This episode is all about certifications. I sat my first industry certification exam in the late 1990’s and it’s safe to say that certifications and the way the industry views them has changed a lot over the years. Are certifications important or even relevant anymore? This can be a very polarizing topic, I recently asked Sly Gittens from Tech Simplified all about it.
For more information on The Cloud Architects podcast, check us out on SoundCloud
We recently had the pleasure of talking to a long time friend of the show Jay Gundotra. Jay is incredibly passionate about the community and you have most probably seen the ENow Software booth or attended one of their parties at Ignite or some other industry event. We talk about his journey from Exchange Server specialist to Founder and CEO and how everyone has a unique journey. We also get deep about how it is important to learn from our own experiences - good or bad and how self care is vital to longevity in our industry today.
For more information on The Cloud Architects podcast, check us out on SoundCloud
A little while back I was asked to help troubleshoot an issue with Azure AD Connect. Everything was working great before, but all of a sudden Azure AD Connect stopped sync’ing successfully. When looking at the event log on the server, I noticed an ADSync event 6900 that seemed to indicate an issue with MFA. It said “The ADSync service is not allowed to interact with the desktop to authenticate…” as shown below
This event was accompanies by a few others, like Events 904, 906, 659
After logging into Azure AD, I found that a Conditional Access policy has been enabled to enforce MFA on all administrator accounts and this was tripping up the ADSync account. To solve the problem, simply add an exclusion to the policy. You can do this in two ways, either exclude the specific account or exclude the “Directory Synchronization Accounts” role. I chose the latter option
In this episode we had the pleasure of talking to Kexin Ye and hearing her inspirational story of personal growth and how she went from selling Fair trade “coffee to fighting to tech”. We also talk about chaos engineering, technical debt and the importance of a sound cloud strategy.
If you’re interested in chaos engineering, here are some additional links you might want to check out:
For more information on The Cloud Architects podcast, check us out on SoundCloud
We’re back for our first episode of 2022! We had so much fun catching up in-person in Cape Town last month to record this one. In this episode we’re joined by fellow MVP Alistair Pugin to talk through some of our predictions for 2022. Will 2022 be the year of spend? We talk about hybrid cloud, organizational maturity, in-person conferences and Exchange ‘bugs’.
For more information on The Cloud Architects podcast, check us out on SoundCloud
I really miss in-person conferences and I’m sure I’m not the only one. We’ve always enjoyed being able to connect with new and old friends and peers, not to mention how incredibly enjoyable it is for us to record our episodes in person. In this episode we talk to Microsoft’s Laurent Bugnion about conferences and events - we cover everything from imposter syndrome, why in-person events may never be the same again and how they have worked tirelessly to scale and make virtual events more engaging for everyone.
Be sure to check out the following resources:
For more information on The Cloud Architects podcast, check us out on SoundCloud
Data Security is top of mind for many organizations at the moment with so many of them transitioning to a permanent work from home or hybrid working model. There is however so much more to protecting your data than encrypting it or implementing a DLP tool. In this episode we have a great conversation with Ernie Anderson about Data Security - what it is, where to start, what to consider and why you shouldn’t just run out and buy a tool right away.
For more information on The Cloud Architects podcast, check us out on SoundCloud
This post was originally published on the ENow Software Blog, you can view the original post here
Many organizations regard their people as their greatest asset. There is no disputing that the ability to hire great talent is a critical component to success, but in today’s pandemic-work-from-home world these great assets could also pose the greatest risk to your business. No amount of technology can account for human nature. You may already have invested in the best security solutions, but all it takes is a single click of a phishing email. I like to refer to this as a people problem – something that technology cannot solve entirely.
Organizational Change Management (OCM) practices have taken off in recent years and I have long been of the opinion that the most successful projects are those with heavy OCM involvement – I’ve experienced it for myself. For the longest time though, we’ve had the tendency to only involve or interact with the user community when we’re about to change something, often times going to great extents to avoid this interaction. Bad actors are constantly evolving and maturing their methodologies. Doesn’t it make sense for us to evolve our awareness and user education programs as well? I have previously written about this and thought I would go into a little more detail.
Security is everyone’s responsibility – by this I don’t mean everyone in the organization should also become cybersecurity professionals, instead I mean everyone has a responsibility to be diligent in their daily duties and informed about active and emerging threats. I know many organizations already have user education programs in place that typically involve some outdated computer based learning modules that are a required part of employee onboarding. Sometimes these need to be completed once a year. My opinion of these is that in many instances they do nothing more than “tick a compliance box” and are at best a 1999 solution to a 2021 problem. Similarly, some organizations run internal phishing campaigns to test their user community – these are great except when the results of these campaigns are published as top 10 name and shame lists or worse still for disciplinary action instead of being used to educate and empower. It is our responsibility as technologists to help keep our user communities informed and arm them with the knowledge they need to make the right decisions.
I believe the best approach here is a program that is iterative in nature and uses a combination of process and technology. Engagement and buy-in from the user community is key – fear mongering will not achieve the desired results. It could start with something as simple as a regular company-sponsored lunch and learn – yes, there is some investment required, but if you consider that in 2020 the average cost of a data breach was $3.86 million it will be worthwhile.
Developing a security awareness program isn’t something you can do overnight, and it certainly isn’t something that you can ‘set and forget’. Here are some additional tips that might be useful when planning your program or to help improve the program you already have in place today:
Lastly, there are some great tools you can use to help make your life easier. The Report Message and Report Phishing add-ins for Outlook and Outlook on the web are a great way to empower users to easily report false positives or false negatives to Microsoft for analysis. It is important however to educate users on the process, the difference between a false positive and a false negative and how their reports are used.
If your organization has Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2, you can use Attack simulation training in the Microsoft Security Center. These simulated attacks are a great teaching aid when used correctly.
Ever wondered what a SIEM is? How about SOAR? In this episode we have a fantastic conversation with ML who helps us understand what these are, how they are different and even how they can work together. We also cover a few other security-related topics and ML shares some great insights and recommendations.
For more information on The Cloud Architects podcast, check us out on SoundCloud
If you follow the Microsoft productivity space, you have no doubt seen or heard about the Autodiscovering the Great Leak research paper recently published by Amit Serper, a security researcher at Guardicore. The paper details more than five months’ research into the Autodiscover service used by Microsoft Exchange. Amit’s research was picked up and in many instances misreported by the tech press, which in turn caused a certain degree of panic. We’re deeply passionate about Exchange and have been for a very long time, so we thought it would be a good idea to sit down with Amit to talk through his research and better understand his findings.
During the episode, Amit talks about the following resources:
For more information on The Cloud Architects podcast, check us out on SoundCloud