH SECURITIES API AND DRILL DOWN INTO DEEPER DETAILS USING PRODUCT SPECIFIC APIs. CONTINUING ONTO THAT, SUPPOSE I WANT TO TAKE MORE AUTOMATED RESPONSIVE ACTION AROUND THIS. THERE IS THE AZURE LOGIC APPS INTEGRATION AVAILABLE WITH THE MICROSOFT GRAPH SECURITY API CONNECTOR THAT ENABLES YOU TO BUILD WORKFLOWS FOR AN AUTOMATED ALERT MANAGEMENT AS A LIST RESPONSE ACTION. SO IN THIS CASE, WHAT WE’RE GOING TO DO IS WE’RE JUST GOING TO LOOK AT AN EXAMPLE WORKFLOW OF HOW THIS IS POSSIBLE. SO IN THIS PARTICULAR WORKFLOW, WE ARE JUST LOOKING AT DIFFERENT ALERTS USING THE GRAPH SECURITY API CONNECTOR, AND FOR EACH OF THOSE ALERTS, THE WORKFLOW, WE ARE LOOKING FOR THE USER INFORMATION IN THAT ALERT. NOW, WHEN A USER IS DETECTED IN THAT ALERT, WE ARE JUST GOING AHEAD AND SENDING AN EMAIL WITH OPTIONS TO THE USER USING THE OUTLOOK CONNECTOR. SO THE USER EMAIL WITH OPTIONS MEANS YOU CAN ACTUALLY SELECT YES, THIS IS NOT AN ISSUE. THIS IS REALLY AN ISSUE THAT NEEDS INVESTIGATION. LET’S APPLY THIS CASE TO AN EXAMPLE ALERT WHEN WE’VE SEEN JUST EARLIER, LIKE AN UNFAMILIAR LOCATION OR A LOGIN LOCATION ALERT, WHICH IS A MEDIUM SEVERITY ALERT. JUST SWITCHING BACK HERE IN A DASHBOARD DASHBOARD, WE DO HAVE MEDIUM SEVERITY ALERTS, AND BASICALLY SOME OF THESE ARE LIKE IMPOSSIBLE TRAVEL ACTIVITY. SO IMPOSSIBLE TRAVEL ACTIVITY IS WE CAN ACTUALLY GET USER RESPONSE AND CLOSE OUT ON IT IN AN AUTOMATED MANNER, SO WHAT WE’RE DOING HERE IS, WHEN WE ARE SENDING EMAIL WITH OPTIONS TO THE USER, THE USER CAN SELECT, YEAH, I WAS AT THAT PLACE AT THIS TIME. IT’S FINE. IT WAS AN OPERATION, IN WHICH CASE YOUR ALERT CAN BE RESOLVED USING THE MICROSOFT GRAPH SECURITY API CONNECTOR THAT’S HAPPENING HERE. OTHERWISE, IF IT’S REALLY AN ISSUE, IT GOES TO THE TEAM’S INVESTIGATION CHANNEL FOR FURTHER INVESTIGATIONS AND CLOSURE. SO THIS IS AN AUTOMATED APPROACH TO AUTOMATING THE RESPONSE AS WELL AND NOT ONLY GETTING A DASHBOARD VIEW OF IT. THIS AND MORE OPTIONS ARE — LET’S ACTUALLY LOOK AT THE ASP. NET APPLICATION THAT WE LOOKED AT, THE WEB APP. THE LOGIC APPS IS PRETTY SIMPLE. WE HAVE THE SHARED AS IN OUR GRAPH SECURITY API GITHUB REPO OUT IN THE PLAYBOOK SECTION OUT HERE THAT YOU CAN LEVERAGE AND, AGAIN, CONTRIBUTE MORE PLAYBOOKS OUT HERE AS WELL. LET’S DELVE DEEPER INTO THE WEB APPLICATION, LIKE HOW DID WE BUILD THIS CONNECTOR EXPERIENCE? AND THIS CODE IS SHARED ON THE SECURITY DEV GITHUB SITE, AND WE’LL HAVE LINKS TO ALL OF THESE AT THE END AS WELL. OUT HERE, WHAT WE HAVE IS THIS IS AN ASP. NET MVC AND AN ANGULAR APPLICATION, AND THE FIRST STEP YOU CAN ACCESS THIS ON GITHUB AND DOWNLOAD IT AND GET STARTED. BASICALLY, WE ARE LOOKING AT SETTING OUR AUTHENTICATION INFORMATION, WHICH IS BASICALLY, SINCE IT’S AZURE AD AUTHENTICATION AND IT USES IT YOU NEED AUTHENTICATION ON AZURE ACTIVE DIRECTORY. SO YOU CAN ENTER YOUR I. D. AND REDIRECT URL, AND BASICALLY THAT’S ALL THAT’S REQUIRED FOR HERE. THAT GETS YOU THE AUTHENTICATION PATH. THEN WHAT YOU CAN DO IS YOU CAN GO AHEAD AND TAKE A LOOK AT WHERE THE SERVICES ARE GETTING CALLED. WE GO TO THE GRAPH SERVICE. THIS IS THE PLACE WHERE YOU GET THE ACCESS TOKEN. IT ALL STARTS WITH AUTHENTICATION TO THE GRAPH ITSELF, SO THAT USING THAT CLIENT I. D. AND THE SECRET THAT YOU ENTERED, YOU ACTUALLY GET ACCESS TOKEN THAT YOU CAN USE TO AUTHENTICATE FURTHER AND ACCESS DATA FROM THE GRAPH. WITH THIS, WE CAN ACTUALLY DRILL FURTHER DOWN AND SEE WHERE WE ARE ACTUALLY GETTING THE DETAILS OF THE USERS. SO RISKY USERS IS OUT HERE , WHICH IS A CALL TO THE