Defend, govern, & prove

0:01
Hello and welcome back to episode two of
0:03
defend govern.
0:05
This one is going to be focused around
0:07
email security. We really want to talk
0:09
about those pillars of the defense and
0:12
how we incorporate that into governance
0:13
and we all incorporate it into proof. Um
0:15
and I want to talk through each of the
0:17
elements we can configure and we can
0:19
implement within Microsoft. And that
0:21
starts with for me managed email
0:23
security day one value. How do we make
0:25
sure that we are implementing good
0:27
security practices? Most fishing
0:29
attacks, most cyber risks start really
0:31
with an email that comes in. And I
0:33
always think that's always a good point
0:35
to start. I know it's irrelevant when we
0:37
talk about the encompassed endpoint
0:39
management solution or defense solution
0:42
around Microsoft. And probably most
0:44
people would think and I would tend to
0:45
agree that identity protection sits at
0:47
the top of the risk of things we should
0:49
be talking about from day one. But quick
0:51
wins email security defender for office
0:54
is essentially the solution we're
0:56
looking at. But before we dive into that
0:58
and before we go and have a look at the
1:00
security center and just where we go for
1:02
those configurations I want to talk
1:03
around what we had previously versus
1:06
what we can have now um and where that
1:09
sits within that defend govern element.
1:11
Where do we look at when we talk about
1:13
this? So what's the old way? How did it
1:17
used to look when that started with EOP
1:19
exchange protection? what not exchange
1:21
online protection but protection at the
1:24
basic level on an exchange server third
1:26
party gateways that email layer that we
1:29
had before our MX records pointed to it
1:31
emails went through it we made sure we
1:33
created new policy delivery we had
1:36
advanced threat protection maybe in in
1:38
the form of a different integration or
1:40
another third party solution um and then
1:43
that separate seam integration that
1:46
security layer cake the area where we
1:47
had multiple layers from different
1:49
vendors with different integrations. So
1:52
many complexities for us as MSPs to
1:54
focus on, especially if we had this
1:55
against 50, 60 plus tenants. We had
1:59
different gateways, different solutions,
2:00
different MX records hosted in different
2:02
locations for domains, different
2:04
advanced threat protection measures for
2:06
different solutions and then a different
2:08
security layer based elsewhere or baked
2:11
into different platforms elsewhere,
2:13
different API configurations. And every
2:15
single one of these came at additional
2:18
costs and we bolt bolted it on added it
2:20
individually to our per user per month
2:22
model added those layers
2:25
and then then 365 came around which came
2:29
with its own license came with its own
2:31
uplift. We started with just the
2:33
exchange online services, the exchange
2:35
online protection. We came in with
2:37
simple licenses around email. They then
2:39
introduced products, sharepoint online,
2:42
one drive, that native integration for
2:44
product suite. And then that identity
2:47
protection, the entrop piece, the area
2:49
where we measured it with the connection
2:50
with AD connect or I think it was called
2:52
AD sync at one point AD connect now with
2:55
a hybrid connectivity still identity
2:58
managed on prem as we started the
3:00
integration into 365 for that cloud only
3:02
or cloud first approach already included
3:06
in that was that license we had it. So
3:07
on top of the existing licenses we then
3:10
added that Microsoft 365. We went from6,
3:13
shall we say, per user per month on the
3:15
add-ons we added, excluding RMM and
3:18
endpoint management, I might add. We
3:20
then added on another layer with
3:22
Microsoft 365 licenses. We charged them
3:25
a fortune to decommission their Exchange
3:27
on prem servers. We moved three people
3:30
to 365 as part of that license
3:32
migration. I even remember the days when
3:33
we had to update DNS records on the uh
3:36
domain controller just to make sure it
3:38
was pointing in the right location if we
3:39
had an on-prem server. were the days.
3:42
Um, but now now what do we have
3:44
available to us? Where do most customers
3:47
sit? And the reality is it's Microsoft
3:49
365 for the majority of businesses.
3:51
There are a handful out there and I
3:53
would say a good one, two, maybe three
3:55
million companies that still maybe use
3:58
Google Suite or onremise exchange
3:59
servers and other vendors, but most or a
4:03
majority look and leverage Microsoft 365
4:06
and they probably use it whether they
4:08
like it or not in some fashion. Maybe
4:10
it's just productivity licensing i.e.
4:13
Outlook, Word and Excel. Maybe it is the
4:15
element of 365 emails, email solution,
4:18
email integration, SharePoint still
4:20
being used, collaboration of file
4:21
management. The reality is a lot of
4:24
people are moving to Microsoft 365 and
4:26
we need a single source for management.
4:28
Again, that's inforce. So that's why
4:29
we're having this conversation today.
4:31
But we also need to unify the services
4:34
and solutions we use. We've we've looked
4:36
at that old layer cake, the security
4:38
layers, but now we've got this unified,
4:40
integrated and intelligent platform
4:42
within Microsoft 365. And that starts
4:44
with those four you see in front of you.
4:46
Defender for Office 365.
4:48
It's there. It's available. We have the
4:50
Exchange online protection piece that
4:52
sits in there by default, but we have
4:54
those advanced plan ones and plans twos.
4:56
Defender suite for business. Always
4:58
recommend using that if you're using
4:59
business premium for SMBs. It's a small
5:02
add-on, but the value you get is what
5:05
you might get with an enterprise E5
5:07
licensing. Gives you the ability to
5:09
really leverage the encompassed unified
5:12
threat intelligence available with
5:13
Microsoft. That that that aside, it's
5:17
also a native integration. We're already
5:19
using it. So adding that layer of
5:21
defender for office, that integrated
5:22
intelligence allows us to make sure
5:24
we're leveraging the best, you know,
5:26
single point of solution encompassed
5:29
under one umbrella. That unified threat
5:31
intelligence really resonates when we
5:33
talk about protecting fishing
5:34
resistance, impersonation, spam,
5:37
malware, safe links, safe attachments.
5:39
All of that's included and available
5:41
under a single pane of glass or a single
5:43
unified threat intelligence. And then we
5:45
leverage that single pane of glass. that
5:48
pane of glass of what's going on. How do
5:50
we make sure it's protected? Now,
5:51
security center, I'll show you a bit
5:53
later, has some very good reports
5:55
available that single source for secure
5:57
score, the recommendations just to get
5:59
you on your way for improvements. You're
6:02
probably spending, and I'll say this
6:04
already, but you're probably spending
6:06
additional money on protection that your
6:07
license already covers. Email security
6:09
add-ons seemed essential once, but
6:12
should we really be using this or
6:14
layering it on products now? adding on
6:16
to that fatigue for our engineers.
6:18
Should we really be needing it? Do we
6:20
really need it? I I kind of would
6:22
suggest we don't. Everyone has their own
6:24
opinions. This is why we're having this
6:26
conversation. I like the idea of
6:29
challenging people to think, should we
6:30
be adopting a better solution or or a
6:33
better fix. Um, and that's Microsoft
6:36
365. That's your defense. That's your
6:38
governance. Starting that layer within a
6:41
single unified platform, building it out
6:44
in a tenant and pushing out on mass to
6:45
your customers is absolutely priceless.
6:48
Being able to use the security baselines
6:50
in in enforcer to push these out really
6:53
helps to kind of grow and streamline
6:56
that process. Being proactive as we look
6:58
for that delivery.
7:00
So what does it look like? Let's go back
7:02
to that old model, the gateway gap. What
7:05
was it previously? the gaps that we had
7:07
before. We sold the SPF checks, the
7:10
DKIM, URL writing, attachments, all
7:13
through a third party gateway. It
7:15
worked. It did the job. Whether that was
7:17
an on-prem server, um, Exchange server
7:20
with a connection to a third party
7:21
gateway in the cloud, all that
7:23
configuration was in place. They used
7:25
their own private data centers of third
7:26
party. But it came with some flaws.
7:29
sometimes delivery delays, internal
7:32
blind spots if it's all internal. Um
7:35
fragmented management, post delivery
7:37
gaps, all of this stuff still to a
7:40
degree kind of exists, but we can manage
7:42
it under a single platform rather than
7:44
looking at different portals to do that
7:46
control.
7:47
So I'm going to skip past this further.
7:49
It's something you guys can read if you
7:50
want to by pausing the video. But
7:52
Microsoft's approach I think is the area
7:55
we should be focusing on more and that
7:57
starts with that Microsoft native
8:00
layered and integration. Defender for
8:02
office isn't merely an anti-PAM filter
8:04
anymore. It's become a comprehensive
8:06
ecosystem. It's identitydriven. It's
8:08
behavior-based and it's integrated
8:11
directly within the Microsoft security
8:12
signals across our entire environment.
8:15
Leveraging a an area in the background
8:17
of of a trillion signals a day that
8:19
Microsoft's managing. We we should be
8:22
leveraging a tool that's already
8:23
receiving this information and adopting
8:25
and growing and understanding. And
8:27
there's four pillars to that layer. So
8:29
we have our perimeter, the EOP, block,
8:31
spam, malware, no malicious senders.
8:34
It's added an advancement. You've got
8:36
your advanced threat protection. Most
8:38
things are already included in business
8:40
premium, but we can layer it up with
8:42
defender suite for business with
8:43
advanced measures. So attack sim
8:45
automated investigations and response.
8:47
Apologies if this slide is slightly
8:49
outdated. Um, but we can start that ATP
8:53
piece, the advanced threat protections,
8:55
that additional layer. Guess what? It's
8:56
native. It's integrated into 365. It's
8:59
part of defender for office. And then we
9:01
look at that next layer. Where do we sit
9:03
with data exfiltration and enforcement
9:05
the governance piece of this defend,
9:07
govern is is purview, data loss
9:10
prevention, and sensitivity layering. So
9:12
outside of defender for office we can
9:14
layer in protection on emails on safe
9:18
links on safe attachments with purview
9:20
data loss prevention sensitivity
9:22
labeling is all encompassed. It's a
9:24
native integrated layered solution. It's
9:27
all in one and we should be looking at
9:29
this as an opportunity to provide that
9:32
unified piece. We are focused on uh
9:35
Microsoft or managed email security in
9:37
this this specific episode but
9:39
everything connects together and
9:41
leveraging enforcer we can then start
9:43
managing those policies as a single
9:45
layer and I think it's a good example
9:48
here the security flow is is email
9:50
inbound it's EOP filtering defender
9:52
analysis it gets back into the mailbox
9:55
but we have that layer of purview DLP
9:57
enforcement as well every stage is
9:59
connected for every threat tracked it's
10:02
a really good statement. We want to make
10:05
sure that the stages are in place, but
10:07
we are tracking every single possible
10:09
threat and we leverage the security
10:11
center, the hunting, the advanced
10:12
hunting that's available in there to
10:14
really see what's going on when threats
10:16
do creep up in fishing or do creep up in
10:19
email flow. And the transparent solution
10:22
is it does. fishing will always get
10:24
through some spam filters, but the more
10:26
layers we have in an integrated native
10:29
solution, the easier it is for us to be
10:31
able to hunt, track, defend, and
10:33
remediate. We need to do those three
10:36
those four different elements to make
10:37
sure that we're pro protected. If this
10:39
was all across different third party
10:41
solutions, we'd be logging into multiple
10:43
portals, run this process, then run this
10:46
process, log into this portal, make sure
10:48
this is in place. Having it under a
10:50
single pane of glass, a security center
10:53
for comprehensive advanced filtering and
10:55
management really helps to speed up that
10:58
delivery. When a when attack does take
11:00
place, we can track the process. We can
11:03
see how it got in and we can make sure
11:04
the remediations are in place in the
11:06
future. Doing that across multiple
11:08
portals is going to take time.
11:11
So where do we sit when we talk about
11:13
the proof of this? So we've spoken about
11:15
the governance um and and the defense we
11:18
do the configuration with our baseline
11:20
the alignment and a drift detection that
11:22
we have available with these native
11:24
blade integrations utilizing enforcer
11:26
implementing purview but we also need to
11:29
be able to prove it prove that value so
11:31
the proof visibility reports and metrics
11:34
90% of what you need when we talk about
11:37
particularly defender for office is
11:39
available in the security center on
11:40
Microsoft end and that's great it gives
11:44
gives you those metrics. We can look at
11:46
the threat protection. We can block. We
11:48
can look at the DLP hits per site per
11:50
mailbox sensitivity label tracking,
11:52
fishing detection trends, attack
11:54
simulation results, safe link and
11:56
attachment performance. Those reports
11:58
and I'll show you in a minute are all
12:00
available in the security center. But we
12:03
still need to make sure that we are
12:04
adding the additional layers of
12:06
governance. So drift detection, we need
12:08
to make sure that we are being alerted
12:10
to changes being made in policies. At
12:12
the moment, we're we're tracking the the
12:15
metrics and the reports on email flow,
12:18
the vulnerabilities, threat related
12:20
vectors and attacks that come in. That's
12:22
all managed and controlled within the
12:23
security center. You'll see some of the
12:25
just the analysis of some companies I've
12:28
worked for in the past. 72,000
12:30
malicious emails stopped this month
12:32
across monitored tenants. That's a huge
12:35
number. Massive 98% detection accuracy.
12:39
false positive rate is under 2%. And
12:41
it's 247 continuous monitoring, the
12:44
automated threat response. You can
12:46
literally measure every single attack
12:49
prevented per tenant. That's ROI in the
12:52
purest form. That's the metrics we talk
12:54
about when we deliver this to customers.
12:56
Generating value, showing the value that
12:58
we're giving. We don't need to explain
12:59
the theoretical protection anymore
13:02
because we can show the numbers by
13:03
logging into the security center. We can
13:05
show the numbers by logging into
13:07
enforcer and demonstrating that we're
13:08
aligned to our best practice. We're
13:10
governed by the best practices our MSP
13:13
sets. We've got those drift detections
13:15
for a reason to be able to measure what
13:17
changes are being made and guess what
13:19
govern that response.
13:21
So let's talk about the enforcer layer.
13:24
It's that automation. It's that ROI and
13:26
it starts with the four pillars that we
13:28
look at. So baseline enforcement that's
13:31
that defense piece the piece where we're
13:33
leveraging that single pane of glass
13:35
what single solution with Microsoft
13:37
we're implementing our best practices on
13:40
for defender for office the data loss
13:42
prevention policies that we can
13:43
implement around exchange protection
13:45
starts with our baseline you guys build
13:47
your best practice baseline I said in
13:49
the last episode it's not about being
13:51
unique it's about being secure you
13:53
implement the baseline that fits the
13:54
needs for the industries you're working
13:56
in you build it through your tenant and
13:58
you align at that point to your
14:01
customers environments. Whether it's a
14:02
new company or not, everything should
14:04
always be measured against your best
14:06
practice. Some companies might need some
14:08
improved or stricter conditions. If
14:11
you're in finance, you've got FCA
14:12
regulations to consider. Um, but
14:15
everything starts with that alignment
14:16
piece. You build out the practices that
14:18
fit the needs of your industries you're
14:20
working in. Then you continue that
14:22
governance with alignment. aligning
14:24
aligning that engine automatically
14:26
detect the configuration drifts. Ashure
14:28
governance making sure the ongoing
14:30
governance is in place like safe links
14:32
being disabled and alerts before
14:34
vulnerabilities emerge. All those things
14:36
we can be proactive in by aligning
14:38
companies to our best practice, our
14:40
values that we build as a security MSP.
14:43
And then the assessment reports we have
14:45
to be able to report on it. It's that
14:47
ROI proving the value. You can log into
14:49
the security center and run a report
14:51
that says these are all the emails that
14:53
Microsoft and ourselves have remediated
14:55
today because of the policies we
14:57
configured. But fundamentally we want a
14:59
friendly executive friendly
15:01
visualization or report assessment
15:03
reports in in enforcer offers that for
15:05
you and that in turn provides the ROI
15:08
evidence quantifies the attacks that
15:10
have been blocked. Those policies are
15:12
enforced with the alignment report the
15:14
assessment engine that we have available
15:16
in forcer. It drives that ROI evidence.