ACTIVE DIRECTORY IDENTITY PROTECTION USERS, WHICH IS ALSO A GRAPH SERVICE. AND THAT’S HERE. THE RISK USER ASYNC METHOD DOES THAT. THIS IS THE QUERY FOR THAT, THE RISK USER’S QUERY. IT QUERIES FOR THE GRAPH AS WELL, BUT IT’S A DIFFERENT SERVICE IN GRAPH TO GET THAT INFORMATION, AND WE CAN ALSO LOOK AT HOW THE UPDATE ALERT HAPPENS, WHICH IS A CALL TO THE GRAPH SECURITY API, AND BASICALLY THE ALERT DETAILS ITSELF, WHICH IS COVERED IN THIS METHOD, WHICH IS A CALL TO THE GRAPH SECURITY API TO GET THE LIST OF ALERTS BASED ON THE QUERY. AND THE QUERY IS VERY MUCH FORMATTED HERE, AND THE CALL IS MADE. THIS IS BASICALLY AN EXAMPLE OF A WEB APP THAT CAN BE BUILT TO CALL THE REST API, OR YOU CAN EVEN USE THE SDK AS WELL FOR THIS. NOW, THIS SWITCHING ON TO WE LOOKED AT A SCENARIO OF HOW TO DO SECURITY MANAGEMENT OF APPLICATIONS, RIGHT, AND HOW DO YOU PRIORITIZE AND CATEGORIZE YOUR ALERTS, AND THAT’S THE SCENARIO WE LOOKED AT. TALKING ABOUT ALERTS, WHAT TRIGGERS ALERTS, RIGHT? ALERTS CAN BE TRIGGERED BY DETECTIONS, AND CUSTOMERS CAN ALSO ENTER CUSTOM DETECTIONS TO GENERATE THEIR OWN CUSTOM ALERTS. SO THAT IS YET ANOTHER SCENARIO THAT WE’RE GETTING INTO THE THREAT DETECTION SPACE, AND THERE ARE OPPORTUNITIES THERE AS DEVELOPERS AS WELL, WHERE YOU CAN — THE THREAT INTELLIGENCE PLATFORMS ARE AVAILABLE, WHICH HELPS YOU TO PASS ON CUSTOM THREAT INTELLIGENCE INDICATORS FROM THE CUSTOM THREAT PLATFORMS TO AZURE SENTINEL AND OTHER MICROSOFT PRODUCTS. IN THIS EXAMPLE, WE’RE GOING TO TALK ABOUT AN ISV, PALO ALTO NETWORKS, US INTEGRATED WITH GRAPH SECURITY API, THREAT INDICATORS ENTITY. SO THAT FOR CUSTOMERS CAN PASS THREAT INTELLIGENCE, CUSTOM THREAT INDICATORS TO AZURE SENTINEL AND LOOK AT THAT ALONG WITH AZURE SENTINEL ALERTS AND HAVE ALERTS BASED ON THAT. SO THIS IS A SCENARIO WE’LL BE LOOKING FOR THAT. THIS IS THE PALO ALTO MIND MELD DASHBOARD. BASICALLY, WHAT — THE BASIC PREMISE, JUST TO INTRODUCE THE CONCEPT, IS THERE ARE NODES. THERE ARE INPUT NODES AND OUTPUT NODES. INPUT NODES ARE BASICALLY ALL THE FEEDS AND THE DETECTIONS THAT YOU CAN ENTER, EITHER CUSTOM OR EVEN FROM OTHER SOURCES, THAT CAN BE FED INTO THE SYSTEM. SO MIND MELD, PRIOR TO MIND MELD, WHAT IT DOES IS IT TAKES THESE INPUT FEEDS, AND DEPENDING ON RULES THAT ARE SET, IT WILL SET IT OUT TWO DIFFERENT OTHER SECURITY PRODUCTS FOR IT TO TAKE ACTION. AZURE SENTINEL IS ONE SUCH EXAMPLE WHERE A TARGET PRODUCT WHICH USES THESE CUSTOM FEEDS. SO LOOK AT THE NODES, AND OUT HERE IN THE NODES WE CAN SEE THE GRAPH SECURITY API OUTPUT NODE CONFIGURED, AND WE CAN SEE HERE THIS IS THE PROTOTYPE. THIS IS WHERE PALO ALTO BUILT INTEGRATION FOR INTEGRATING WITH THE GRAPH SECURITY API, THREAT INDICATORS ENTITY. IF YOU’RE AN ISV SPACE OR EVEN IN THE ENTERPRISE SPACE WHERE YOU HAVE HOME GROWN THREAT PLATFORMS LIKE THIS, YOU CAN PASS TO SECURITY API TO PASS CUSTOM THREAT INTELLIGENCE INTO OTHER MICROSOFT PRODUCTS AND HELP THAT SCENARIO. SO THIS IS THE PROTOTYPE, AND THEN BASICALLY THE TARGET PRODUCT IS AZURE SENTINEL. AND IF YOU LOOK AT THE OUTPUT NODES GRAPH IN TERMS OF WHERE IS IT, IT’S A SIMPLE GRAPH BASICALLY. IT’S JUST GETTING INFORMATION FROM ONE INPUT NODE AND PASSING IT TO SENTINEL THROUGH THIS OUTPUT NODE. THIS IS WHAT’S HAPPENING THERE. LET’S DRILL DOWN INTO THE INPUT NODE AND TRY TO PASS CUSTOM INDICATORS TO SEE HOW THIS WORKS IN ACTION. OUT HERE THIS IS A LOCAL DP INPUT CUSTOM INDICATOR TABLE, AND LET’S ENTER AN INDICATOR OF ONE, TWO, THREE, FOUR, AND LET’S SET IT AS IPV4 TO JUST TRACK THIS. LET’S