15:18
It proves the value you guys are giving
15:20
to your customers and generates that
15:22
purpose-built delivery. So, I want to
15:25
encourage you guys to stop paying twice
15:28
and start proving the value. And that
15:30
starts with not overlaying or
15:32
duplicating layers of payments and
15:35
solutions um that are already available
15:38
in Microsoft. Utilizing leveraging
15:40
Defender for Office as your native
15:42
intelligence form. Microsoft Defender
15:44
just generally gives you guys the
15:46
ability to start adding value, saving
15:48
customers money, but generating ROI in
15:51
return for professional services
15:53
delivery, proving the value you guys
15:55
get. Sometimes it's just about customers
15:57
showing we're doing the job right. A
15:59
report does that. That's where your
16:02
professional services can implement
16:03
better protection, better methods,
16:05
measures, really good for project
16:07
delivery. Um, but more importantly, it's
16:10
that ongoing governance. governance as a
16:12
service delivery that measurement of
16:13
proving what we're doing every time. And
16:15
that's where we've got those three
16:16
pillars again. Native Microsoft
16:18
protection with your defense and
16:20
configuration, configure it with
16:22
enforcer, keep it native, your
16:24
governance, automated policy enforcement
16:26
at scale, again alignments, drift
16:29
detection, making sure that the policies
16:31
are governing as expected. We want to be
16:34
alerted to a change being made, but then
16:36
proving it, making sure the measurable
16:38
IR ROI with every report. What do we
16:41
give the customer that generates and
16:43
proves that they are it's value for
16:45
money? Um, and it's it's important. So,
16:48
before I go to what's coming next, which
16:50
is our managed email security, let's
16:53
drop into the security center and just
16:55
see what's available today. Where can we
16:57
go for some of the internal reports that
16:59
freely there outside of what's available
17:01
in enforcer? So bear with me a second.
17:04
Here we are. So this is the security
17:06
center for a domain of Craig called
17:09
Copilot Manager.
17:11
This is that single pane of glass, the
17:13
source of truth when we look at an XTR
17:15
solution in one place for Microsoft
17:17
Defender. We're talking about email
17:19
security. I'm going to be dropping into
17:20
this platform a lot over this series
17:22
because I really think it adds value.
17:24
Most of you already know how to do
17:26
configurations. I'm not talking about
17:27
configurations but almost a recap for
17:30
business owners for sales rep account
17:32
management the general engineers first
17:35
second third line this resonates with
17:36
all of you guys architects on reminding
17:39
ourselves where things are how do we go
17:41
about doing vulnerability checks and
17:43
running things there are loads of people
17:45
out on the web on YouTube that talk
17:47
around hunting advanced hunting KR
17:50
delivery looking at research highly
17:52
recommend looking at those people and
17:54
reading through what they have to offer
17:55
with their GitHub sub repos. But for
17:58
email security, it starts under email
18:00
and collaboration. So we've got our
18:02
real-time detections, basically a report
18:05
that allows us to see vulnerabilities
18:07
taking place. So we're pleased to know
18:08
this is a brand new tenant, so there
18:09
aren't any in here, but the ability to
18:11
drop down and and do just basic checks.
18:14
We've got some advanced checks available
18:15
here, change the dates. This is malware.
18:18
Perhaps we want to look at fishing
18:19
content in in intentionally. Is there
18:22
content malware available? It's a single
18:24
pane of glass to show you things in real
18:26
time. I think it's hugely valuable. It
18:28
gives us the ability to start tackling
18:30
those conversations we've not had in the
18:31
past. The other area is reviewing. It
18:35
sounds really cheesy and trivial, but
18:37
when we talk about ROI for our
18:39
customers, are we generating revenue or
18:42
are we proving that value? All of this
18:44
is available here. Your Exchange message
18:46
trace isn't in the Exchange admin center
18:48
anymore. We can come directly in here.
18:49
It will take us to the admin center
18:51
where we could go straight in and we can
18:53
start running message traces. We can
18:55
start looking at information again.
18:57
Security center leverage enforcer. If
18:59
you use a GDAP, click onto the to the
19:03
dashboards and select security center.
19:05
It'll take you straight in there using
19:06
your credentials.
19:08
Um, no more partner center or
19:10
lighthouse. Drives me mad. The other
19:13
area is where we do the configuration.
19:15
So if we're building a baseline from
19:16
scratch and we're going to be leveraging
19:18
enforcer to deploy that for our
19:19
customers, we need to start with
19:21
building it in here. Maybe we're
19:22
leveraging it we're still from you know
19:24
borrow from our current existing
19:26
customers but you guys can build your
19:28
framework and start it from scratch
19:29
here. So we click on policies and rules
19:31
under email and collaboration and it's
19:33
all available for us to dive into
19:36
configure manage and and administer in
19:38
this environment. anti-ishing, anti-PAM,
19:41
malware, safe attachments. It's all
19:43
available. If you're using a third-party
19:46
um fishing simulation environment, you'd
19:48
be doing advanced delivery here to
19:50
override for special use cases. So, if
19:52
you click in here, you've got your
19:53
fisting simulation in place or a secops
19:55
mailbox, for example. But you build out
19:59
your foundations of a secure environment
20:01
utilizing the threat policy
20:03
configuration in the security center.
20:06
Now, there's two things to be aware of.
20:08
Firstly, presets always in place. If
20:10
you're going to go down the route of
20:11
doing proper configuring this properly,
20:13
you'll be turning off these protections.
20:15
But if you're not capable or you don't
20:17
have the right team involved in
20:19
understanding how best to deliver
20:21
security policies firstly, you can use
20:24
YouTube to get people's opinions and
20:26
reviews. Leverage Microsoft secure score
20:29
because it gives you some
20:30
recommendations you should be
20:31
implementing. Um, but if you're really
20:34
unsure, you have these standard levels
20:36
of protection and it tells you exactly
20:38
what it's doing, what the aggressions
20:39
are, tighter controls, more aggressive.
20:41
Personally, if you really aren't going
20:43
to configure them yourselves, I'd be
20:44
turning on strict protection and
20:46
managing those settings if I needed to.
20:48
But for me, I like to build things out
20:50
from scratch because there's different
20:52
configurations. If we take anti-fish as
20:54
an example,
20:56
um, we'll just call this anti fishing.
21:01
When we click next, we've got the
21:02
ability to associate multiple policies
21:04
to different users. I always make sure
21:07
and I say this whenever I bring on
21:08
customers uh in the MSPOS app formally,
21:11
make sure you've associated this your
21:13
your main policy to all the domains. You
21:16
if you don't associate it, the policy is
21:18
doing absolutely nothing. And it's vital
21:20
that we include every domain that we
21:22
manage. There is going to be some cases
21:23
where there's different businesses in a
21:25
single tenant. But I do want to
21:26
emphasize a lot of people do configure
21:29
different policies for different um
21:31
businesses within a single tenant, but
21:33
they're all connected to the same
21:34
tenant. So if one is stricter than
21:36
another, maybe we should be putting this
21:38
as a red flag and going hang on, you're
21:41
all in the same tenant, you're all
21:42
collaborating on the same file
21:43
structure, maybe it's admin units,
21:45
configuration changes, but fundamentally
21:47
you're all in the same tenant. So maybe
21:49
that input should or inbound information
21:51
should always be the same. Once you've
21:54
selected these, you've got your steps
21:57
and controls you can do to mitigate
21:59
threats. So fishing protection, spoof
22:02
protection, it's all configured here.
22:03
You can set your thresholds. Microsoft
22:06
tell you what these thresholds look like
22:07
and what the aggressions are. You want
22:09
to enable protection impersonation. Do
22:12
we need to manage and protect specific
22:13
users within a business? So you can see
22:15
up to 350 internal and external users
22:18
for enabled protection. We can also just
22:21
protect on impersonation protection.
22:23
Again the security the secure score for
22:26
Microsoft do recommend these individual
22:28
changes. Uh we have a YouTube webinar
22:31
series coming out with my colleague Milo
22:33
who really does a deep dive into what
22:35
secure score is really offering and I
22:38
highly recommend reviewing that over the
22:40
six-part series seeing the differences
22:42
and the recommendations and and why
22:44
Microsoft do it where the pain points
22:46
why why is it implemented as we uplift
22:48
security layers we've got more policies
22:50
so they're all things we should be
22:52
considering when we make these changes
22:54
but Microsoft are changing this
22:56
regularly so when a new configuration
22:59
comes in. It's important for you guys to
23:01
be leveraging platforms like Enforcer
23:03
and their community like the Discord
23:05
community they have or the dispatchers
23:07
platform and webinar they use is really
23:09
important because we're looking at a new
23:11
features Microsoft introduced and we're
23:13
consolidating it and making it available
23:15
for MSPs. So I would highly recommend
23:17
leveraging it and fundamentally that's
23:20
how you configure the best practices in
23:22
email security. The last thing I want to
23:23
show you guys is the reports here. I
23:26
don't think they get enough credit, but
23:28
in here you can start running email and
23:30
collaboration reports which are run by
23:31
Microsoft. Gives you a real good
23:33
breakdown of what's going on with your
23:35
little web cards and we can export these
23:38
cards or you can start running reports
23:41
specifically about mailflow. What's the
23:43
route that things are taking? Managing
23:44
the schedules, reports for download.
23:47
Download as many reports as you need.
23:49
The ones I really will tackle and I
23:51
think really highlight some good reports
23:53
is a general security report from
23:55
Microsoft is a huge huge value. You can
23:58
run a complete export of this and it
24:00
generates a really good report which
24:02
we'll demonstrate at a later series or
24:04
later episode. But that's where we sit
24:07
when we talk about email security. It's
24:08
a single layer. Everything that we're
24:10
talking about when we talk about a
24:12
unified defense and then governance and
24:14
proof starts with using the Microsoft
24:16
native tools leveraging enforcer as your
24:19
multi-tenant single pane of glass with
24:21
quick links for your defend for your
24:23
service desk but fundamentally adding
24:26
that layer of additional governance that
24:27
we need when we talk about drift
24:29
detection we talk about alignments
24:31
keeping them on track with the ongoing
24:33
configuration we've got in place. So,
24:36
let's talk let's talk about recapping.
24:39
What do I want you guys to take away
24:41
from this? And I think there's four
24:43
areas we want to talk about. Stop
24:45
doubling the payments for email
24:47
protection. If you've already got
24:49
available in a license, I highly
24:51
encourage you to create a professional
24:54
services scope of works. Let's generate
24:56
income and sell the service of use using
24:59
Defender for Office. show them what
25:01
they're going to save on each month with
25:03
the external protection they've had
25:05
previously because at the end of the day
25:06
that's how we measure support costs.
25:08
Maybe we just absorb it and make it
25:10
happen. We've got enforcer now. We can
25:12
do these policy deployments in in very
25:15
little time overall. Look at the blind
25:17
spots. Gateways create blind spots. So
25:20
third party gateways are going to cause
25:22
internal threats. And it's not just
25:24
threats for the customer. They're blind
25:26
spots for you guys as MFPs as well.
25:28
Because if you don't have alerts coming
25:29
from them, sometimes you're not logging
25:31
into every single portal every day.
25:33
They're blind spots. Single point of
25:35
failure. Get those alerts generating
25:38
coming through into your PSA integration
25:40
or PSA platform. Look at the areas where
25:43
we've got blind spots and let's
25:44
remediate those. Leveraging Microsoft.
25:48
We have a native integrated solution
25:50
allin-one where we've got customers
25:52
using Microsoft. The MSPs watching this
25:55
are using Microsoft already. It's a
25:57
stack that we're utilizing. So let's
25:59
leverage every area. If a license is
26:01
operating operating offering sorry a
26:03
service we should be using it. Why
26:05
aren't we? So Microsoft plus purview
26:08
plus inforser completes the defense
26:11
cycle we talk about with defend govern
26:13
and prove those three measures we need
26:14
to complete and and adhere to and
26:17
challenge people on. And the last area
26:20
is transforming the policies into
26:21
evidence.
26:23
Enforcer turns those security
26:25
deployments into quantifiable ROI
26:28
showing attacks that are being blocked,
26:30
showing the drifts that are being
26:32
prevented and compliance maintained
26:34
across every managed tenant. We don't
26:36
have every single report, but you can
26:38
leverage what's available as I've shown
26:40
you today in the security center plus
26:42
the drift detection with your emails,
26:44
plus the assessment engine and the
26:46
alignment reports to demonstrate they're
26:48
still on track. There's been no change
26:49
to the environment. We're giving you the
26:51
best value for money. That starts with
26:53
ROI, quantifiable data, transforming
26:55
those policies, those configurations to
26:58
an enforced solution that we can
27:00
demonstrate with drift detection and
27:02
proof with the alignment reports and the
27:04
assessment engines that are available
27:05
with Enforcer. That guys is a wrap. Uh I
27:08
say it on at the end of every episode.
27:10
Now, if you want to know more, if you're
27:12
new to to what Force is offering and you
27:15
want to see a bit more of a demo as to
27:16
what it's going to do and you're you're
27:18
leveraging multiple tenants for your
27:20
customers, reach out to us, get a demo
27:22
with our with our sales team, engineers
27:25
like myself, our pre-sales technical
27:27
team like me, we'll be on those calls.
27:29
We can go through those solutions with
27:31
you, explain where that ROI and the
27:33
investment is available. Some, you know,
27:36
the idea of enforcer is to become that
27:38
embedded solution for yourselves. So
27:40
give us a call. Let's get a demo booked
27:42
in and we'll go from there. Thank you
27:44
very much for your time. Look out for
27:45
episode three. It's going to be about
27:47
managed uh endpoint security focusing
27:50
around where we can leverage that and
27:52
we'll be moving forward from there.
27:53
Thank you very much.

0:00
Hi all, welcome back to the managed
0:02
endpoint security part of the defend
0:05
improve series. This is episode three,
0:07
transforming endpoint agents chaos to uh
0:10
unified device defense. This topic for
0:13
me is really important. Um I can't
0:15
really stress it enough. I think it
0:17
really adds value when we talk about
0:19
removing all of the tools, all of the
0:21
agents we've had, that overload that
0:22
we've been putting and start that
0:24
consolidation piece. Being part of
0:26
enforcer, I'm very much a big believer
0:28
in the centralizing of a serious amount
0:31
of tools, restructuring ourselves as an
0:34
MSP and looking at where we sit on that
0:37
landscape of endpoint security in this
0:40
episode, but just across the board in
0:41
terms of the the the tools and the
0:43
products that we use, I think it's time
0:46
that MSPs start to restructure that. We
0:49
need to start defining what we need and
0:50
what we want embedded into the platform.
0:52
We've got RMM solutions that are
0:54
offering third party antivirus. That
0:56
just doesn't cut it anymore when we talk
0:58
about the bigger picture. Microsoft's
1:00
introduced this new XDR solution which
1:02
allows us to do Defender for Office,
1:04
Defender for Endpoint integration into
1:05
Microsoft Sentinel and really start to
1:08
build some really good models of
1:09
information.
1:12
This episode is just talking about
1:13
specifically endpoint security. And I
1:15
really want to go to town on identifying
1:17
where things sit here. So let's start
1:20
with the agent overload. It isn't a
1:23
security strategy. Everyone thinks it
1:26
is. Everyone thinks the more agents we
1:28
have and the different information and
1:30
the different platforms just allows us
1:31
to be a bit more spread across what we
1:33
look to manage. The truth is we need to
1:36
be a bit more aligned. We are all over
1:38
the place with multiple platforms,
1:40
multiple portals, multiple login with
1:42
very little kind of single pane of glass
1:44
to look at. And that's part of the
1:46
reason why Microsoft's injected $20
1:48
billion into security and protection is
1:51
to allow us to have that single pane of
1:53
glass in the security center. So
1:55
security.microsoft.com
1:57
really is that central point for us to
1:59
start seeing incidents, threats,
2:01
response and start that encompassed
2:03
XDRbased solution. Endless adding
2:07
security agents like antivirus, EDR,
2:10
VPNs really does lead to overwhelming
2:13
endpoint loads. And this is true. CPU
2:16
hitting 100% maxed out because our
2:18
antivirus, our third party antivirus is
2:20
running at the same time, our VPN's
2:22
running at the same time and EDR is
2:24
running. We've got ourselves to the
2:26
point over the last 10 years where we've
2:28
gone from 4 gig of RAM is enough, 8 gig
2:31
of RAM is enough, 16 gig of RAM to now
2:33
almost 32 gig is required when we use
2:36
too many agents that are managing and
2:38
monitoring and connecting to the
2:39
network. It's becoming an over overload.