GIVE IT A NAME. SO THE INDICATOR HAS BEEN ADDED, AND BASICALLY IT WILL GET — LET’S LOOK AT THE LOGS TO ENSURE THAT IT’S GOING OUT. SO, YES, IT’S EXCEPT THE DATES, IT’S ALREADY GONE OUT. LET’S SWITCH OUR VIEW TO AZURE SENTINEL TO SEE IF WE HAVE RECEIVED THAT INDICATOR AND WHAT ELSE CAN WE DO WITH IT? OUT HERE, WE ARE GOING TO AZURE SENTINEL, WHICH IS AT AZURE. COM, AND WE CAN ACCESS THE SENTINEL, AND WE ARE IN THE LOG SECTION OF SENTINEL. IN LOGS, WE CAN SEE THAT ON THE SECURITY INSIGHTS. WE HAVE THREAT INTELLIGENCE INDICATOR LOGS, AND THAT’S WHERE WE’LL FIND OUR ENTITIES THAT WE JUST PUSHED OUT, INDICATORS THAT WE JUST PUSHED OUT. SO NOW LET’S RUN THIS QUERY. THIS IS A SIMPLE COUSTEAU QUERY LANGUAGE QUERY THAT YOU CAN BUILD TO RUN AND QUERY YOUR LOGS. SO WE CAN SEE THAT WE HAVE OUR INDICATORS. PUSHED OUT HERE. WHICH IS OUR INDICATOR ONE, TWO, THREE, FOUR, THAT IS AVAILABLE HERE. SO WITH THIS, BASICALLY, THE OTHER OPPORTUNITY OUT HERE IS SO YOU CAN EVEN BUILD DIFFERENT KINDS OF QUERIES FOR QUERYING DIFFERENT LOGS AND GIVING THAT AND PROVIDING THAT INFORMATION AS WELL. SO THIS IS YET ANOTHER OPPORTUNITY OUT HERE TO ENABLE CUSTOMERS. NOW, LET’S LOOK AT WE JUST GENERATED AN INDICATOR. NOW, IF WE CAN SEE HOW WE CAN GENERATE AN ALERT USING THAT INDICATOR, HOW CAN WE USE THAT TO BUILD A DETECTION THAT WILL GENERATE AN ALERT? THAT’S WHAT WE’RE TRYING TO DO NEXT. AND WE HAVE AN OPPORTUNITY TO BUILD QUERY LANGUAGE DETECTIONS AND SHARE THAT OUT OR ENABLE IT IN YOUR ENTERPRISES AS WELL FOR YOUR CUSTOMERS. SO IN ANALYTICS, AND I HAVE BUILT ONE OUT HERE. SO I’LL JUST SHOW THAT. BASICALLY, WHAT THIS DOES IS INDICATOR QUERY, THREAT INDICATOR QUERY. SO I’M JUST HAVING A JOIN BETWEEN MY SIGN-IN LOGS AND THE THREAT INDICATOR LOGS. SO WE LOOK AT THE THREAT END KATOR LOGS WHERE THE THREAT LEVEL IS 1, 2, 3 FOR EXAMPLE. SO I’M QUERYING MY SIGN-IN LOGS FOR THE SIGN-IN IP ADDRESS. THIS IS A JOINT THAT I’M CORRELATING THESE TWO LOGS WITH THE COMMON NETWORK IP INFORMATION SO THAT, IF IT MATCHES, IF MY SIGN-IN LOG HAS IT 1, 2, 3, 4, AND I HAVE ALREADY PASSED THE CUSTOM INDICATOR SAYING ALERT ON 1, 2, 3, 4, THEN IT WILL GO AHEAD AND PRETTY MUCH ALERT ON THIS. SO I CAN SET MY ALERT FREQUENCY AND PERIOD ALONG WITH THIS QUERY, AND I CAN RECEIVE THIS SO THAT THE NEXT TIME I HAVE AN ALERT, IT WILL ACTUALLY USE THIS DETECTION TO GENERATE THE ALERTS. ALL THESE KIND OF DETECTIONS, THIS IS AN EXAMPLE DETECTION THAT SHOULD DEMO HERE. THERE ARE MORE SUCH DETECTIONS AVAILABLE ACROSS THE BOARD ON SENTINEL. YOU CAN CONTRIBUTE THERE AS WELL. THESE ARE IN COUSTEAU QUERY LANGUAGE, AND THAT’S YET ANOTHER POSSIBILITY HERE IN THE THREAT DETECTION SPACE. SWITCHING FROM SECURITY MANAGEMENT AND HOW CAN YOU ORGANIZE AND INVESTIGATE THOSE. WE LOOK AT OPTIONS TAKING RESPONSE IN AN AUTOMATED MANNER USING LOGIC APPS. WE SLOWLY MOVED DEEPER INTO HOW CAN WE GENERATE CUSTOMER ALERTS. LET’S TAKE A LOOK AT OTHER ALERTS. WE LOOKED AT A MASS SHARE ALERT, RIGHT? THAT IS KIND OF A CLASS OF ALERTS, WHICH IS MORE ON THE DOCUMENT ACCESS AND INFORMATION PROTECTION SITE. THERE ARE SOME ALERTS, WHICH BASICALLY, IF A CONFIDENTIAL DOCUMENT CROSSES YOUR ORGANIZATION’S PARAMETER, THEN YOU FLAG AN ALERT. THOSE KIND OF ALERTS ARE ALSO SURFACED THROUGH THE MICROSOFT GRAPH SECURITY API, AND THOSE ARE MICROSOFT INFORMATION PROTECTION ALERTS. SO NOW LET’S LOOK AT, IN THIS EXAMPLE, WE ARE GOING TO LOOK AT HOW CAN WE GO AHEAD AND LABEL YOUR FILES, THOSE DOCUMENTS TO HAVE ATHOSE KINDS OF TAGS, LIKE HIGHLY CONFIDENTIAL