2:42
We don't need more agents. We really do
2:44
need to start looking at alignments,
2:46
strategic security alignments and best
2:49
practices. And again, this is the reason
2:50
why Enforcers here is starting that
2:53
conversation, driving that change for us
2:55
to be focused on security alignments and
2:57
baseline management. Most of the
2:59
protection that we take or we need to
3:01
look at implementing starts with
3:03
identity, which is part of the next
3:04
episode, but it's all about protecting
3:07
the Microsoft data, the data that we're
3:09
using. And 90% of businesses nowadays
3:12
utilize and leverage Microsoft 365 in
3:14
some level of capacity if not all the
3:17
time in their business. And we've got to
3:19
make sure that we're utilizing the
3:20
products that are there. And Microsoft
3:21
have done a good job in making sure the
3:23
licenses are up to date with the right
3:24
information. It's taken them a while but
3:26
they have got there in the end. So where
3:28
does that look like? And this is where
3:31
this whole series has started as a a
3:32
modern MSP stack problem. The MSP stack
3:35
problem. The issues that we have as
3:37
tools. Well, we now need to look at
3:39
modern endpoints needs to start that
3:41
unification and solution. We need to
3:43
start removing the the junk that we have
3:46
the jumbled up management and
3:48
conflictions that we have in place for
3:50
different antiviruses, EDR encryptions,
3:52
MDM solutions and we need to start that
3:55
consolidation.
3:57
So what was the original model? How did
3:59
it look like before? Fragmenting
4:01
tooling. I think it's safe to say I've
4:03
already said it. separated AVs, EDR
4:05
solutions, encryptions, different MDM
4:07
vendors, but guess what? Not a single
4:10
one of them communicated properly.
4:11
Unless we had a PSA integration and a
4:13
platform and a dashboard and you had one
4:16
hell of an architect who can come up
4:17
with a brilliant solution, and there's
4:19
plenty of them out there, it was just
4:21
all over the place. No cohesion, no
4:23
communication between the lot. It was
4:24
all over. It was a nightmare. The other
4:26
one that I really find interesting when
4:28
I talk about this is the blind spots.
4:30
there's no cross signal correlation that
4:33
allows threats to slip through. It's
4:35
just it's just a no-brainer. It's that
4:37
breaching the gap. We need to start
4:39
securing that gap of areas. And the next
4:41
episode on identity really talks about
4:44
identity being the new perimeter. And
4:45
I'll be mentioning that again in the
4:46
future. So, watch out for that episode
4:48
that'll be dropping soon. Update issues,
4:51
desynchronized updates, create
4:53
vulnerability windows. We have to make
4:55
sure that we remove those CVE alerts and
4:58
events that come in and we keep things
4:59
up to date. And this was a big problem.
5:02
Guess what? We were adding another RMM
5:04
solution, another layer, another agent
5:06
that comes from our RMM tool that then
5:08
started dealing with updates rather than
5:10
leveraging what was already pre-built
5:11
and ready to go. Reporting headaches for
5:13
me was the biggest one. Cons
5:15
inconsistent reports across multiple
5:17
different tenants and dashboards drives
5:19
me mad. Back before we started
5:21
consolidating our own services at my
5:23
last job, everything was all over the
5:25
place. We'd be running a report in one
5:27
RMM, then we'd be going over to a
5:29
reporting solution somewhere else and
5:30
we'd be utilizing bright gauge, then
5:32
we'd be jumping into cloud radial. It
5:34
was just everywhere. PowerBI dashboards
5:37
being created so that we can consolidate
5:39
actually just created more noise for us.
5:41
Managing multiple tours for a single
5:43
alert often often ends up with conflict.
5:46
Endpoint security shouldn't be a
5:48
Frankenstein monster. I think it's a
5:50
really good statement. We shouldn't be
5:52
at the moment and back in the day. Our
5:54
legacy architecture really had
5:56
everything all over the place. It really
5:57
was a Frankenstein monster. And it's
5:59
time that we look at the modern model.
6:02
Where do we want to go? How do we want
6:04
our endpoints that we support day in and
6:06
day out to be centralized and unified
6:08
across the board? And that brings me
6:11
nicely to Microsoft the Microsoft way.
6:14
What does that look like? And this is
6:16
obviously where I'm driving this
6:17
conversation. It's defender. In tune
6:19
unification, Microsoft's endpoint stack
6:22
unifies what others attempt to
6:24
integrate. So where we've got other
6:26
competitive endpoint advantages or
6:29
competitive products, they're trying to
6:32
integrate into a platform and it's taken
6:33
them quite a while to get there. Well,
6:35
Microsoft's taken that 20 billion that
6:36
they've injected and guess what? They've
6:38
done it now. It's ready to go. So those
6:40
unified components are architectured to
6:43
be embedded with each other across the
6:45
board. So what does that look like? What
6:47
are those layers that I'm talking about?
6:48
Well, it's defender for endpoint. It's
6:50
in tune. It's Microsoft security
6:52
baseline delivery. It's configuration of
6:54
templates predefined. It's entry ID
6:56
join. It's defi device identity. Its
6:59
identity being that new perimeter. And
7:02
those functions are so critical. But
7:04
guess what? They're all embedded into
7:05
one another. So where do we go about
7:07
that visibility and that centralization?
7:10
And this is kind of where I see enforcer
7:12
tagging itself on. And I know I've
7:14
spoken about other vendors integration
7:16
but it's taking a product that can do
7:18
this at scale for you. So we start with
7:20
devices we have to enroll them into
7:22
intune we have to apply those policies
7:24
we have to add layers of protection. So
7:26
we implementing defender endpoint
7:29
Microsoft E365 portal
7:32
the visibility centralized for us and
7:34
then the last layer of this is proving
7:36
the value with the metrics that we have
7:38
and guess what enforcer offers it for
7:40
you the ability not only to cover those
7:42
points one to four but also report on
7:45
those in the same measurements. So the
7:47
ability to push out those policies,
7:49
monitor any drift detection, all of that
7:51
integration is available for us to
7:53
leverage when we look at the
7:55
consolidation of multiple antivirus spam
7:58
VPN tools and look at Microsoft being
8:00
that centralized node.
8:03
So where does that really sit for us
8:06
when we talk about and I've been talking
8:08
about this as part of defend and prove
8:09
this was just defense. Where do we go on
8:11
the next level of governance and proving
8:13
that value afterwards? Well, governance
8:15
is the central piece for us. It's all
8:18
about making sure that we are policy
8:20
aligned. Customers are using the
8:22
standard policies that we've configured.
8:24
Drift detection top of that list. We
8:26
need to know when someone's making a
8:28
change. And again, how intune and
8:30
defender align baseline deployment
8:32
validate validates the policy
8:34
application. Drift alerts flag disabled
8:37
defender protection. Cross tenant
8:39
dashboards ensure holistic visibility
8:41
for you guys. That single pane of glass.
8:44
And then framework mappings. Building
8:45
out your policies with the right policy
8:47
tags allows you guys to make sure you're
8:50
deploying the correct configurations and
8:52
the frameworks aligned for your
8:53
customers. All of that is available as
8:56
part of the governance package within
8:57
enforcement. The ability to defend, then
9:00
govern, and then finally look at the
9:02
proof which we'll jump on in just a
9:03
minute. It's so critical that we look at
9:06
that governance piece where we did the
9:08
configured, enforced, and effective
9:10
webinar. The principles are exactly the
9:12
same. We have to make sure that we start
9:14
with our configuration, our baseline
9:16
deployment validation. Then we focus on
9:19
the enforcement, the continuous drift
9:21
monitoring, making sure those real-time
9:22
alerts of the disable are up and
9:24
running. We are modifying anything that
9:26
comes in with the latest PSA integration
9:28
that enforcer has is becoming critical.
9:31
The ability for us to integrate into our
9:33
key platforms that we use cross tenant
9:35
alignment, unified dashboards across
9:37
client environments for consistent
9:39
security. We need to know what's going
9:41
on across all of them. So a single pane
9:43
of glass in enforcer to say everyone is
9:45
100% aligned to our baseline deployment
9:49
of absolute win.
9:51
And the last one is that framework
9:52
mapping which I've already said. So
9:55
where does that go moving forward? And
9:56
this parts this comes up next with the
9:58
proving of the value reporting and ROI
10:02
is where we look to measure for
10:03
ourselves. MSPs win back time and trust
10:06
when we can provide the right outputs,
10:07
when we can prove the value that we have
10:10
for that customer that we're driving
10:12
that proof, that proactiveness. So, we
10:14
want the protection coverage. We want to
10:16
be able to run an alignment report and
10:18
say you're 100% aligned to our
10:20
protection, our coverage. We can
10:22
genuinely say that what we've
10:24
implemented for you guys stops the gaps
10:26
and stops the breaches. Compliance
10:28
scoring again using tenant alignments
10:31
and policy tagging. We can make sure
10:32
they're aligned to the right policies we
10:34
configure. Leveraging enforcer we can
10:37
run those reports. Threat intelligence
10:40
is another big topic. How do we make
10:42
sure that we are protecting? Well, guess
10:44
what? We can make sure those policies
10:45
are configured correctly and prove the
10:47
value by leveraging Microsoft 365 and
10:50
the security center directly. And the
10:52
last one is the response metrics. We
10:54
want to turn your patching, your policy
10:57
and your protection information that you
10:58
are constantly telling them into an
11:00
actual story of value that you give. And
11:03
again, those assessment reports you can
11:05
run drive those conversations.
11:09
So let's look to try and wrap up the
11:11
four security loop. Configure, detect,
11:13
improve. Modern endpoint security isn't
11:15
about adding complexity anymore. It used
11:18
to be with all those multiple tools.
11:20
It's about knowing as much information
11:22
as you can scrape from the barrel on
11:24
those devices. And that means we need a
11:27
unified platform that we can do this
11:29
from. And that is Microsoft. That's
11:30
Microsoft's embedded solution. What does
11:32
that look like? Well, we've got our
11:34
configuration unified intune deployment.
11:36
We then have our detection defender
11:39
threat intelligence. And then finally
11:40
that proof forces measurable outcomes
11:43
making sure that we can generate and
11:44
show those assessments and those
11:45
outcomes directly within the report the
11:48
customers can take as value. Defender
11:50
Intune Enforcer completes the entire
11:52
security loop. And you'll see that with
11:54
that screenshot in the middle when we're
11:57
unifying our solutions, leveraging
11:59
Intune for device management, Defender
12:01
for the endpoint security, and then that
12:04
proof on the assessment engine, we've
12:06
really got a unified outcome, a single
12:08
pane of glass. Multi-tenant management
12:10
no longer needs to be a pain in the ass.
12:12
We can really start that centralized
12:14
piece. So finally key takeaways things I
12:18
want you guys to walk away with knowing
12:20
actually we can take this one step
12:22
further. We want to replace the agents
12:24
rule. Start with professional services
12:26
revenue guys. When you look at this
12:28
everything you look at here is money you
12:31
could be making revenue you can be
12:33
making from your customers. Replace the
12:34
agent. Consolidate. save money on the
12:37
agents and and the money you're spending
12:38
on those licenses for starters, but
12:41
provide a professional services cost to
12:43
provide them with a much better endpoint
12:45
security solution, which guess what's
12:46
built into the license baseline
12:48
alignment core. It's an ongoing service
12:51
we can offer. Being able to provide an
12:53
alignment to our core security standards
12:56
as an MSP is a service we can be
12:58
offering customers monthly. Microsoft
13:00
making changes to their platform every
13:02
single month. We need to be on the front
13:04
foot of that. We need to be adapting and
13:06
managing it immediately. And to do that,
13:08
we need to make sure they're already
13:09
aligned to our best practices. And we
13:10
can report on it monthly. Operationalize
13:14
enforcer. Transform the raw information
13:16
you're getting into actionable insights.
13:18
So use the entry ID dashboard. Run those
13:21
assessment reports and double check
13:22
where people are. Look at the
13:24
opportunities to gain more revenue
13:26
outcome professional services delivery.
13:28
And then finally, turn that data into
13:30
evidence.
13:32
Convert the information you're getting.
13:34
convert those alignment reports. See it
13:36
as evidence that you can produce to your
13:38
customer and insurance providers, cyber
13:40
insurance auditors proving the value
13:43
that we really offer customers. Security
13:45
milestones are achieved when we really
13:48
start to dig deeper on a unified
13:50
platform, a centralized opport
13:51
centralized piece and an opportunity for
13:53
us to really focus on new revenue
13:56
margins, new areas of revenue that we
13:58
can get as MSPs. we're too far behind
14:02
the times and we need to start catching
14:04
up and that starts with revolutionizing
14:06
AI. So part of the copio series we're
14:08
doing but also also focusing or
14:11
narrowing our focus on to really looking
14:13
at those three pillars the defense the
14:15
configuration the governance the drift
14:17
monitoring monitoring and then proving
14:19
that value leveraging those assessments.
14:22
That's a wrap guys. I hope this has been
14:24
useful. We've got our next episode is
14:26
managed identity protection. highly
14:28
recommend you guys get involved in that.
14:30
We've run the webinar already a couple
14:31
of weeks ago, so this is the next
14:33
opportunity to really see it. Any
14:35
questions, just give me a shout. Thank
14:36
you.

0:02
Hello guys, welcome back to the defend
0:04
govern series. This one is really
0:06
talking about managed identity and the
0:09
focus really on this topic is to
0:10
identify why we're having this
0:12
conversation. essentially what what's
0:14
the drive and the main area when we talk
0:16
about kind of defend govern and prove
0:18
the series that we're working on and
0:19
focusing on is talk about the big gaps
0:22
the areas where we talk about
0:24
unification of services products and
0:26
tools and one of those key areas that we
0:28
should always be focusing on is identity
0:30
protection it's that new central pillar
0:33
to security management across the board
0:37
it's our new firewall and I'll be
0:38
talking about this in a bit more detail
0:39
as we go the key to kind of stopping
0:41
breaches is is managed identity and we
0:44
we have to make sure that that gap is
0:46
bre is covered secure um because it
0:49
stops breaches from even beginning. It
0:51
it prevents us from almost needing that
0:53
element of ITDRbased solutions and
0:56
configurations.
0:58
So let's talk about the common thread.
1:01
Ask any sock what links every major
1:04
breach. The answer is always going to be
1:06
managed identity. It sits there from
1:09
start to finish. It works across the
1:11
board when we're talking about
1:12
infiltration and configuration.
1:15
The whole principle around this, it's
1:17
all about managed identity protection.
1:19
We have to protect the identity for not
1:21
just ourselves, but for all of our
1:22
customers, our colleagues, the people
1:24
that we work with day in and day out.
1:26
It's a central pillar to everything we
1:28
use in the safe browser in browser
1:30
history where we work day in and day
1:32
out. Security operations, security
1:34
operations centers, sorry, worldwide
1:36
report the same pattern. The compromised
1:38
identities are the entry point for the
1:40
vast majority of attacks. Malware
1:41
downloaded onto devices starts from
1:44
links we've clicked on through identity
1:46
breaches where an emails come through a
1:48
fishing campaign. Maybe it's been a
1:50
login. Someone's found a link because
1:52
they've been logged into a different
1:53
platform. Someone's logged in and stolen
1:55
LinkedIn credentials. We've had
1:58
harvested passwords over the years
2:00
across multiple platforms and we all
2:02
have our own vulnerabilities as a result
2:04
of this. It's plugging that gap. The
2:07
reality attackers don't break in. They
2:09
end up logging in. And it starts with
2:11
that simple scenario for us as MSPs, as
2:14
customers, anyone that works in the
2:16
technology world. Protect the identity.
2:19
Fill that gap. Prot protect the breach.
2:21
Prevent the breach. Sorry.
2:24
So, let's look at the identity problem.
2:26
Passwords, fishing, and privilege creep.
2:28
The modern risk landscape now presents
2:31
multiple identity vulnerabilities that
2:32
organizations struggle to address. We
2:35
have sophisticated fishing campaigns.
2:38
We're constantly having MFA fatigue,
2:39
which nowadays we're supporting
2:42
ourselves and solving with things like
2:43
number authentication on MFA, which does
2:46
help to resolve that, but it's still
2:47
fatigue. And fatigue causes multiple
2:50
problems. Number one, when you're your
2:52
own junior individual um in a in a
2:55
business, you just have to get on with
2:56
it. But the senior senior people that
2:58
are getting these MFA fatigue attacks,
3:01
if they've got thousands coming in an
3:03
hour, they're going to start saying, "I
3:04
want it removed. I don't want it
3:06
involved." That fatigue drives
3:09
kind of loss of protection because we're
3:11
being overruled by the people that own
3:12
that business to reduce the
3:14
requirements. Or if it's not just
3:15
reducing the requirements, we're
3:17
actually identifying that they've
3:18
already been breached because their
3:19
passwords been attacked, because there's
3:20
been so many attempts. Overprivileged
3:23
global admin accounts is also a real
3:26
concern with permanent access. We're in
3:29
a world now where most things don't
3:31
require us to have global admin accounts
3:34
active 247. Maybe we have it for break
3:36
glass accounts. Maybe we have back doors
3:38
in other areas like enterprise
3:40
application management. But the
3:42
fundamental truth is we don't need
3:44
global admin accounts on 24/7. We have
3:47
privileged identity management for that.