OR CONFIDENTIAL OR SOME OTHER TAGS TO BEGIN TO LOOK AT TOO. BASICALLY, IT GETS US TO CLASSIFICATION AND LABELING OF YOUR DOCUMENTS SO THAT, WHEN IT CROSSES THE PYRAMID OF YOUR ORGANIZATION OR SET A BOND RATE, THEN IT GETS FLAGGED FOR INVESTIGATION ALERT IS GENERATED OR IT’S BLOCKED, AND THOSE SCENARIOS ARE ENABLED TOO. WHEN YOU TALK ABOUT ISVs, ADOBE HAS INTEGRATED WITH MICROSOFT INFORMATION PROTECTION, CLASSIFICATION, AND LABELING PERMISSIONS AS WELL. SO THOSE ARE THE OPPORTUNITIES WE CAN LOOK AT IT IN THE SPACE. LET’S LOOK AT A SIMPLE DEMO THAT WILL GET US TO LABEL OUR DOCUMENTS. IN THIS CASE, WE ARE LOOKING AT — THIS DEMO IS ALSO AVAILABLE ON GITHUB, AND IT’S ON THE MY SDK WEBSITE. THE DEMO ITSELF BASICALLY GIVES YOU A LIST OF ALL THE TAGS THAT ARE THE LABELS THAT CAN BE APPLIED TO A FILE. IN THIS CASE, WE’RE TAKING AN EXAMPLE OF AN EXCEL FILE TO APPLY THIS TO. LET’S GO AHEAD AND APPLY THE ALL EMPLOYEES CONFIDENTIAL TAG TO THIS DOCUMENT. SO THIS IS THE CONFIRMATION THAT IT’S APPLIED, THE LABEL FOR THIS APPLICATION. I CAN DOWNLOAD THIS FILE. JUST TO SEE IF IT REALLY DID APPLY IT. IT’S AN EXCEL FILE. AND THIS IS WHAT WE SEE OUT HERE IN TERMS OF IT’S A CONFIDENTIAL DOCUMENT, AND IT’S ACCESSIBLE ONLY TO EMPLOYEES. THIS IS THE LABELING DEMO BASICALLY, AND LET’S LOOK AT THE CODE BEHIND THIS AS WELL. SO WE’RE FOCUSING PRIMARILY ON THE LABELLING SCENARIO DEMO CODE FOR THIS. IF YOU LOOK AT THE DEFAULT ASPX CS FILE. THIS ONE. WE CAN PRETTY MUCH SEE OUT HERE THIS LABEL CONTROL AND POPULATION OF LABELS THAT HAPPENS HERE, AND WE LOOKED AT THE TREE VIEW OF LABELS OUT THERE, WHICH IS BASICALLY RENDERED BY THE TREE VIEW OF LABELS. SO WE SAW HIGHLY CONFIDENTIAL, CONFIDENTIAL, AND A DIFFERENT SET OF LABELS. THAT’S ALL FROM HERE. AND BASICALLY, WHAT WE CAN LOOK HERE IS WE’RE JUST GENERATING A MEMORY STREAM OF THAT EXCEL FILE, AND THEN ULTIMATELY IT’S CALLING THE FILE, THE APPLY LABEL FUNCTION. LET’S TAKE A LOOK AT THE APPLY LABEL FUNCTION BECAUSE THAT’S WHERE THE REAL ACTION IS HAPPENING. SO THAT IS IN FILE API. CS FILE. LOOKING AT THIS, WE CAN SEE THAT THE FILE HANDLER IS CREATED. THAT FILE LABEL IS OUT HERE. SO IT USES THE FILE HANDLER THAT WE HAVE PASSED, AND BASICALLY IT USES THE LABELING OPTIONS TO ENSURE THAT ADDITIONAL PARAMETERS LIKE JUSTIFICATION MESSAGE AND METADATA ASSOCIATED WITH THE LABEL IS ALSO ATTACHED TO THIS. THAT’S WHAT IS HAPPENING HERE, AND THEN WE’RE DOING THE SET LABEL OPERATION. SO SETTING THE LABEL DOESN’T COMMIT THE LABEL, SO THERE IS A SEPARATE COMMIT PROCESS. SO THE LABEL IS SET, AND THEN IT’S BASICALLY COMMENTED OUT HERE BY SYNC OPERATION, AND IT’S APPALLING TO FIND OUT WHETHER THE COMMENT WAS SUCCESSFUL OR NOT. SO THAT’S BASICALLY THE FLOW FOR THIS. THE ENTIRE SAMPLE IS AVAILABLE IN GITHUB, AND THE MIP IS SAMPLES FOR THIS SCENARIO. SO SWITCHING BACK, WE LOOKED AT DIFFERENT SCENARIOS FOR HOW TO ENABLE SECURITY INVESTIGATION MANAGEMENT AND HOW TO USE THOSE WITH WEB APPS. YOU CAN EVEN LOOK AT NOTEBOOKS FOR BIG DATA AND ANALYTICS AND TRY TO BUILD MODELS AROUND THAT TO IMPROVE YOUR SECURITY SOLUTIONS. SO THAT’S THE OPTION AVAILABLE TOO. THESE ARE ALL DETAILED OUT IN THE WHITE PAPER AS WELL, AND THAT WE’LL BE PROVIDING A LINK TO THAT AS WELL AT THE END OF THIS. THREAT DETECTION, WE LOOKED AT HOW WE CAN BUILD DIFFERENT KINDS OF THREAT INTELLIGENCE PLATFORM INTEGRATIONS SO THAT YOU CAN SERVICE CUSTOM THREAT INTELLIGENCE INTO MICROSOFT PRODUCTS. AND YOU CAN ACTUALLY BUILD CUSTOM THREAT DETECTIONS AND CUSTOM QUERY LANGUAGE