3:48
We have the opportunity to just have
3:50
those locked down and secured. As MSPs,
3:53
we should have partner center
3:54
engagement, GDAP relationships, and all
3:56
of our engineers should be 100%
3:59
leveraging those support accounts using
4:01
their own accounts to log into those
4:03
customer platforms. So many benefits to
4:05
it. Audit logging, trails, understanding
4:09
of what's what access there is, least
4:11
privilege permission management. We
4:13
don't need to have global admin to reset
4:15
a user's password, but we do need user
4:17
administrative account or help desk
4:18
admin if it's not even a VIP based user.
4:22
We've got all these kind of concepts
4:23
that we can be developing in encouraging
4:25
ourselves as in an MSP space and we're
4:27
not always the ones to do so.
4:30
So, let's look at the identity attack
4:32
chain. Where does it often start and how
4:34
does it end up happening? It starts with
4:36
fishing. Almost every single event we
4:39
talk about when it comes to identity
4:40
breaches starts with fishing. It's a
4:43
nightmare. It's the biggest breach we,
4:45
you know, our biggest compromised area,
4:47
an area we can always solve is those
4:50
fishing campaigns, whether it's SMS,
4:52
phone call, social engineering, an email
4:56
constantly. We can breach gaps with
4:57
things like defender for office,
4:59
consistent cyber training. I know it's a
5:01
pain in the ass to say, but it is
5:02
incredibly useful. Credential theft top
5:05
of the list importance the idea once
5:08
we've got this first breach the first
5:10
thing the attackers have done they've
5:11
got your credentials and they're going
5:13
to start token hijacking so session
5:14
cookie controls or they're going to go
5:16
one step further encourage you to do
5:18
device code and then gain access with
5:20
your session to cookie and then it
5:22
becomes a lateral movement and this I
5:24
think quite is is more often than not
5:26
forgotten about and this is why we use
5:28
things like Microsoft Defender XDR for
5:30
it to tell us a story of where that road
5:32
map is going what happened when that
5:34
breach took place. What accounts did
5:36
they have afterwards? Did they do
5:37
anything outside of having access to the
5:40
password and the account and sending a
5:42
few emails? That attack chain moment
5:44
allows us to start building a story that
5:46
we see. And we've got manage detection
5:48
coming up in a couple of episodes which
5:51
you guys can look into and see in a bit
5:52
more detail what it really means for a
5:54
managed detection solution. It's going
5:56
to drive that change. It gives us a bit
5:58
more of an insight as to how that
5:59
lateral movement piece works. managed
6:02
detection in the middle here or at the
6:04
end, sorry, is the pivotal point for us
6:06
to identify how an attack took place.
6:09
And that lateral movement that we're
6:10
referring to in this situation is the
6:13
movements that that attacker is doing.
6:15
But for us, we're going to see the
6:17
reactive side of that or the proactive
6:19
side. What steps can we take and what
6:20
steps were taken to then remediate these
6:22
lateral movements.
6:24
But this is kind of a visualization of
6:26
just how that attack takes place. It's
6:28
just four steps. Starts with a fishing.
6:30
You know, you uh attackers can genuinely
6:32
send thousands of thousands and
6:34
thousands of emails a day. Just takes
6:36
one breach and all of a sudden the whole
6:38
world's flipped upside down for that
6:40
company, that organization, even that
6:41
user.
6:43
In some instances, that fishing campaign
6:46
that was successful for that individual
6:48
user could potentially cost them their
6:50
job. And if you look at this as a
6:52
perspective as an IT partner, a trusted
6:54
partner for your organizations,
6:57
that responsibility kind of sits on us.
6:59
What steps can we take to make sure that
7:01
they don't have that vulnerability
7:03
defender for office attack campaigns no
7:06
before training fishing we can leverage
7:09
different platforms different products
7:11
to help us make sure cyber training is
7:13
in place so that people have got more
7:14
and more confidence and that
7:16
responsibility and onus is on them to
7:17
make sure they're definitely protecting
7:19
themselves further.
7:21
So let's look at the Microsoft stack.
7:24
The Microsoft identity stack is kind of
7:26
that multi-layer, that area that we can
7:28
focus on real protection, real
7:29
advancements and serious security and it
7:32
starts with the access control, the
7:34
control plane. What we're talking about
7:36
now is the control plane that we're
7:37
focusing on. We can start with access
7:40
controls. That's the conditions in which
7:42
we allow people to gain access to the
7:44
environment. And that product that we
7:45
use is conditional access or conditional
7:48
access policies. It enforces locations,
7:51
devices, user riskbased control metrics,
7:53
require device compliance, enforce MFA,
7:56
block legacy authentication.
7:58
When we talk about the central pillar to
8:01
security breaches and preventions,
8:03
conditional access is our front end.
8:06
It's our firewall for that identity
8:08
protection. It's the measures that we
8:10
can take. In order to get conditional
8:12
access, we need to do business premium.
8:13
We can't do that with lesser products
8:15
which means we are restricted to just
8:17
the controls Microsoft put in place
8:18
which in this instance nowadays is MFA
8:20
and block legacy authentication. It
8:23
misses those key areas with device code
8:26
fishing with um session control access
8:29
session timeouts more broader controls
8:31
for guest access and security frameworks
8:34
that cover not just the users but across
8:37
the entire environment device controls
8:39
and so on.
8:41
Then we look at the identity protection
8:43
and this is really where we protect the
8:45
environment and put that information
8:47
into Microsoft dete defender and that
8:49
sits with detection. So we have some
8:52
levels of detection with plan one. I've
8:54
put plan two in here specifically
8:56
because we're talking about detecting
8:57
risky signins impos imposes adaptive MFA
9:01
and risk based policies. Utilizing Entra
9:04
ID plan 2 gives us that ITDR coverage
9:09
like we implement ITDR products because
9:11
we want to make sure that we're
9:12
protecting environments and we're
9:14
monitoring what's going on. If we were
9:16
to provide a full identity coverage
9:19
protecting every area across the board,
9:22
we're almost making it obsolete. It's
9:24
always going to be needed because
9:25
there's always going to be risks
9:27
regardless for a business. But we we
9:29
take that potential risk and take it to
9:32
zero. The ability to kind of reduce that
9:35
down to zero is gamechanging for us
9:38
because it allows us to really provide a
9:40
true experience as to what we're
9:41
delivering. Then we've got our privilege
9:44
which is privileged identity management.
9:46
PIM just in time admin access. The
9:48
reality is we as administrators and
9:50
MSPs, we don't need privilege. We don't
9:53
need global admin accounts. 7:00 in the
9:55
morning, 8:00 in the morning, 5:00 in
9:57
the morning, 3:00 in the morning, 9:00
9:59
p.m., 10:00 p.m. We don't need it 24/7.
10:02
We're not working in their environment
10:04
24/7.
10:05
We do to a degree need it day-to-day.
10:08
There's no question about that. Maybe
10:09
it's ad hoc support. We're doing a
10:11
project, professional services, Defender
10:13
for Endpoint, Defender for Intune,
10:14
project migration,
10:16
Intune, sorry, project migrations. The
10:18
ability for us is taking that one-step
10:21
approach and and giving ourselves the
10:24
ability to elevate our rights when we
10:26
require require them. And this ticks the
10:29
boxes for things like cyber essentials,
10:31
ISO 27,0001.
10:33
We don't need the access unless we need
10:35
it. And they're always separate admin
10:37
accounts when we talk about privileged
10:39
identity management and the majority of
10:41
the work that we would normally do as
10:42
MSPs is going to be done with GDAP. So
10:44
that privileged identity management
10:46
uplift is associated to the direct
10:49
accounts within their environment. We
10:51
don't need this specifically for
10:52
ourselves within GDP access because
10:54
there are controls, there are measures,
10:55
there's MSA agreements. Don't forget
10:58
above all else, we're the trusted
10:59
partner for that customer monitoring.
11:03
This one really sits more for onrem AD,
11:06
but it it's completely present for entry
11:09
ID protection monitoring. We have
11:10
monitoring in place across across the
11:12
board. The answer is everyone needs it.
11:16
I deliberately put who really needs
11:17
this? We all do. If if we're using
11:20
on-prem AD hybrid identities, then we
11:22
should absolutely be implementing
11:24
defender for identity running that
11:26
across the board. Again, requires the
11:28
right level of licensing and permission
11:30
management. But regardless of whether
11:32
it's the defender for identity or it's
11:34
enter ID protection for monitoring, we
11:36
need to monitor the environments. I've
11:39
deliberately put defender for identity
11:40
here as the product because more often
11:42
than not we talk about identity and
11:44
everyone thinks defender for identity
11:46
and actually what they don't realize is
11:48
defender for identity is all about
11:49
on-prem AD and hybrid identity signals
11:53
entry id protection provides that
11:55
monitoring detection for cloudbased
11:57
identities
11:59
and the last area I'll talk on is
12:01
governance and identity uh around
12:04
governance so that's life cycle
12:05
management access reviews entitlement
12:07
vis visibility
12:08
It is a P2 license. I leveraged this
12:11
loads in my previous job. The focus on
12:14
needing identity protection and identity
12:16
governance is absolutely top of the
12:19
list. A lot of breaches not just don't
12:21
just happen with the users themselves,
12:23
but it's guest accounts can cause data
12:27
breaches if we over permission, we give
12:29
them too much access. We need to do life
12:32
cycle management, access reviews, and
12:34
entitlement management. And this comes
12:36
as a whole package around governance on
12:38
identity. The ability to review guest
12:40
accounts, make sure they're not
12:41
accessing things. If it's post 90 days
12:43
and they haven't signed in, we need to
12:45
be removing the accounts. Make a list,
12:47
but they need to go. And we can automate
12:49
those processes with access reviews. We
12:50
can automate with reviewing those
12:52
permissions. We can let guest accounts
12:54
know that their accounts are going to be
12:56
purged 14 days if they don't sign back
12:58
in. We have these controls and
13:00
measurements to allow us to really drive
13:02
home successful tidy Microsoft 365
13:06
environments that allow us to be the
13:08
best of the best in an ITDR situation.
13:12
The more that we control these layers in
13:14
identity, the stronger that we're going
13:16
to be providing a position for those
13:18
customers as a result.
13:21
So where does this all sit?
13:23
This starts with policy to proof managed
13:26
identity model. It all starts with the
13:29
configurations we do. We have to access
13:31
and evaluate what's going on. So we need
13:33
to evaluate the tenant identity posture.
13:36
This is legacy authentication. MFA
13:38
coverage, the admin account
13:39
proliferation. If you look at enforcer
13:42
as a whole, we have entry ID dashboard
13:44
gives you a single pane of glass to
13:46
assess what's going on in their entry
13:48
environment. Not only can we obviously
13:49
dig deep ourselves, but we can assess
13:52
those on the dashboard. We can run
13:53
specific checks within Entra uh with the
13:56
assessment engine. Once we've done those
13:58
reviews and we've spoken to the
14:00
customer, the next step on our journey
14:01
is going to be applying our best
14:03
practice policies. Policies that matter
14:05
to us as an MSP as as an an IT
14:09
professional, but is also critical for
14:11
the industry and the customer that we
14:13
work for. Every industry is different,
14:15
but the fundamental truth is identity
14:17
configuration is going to be the same no
14:19
matter where your in industry is because
14:21
we need to protect every single customer
14:23
we have. There isn't a unique tenant per
14:26
customer. There's a secure tenant across
14:29
the board. It's a standard process. When
14:32
you guys develop a best practice
14:34
baseline configuration for a Microsoft
14:37
365 tenant, all of that development is
14:40
standardized across your customers. When
14:42
we talk about best practice, we start
14:44
with Entra and that's conditional access
14:46
policies. That's maybe that privileged
14:47
identity management role, blocking
14:49
legacy authentication, enforcing MFA.
14:52
All those controls are things that we
14:54
need to start applying and that still
14:56
sits within the defense. We talk about
14:58
assess, we talk about apply, then we
15:00
talk about configuration.
15:02
Implementing those identity governance
15:04
is the next governance is the next step.
15:06
So we still haven't finished the
15:08
defensive package when we talk about
15:11
giving the best protection for managed
15:13
identity the managed identity model but
15:15
once we've done the configuration
15:17
entitlement management access packages
15:20
automating expiry policies making sure
15:22
that we don't have these potential
15:24
breaches with guest accounts we then
15:27
need to monitor and that comes through
15:29
with governance. So that's drift
15:31
detection, signing risking logs,
15:33
utilizing defender to make sure that we
15:35
are protecting devices, auto
15:37
remediations on identity risks. We
15:39
implement identity risky signins. If we
15:42
take away anything from today, maybe we
15:44
should be considering putting entry plan
15:46
2 across the board for all our customers
15:47
because we got so much control on the
15:50
one topic, the firewall, the identity
15:52
being the new perimeter. And then the
15:54
final element which we always talk about
15:56
is reports. We have to demonstrate that
15:58
we have that customer aligned to
16:01
security or industry best practices and
16:04
then we need to continue continuously
16:06
improve on this. Nothing stays the same.
16:09
Microsoft take testament to that. They
16:11
make sure that we we are on our toes all
16:13
the time. Constant changes and
16:15
configurations. It's a pain in the ass,
16:17
but it's an absolute necessity for us.
16:19
We have to be on top of our game and be
16:22
ready to make changes as they come in.
16:23
So we have to report on alignments
16:25
monthly. Demonstrates not just where the
16:28
customer sits, but it proves the value
16:30
that we're giving to our customers as a
16:32
result of this.
16:34
So let's look a bit more into the
16:35
enforcer integration. Visibility's MSAs
16:39
have always lacked is the multi-tenant
16:41
management view. The view of where
16:43
identity sits across the board. So for
16:46
us with defend, govern, and prove, we
16:48
need to configure those environments. We
16:50
assess, we configure, and then we
16:52
enforce. And those three elements still
16:55
sit within that defend, govern, improve.
16:57
It's that defense and that governance
16:59
when we talk about assessing,
17:01
configuring, and enforcing. But the
17:03
reality is on top of all this as well as
17:05
like the drift detection in place is we
17:08
have to prove the value. We have to make
17:10
sure we're running those assessments or
17:11
those alignment reports to generate
17:13
value. All three of those elements when
17:15
we talk about identity which is that new
17:17
firewall is available for us to
17:20
implement and deliver within enforcer
17:21
and we should absolutely be leveraging
17:23
this from start to finish.
17:26
So what does a zero trust metric looks
17:28
look like from philosophy to proof? I
17:32
love using that terminology. It's one
17:34
thing to claim for us that we enforce
17:36
MFA. It's in an entirely different
17:38
environment when we talk about
17:39
demonstrating that coverage. We don't
17:42
just say yes, we enforce MFA. We have to
17:45
prove it. When we talk about
17:46
regulations, regulatory businesses and
17:48
auditors, uh, insurance providers, more
17:52
often than not, and particularly
17:53
nowadays, we are being forced,
17:56
absolutely forced to prove and
17:57
demonstrate that we have this from the
17:59
day we implemented it on day one to 365
18:02
days later when the audit takes place.
18:04
All of that element is proving the
18:06
value. We have to demonstrate what we're
18:08
imple implementing and we can map those
18:11
identity controls to CIS, cyber
18:13
essentials, essententraliz on the
18:15
horizon. But for you guys, you can map
18:17
these compl uh um processes and prove
18:20
that value to your customers with the
18:23
assessment engine, the alignment reports
18:25
when we talk about our industry best
18:27
practices as an MSP specifically.
18:30
So let's look at key takeaways here.
18:33
Let's wrap this up nicely. We've got
18:36
serious areas that we need to consider.
18:38
Identity being that new perimeter I
18:40
think that needs to be hammered home to
18:42
most businesses nowadays is identity is
18:44
so important. If there's one thing we
18:47
can take away from this and and maybe we
18:49
do share this with our customers.
18:50
Customers need to know that identity is
18:53
that new firewall. Yeah, we have a
18:54
network. Yeah, we put firewalls in
18:56
place. But compromisation, fishing
18:59
campaigns, successful data breaches,
19:01
start with identity. start with those
19:03
campaigns against our own identity. It's
19:07
the most important thing that we should
19:08
be protecting. It doesn't matter if a
19:10
365 tenant has one user in for a
19:12
business or it has
19:14
150 users in or a thousand. It's the
19:17
same principles. The the security around
19:20
that tenant needs to be exactly the same
19:21
regardless. So, we do need to be
19:23
considering an uplift in licensing to
19:25
business premium. Yes, it comes at a
19:26
cost with your customer, maybe a cost to
19:29
a degree to yourselves, but the security
19:31
around it is absolutely priceless. So
19:34
many customers utilize Microsoft 365.