AND ENABLE THAT SCENARIO FOR CUSTOMERS. THEN WE ALSO LOOKED AT INFORMATION PROTECTION WHERE A PART OF THE INFORMATION PROTECTION WHICH IS LABELING THAT IS POSSIBLE AND AGAIN TRACKING AND REMEDIATION ARE YET THE STEPS THAT CAN BE EXPLORED AND BUILD AN END TO END SOLUTION AROUND THAT TOO. SO THE POSSIBILITIES ARE LIMITLESS WITHIN THE THREE SCENARIOS, AND WE’RE JUST TALKING ABOUT THREE NOW. THERE ARE SO MANY OTHER SCENARIOS YET TO BE EXPLORED AND EXPANDED ON. WITH THIS, I’D LIKE TO INVITE DARREN ON STAGE WHO’S OUR HACK-A-THON MS USER APP DEVELOPER, DEVELOPED THE WINNING APP, AND WOULD LIKE TO ASK YOU TO TALK MORE ABOUT HIS APP AND WHAT CHALLENGES HE RAN INTO AND TIPS AND TRICKS.>>IS THIS WORKING? SO THE SECURITY GRAPH HACK-A-THON WAS A RECENT ONE. IT WAS OPEN FROM I THINK IT WAS AROUND THE BEGINNING OF DECEMBER UNTIL THE END OF MARCH, AND DURING THAT TIME IT WAS AN OPEN HACK-A-THON. IT WAS AN ONLINE HACK-A-THON, AND ANYONE WAS INVITED TO EFFECTIVELY WRITE AN APP THAT INTEGRATED WITH THE SECURITY GRAPH FOR SECURITY TYPE OPERATIONS. SO I THOUGHT ABOUT IT FOR A WHILE, PRETTY MUCH THROUGH DECEMBER BECAUSE COMING UP TO CHRISTMAS IT’S PRETTY CRAZY IN AUSTRALIA. THOUGHT ABOUT WHAT I COULD PROBABLY DO AROUND THAT, AND I HAD A COUPLE OF EXISTING CUSTOMERS THAT HAD REAL BUSINESS PROBLEMS THAT FITS IN THIS SCENARIO. SO I BASICALLY SLEPT ON IT FOR ABOUT A MONTH. AND WHAT I CAME UP WITH IS A SOLUTION THAT WOULD PROVIDE A SINGLE PANE OF GLASS AND GIVE YOU INFORMATION ABOUT A USER AND EFFECTIVELY TRYING TO CLASSIFY THE SECURITY POSTURE. I WANTED TO CREATE SOMETHING THAT WAS RELATIVELY SIMPLE, SOMETHING YOU COULD LOOK AT AT A GLANCE AND BASICALLY SAY IS THE SECURITY POSTURE OF THIS USER GOOD, NOT SO GOOD, OR REALLY BAD? SO IN TERMS OF THE CRITERIA THAT I THEN USED IN ORDER TO CAST GORIZE INTO THE THREE CATEGORIES, IT WAS LIKE WHAT DOES THE USER LOOK LIKE IN THE ENVIRONMENT? DO THEY HAVE MULTIFACTOR AUTHENTICATION ENABLED? IF THEY DO HAVE MULTIFACTOR AUTHENTICATION ENABLED, WHAT IS THE PRIMARY MYTH OF MFA THEY’RE USING? ONE OF MY CUSTOMER ENVIRONMENTS, THEY ENABLED AZURE MFA TWO YEARS AGO, AND THE AUTHENTICATOR APP WASN’T AN OPTION THEN, NOW IT IS. THEY’RE TRYING TO UPLIFT THE USERS TO USE THE AUTHENTICATOR APP, BUT IT’S VERY DIFFICULT TO UNDERSTAND THE PRIMARY METHOD USERS ARE HAVING FOR MFA, FOR EXAMPLE. IF THE MFA METHOD WAS, AS TEXT MESSAGE OR PHONE CALL, THEN THEY SEE THAT AS NOT BEING AS GOOD A POSTURE AS IF USING THE APP. WHAT ABOUT DIRECTORY PASSWORD? TROY HUNT, HAVE I BEEN POENED? THE WEBSITE, I’M SURE, IF YOU’RE IN THIS ROOM, YOU’VE PROBABLY HEARD OF THAT. PART OF THIS IS OPEN-SOURCE SOFTWARE I’M INVOLVED WITH FOR IDENTITY ACCESS AND MANAGEMENT IS LIFT NET. LIFT NET HAVE A SET OF TOOLING THAT EFFECTIVELY VIA API A QUERY TO FIND OUT WHAT THE USER’S STATE OF THEIR PASSWORD IS. THAT’S SOMETHING ELSE I WANTED TO INTEGRATE INTO THIS APP. WHAT’S THE USER BEEN DOING? HOW HAVE THEY BEEN INTERACTING WITH THE ENVIRONMENT? HAVE THEY BEEN TRYING TO RESET THEIR PASSWORD? IF THEY’VE BEEN TRYING TO RESET THEIR PASSWORD A NUMBER OF TIMES, IS IT ACTUALLY THEM TRYING TO RESET THEIR PASSWORD? IF IT’S THE USER AND IT’S THEM, THEY’RE GOING TO BE SUCCESSFUL. BUT IF THERE’S MULTIPLE ATTEMPTS TO RESET THE USER’S PASSWORD, MAYBE IT’S NOT THAT USER, AND THIS FORMS PART OF THE USER’S SECURITY POSTURE. WHAT IS THE TYPE OF LOGINS FOR THAT USER? WHAT ARE THEY LOGGING IN FROM? ARE THEY LOGGING IN FROM MOBILE? ARE THEY LOGGING IN FROM A WINDOWS 10 DEVICE? IS THE WINDOWS 10 DEVICE AZURE AD JOINED IN ARE THEY ON A WINDOWS 7 DEVICE? IS IT HYBRID WORKPLACE? WHAT OTHER DEVICES ARE REGISTERED TO THEM? BASICALLY, IN A QUICK SENSE, WE WANT THAT SINGLE PANE VIEW, IS WHAT I WAS LOOKING TO ACHIEVE, OF WHAT A USER LOOKED LIKE AND TO GIVE SOME INDICATORS ABOUT WHAT THE CATEGORIZATION OF THAT USER WAS. SO THIS IS THE ARCHITECTURE OF THE APP THAT I BUILT. IT LOOKS A LOT MORE COMPLICATED THAN WHAT IT REALLY IS, BUT IN THAT ONE DIAGRAM, IT’S TRYING TO SHOW ALL THE BITS THAT GO TOGETHER MAKING IT UP. I’M NOT AN APP DEVELOPER. I’M AN IDENTITY AND ACCESS GUY. I CAN DO SOME SCRIPTING AND THE BIT OF POWERSHELL AND A LITTLE BIT OF JAVASCRIPT FOR A LITTLE BIT OF WEBBY STUFF. SO THOSE ARE THE SKILLS THAT I HAD. SO I TOOK THE BITS TO PUT THEM ALL TOGETHER THAT I COULD ACHIEVE AND GET THE RESULT THAT I WAS TRYING TO ACHIEVE. ESSENTIALLY, IT’S A NODE. JS APP USING BOOTSTRAP, A LITTLE JQUERY, NOT EVEN ANY ANGULAR OR ANYTHING LIKE THAT. A BUNCH OF FONT AWESOME, A LITTLE BIT OF JAVASCRIPT, AND A BUNCH OF WEB REQUESTS. AND BECAUSE I DIDN’T WANT TO LEARN A LOT OF JAVASCRIPT AND I NEEDED TO AUTHENTICATE TO MICROSOFT GRAPH AND EVERYTHING ELSE, IN ORDER TO DO THE LIFTING FOR ME, I USED AZURE FUNCTIONS BECAUSE AZURE FUNCTIONS IS SOMETHING I USED A LOT. I UNDERSTAND IT REALLY WELL. AGAIN, WHEN THAT’S YOUR HAMMER, EVERY PROBLEM LOOKS LIKE THE NAIL. SO IN THE MIDDLE IS VERY MUCH WHERE THE MAJORITY OF THE LOGIC SITS, AND A BUNCH OF AZURE FUNCTIONS. ALL THE SECURITY KEYS ARE STORED IN A KEY VAULT, SO THE ACCESS TOKEN, A REFRESH TOKEN IS STORED THERE, AND THEN THEY’RE REFRESHED AND THEY’RE ROLLED, AND THEY INTEGRATES WITH THAT. THE TABLE STORAGE IS BECAUSE AT THE MOMENT YOU CANNOT GET THE MFA METHODS THROUGH MICROSOFT GRAPH. SO IF A USER IS ENROLLED IN MFA, USING AUTHENTICATOR APP OR VOICE NOT CURRENTLY EXPOSED TO MICROSOFT GRAPH, THAT’S STILL ON THE ROADMAP, STILL COMING LATER THIS YEAR. I’VE GOT A BACK END PROCESS THAT PULLS THAT DATA OUT, PUTS IT INTO AZURE TABLE STORAGE, AND THEN PART OF THIS QUERY, IT PULLS OUT WHAT THE STATUS IS FOR THAT USER. THEN TO GET THE PONE PASSWORD STATUS, THERE’S A CALL INTO THE LIFT NET ACTIVE DIRECTORY PASSWORD PROTECTION PIECE, WHICH USES THE HAVE I BEEN PONED MTLM LIST OF ALL THE PONE PASS WORDS, SO WE CAN GET THE STATUS OF THE PASSWORD. THE APIs THAT I’M ACTUALLY CALLING ARE ALL THERE. THE SECURE SCORE IS SOMETHING YOU’LL SEE IN A MINUTE, IS PART OF THE APP WHEN IT LOADS THAT GIVES YOU AN OVERALL VIEW AND SUMMARY OF HOW THE ORGANIZATION IS AS A WHOLE IS ON THE SECURITY SCORE ON IF THEY WERE PERFECT, WHAT IT WOULD BE, WHERE THEY CURRENTLY ARE, AND DOES IT NEED IMPROVEMENT? CURRENT RISK EVENTS, PULLING OUT THE FIVE MOST RECENT ACTIVE RISK EVENTS. THEN THAT ALSO GIVES YOU SOMETHING TO LOOK AT. AND THEN ALL THOSE OTHER PIECES ARE PULLING OUT THE INFORMATION WE JUST TALKED ABOUT. SO THIS TOOL IS REALLY DESIGNED TO BE USED LIKE A SERVICE DESK OR A SECURITY OFFICER WITHIN AN ORGANIZATION. WHEN A USER CALLS UP AND SAYS, OH, I’M HAVING PROBLEMS LOGGING IN, OR I’M HAVING PROBLEMS WITH THIS. THE SERVICE DESK GUY SHOULD BE ABLE TO GO TO THIS LITTLE WEB APP, TYPE IN THE USER’S NAME, AND THEN GET A SUMMARY OF THE USER THAT THEY’RE TALKING TO. IF THE SUMMARY OF THE USER THEY’RE TALKING TO DOESN’T LOOK GOOD, THE PASSWORD HAS BEEN PONED. THEIR AUTHENTICATION FOR MFA METHOD IS TEXT OR WHATEVER, IT’S AN OPPORTUNITY TO SAY I’M GOING TO RESET YOUR ACCOUNT SO, WHEN YOU LOGIN NEXT, YOU’VE GOT TO CHANGE YOUR PASSWORD BECAUSE