19:36
We're having this conversation because
19:38
there are breaches to this day.
19:41
Delivering that full stack of protection
19:43
is another thing we should consider. If
19:44
we've got customers on business premium,
19:46
we've got customers with entra plan
19:48
twos. Let's utilize the full stack.
19:51
focus on governance, detection,
19:52
implementing those highprofile changes
19:55
that are going to drive successful
19:57
protection for a customer's environment
19:59
and let's automate the proof. So Mike's
20:02
um enforcer particularly are going to be
20:03
driving out a scheduling agent shortly,
20:06
but right now we've got proof with drift
20:08
detection changes being made. Perfect
20:11
for co-management, perfect for customers
20:13
that have their own admin access,
20:15
perfect for us monitoring what's going
20:17
on in the customer's environment. we
20:19
also can sell this service. So aligning
20:21
to best practice, making sure that
20:23
customers are showing we're showing our
20:26
customers, sorry, that we are providing
20:27
that continuous value. And then the last
20:29
area is transforming that identity into
20:31
revenue. So whenever we talk about
20:33
anything to do with an MSP and products
20:36
that we implement, we're a business. We
20:38
have to make money. And we can do that
20:41
with driving revenue changes. The
20:44
reality is we pay we charge per user per
20:47
month more often than not or a flat fee
20:49
based on the customer's pro uh
20:51
portfolio.
20:52
But sometimes we overlook how important
20:55
security protection is and ongoing
20:57
security service offering. When we
20:58
provide break fix and reactive support,
21:00
we always sometimes overlook the
21:02
proactive steps we should be
21:03
implementing. Microsoft got hundreds of
21:05
changes this year. How do we manage
21:08
those? How do we make sure we're still
21:10
able to monitor that, implement it for
21:12
our customers, but also retain the
21:14
revenue that we should be getting? MSPs
21:16
have to be profitable because that's how
21:18
we drive successful change. It's how we
21:20
be proactive. It's how we demonstrate
21:22
proactive measures for our customers.
21:24
It's through knowledge that we will be a
21:26
profitable business. It's through
21:28
knowledge that security we're
21:29
implementing is going to drive
21:30
successful change.
21:33
So my last point
21:36
uh identity is the new perimeter. We
21:39
talk about defend govern and prove they
21:41
are pivot pivotal for us to drive
21:44
positive change. So the next episode we
21:46
got coming now is compliance and
21:48
governance and I really want to hammer
21:50
home where we talk about compliance and
21:52
governance. This doesn't just sit with
21:54
identity that we've spoken around life
21:56
cycle management access reviews. There's
21:59
so much more around compliance and
22:01
governance that we should be looking at
22:02
and implementing for our customers.
22:05
Thank you guys for watching. Uh all the
22:07
best and look forward to seeing you on
22:08
the next episode.

0:01
Hello guys, welcome back to the next
0:03
episode, episode five. This is the
0:04
manage compliance governance. It's all
0:06
part of that defend, govern improve
0:08
piece that we've been talking about over
0:09
the last x number of weeks or since the
0:12
beginning of the year around 2026. Um,
0:14
this really is talking about the
0:16
compliance and governance. And this is
0:18
focusing really on what's on offer in
0:20
the Microsoft stack. We've spent the
0:22
entire last four episodes really focused
0:24
on our MSP tool stack. The problems that
0:28
we have faced with the number of tools
0:30
that we're using, underutilizing them,
0:32
overutilizing them, not utilizing them
0:34
enough in terms of the product delivery,
0:37
conflicts within tools we have and
0:39
really focusing and giving ourselves the
0:41
opportunity more like a vision to see
0:43
that we can utilize and leverage the
0:45
majority of these products that we've
0:46
got elsewhere into a single source i.e.
0:50
Microsoft Defender or the Defender
0:52
suite, the Microsoft 365 environment as
0:54
a whole. Um, and this one is no
0:56
different. You know, we want to take the
0:58
the stresses of compliance, the stresses
1:00
of governance, how do we manage and
1:01
maintain that to a continuous proof
1:04
model, a model where we always need to
1:06
be and we always can provide continuous
1:08
evidence when we're being asked, whether
1:10
that's by auditors, regulations,
1:11
insurance providers, perhaps just our
1:14
customers generally. Managed compliance
1:16
and governance is the topic that I think
1:17
really sits in that model.
1:20
So, let's do a bit more of a deep dive
1:22
into this specifically. Compliance is
1:24
breaking that MSP model. And I think
1:26
this is a term I'll use quite heavily as
1:28
we talk about these sort of elements.
1:30
And everyone's going to sit there and
1:31
go, "What do you mean compliance is
1:33
breaking the MSP model?" The old
1:36
operating model eliminated this kind of
1:38
concept of we have to govern and we have
1:41
to be compliant with specific areas. And
1:43
that comes down to regulators, auditors,
1:46
um, frameworks and bodies that we we
1:48
have to uphold to now just didn't have
1:51
enough information as to what's
1:52
available or how models are created.
1:54
Some, you know, because of that drive
1:56
almost prevented some companies from
1:58
advancing to public cloud because they
2:00
couldn't catch up with the frameworks
2:02
and the opportunities and delivery.
2:05
This is changing the way we think about
2:07
modern work, modern MSP model. This is
2:10
this for me really defines most MSPs
2:14
going from a standard uh reactive kind
2:16
of based solution to a modernized MSP
2:20
operating model. And this really is
2:22
driven based on compliance and
2:24
governance. It reactive security doesn't
2:27
make you a modern MSP because they're
2:29
just the reactive and security proactive
2:31
steps in there. You're missing those two
2:33
other elements which is that governance
2:35
and that proof of value. So let's start
2:38
with seeing where this goes wrong. So
2:40
frameworks for starters and auditing
2:42
pressures and the same tooling. All of
2:44
these elements are different now. They
2:47
are frameworks we have to adhere to for
2:49
some of our customers and the list grows
2:51
more and more. Auditing customers are
2:54
now demanding more proof more frequency
2:56
of this evidence i.e. the continuous
2:58
proof that we now need to deliver. And
3:00
there's pressures on us from regulatory
3:02
requirements intensifying our security
3:04
needs, our data protection needs across
3:07
multiple sectors, not just individual
3:09
sectors we can think of off the top of
3:10
our head, but there are other sectors
3:12
that also need this change. And for us,
3:15
it's the same toing. It's legacy
3:17
approaches we've been having and as a
3:19
result, it can't handle the modern
3:21
demands. And this is a topic that I
3:23
think rings true for almost every MSP
3:25
that watches this today. We need to
3:28
start looking at a different model, a
3:30
different approach to how we handle
3:32
things moving forward. So what does it
3:35
look like as reality today? It's word
3:37
documents scattered across shared
3:39
drives, Excel trackers uploaded manually
3:41
each month. It's absolutely a nightmare.
3:45
And it's all done and delivered or or
3:48
exports of this evidence is all done
3:50
from senior engineers producing maybe a
3:52
one-off script that we don't want to
3:53
handle um or we won't change. manual
3:56
evidence we're having to collect. So,
3:57
when we're sending these quotes to
3:59
customers, we're doing like a one-off
4:01
professional services quote for an
4:03
audit.
4:04
Wouldn't it be great if that was a
4:06
monthly recurring service?
4:08
Changing our approach from this oneoff
4:10
project to monthly evidence. We're not
4:12
having to then fork out on additional
4:14
engineering costs, have additional labor
4:16
requirements when actually it's an
4:18
ongoing monthly service we're offering.
4:20
Whether there reports we can produce
4:22
from for example reinforce or other
4:24
vendors that there to to offer that
4:26
element.
4:27
It doesn't work at the moment with most
4:31
operating models. But just imagine that
4:32
change we can approach. How can we make
4:35
these changes? Where does that approach
4:36
take us? What are then as a result the
4:40
differences between governance and
4:41
compliance? Because the reality and I'm
4:43
going to emphasize this now. It's not
4:45
the same. It never has been. It never
4:47
will be. There is very much a real
4:49
difference between governance and
4:50
compliance. We merge the two. We always
4:53
have done collectively. We've thought
4:54
about that. We've always assumed
4:57
compliance is governance. Governance is
4:58
compliance. They're not. They're two
5:00
completely different models. And this
5:01
this here is the breakdown of the two.
5:03
We've got governance. It's how things
5:06
should be implemented in the
5:07
environment. The governant element, how
5:09
we can make sure and we can implement
5:11
what should be in place. That's
5:12
policies. That's standardization.
5:14
Yes, we're constantly talking about
5:16
standardization
5:18
because that's the strongest method for
5:19
good standards and good security
5:21
practices. Controlled frameworks is part
5:24
of governance. It's a governance model.
5:26
We have to make sure we are controlling
5:27
our environments with the right
5:29
frameworks for the businesses we work.
5:31
And this I think rings real true. It's
5:33
an intended state. So we want to
5:37
intentionally implement this as a state
5:39
across the customers we support.
5:42
It's really important to know that
5:43
because when we move to compliance, it
5:45
moves from intended to actual. And then
5:48
the last point is strategic direction.
5:51
So for strategic direction, it's it's
5:54
knowing the the goal in the area. Maybe
5:56
that's we're following a framework and
5:57
their direction is dictating where we're
5:59
moving. It's companies in their industry
6:02
changing the method and their approach
6:03
they're moving to. And then compliance
6:06
is proving what governance has been put
6:09
in place. So it's proving the value and
6:11
the information and the evidence that
6:12
we've implemented with governance. So
6:14
that's the evidence collection. It's the
6:16
audit readiness. So for co-pilot, we
6:19
have a co-pilot readiness assessment.
6:20
That's not relevant to regulations, but
6:22
the principle is very much the same.
6:24
It's a readiness report proving we are
6:26
ready for audits. And then this is what
6:28
rings true. It goes from intended state
6:31
to an actual state. It's that continuous
6:34
monitoring of an of a governance
6:36
environment. That's where compliance
6:38
governance sits. It sits across defend,
6:40
govern and prove completely does across
6:43
the entire suite. When we talk about
6:45
governance and compliance, this is the
6:47
layer that sits above the most important
6:48
elements of defense, governance and
6:50
proof. And then it's the operational
6:52
reality. And you'll talk to any
6:54
compliance and risk manager. We have to
6:57
be able to prove the intended state is
6:59
an actual state. It's ongoing. It's
7:01
continuous. And that's that operational
7:03
reality. Operationally, we are
7:05
continuingly updating and managing that
7:07
environment. And most organizations
7:09
confuse the two. You can't prove
7:11
compliance without governance and
7:12
governance without enforcement. It's
7:14
just documentation gathering dust. We
7:17
have to be able to demonstrate what we
7:18
implement. And that's where we talk
7:20
about and the episodes we've done in the
7:22
past. We've got configured versus
7:23
enforced versus effective. We've got
7:26
defense, governance, and proof. These
7:27
models that we dictate and we
7:29
demonstrate for you guys in our in our
7:31
series and webinars that we're doing
7:34
is to try and drive home that these
7:36
elements are so critical. There are
7:37
layers to the full defend, govern
7:40
scenario.
7:43
So what is our problem? The MSP scaling
7:46
issue. Where are we scaling as a
7:48
business? Where are we failing to scale
7:50
as a business? For us as MSPs, the
7:53
reality is every tenants's different. We
7:55
support thousands and thousands of
7:57
tenants across thousands of MSPs.
8:01
Every tenants somewhat unique. The
8:03
environments are unique and though
8:04
they're unique maybe because identity is
8:06
different. their SharePoint permission
8:08
management, their layouts, their
8:09
controls, their methodology, the
8:10
frameworks they work for, they're
8:12
different and there's different risk
8:14
appetites for different industries. And
8:16
sometimes
8:18
particularly products and vendors like
8:19
ourselves can quite often be mis misled
8:22
or unaware that different industries
8:24
have different appetites. Sometimes a
8:26
target with an MSP is a vertical target.
8:29
We're focused on the area we're we're
8:31
dealing with. We also have frameworks
8:33
that overlap. So control maps uh maps
8:36
across standards creating redundant work
8:38
and a confusion. As a result, frameworks
8:40
do overlap and sometimes we need a
8:43
centralized tool that can identify where
8:45
those overlaps are so we can control
8:46
those measurements appropriately. Here's
8:49
something we don't have in the mod the
8:51
op the old operating model for an MSP.
8:53
We have our tooling sprawl.
8:56
Each client brings on their stack,
8:58
multiplying complexity and exponentially
9:01
driving more complexity for ourselves.
9:04
As we bring in customers, they've got
9:06
previous legacy information. When we
9:08
talk about MSP's standardization, it's
9:11
not standardizing just because it's
9:13
simple for ourselves. It's standardizing
9:15
because the more that we control the
9:16
methods and the products we have, the
9:18
easier easier we become a specialist in
9:21
those fields. And the last area that we
9:23
really struggle on is human-driven
9:25
tracks. When we talk about compliance
9:26
governance, most areas that fail like
9:29
nonconformities in ISO as an example,
9:32
it's down to down to human error. We
9:35
haven't finished something. We haven't
9:36
followed the process. We haven't taken
9:37
the framework and implemented it as
9:39
accurately as we can be. That's driven
9:41
by human errors. If we're doing manual
9:42
processes, we don't scale beyond a
9:44
handful of the customers. So for an MSP
9:47
when we're talking about compliance and
9:49
governance which is so true to this date
9:51
and it will be for the next three or
9:52
four years as AI is forcing us down this
9:54
route as it is we need to be true to
9:57
what we can implement and we need to be
9:58
able to automate some of those
10:00
processes.
10:02
So what managed actually means? Really
10:05
good comment. Managed means repeatable,
10:08
provable and defensible outcomes.
10:10
Standardized controls, central
10:12
enforcement, continuous validation and
10:15
evidence always being ready is what
10:17
management is. Managed environments,
10:19
managed compliance and governance gives
10:21
us those four elements and four pillars
10:23
to work towards. If we can standardize
10:26
controls, we can define once apply
10:29
everywhere consistently without c uh
10:31
customization chaos. We know there's
10:33
going to be customs policies, but the
10:35
standards are the same. That allows us
10:38
to centrally enforce these products,
10:41
essentially enforce policies,
10:42
automatically apply them, remain that
10:44
enforcement across multiple tenants. Off
10:48
the back of that, we have continuous
10:49
validation. So real-time monitoring,
10:51
drift detection, the moment it happens
10:54
for us, we need to know what's going on
10:56
in the environment. That's continuous
10:58
validation. That's that element moving
11:00
transitioning from governance to
11:02
compliance. And then that evidence
11:04
that's always ready, the reports, the
11:06
alignment reports and enforcer
11:08
assessment reports, not just for
11:09
prospecting, but ongoing measurements.
11:12
Hopefully you can see the big
11:13
opportunity here. We've got four pillars
11:15
of control. Good news is Enforcer offers
11:18
all four and we've got that capability
11:20
to start measuring those things looking
11:22
at repeatability, provable and
11:25
defensible information. It will help fig
11:28
help you figure it all out. We can help
11:30
to define those elements for you and we
11:32
can also help to define this for us as a
11:34
business and also for our customers as
11:36
we move forward.
11:38
So the control plane shift
11:40
I don't think it gets used enough but
11:42
Microsoft of the two kind of main planes
11:44
our control plane and our data plane the
11:46
area we focus on when we look at
11:48
compliance and governance it sits above
11:50
data plane it's that control element
11:52
that we need to put in place so the
11:54
configuration to the control plane is
11:56
most important part those four pillars
11:58
we've just been talking about we need to
12:00
define the standard once create our
12:02
controls our baseline our security best
12:05
practices the frameworks that we're
12:06
working towards boards for our industry
12:08
verticals that we're managing and we
12:10
need to apply everywhere push to
12:12
standards across all of our tenants with
12:14
consistent enforcement. Then we monitor
12:16
with drift that helps with the
12:18
enforcement but it also helps to make
12:19
sure we're being proactive with our
12:21
customers. Catch those deviations
12:23
immediately allows us to make sure we're
12:25
continuously being compliant and we're
12:28
managing our governance. And then the
12:30
last point is proving that alignment. So
12:32
we can utilize alignment reports in
12:34
enforcer to prove that customers are on
12:37
the same journey they were 6 months ago
12:38
to where they are now. This is where
12:40
MSPs can start to evolve from fighting
12:42
the fires uh to operating true control
12:46
planes. Taking it from what Microsoft
12:47
has been giving us for the last x number
12:49
of years as an opportunity for it to be
12:52
the central control plane for a
12:54
cloud-based managed business,
12:56
particularly a Microsoftbased managed
12:58
business.