YOUR PASSWORD ISN’T GOOD ENOUGH. OR YOU NEED TO USE THE AUTHENTICATOR APP IF YOU’VE GOT A SMARTPHONE OR MAYBE SHIP THEM A PHYSICAL TOKEN AND USE A TITP TOKEN FOR THE MFA RATHER THAN A TEXT MESSAGE. I’LL SHOW YOU A DEMO OF WHAT IT LOOKS LIKE. THIS IS IT LOADING. I’M NOT A DEVELOPER OR A FRONT END GUY OR ANYTHING LIKE THAT. SO UNLOAD, DYNAMICALLY GOING OUT AND UPDATED THE SECURE SCORE AT THE TOP. IT’S GOT THE LATEST FIVE RISK EVENTS DIRECTLY OUT OF MICROSOFT GRAPH. THIS IS ACTUALLY FROM A LIVE SYSTEM. SO WE CAN SEE THERE’S A NUMBER OF ANONYMOUS IP RISK EVENTS. THERE’S A MALWARE RISK EVENT AND A FEW OTHERS. SO YOU CAN CLICK ON ONE OF THESE USERS STRAIGHT AWAY. THIS IS PROBABLY MORE OF A SECURITY OFFICER LOOKING TO SEE WHAT THE MOST RECENT EVENTS ARE, AND THEY CAN CLICK ON ONE OF THOSE USERS IN THE LIST, AND THEN IT GOES OUT AND GETS THE REST OF THE INFORMATION ABOUT THAT PARTICULAR USER. SO THIS CALL’S GONE OFF TO THE AZURE FUNCTIONS. IT’S GONE OFF COLD INTO THE DIRECTORY AND PULLED BACK AND PROVIDES A SUMMARY OF THAT USER, AND THAT USER’S LOOKING PRETTY BAD, BUT THEN WE PRETTY MUCH KNEW THAT BECAUSE IT WAS IN THE RECENT RISK EVENTS. THEY WERE DOING SOMETHING THAT PROBABLY SHOULDN’T BE DOING OR SOMEONE ON THEIR BEHALF HAS BEEN DOING THEM. SO WE CAN SEE A SUMMARY THERE OF THE MFA METHODS. THE PASSWORD HAS BEEN PONED. THE RISK EVENT IS SOMEWHERE IN BETWEEN. YOU CAN CLICK ON ANY OF THESE AND EXPAND THEM. IF I CLICK ON THAT, THEN THE DYNAMIC PIECES OPEN UP, AND WE CAN SEE THAT THIS PARTICULAR USER IS USING, LOOKS LIKE IS USING PROBABLY AN iPAD AND USING A MAC. SO MAYBE THAT IS A SECURITY RISK. WE FIND OUT ABOUT THE USER, WHO THEY WORK FOR, ET CETERA, ET CETERA. THE OTHER THING IS MORE FROM THE SERVICE DESK SIDE. WHEN SOMEONE CALLS UP THE SERVICE DESK AND IS ASKING FOR HELP OR INFORMATION, SIMPLY BY TYPING IN THEIR NAME , YOU CAN FIND THAT USER. IF YOU TYPE IN MY NAME IN THIS ENVIRONMENT, WE’VE GOT THREE ACCOUNTS. I’VE GOT A HYBRID ACCOUNTS, AN ON PREMISE ACTIVE DIRECTORY ACCOUNT. I’VE GOT A GUEST ACCOUNT IN THE AAD TENANT BECAUSE I’M A B TO B, AND THEN I’VE ALSO GOT AN ADMIN ACCOUNT THAT’S A CLOUD ONLY ACCOUNT. DEPENDING ON WHICH ONE YOU CHECK ON THAT, THAT TELLS YOU WHETHER IT’S HYBRID, B TO B, OR CLOUD. IF I CLICK ON THE B TO B ACCOUNT, FOR EXAMPLE, IT’S GOING TO GO OUT AND GET ALL THAT INFORMATION ABOUT THE USER, AND I’M LOOKING PRETTY GOOD. I’M LOOKING PRETTY GOOD BECAUSE I DON’T HAVE AN AUTHENTICATION METHOD ASSOCIATED WITH IT BECAUSE I’M A B TO B USER, AND YOU DON’T DO MFA IN THAT TENANT. I’M LOOKING PRETTY GOOD BECAUSE YOU DON’T HAVE A PASSWORD THERE. THAT’S ALL HAPPY DAYS. IF I LOOK AT TRB — IF I DO THE SEARCH AGAIN. AND I SEARCH ON THE HYBRID ACCOUNT, THEN I’LL GET THE FULL RUN RUNDOWN, AND I’M STILL LOOKING GOOD. IT WOULD BE BAD IF IT WASN’T LOOKING GOOD. BUT THEN MY SIGN-IN ACTIVITY FOR HERE BECAUSE YOU CAN SEE IT ALSO SHOWS YOU WHEN MFA HAS BEEN APPLIED, WHERE I’M LOGGING IN FROM. FUNNILY ENOUGH, I’VE COME IN FROM SYDNEY. I’M NOW IN WASHINGTON THIS WEEK. WE CAN SEE THAT ABOUT ME. IF WE LOOK AT MY PROFILE HERE, YOU CAN SEE THAT I’VE GOT A WINDOWS 10 DEVICE, WINDOWS 10. 