13:00
So let's talk about the frameworks. The
13:02
things that cause us probably the most
13:03
grief when we talk about compliance,
13:05
governance and and the whole kind of
13:07
central piece.
13:09
Frameworks give us a definition, an
13:11
opportunity to shape how we build out
13:14
and language. It's almost a language and
13:16
a structure that allows us to control
13:19
the methods and the frameworks around
13:20
the industry decisions that we make. The
13:23
critical mistakes we can do and and and
13:26
do make is is treating each framework as
13:29
a separate compliance project instead of
13:31
mapping the shared requirements across
13:33
all of these frameworks. It's a big
13:35
misconception is that every framework
13:38
needs a completely separate approach.
13:40
It's not strictly true. Um every
13:43
framework has overlaps. They always will
13:45
do. Like CIS controls are practical
13:47
security standards. Believe it or not,
13:50
most of those actual resilient
13:52
frameworks, the the regulatory
13:54
frameworks we have here like cyber
13:55
essentials, NIST 2, DORA, ISO 27,0001,
14:00
they work towards a central control and
14:03
most of them will probably poach some
14:04
level of policy management through CIS
14:06
controls. Um, they overlap. Hopefully,
14:10
it's easy enough to understand that we
14:12
can be mapping these utilizing policy
14:14
tags in Enforcer. we can map what
14:16
policies are associated to these
14:18
frameworks. Sometimes, not only does it
14:20
allow us to show that we're meeting
14:21
those alignment requirements, but think
14:23
about it outside the box. If 80% if
14:26
you're 100% aligned to Cyber Essentials
14:28
and you go through the alignment page
14:30
and actually they're 90% aligned to NIST
14:32
2, maybe that's a framework we could be
14:35
moving towards. Maybe it's just a few
14:37
more control methods we could be
14:38
implementing. So, if
14:40
a company comes to us and says,
14:42
"Actually, we want to be this two as
14:43
well." Great. Here's a small piece of
14:46
project work, but you're already 92%
14:48
there. Happy days. We're we're rolling
14:50
in this compliance model and maybe it's
14:52
an ongoing managed service offering
14:54
where we're already driving those
14:56
positive changes. We're implementing the
14:57
right controls and the right frameworks
14:59
with very little pain.
15:02
So, what does continuous compliance look
15:04
like? Compliance is a state. It's not an
15:07
event, which means it's ongoing. It's a
15:09
continuous measurement of controls,
15:11
measures that we implement for a
15:13
business. is something we have to make
15:15
sure is being monitored and managed
15:16
daily, not just once and then leave it
15:19
for 180 days or leave it just until the
15:21
week before the next audit. If
15:23
compliance only exists during audit
15:25
week, it doesn't exist at all. It's comp
15:27
it's compliance theater, not operational
15:30
security. And that really rings true.
15:33
When we implement all of this the week
15:35
before an audit and during the audit
15:37
week and then we get rid of it
15:38
thereafter, we're removing that
15:40
operational security element. Compliance
15:42
is there to drive a security model, a
15:45
model where we don't need ITDR platforms
15:47
because we're we're we're stopping that
15:49
gap before it even appears. Compliance
15:53
will drive a positive operational
15:56
security outcome. As much as it sounds
15:58
boring and tedious, it does have a
16:00
process in mind. When I say it's a
16:03
state, it's like a mindfulness
16:05
statement. It's a state of mind. It's
16:07
exactly the same when we talk about an
16:09
operating model. It is a state in which
16:11
we're continually act continually
16:13
monitoring it. It's an actual intent of
16:15
what we're doing.
16:18
So let's wrap up slightly. The MSP value
16:20
shift from reactive support to a
16:22
governance partner. One of the pe one of
16:24
the companies I spoke to more recently
16:26
spoke about being a trusted partner. We
16:29
have loads if not thousands of MSPs out
16:32
there that provide a reactive support
16:33
and they want to be that trusted
16:35
partner. How can we demonstrate that as
16:38
a business? I think that starts with you
16:40
guys as MSPs, as customers as well,
16:42
acknowledging that your IT, if it's
16:44
external,
16:45
it's a partnership. So why don't we have
16:48
these operating models, these modern
16:51
authentication or managed service models
16:53
where we talk about security
16:54
partnership, governance partnership? We
16:56
have these MSA agreements and these
16:59
partnership agreements in place. We
17:01
should be looking to bundle these
17:02
services where we can, but also operate
17:05
offer these kind of elevated support
17:07
models. So I want to encourage us to be
17:09
a re from go from reactive support to a
17:11
governance partner,
17:13
compliance partner. You can call it
17:15
governance as a service for all I care
17:17
but looking at this as a partnership
17:20
rather than a reactive support model.
17:22
Taking your relationship with your
17:23
customers that one step further and
17:25
looking through the lens of being a
17:28
better partner. It it delivers higher
17:31
trust, stickier relationships which when
17:33
we want to retain our customers is so
17:35
important. Compliance governance creates
17:37
that deep integration and that's really
17:40
difficult to replace. So when we talk
17:42
about outstanding partnerships, we want
17:44
to take it that one step further and
17:46
become a stickier relationship and this
17:48
generates better margins. Premium
17:51
services command premium pricing. If we
17:54
are providing a deep integration with
17:55
their business and creating that really
17:57
builtin relationship, that trust,
18:00
companies quite often have no problem in
18:02
providing money for a premium service.
18:05
escape the uh commoditized support trap
18:07
and focus on that premium service
18:09
offering that you are already giving
18:12
and this delivers a clear
18:15
differentiation. It stands you guys out
18:17
from the crowded market with provable
18:19
repeatable governance capabilities. So
18:22
yeah, you can start to lower margins
18:23
because of repeatability, but your trust
18:26
in your partnership proves the value
18:28
that you're offering to customers.
18:32
So this really brings to the last point
18:34
really. It shows you hopefully from this
18:36
whole little um YouTube video that
18:40
defend govern improve model is actually
18:42
very much the the lay of the land. Now
18:44
this is our modern operating model
18:48
defense security controls active
18:50
protection that implementation of
18:53
configurations and standards of best
18:55
practice. That is your defense. It
18:57
models in and it oversits with
18:59
governance your standards, policies and
19:01
more importantly the enforcement of
19:02
those the ongrown drift detection. And
19:05
then we sit at the very end of this with
19:07
proving the value. We have to be able to
19:08
demonstrate the evidence, the assurance
19:10
and the compliance that we sit in with
19:12
the customer.
19:14
So when I spend my life talking about
19:16
these three tier models, it fits with a
19:19
modern Microsoft or modern MSP operating
19:22
model. Compliance sits for us across all
19:25
three of these. You can't defend what
19:27
you what you don't govern and you can't
19:29
prove either without continuous
19:31
evidence. So when we talk about that
19:34
merged solution of compliance and
19:36
governance and I do still see it as that
19:37
to be fair, it's important to understand
19:39
they're two different models but very
19:42
much so sit across those three tiers,
19:44
those three pillars that we've been
19:45
talking about today. And I want to
19:47
finish on the last thing, I promise.
19:49
Stop chasing compliance. Let's start
19:52
controlling it. If you're still relying
19:54
on documents, screenshots, manual
19:56
evidence, collections, you're already
19:58
behind the curve. You need to start
20:00
getting ahead of the game. The future of
20:02
managed compliance isn't about working
20:04
harder. It's about working
20:06
systematically. The question isn't
20:08
whether to evolve in this instance. It's
20:10
whether you'll lead the change or be
20:12
less scrambling to catch it up. And this
20:15
statement right here is going to apply
20:17
to every single MSP out there. We need
20:20
to be ahead of the game. There are
20:21
companies that specialize in it. Great.
20:22
They're well ahead of the game. But
20:24
could you imagine an automated
20:26
repeatable service you can offer around
20:28
data governance, compliance, governance
20:31
as an entire piece that you can offer to
20:33
your customers. Not only are you
20:35
providing a new operating service model,
20:38
but you're building value. You're
20:40
driving customer positive exchanges and
20:42
proactive measures that becomes a high
20:45
trust relationship with your customers.
20:47
Think about that when we talk about the
20:49
next model on moderate modding
20:51
modernizing operating models. The next
20:54
episode that's coming up is manage
20:56
detection talking about how we can bake
20:59
in defender XDR the defender suite whole
21:02
bunch of uh more wonderful documentation
21:04
and information around that. Any
21:06
questions please reach out. If you feel
21:09
that this resonates with you guys and
21:10
you're on this now and you want to talk
21:12
about kind of governance moving forward
21:14
enforcing best practice. Yes, I'm using
21:16
Enforcer as the name there. Reach out.
21:19
Let's have a conversation. Let's start
21:21
building your new modern MSP operating
21:23
model. Let's take you from where you are
21:25
now to where you want to be. It's a
21:27
journey and for us it's a partnership
21:29
with you guys as well. Thank you.

0:01
Hello guys, welcome back to the next
0:03
episode, episode five. This is the
0:04
manage compliance governance. It's all
0:06
part of that defend, govern improve
0:08
piece that we've been talking about over
0:09
the last x number of weeks or since the
0:12
beginning of the year around 2026. Um,
0:14
this really is talking about the
0:16
compliance and governance. And this is
0:18
focusing really on what's on offer in
0:20
the Microsoft stack. We've spent the
0:22
entire last four episodes really focused
0:24
on our MSP tool stack. The problems that
0:28
we have faced with the number of tools
0:30
that we're using, underutilizing them,
0:32
overutilizing them, not utilizing them
0:34
enough in terms of the product delivery,
0:37
conflicts within tools we have and
0:39
really focusing and giving ourselves the
0:41
opportunity more like a vision to see
0:43
that we can utilize and leverage the
0:45
majority of these products that we've
0:46
got elsewhere into a single source i.e.
0:50
Microsoft Defender or the Defender
0:52
suite, the Microsoft 365 environment as
0:54
a whole. Um, and this one is no
0:56
different. You know, we want to take the
0:58
the stresses of compliance, the stresses
1:00
of governance, how do we manage and
1:01
maintain that to a continuous proof
1:04
model, a model where we always need to
1:06
be and we always can provide continuous
1:08
evidence when we're being asked, whether
1:10
that's by auditors, regulations,
1:11
insurance providers, perhaps just our
1:14
customers generally. Managed compliance
1:16
and governance is the topic that I think
1:17
really sits in that model.
1:20
So, let's do a bit more of a deep dive
1:22
into this specifically. Compliance is
1:24
breaking that MSP model. And I think
1:26
this is a term I'll use quite heavily as
1:28
we talk about these sort of elements.
1:30
And everyone's going to sit there and
1:31
go, "What do you mean compliance is
1:33
breaking the MSP model?" The old
1:36
operating model eliminated this kind of
1:38
concept of we have to govern and we have
1:41
to be compliant with specific areas. And
1:43
that comes down to regulators, auditors,
1:46
um, frameworks and bodies that we we
1:48
have to uphold to now just didn't have
1:51
enough information as to what's
1:52
available or how models are created.
1:54
Some, you know, because of that drive
1:56
almost prevented some companies from
1:58
advancing to public cloud because they
2:00
couldn't catch up with the frameworks
2:02
and the opportunities and delivery.
2:05
This is changing the way we think about
2:07
modern work, modern MSP model. This is
2:10
this for me really defines most MSPs
2:14
going from a standard uh reactive kind
2:16
of based solution to a modernized MSP
2:20
operating model. And this really is
2:22
driven based on compliance and
2:24
governance. It reactive security doesn't
2:27
make you a modern MSP because they're
2:29
just the reactive and security proactive
2:31
steps in there. You're missing those two
2:33
other elements which is that governance
2:35
and that proof of value. So let's start
2:38
with seeing where this goes wrong. So
2:40
frameworks for starters and auditing
2:42
pressures and the same tooling. All of
2:44
these elements are different now. They
2:47
are frameworks we have to adhere to for
2:49
some of our customers and the list grows
2:51
more and more. Auditing customers are
2:54
now demanding more proof more frequency
2:56
of this evidence i.e. the continuous
2:58
proof that we now need to deliver. And
3:00
there's pressures on us from regulatory
3:02
requirements intensifying our security
3:04
needs, our data protection needs across
3:07
multiple sectors, not just individual
3:09
sectors we can think of off the top of
3:10
our head, but there are other sectors
3:12
that also need this change. And for us,
3:15
it's the same toing. It's legacy
3:17
approaches we've been having and as a
3:19
result, it can't handle the modern
3:21
demands. And this is a topic that I
3:23
think rings true for almost every MSP
3:25
that watches this today. We need to
3:28
start looking at a different model, a
3:30
different approach to how we handle
3:32
things moving forward. So what does it
3:35
look like as reality today? It's word
3:37
documents scattered across shared
3:39
drives, Excel trackers uploaded manually
3:41
each month. It's absolutely a nightmare.
3:45
And it's all done and delivered or or
3:48
exports of this evidence is all done
3:50
from senior engineers producing maybe a
3:52
one-off script that we don't want to
3:53
handle um or we won't change. manual
3:56
evidence we're having to collect. So,
3:57
when we're sending these quotes to
3:59
customers, we're doing like a one-off
4:01
professional services quote for an
4:03
audit.
4:04
Wouldn't it be great if that was a
4:06
monthly recurring service?
4:08
Changing our approach from this oneoff
4:10
project to monthly evidence. We're not
4:12
having to then fork out on additional
4:14
engineering costs, have additional labor
4:16
requirements when actually it's an
4:18
ongoing monthly service we're offering.
4:20
Whether there reports we can produce
4:22
from for example reinforce or other
4:24
vendors that there to to offer that
4:26
element.
4:27
It doesn't work at the moment with most
4:31
operating models. But just imagine that
4:32
change we can approach. How can we make
4:35
these changes? Where does that approach
4:36
take us? What are then as a result the
4:40
differences between governance and
4:41
compliance? Because the reality and I'm
4:43
going to emphasize this now. It's not
4:45
the same. It never has been. It never
4:47
will be. There is very much a real
4:49
difference between governance and
4:50
compliance. We merge the two. We always
4:53
have done collectively. We've thought
4:54
about that. We've always assumed
4:57
compliance is governance. Governance is
4:58
compliance. They're not. They're two
5:00
completely different models. And this
5:01
this here is the breakdown of the two.
5:03
We've got governance. It's how things
5:06
should be implemented in the
5:07
environment. The governant element, how
5:09
we can make sure and we can implement
5:11
what should be in place. That's
5:12
policies. That's standardization.
5:14
Yes, we're constantly talking about
5:16
standardization
5:18
because that's the strongest method for
5:19
good standards and good security
5:21
practices. Controlled frameworks is part
5:24
of governance. It's a governance model.
5:26
We have to make sure we are controlling
5:27
our environments with the right
5:29
frameworks for the businesses we work.
5:31
And this I think rings real true. It's
5:33
an intended state. So we want to
5:37
intentionally implement this as a state
5:39
across the customers we support.
5:42
It's really important to know that
5:43
because when we move to compliance, it
5:45
moves from intended to actual. And then
5:48
the last point is strategic direction.
5:51
So for strategic direction, it's it's
5:54
knowing the the goal in the area. Maybe
5:56
that's we're following a framework and
5:57
their direction is dictating where we're
5:59
moving. It's companies in their industry
6:02
changing the method and their approach
6:03
they're moving to. And then compliance
6:06
is proving what governance has been put
6:09
in place. So it's proving the value and
6:11
the information and the evidence that
6:12
we've implemented with governance. So
6:14
that's the evidence collection. It's the
6:16
audit readiness. So for co-pilot, we
6:19
have a co-pilot readiness assessment.
6:20
That's not relevant to regulations, but
6:22
the principle is very much the same.
6:24
It's a readiness report proving we are
6:26
ready for audits. And then this is what
6:28
rings true. It goes from intended state
6:31
to an actual state. It's that continuous
6:34
monitoring of an of a governance
6:36
environment. That's where compliance
6:38
governance sits. It sits across defend,
6:40
govern and prove completely does across
6:43
the entire suite. When we talk about
6:45
governance and compliance, this is the
6:47
layer that sits above the most important
6:48
elements of defense, governance and
6:50
proof. And then it's the operational
6:52
reality. And you'll talk to any
6:54
compliance and risk manager. We have to
6:57
be able to prove the intended state is
6:59
an actual state. It's ongoing. It's
7:01
continuous. And that's that operational
7:03
reality. Operationally, we are
7:05
continuingly updating and managing that
7:07
environment. And most organizations
7:09
confuse the two. You can't prove
7:11
compliance without governance and
7:12
governance without enforcement. It's
7:14
just documentation gathering dust. We
7:17
have to be able to demonstrate what we
7:18
implement. And that's where we talk
7:20
about and the episodes we've done in the
7:22
past. We've got configured versus
7:23
enforced versus effective. We've got
7:26
defense, governance, and proof. These
7:27
models that we dictate and we
7:29
demonstrate for you guys in our in our
7:31
series and webinars that we're doing
7:34
is to try and drive home that these
7:36
elements are so critical. There are
7:37
layers to the full defend, govern
7:40
scenario.
7:43
So what is our problem? The MSP scaling
7:46
issue. Where are we scaling as a
7:48
business? Where are we failing to scale
7:50
as a business? For us as MSPs, the
7:53
reality is every tenants's different. We
7:55
support thousands and thousands of
7:57
tenants across thousands of MSPs.
8:01
Every tenants somewhat unique. The
8:03
environments are unique and though
8:04
they're unique maybe because identity is
8:06
different. their SharePoint permission
8:08
management, their layouts, their
8:09
controls, their methodology, the
8:10
frameworks they work for, they're
8:12
different and there's different risk
8:14
appetites for different industries. And
8:16
sometimes
8:18
particularly products and vendors like
8:19
ourselves can quite often be mis misled
8:22
or unaware that different industries
8:24
have different appetites. Sometimes a
8:26
target with an MSP is a vertical target.
8:29
We're focused on the area we're we're
8:31
dealing with. We also have frameworks
8:33
that overlap. So control maps uh maps
8:36
across standards creating redundant work
8:38
and a confusion. As a result, frameworks
8:40
do overlap and sometimes we need a
8:43
centralized tool that can identify where
8:45
those overlaps are so we can control
8:46
those measurements appropriately. Here's
8:49
something we don't have in the mod the
8:51
op the old operating model for an MSP.
8:53
We have our tooling sprawl.
8:56
Each client brings on their stack,
8:58
multiplying complexity and exponentially
9:01
driving more complexity for ourselves.
9:04
As we bring in customers, they've got
9:06
previous legacy information. When we
9:08
talk about MSP's standardization, it's
9:11
not standardizing just because it's
9:13
simple for ourselves. It's standardizing
9:15
because the more that we control the
9:16
methods and the products we have, the
9:18
easier easier we become a specialist in
9:21
those fields. And the last area that we
9:23
really struggle on is human-driven
9:25
tracks. When we talk about compliance
9:26
governance, most areas that fail like
9:29
nonconformities in ISO as an example,
9:32
it's down to down to human error. We
9:35
haven't finished something. We haven't
9:36
followed the process. We haven't taken
9:37
the framework and implemented it as
9:39
accurately as we can be. That's driven
9:41
by human errors. If we're doing manual
9:42
processes, we don't scale beyond a
9:44
handful of the customers. So for an MSP
9:47
when we're talking about compliance and
9:49
governance which is so true to this date
9:51
and it will be for the next three or
9:52
four years as AI is forcing us down this
9:54
route as it is we need to be true to
9:57
what we can implement and we need to be
9:58
able to automate some of those
10:00
processes.
10:02
So what managed actually means? Really
10:05
good comment. Managed means repeatable,
10:08
provable and defensible outcomes.
10:10
Standardized controls, central
10:12
enforcement, continuous validation and
10:15
evidence always being ready is what
10:17
management is. Managed environments,
10:19
managed compliance and governance gives
10:21
us those four elements and four pillars
10:23
to work towards. If we can standardize
10:26
controls, we can define once apply
10:29
everywhere consistently without c uh
10:31
customization chaos. We know there's
10:33
going to be customs policies, but the
10:35
standards are the same. That allows us
10:38
to centrally enforce these products,
10:41
essentially enforce policies,
10:42
automatically apply them, remain that
10:44
enforcement across multiple tenants. Off
10:48
the back of that, we have continuous
10:49
validation. So real-time monitoring,
10:51
drift detection, the moment it happens
10:54
for us, we need to know what's going on
10:56
in the environment. That's continuous
10:58
validation. That's that element moving
11:00
transitioning from governance to
11:02
compliance. And then that evidence
11:04
that's always ready, the reports, the
11:06
alignment reports and enforcer
11:08
assessment reports, not just for
11:09
prospecting, but ongoing measurements.
11:12
Hopefully you can see the big
11:13
opportunity here. We've got four pillars
11:15
of control. Good news is Enforcer offers
11:18
all four and we've got that capability
11:20
to start measuring those things looking
11:22
at repeatability, provable and
11:25
defensible information. It will help fig
11:28
help you figure it all out. We can help
11:30
to define those elements for you and we
11:32
can also help to define this for us as a
11:34
business and also for our customers as
11:36
we move forward.
11:38
So the control plane shift
11:40
I don't think it gets used enough but
11:42
Microsoft of the two kind of main planes
11:44
our control plane and our data plane the
11:46
area we focus on when we look at
11:48
compliance and governance it sits above
11:50
data plane it's that control element
11:52
that we need to put in place so the
11:54
configuration to the control plane is
11:56
most important part those four pillars
11:58
we've just been talking about we need to
12:00
define the standard once create our
12:02
controls our baseline our security best
12:05
practices the frameworks that we're
12:06
working towards boards for our industry
12:08
verticals that we're managing and we
12:10
need to apply everywhere push to
12:12
standards across all of our tenants with
12:14
consistent enforcement. Then we monitor
12:16
with drift that helps with the
12:18
enforcement but it also helps to make
12:19
sure we're being proactive with our
12:21
customers. Catch those deviations
12:23
immediately allows us to make sure we're
12:25
continuously being compliant and we're
12:28
managing our governance. And then the
12:30
last point is proving that alignment. So
12:32
we can utilize alignment reports in
12:34
enforcer to prove that customers are on
12:37
the same journey they were 6 months ago
12:38
to where they are now. This is where
12:40
MSPs can start to evolve from fighting
12:42
the fires uh to operating true control
12:46
planes. Taking it from what Microsoft
12:47
has been giving us for the last x number
12:49
of years as an opportunity for it to be
12:52
the central control plane for a
12:54
cloud-based managed business,
12:56
particularly a Microsoftbased managed
12:58
business.
13:00
So let's talk about the frameworks. The
13:02
things that cause us probably the most
13:03
grief when we talk about compliance,
13:05
governance and and the whole kind of
13:07
central piece.
13:09
Frameworks give us a definition, an
13:11
opportunity to shape how we build out
13:14
and language. It's almost a language and
13:16
a structure that allows us to control
13:19
the methods and the frameworks around
13:20
the industry decisions that we make. The
13:23
critical mistakes we can do and and and
13:26
do make is is treating each framework as
13:29
a separate compliance project instead of
13:31
mapping the shared requirements across
13:33
all of these frameworks. It's a big
13:35
misconception is that every framework
13:38
needs a completely separate approach.
13:40
It's not strictly true. Um every
13:43
framework has overlaps. They always will
13:45
do. Like CIS controls are practical
13:47
security standards. Believe it or not,
13:50
most of those actual resilient
13:52
frameworks, the the regulatory
13:54
frameworks we have here like cyber
13:55
essentials, NIST 2, DORA, ISO 27,0001,
14:00
they work towards a central control and
14:03
most of them will probably poach some
14:04
level of policy management through CIS
14:06
controls. Um, they overlap. Hopefully,
14:10
it's easy enough to understand that we
14:12
can be mapping these utilizing policy
14:14
tags in Enforcer. we can map what
14:16
policies are associated to these
14:18
frameworks. Sometimes, not only does it
14:20
allow us to show that we're meeting
14:21
those alignment requirements, but think
14:23
about it outside the box. If 80% if
14:26
you're 100% aligned to Cyber Essentials
14:28
and you go through the alignment page
14:30
and actually they're 90% aligned to NIST
14:32
2, maybe that's a framework we could be
14:35
moving towards. Maybe it's just a few
14:37
more control methods we could be
14:38
implementing. So, if
14:40
a company comes to us and says,
14:42
"Actually, we want to be this two as
14:43
well." Great. Here's a small piece of
14:46
project work, but you're already 92%
14:48
there. Happy days. We're we're rolling
14:50
in this compliance model and maybe it's
14:52
an ongoing managed service offering
14:54
where we're already driving those
14:56
positive changes. We're implementing the
14:57
right controls and the right frameworks
14:59
with very little pain.
15:02
So, what does continuous compliance look
15:04
like? Compliance is a state. It's not an
15:07
event, which means it's ongoing. It's a
15:09
continuous measurement of controls,
15:11
measures that we implement for a
15:13
business. is something we have to make
15:15
sure is being monitored and managed
15:16
daily, not just once and then leave it
15:19
for 180 days or leave it just until the
15:21
week before the next audit. If
15:23
compliance only exists during audit
15:25
week, it doesn't exist at all. It's comp
15:27
it's compliance theater, not operational
15:30
security. And that really rings true.
15:33
When we implement all of this the week
15:35
before an audit and during the audit
15:37
week and then we get rid of it
15:38
thereafter, we're removing that
15:40
operational security element. Compliance
15:42
is there to drive a security model, a
15:45
model where we don't need ITDR platforms
15:47
because we're we're we're stopping that
15:49
gap before it even appears. Compliance
15:53
will drive a positive operational
15:56
security outcome. As much as it sounds
15:58
boring and tedious, it does have a
16:00
process in mind. When I say it's a
16:03
state, it's like a mindfulness
16:05
statement. It's a state of mind. It's
16:07
exactly the same when we talk about an
16:09
operating model. It is a state in which
16:11
we're continually act continually
16:13
monitoring it. It's an actual intent of
16:15
what we're doing.
16:18
So let's wrap up slightly. The MSP value
16:20
shift from reactive support to a
16:22
governance partner. One of the pe one of
16:24
the companies I spoke to more recently
16:26
spoke about being a trusted partner. We
16:29
have loads if not thousands of MSPs out
16:32
there that provide a reactive support
16:33
and they want to be that trusted
16:35
partner. How can we demonstrate that as
16:38
a business? I think that starts with you
16:40
guys as MSPs, as customers as well,
16:42
acknowledging that your IT, if it's
16:44
external,
16:45
it's a partnership. So why don't we have
16:48
these operating models, these modern
16:51
authentication or managed service models
16:53
where we talk about security
16:54
partnership, governance partnership? We
16:56
have these MSA agreements and these
16:59
partnership agreements in place. We
17:01
should be looking to bundle these
17:02
services where we can, but also operate
17:05
offer these kind of elevated support
17:07
models. So I want to encourage us to be
17:09
a re from go from reactive support to a
17:11
governance partner,
17:13
compliance partner. You can call it
17:15
governance as a service for all I care
17:17
but looking at this as a partnership
17:20
rather than a reactive support model.
17:22
Taking your relationship with your
17:23
customers that one step further and
17:25
looking through the lens of being a
17:28
better partner. It it delivers higher
17:31
trust, stickier relationships which when
17:33
we want to retain our customers is so
17:35
important. Compliance governance creates
17:37
that deep integration and that's really
17:40
difficult to replace. So when we talk
17:42
about outstanding partnerships, we want
17:44
to take it that one step further and
17:46
become a stickier relationship and this
17:48
generates better margins. Premium
17:51
services command premium pricing. If we
17:54
are providing a deep integration with
17:55
their business and creating that really
17:57
builtin relationship, that trust,
18:00
companies quite often have no problem in
18:02
providing money for a premium service.
18:05
escape the uh commoditized support trap
18:07
and focus on that premium service
18:09
offering that you are already giving
18:12
and this delivers a clear
18:15
differentiation. It stands you guys out
18:17
from the crowded market with provable
18:19
repeatable governance capabilities. So
18:22
yeah, you can start to lower margins
18:23
because of repeatability, but your trust
18:26
in your partnership proves the value
18:28
that you're offering to customers.
18:32
So this really brings to the last point
18:34
really. It shows you hopefully from this
18:36
whole little um YouTube video that
18:40
defend govern improve model is actually
18:42
very much the the lay of the land. Now
18:44
this is our modern operating model
18:48
defense security controls active
18:50
protection that implementation of
18:53
configurations and standards of best
18:55
practice. That is your defense. It
18:57
models in and it oversits with
18:59
governance your standards, policies and
19:01
more importantly the enforcement of
19:02
those the ongrown drift detection. And
19:05
then we sit at the very end of this with
19:07
proving the value. We have to be able to
19:08
demonstrate the evidence, the assurance
19:10
and the compliance that we sit in with
19:12
the customer.
19:14
So when I spend my life talking about
19:16
these three tier models, it fits with a
19:19
modern Microsoft or modern MSP operating
19:22
model. Compliance sits for us across all
19:25
three of these. You can't defend what
19:27
you what you don't govern and you can't
19:29
prove either without continuous
19:31
evidence. So when we talk about that
19:34
merged solution of compliance and
19:36
governance and I do still see it as that
19:37
to be fair, it's important to understand
19:39
they're two different models but very
19:42
much so sit across those three tiers,
19:44
those three pillars that we've been
19:45
talking about today. And I want to
19:47
finish on the last thing, I promise.
19:49
Stop chasing compliance. Let's start
19:52
controlling it. If you're still relying
19:54
on documents, screenshots, manual
19:56
evidence, collections, you're already
19:58
behind the curve. You need to start
20:00
getting ahead of the game. The future of
20:02
managed compliance isn't about working
20:04
harder. It's about working
20:06
systematically. The question isn't
20:08
whether to evolve in this instance. It's
20:10
whether you'll lead the change or be
20:12
less scrambling to catch it up. And this
20:15
statement right here is going to apply
20:17
to every single MSP out there. We need
20:20
to be ahead of the game. There are
20:21
companies that specialize in it. Great.
20:22
They're well ahead of the game. But
20:24
could you imagine an automated
20:26
repeatable service you can offer around
20:28
data governance, compliance, governance
20:31
as an entire piece that you can offer to
20:33
your customers. Not only are you
20:35
providing a new operating service model,
20:38
but you're building value. You're
20:40
driving customer positive exchanges and
20:42
proactive measures that becomes a high
20:45
trust relationship with your customers.
20:47
Think about that when we talk about the
20:49
next model on moderate modding
20:51
modernizing operating models. The next
20:54
episode that's coming up is manage
20:56
detection talking about how we can bake
20:59
in defender XDR the defender suite whole
21:02
bunch of uh more wonderful documentation
21:04
and information around that. Any
21:06
questions please reach out. If you feel
21:09
that this resonates with you guys and
21:10
you're on this now and you want to talk
21:12
about kind of governance moving forward
21:14
enforcing best practice. Yes, I'm using
21:16
Enforcer as the name there. Reach out.
21:19
Let's have a conversation. Let's start
21:21
building your new modern MSP operating
21:23
model. Let's take you from where you are
21:25
now to where you want to be. It's a
21:27
journey and for us it's a partnership
21:29
with you guys as well. Thank you.

0:00
Welcome to the episode seven really of
0:03
uh managed AI and data security on our
0:05
defend govern journey.
0:08
This episode is probably one of the most
0:09
important ones we kind of talk about now
0:12
specifically in kind of 2026 and moving
0:14
forward. We've had AI now and this is
0:17
being recorded on in February. It's
0:19
around about 43 44 months. I think AI
0:23
has been misconceived sometimes. We
0:25
think of it and it's all actually
0:26
automations and automation scripts we're
0:28
building. This one here is really
0:30
designed for us to kind of identify what
0:33
do we mean by the AI gold rush because
0:36
it's essentially here we've got co-pilot
0:39
and word chat GPT in browsers. We've
0:42
also been talking about AI productivity
0:44
for god knows how long. Copilot really
0:46
starts to write our emails, summarize
0:48
meetings, building proposals.
0:51
But I also find that very very more
0:54
often than not um at organizations kind
0:58
of tend to take a stop and forget to ask
1:00
a few questions or stop to think about
1:03
questions that we should be asking like
1:05
what data is AI actually allowed to see
1:07
as an example. It exposes the risks that
1:10
already sitting quietly inside our
1:12
tenant. And this is why this topic is so
1:14
important. Today isn't really here to
1:16
talk about anti-AI session. This is
1:19
about running AI safely in a scale and
1:22
at scale, sorry, and being able to prove
1:24
that you did. Um, and realistically,
1:27
we're in the same phase cloud was in and
1:29
around 2020 in 2016. Everyone wants the
1:32
benefits first, governance later.