0, 17134, WORKPLACE JOINED. THAT’S THE NAME OF MY DEVICE. ALL THAT’S JUST PULLED STRAIGHT OUT OF THE DIRECTORY. SO THAT’S ABOUT IT FOR THE APP. IN TERMS OF — WHAT’S THE SLIDES ON? IN TERMS OF TIPS AND TRICKS, WITH AZURE FUNCTIONS DOING A LOT OF THE HEAVY GRUNT WORK FOR THIS, WHEN I WAS WRITING IT LOCALLY AND ALL IN VS CODE, YOU’RE BASICALLY RUNNING IT LOCAL. WITH AZURE FUNCTIONS, YOU’VE GOT CROSS ORIGIN RESOURCE SCRIPTING ISSUES. IF YOU’RE DOING SOMETHING LIKE THIS FOR THE FIRST TIME, YOU’RE NOT A DEVELOPER LIKE ME, IF 12 DEVELOPER TOOLS, NETWORK, LOOK FOR THE ERRORS, SEE SOMETHING LIKE CAUSE, AND THEN YOU’VE GOT TO ADD IN THE ADDITIONAL NAMES. BUT IF YOU’RE A DEVELOPER, YOU PROBABLY ALREADY CROSSED THAT ONE. ENABLING APPLICATION INSIGHTS AND JUST SEEING HOW YOU’RE — WHEN YOU’RE DOING MULTIPLE CALLS LIKE THIS EXAMPLE IS USING, WHAT’S WORKING FAST? WHAT’S WORKING SLOW? WHERE ARE THE BOTTLENECKS? HOW CAN YOU MAKE IT A LITTLE MORE EFFICIENT? I DID USE MICROSOFT GRAPH ADJACENT BATCHING. IF ANYONE’S USED THAT, IT GIVES YOU THE ABILITY TO BASICALLY BATCH UP A BUNCH OF YOUR QUERIES GOING TO DIFFERENT API END POINTS AND POST IT AS ONE REQUEST TO GRAPH. IT GOES OUT IN PARALLEL AND DOES ALL THOSE REQUESTS AND GOES ONE RESULT BACK. YOU’RE SIGNING AN I. D. AND THE END POINT AND THE QUERY . IT PROCESSES THEM ALL. YOU THEN ENUMERATE YOUR I. D. s AND KNOW WHICH ONES COME FROM WHERE, AND THAT’S A REALLY EFFICIENT WAY OF DOING A LOT REALLY QUICK, WHICH OTHER THAN THE FIRST QUERY TO LOAD THE SECURE SCORE AND THE MOST RECENT RISK EVENTS, IT’S JSON BATCHING TO GET THE MOST RECENT INFORMATION BECAUSE THAT’S GOING TO TABLE SERVICE, WHICH IS A DIFFERENT API END POINT, IT’S NOT GRAPH. THE AUTHENTICATION IS ALL DONE IN THE AZURE FUNCTIONS AS WELL. WHAT I DID IS I USED A COMMUNITY LIBRARY CALLED PSMS GRAPH, WHICH IS A POWERSHELL MODULE, WHICH ALLOWS YOU TO AUTHENTICATE USING OAUTH AS YOUR AD. I MODIFIED IT JUST A LITTLE BIT SO IT WASN’T INTERACTIVE AND USES MODIFICATION FOR THE PERMISSIONS ASSOCIATED WITH THE APP TO GET THE INFORMATION IT NEEDS. ESSENTIALLY, ON EVERY CALL, IT CHECKS TO SEE IF THE ACCESS TOKEN IS STILL VALID. IF IT IS, IT DOES THE REQUEST. IF IT ISN’T, IT REFRESHES THE TOKENS, UPDATES THE KEY VAULT, AND PUTS OUT THE OTHER ARTIFACTS AROUND THE TOKEN SO THE NEXT TIME IT CAN RECEIVE A NEW ACCESS TOKEN OR REFRESH TOKEN. ICONS, AGAIN, I’M NOT A DEVELOPER. AND I’M DEFINITELY NOT AN ARTIST. SO I USE THE ICON LIBRARY, WHICH YOU SAW PRETTY EXTENSIVELY IN THERE. IT WAS PRETTY AWESOME TO DO THAT AND EVEN GAVE ME THE WINDOWS LOGO TO IT’S LOADING, IT’S DOING SOMETHING. ALL THE CODE IS ALL OPEN-SOURCE. IT’S ALL UP IN MY GITHUB, DA DARRENJROBINSON/MICROSOFT SECURITY USER DEVELOPER. THAT WAS A 4:00 A. M. IN THE MORNING DECISION. AND MY BLOG DARRENJROBINSON. COM/HACK-A-THONS . IT HAS A WRITEUP, A LINK, AND A VIDEO THAT’S MORE IN DEPTH ABOUT THE APP AND TOOL AND EVERYTHING ELSE. DID WE GO THE WRONG WAY? THANK YOU. [APPLAUSE]>>THANKS, DARREN. THAT WAS A VERY GOOD EXAMPLE OF A CONNECTED SECURITY SOLUTION THAT IS JUST OUT THERE AND LIVE AND WORKING. SO THIS IS WHAT WE HAVE, KIND OF TIPS AND TRICKS AND ALSO LIKE GUIDELINES SPECIFICALLY AROUND WHAT TO USE WHEN FOR WHICH SCENARIO AND WHAT ARE YOU TRYING TO BUILD? BASED ON THAT, WE HAVE OUR DEVELOPER GUIDE, WHICH IS A WHITE PAPER WE PUBLISHED A COUPLE OF DAYS AGO. IT’S PRETTY NEW. WE DEFINITELY RECOMMEND YOUR FEEDBACK. WE’D LIKE TO HAVE YOUR FEEDBACK, REVIEW IT, TAKE YOUR TIME, AND PROVIDE US ALL THE FEEDBACK ON GITHUB. YOU CAN FIND AN ISSUE ON GITHUB IN OUR MICROSOFT SECURITY DEV. THAT’S THE GITHUB LOCATION FOR IT. AND THE LINKS ARE THERE FOR THAT AS WELL. SO WE REALLY LOOK FORWARD TO SEEING MORE CONNECTED SECURITY APPS AND SOLUTIONS, AND WE ARE HAPPY TO RECEIVE YOUR FEEDBACK AND MAKE IT SUCCESSFUL FOR YOU AND MAKE IT EASIER FOR YOU AS WELL.

No Comments

Leave a Reply