1:34
Marketer teams are using image
1:36
generators, sales teams paste contracts
1:38
into chat GPT. We have so many risks
1:41
when we talk about AI at the moment. And
1:44
there's very little change in posture
1:46
that we should we we are or should be
1:48
adopting. And this conversation and
1:49
topic really is about where do we go?
1:51
How do we take this journey? And what's
1:53
next on this on this platform?
1:56
So let's look at the real threat. Poor
1:58
data management. Co-pilot doesn't make
2:00
tenants unsafe. And I think this is so
2:02
relevant to today's topics. Everyone
2:04
thinks that this is a breach, it's a
2:06
concern, it's a risk. The reality is
2:08
that's not the case. we actually can see
2:11
the information that we're looking at
2:13
and all C-pilot's doing is just bringing
2:15
it to the forefront of the conversations
2:17
we're having. C-Pilot doesn't make our
2:19
tenant unsafe. Copilot only reads what
2:21
users already have access to and it
2:23
explain in kind of explanational terms
2:26
or providing reason behind it sits
2:29
firstly on Microsoft Graph. It leverages
2:32
work IQ to build that context and
2:34
delivery. It looks at the permissions
2:36
that we currently have around
2:39
SharePoint, One Drive, and Teams. So, if
2:41
permissions are messy, AI just
2:43
operationalizes that mess. We start to
2:46
see the messy environment that we've
2:48
already got configured. It's going to
2:49
bring it to the forefront. If everyone
2:51
can read HR, your AI assistant can
2:53
essentially summarize the HR files that
2:55
sit there. That's how risky it can be if
2:57
we haven't got the right structures in
2:59
place.
3:00
The other elements I think we're already
3:02
forgetting and actually well we're not
3:04
forgetting we already know they exist
3:05
and they're areas we need to focus on is
3:07
shadow AI the hidden epidemic and it is
3:10
very much an epidemic now when you think
3:12
about this there are unsanctioned tools
3:14
in the environment that we're not
3:15
managing AI chat GPT custom APIs to
3:19
business data without IT approval
3:21
approval or oversight all this
3:23
information is exposure exposure
3:25
exposure and we're running too many
3:27
risks the ability for our HR people to
3:30
get documentation summarized because
3:32
chat GPT is convenient and they're
3:34
uploading contractual information. If
3:36
it's the free version, that model can be
3:38
trained on. They can start training on
3:40
this information, feeding it back to the
3:42
big LLM. We also have compliance blind
3:44
spots when we're not controlling it in
3:47
an internal environment, you know,
3:49
utilizing data loss prevention, perview
3:51
labeling, controls within SharePoint,
3:53
our conditional access policies to
3:55
restrict data coming in and out. we
3:57
start having compliance blind spots, the
3:59
ability for people to be able to do
4:01
things without us knowing. Dropbox
4:02
accounts being created.
4:05
If you look at this whole broad picture,
4:07
we have shadow it that we need to
4:09
control. That's things like your
4:10
Dropbox, your your your Gmail box, your
4:14
um what's it called? Your Google Drive,
4:16
sorry, and box that we need to manage
4:19
and maintain. That's how shadow AI
4:21
shadow shadow it, sorry. Shadow AI
4:23
though is much worse. It's much harder
4:26
for us to understand. And it's much
4:27
harder for us to dictate. Users don't
4:30
download data anymore. What they start
4:32
doing is they're now pasting it into a
4:34
product. They're pasting it into AI. And
4:37
one, once that text leaves our tenant,
4:40
your compliance at this point tooling
4:42
has never seen that information being
4:43
exposed. When we copy and paste without
4:45
the right controls, we're not auditing
4:47
what's taking place. There's no audit
4:49
trail. There's no data loss prevention
4:51
policy configuration. And there's no
4:52
retention labeling, no legal hold on
4:55
those applications, which means it's
4:57
free for people to use. Friday afternoon
4:59
installs is another top topic hot topic
5:01
when we talk about this. Believe it or
5:03
not, it happens a lot when we're winding
5:05
down for the end of the week. People
5:07
quite often go, "Well, I've got these
5:08
last bits. I wonder if I got a couple of
5:10
hours. Let me just play around with
5:11
these products. See if I can get some
5:13
information that's useful." 27
5:16
unofficial AI tools installed in minutes
5:18
that it discovers months later after a
5:21
breach.
5:22
It's happening today. It's not just AI.
5:25
It's any kind of specific product around
5:27
shadow IT. On a Friday, we quite often
5:30
are winding down. We leave it. Saturday,
5:32
Sunday goes by. We're back into Monday.
5:34
We're back into the full swing of
5:35
things. These things get missed. That's
5:38
why I'm classing it as a hidden
5:40
epidemic. We don't always know how do we
5:42
build the right safety and security.
5:46
And this is where Microsoft comes in. We
5:48
talk about Microsoft C-Pilot. It's our
5:49
top topic this year for Enforcer.
5:52
Built-in AI safety architecture is
5:54
absolutely pivotal. The ability for us
5:56
to be able to create those controls. And
5:58
the good news is Microsoft has actually
5:59
started to prepare for this. It's taken
6:01
them a while, but they now have some
6:03
controls and configurations in place
6:05
that we can start to leverage to better
6:07
this product delivery. Key statements
6:10
that I want to identify here. AI does
6:12
not bypass security. AI amplifies
6:15
security. So if good governance becomes
6:18
good governance as a result becomes
6:20
safer, bad government governance starts
6:22
to become a catastrophe ability where it
6:25
all starts to go wrong as a result. And
6:28
these are the five layers I really want
6:29
you guys to take home. The ability to
6:32
kind of think outside the box. But these
6:34
classification layers are absolutely
6:35
crucial when we talk about the right
6:37
governance for AI within the Microsoft
6:39
365 environment. Data classification
6:43
perview sensitivity labeling is one of
6:45
the hot topics that are recommended by
6:46
Microsoft to have deployed. We know
6:49
fundamentally it's a difficult thing to
6:50
do because most perview data
6:52
classification delivery actually
6:54
requires significant training for users.
6:56
It's time consuming. It's not something
6:58
we always think about but it's
6:59
absolutely should be on the forefront of
7:01
conversations we have with customers.
7:03
The other one's data loss prevention.
7:05
Really simple. Now it actively block
7:07
sensitive information being copied into
7:09
AI tools. We can actively manage that.
7:12
If we're using edge and we're using
7:13
mcast or edge browsing, which is now
7:15
available for edge mam, we can start to
7:18
prevent this information from going to
7:20
the wrong controls. But we can also
7:22
leverage data loss prevention to
7:23
immediately stop sensitive information
7:25
going to copilot. That's now available
7:27
since Microsoft Ignite that has been
7:28
pushed out and it's available for us to
7:30
use.
7:32
The other area and probably the most
7:33
important one is access controls.
7:35
Conditional access and enter ID for us
7:37
can really start to leverage and
7:39
restrict the right controls around how
7:41
we access and manage data. So requiring
7:44
device compliance in order to access our
7:46
information. Huge hot topic, hugely
7:49
deliverable and hugely valuable. We then
7:51
leverage leverage sorry defender for
7:53
endpoint the ability to start making
7:55
additional controls and modules to
7:56
prevent information from being
7:58
extracted. Using edge browser management
8:00
we can also restrict what information is
8:02
copied and pasted plus monitor it.
8:04
Defender for cloud apps allows us to
8:06
start sanctioning and unsanctioning
8:07
applications if we decide to go to that
8:09
P P2 plan.
8:11
Audit and logging clearly the most
8:14
important topic when we talk about
8:16
governance and proof. We need to be able
8:17
to audit and track every prompt request
8:20
and data movement across AI services
8:22
that we leverage and we have to be able
8:23
to do that. If we are working for
8:26
vertical industries that require
8:28
frameworks and regulations, this is a
8:30
requirement we have to consider. And
8:32
then the last topic which is nice and
8:33
simple is governance based governance
8:35
dashboards. That single pane of glass
8:37
the visibility for you guys to see
8:39
perview DSPM for AI can deliver that
8:42
element for you to be able to see what
8:44
needs to go on. For us visibility is so
8:47
important. We need to be operationally
8:49
aware not policy screenshots. We need to
8:51
be able to see that continuous ability
8:54
and and visibility as we go through.
8:58
So what do we do when we talk about
9:00
detecting shadow AI? The new insider
9:02
threat is essentially the one area that
9:04
we need to as MSPs and as customers
9:06
consider and think about. It works with
9:09
detection methods. So defender for cloud
9:11
apps discovery which is part of business
9:12
premium. If you're using defender for
9:14
endpoint we can see what's going on. We
9:16
need to know the controls the measures.
9:18
What are we installing on our devices?
9:20
What are we searching through browsers?
9:22
Well cloud app discovery allows us to
9:25
see that. Two different types. Cloud app
9:27
cloud defender for cloud apps and cloud
9:28
apps discovery. They're all part of the
9:30
security center. They're all available
9:32
in cloud app discovery. Um in cloud apps
9:34
and you can see the discovery element
9:37
perview audit tracking. Another hot
9:39
topic of requirements. The ability to
9:41
see data egress taking place. We can
9:43
start controlling and measuring that or
9:44
measuring it to start with with business
9:46
premium and taking more of a control
9:48
approach controlled approach sorry when
9:51
we want to start monitoring and and
9:53
detecting risks. And the other area is
9:55
conditional access. And I go back to
9:57
this. Everything we talk about when we
9:58
deliver these sort of elements, it's
10:00
identity based. Everything we access in
10:02
a Microsoft 360 36 365 environment
10:06
starts with identity. Unless we're using
10:08
API ingestion and enterprise apps,
10:10
they're not built without identity as in
10:12
the first place. Everything starts with
10:14
identity. When we talk about these
10:15
threats, threat landscapes and the
10:17
ability to manage this, we have to be
10:19
able to detect this and we have to be
10:21
able to manage it. And sometimes it
10:23
comes down to us to create those
10:24
responses as a result.
10:28
So one of the things I always want
10:29
people to take away with is acting
10:32
before shadow risk becomes a shadow
10:33
breach. We don't always see it. We don't
10:36
always have the ability to understand
10:37
what's going on or how do we deal with
10:39
these indications and vulnerabilities,
10:42
but we need to. If you can detect shadow
10:45
AI after a breach, you're not doing
10:47
security. What you end up doing is
10:50
incident explanate explanation. We need
10:53
to be at the forefront of reducing these
10:55
risks, breaching that gap, preventing
10:57
those gaps from being a problem. And
11:00
that starts with making sure we look at
11:01
a zero trust model when we start to
11:03
build out this best practice delivery.
11:06
So how do we go about this and and
11:08
leverage or utilize enforcer really as
11:10
one of those pillars that we can
11:12
implement the right controls and that's
11:14
AI readiness and proof of governance. So
11:17
one of the benefits of utilizing
11:18
enforcer at the moment is we can bring
11:20
together a co-pilot readiness
11:22
assessment, the ability to see the
11:24
controls that are recommended. Do we
11:26
have perview in place? Do we have the
11:28
right conditional access data loss
11:29
prevention? Are our permissions tidied
11:32
up enough? We can start seeing that
11:34
single pane at the very bottom of one of
11:35
those reports that shows you your
11:37
SharePoint overview. This information is
11:39
invaluable when we start talking about
11:41
an AI journey with users. Whether that's
11:44
with Copilot or with another AI product
11:46
like chat GPT enterprise. This report is
11:49
significantly valuable because it talks
11:51
about the security foundations, the data
11:53
governance, our technical readiness.
11:55
It's the conversations we have to have
11:57
with customers before they even consider
11:58
using AI properly. The other area is
12:01
shadow AI detection.
12:03
So although we can't configure and see
12:06
this directly within a customer's
12:07
environment, it's 100% available for us
12:10
to look at within MCCAST within within
12:12
shadow app discovery, cloud app
12:14
discovery. And we have loads of
12:16
information on this. You can log into
12:17
the security center, drop down uh cloud
12:20
apps and then select discovery, see
12:22
what's going on in the environment. This
12:24
only works if we deploy defender for
12:26
endpoint to intune based managed devices
12:28
or two devices that we manage for that
12:30
customer. So it's absolutely available
12:32
and we reason why I've added it in here
12:34
or the the scripts have added this in is
12:37
specifically because we can deploy those
12:38
policies which then means we can then
12:40
measure against our customers. And the
12:42
last one is framework mapping the
12:44
ability to start checking that where
12:46
where customers align to the right
12:47
frameworks for these controls when it
12:49
comes to readiness. All of this is 100%
12:52
available for us to manage, monitor and
12:54
implement and we can utilize the
12:56
enforcer platform to start that journey
12:58
with our customers.
13:00
So areas of governance, one of the
13:03
areas, probably the most important area
13:05
when we talk about best practice and and
13:07
starting that AI journey is we have to
13:09
continue the governance and it has to be
13:12
at scale as MSPs. So we start with drift
13:15
detection. We need to know what policies
13:17
are being changed and when they're being
13:18
changed because the fundamental truth is
13:21
we need to be able to identify those
13:23
drifts and remediate in real time those
13:26
concerns that that happen and run. The
13:28
ROI dashboards return on investment for
13:31
me is is critical. Entry ID dashboard
13:33
that we have based in enforcer is your
13:35
single point of a hot topic for
13:37
customers. When we talk about permission
13:39
management and readiness that starts and
13:41
it stems with tidy Microsoft 365
13:44
environments and a tidy environment
13:47
starts with identity. So we have the
13:49
ability to see the entry ID dashboard
13:51
measure information identify risks and
13:53
address somewhere where required. And
13:56
the last area is multi-tenant view,
13:58
monitoring your AI governance. And for
14:00
you guys, you can do that within
14:02
enforcer across the board. And we talk
14:04
about best practice standardization, the
14:06
alignments of your right security
14:08
controls. So we should be implementing
14:10
the right controls for the industry
14:12
verticals we work in. And we can see
14:14
that as a measurement in alignment, the
14:16
ability to really start to clean up
14:18
those controls, measurements, and
14:20
delivery. Enforcer makes you the AI
14:22
governance partner your clients didn't
14:24
even know they needed. So we can start
14:26
that new journey with customers as we
14:28
go.
14:30
So let's talk about key takeaways. AI
14:33
brings productivity and risk in equal
14:36
measures. And it's so important to know
14:38
that if you haven't got a clean
14:39
environment, you're not going to get a
14:41
clean output from co-pilot. Every AI
14:43
tool accelerates work and it expands the
14:46
your attack surface without proper
14:48
governance. We have to be at the
14:49
forefront of delivering this
14:51
successfully.
14:52
Microsoft security stack is AI ready. It
14:55
is. We have purview and defender
14:57
controls we can absolutely implement and
14:59
get controlled and configured and
15:01
running immediately. Shadow AI is a
15:03
hidden compliance threat as a result of
15:05
this. Unsanctioned tools start to bypass
15:07
those security parameters. And for us as
15:10
MSPs, we need to get ahead of the game.
15:12
So we can start implementing and
15:13
leveraging a zero trust model and roll
15:16
out alignments of security best
15:17
practices to our customers so that we
15:19
know that we're ahead of the game with
15:20
the businesses that we're supporting.
15:22
The last point, last two points is
15:24
enforcers operationalized AI governance
15:27
and and the last bit is build a new MSP
15:29
service line. Look at what you've got
15:31
now. Security as a service and maybe we
15:34
need to start considering governance as
15:36
a service. Is that a model we should be
15:38
adopting if we're using AI? Quite
15:40
frankly, I think it absolutely has to be
15:42
a topic that we should be a new service
15:44
that customers should be paying for. So,
15:47
let's wrap up. We've got our last
15:49
episode coming up very soon, the unified
15:51
MSP, and I want to bring everything back
15:53
into one single pane of glass for us to
15:55
manage. But control AI before it
15:58
controls you. Let's get ahead of the
16:00
game with the customers that we're
16:02
supporting. AI isn't coming. is already
16:04
embedded in your tenant processing your
16:06
data and amplifying every security
16:09
decision that we've made. The only
16:11
question that really matters is do we
16:13
start to control it? Are we controlling
16:14
it or does it start to control us? These
16:17
are the things that we need to discuss.
16:19
We need to have present with our
16:20
customers and it's all part of that
16:22
defend, govern philosophy that we're
16:24
building today. Thank you very much for
16:26
your time. I wish you all the best and I
16:28
look forward to the last episode.