Our 4th edition of the Cloud Identity Summit 2023 is over and it was a blast to meet all this great speaker and the Identity Community this year virtual and in-person in Koblenz.
This year we were kindly provided with the location by the Debeka Innovation Center (DICE) which is located near the University of Koblenz and close to the Moselle. The location is a designed as a open space to enable new thinking and new technologies which is a perfect match for our Cloud Identity Summit.
The 4th edition offered 10 sessions in two parall tracks, divided into Identity Security and Identity Management and it was really a pleasure to see this big identity experience in the different Identity topics on this day live at our conference. The speakers who made the extra journey to the event can certainly be called who as who of the identity scene. Therefore, at this point I would like to thank you explicitly, because without you this event would not have been possible:
Sefallah Tagrerout and Jean-Francois (Jeff) Aprea – Securing your Azure Ad with our Zero Trust Approach!
Jan Vidar Elven – Monitoring and Reporting on Activities and Security in Microsoft Entra Azure AD
Fabian Bader – From (tier) zero to cloud hero: How to pwn Azure AD from on-prem
Kenneth van Sarksum – Implementing and building advanced Microsoft Entra Id Conditional Access scenarios
Christopher Brumm – Walk the walk – explore ways to ensure strong authentication in real life scenarios
Sfefan van der Wiele – Walk the walk – explore ways to ensure strong authentication in real life scenarios
Daniel Krzyczkowski – The future of customer identity with Microsoft Entra
Nicki Borell – Azure AD Identity Governance – What do your users do with their access
Sander Berkouwer and Raymond Comvalius – Just apply the basics in your Azure AD tenant!
Anton Staykov – Seamless cross-tenant application access with Entra Azure AD Cross-Tenant sync
Koblenz is the hometown of Thomas Naunheim therefore we had also recommendations for sightseeing tips, city walks and Restaurants and start to meet the speaker on Wednesday in a Restaurant close to the Rhine and the Deutsche Eck (German Corner). After our great dinner, we made a short city walk to the Deutsche Eck and after this to a final beer for a good preperation for our conference on Thursday.
We started our hybrid conference a little late with a strong focus on the in-person experience and also broadcast the Sessions live to the world via teams.
In my estimation it was a complete success due to four factors:
Which is thanks to the great speakers who share their knowledge with great pleasure
The on-site participants who brought a lot of fun and made the sessions interactive, through their numerous questions
The great help of our team which made sure that the speakers and participants felt comfortable
We hope that the conference meet the expectations from our attendees and will plan for 2024 and we really want your Feedback for good and not so good thinks. The really goal of this conference it´s a conference from the community for the community. So gave us your feedback for a better Cloud Identity Summit in 2024!
After 8 Months of planning the Cloud Identity Summit 2022 is over and I can say it was really a pleasure to help to organize this great Community event from my perspective. Four years ago Thomas Naunheim come up with the Idea to create a event focus on Identity for the Community. We discuss this in our Azure Bonn Orga Team and finally the Cloud Identity Summit was born. At the end of 2019 we plan the first edition for 2020 as a in-person event, but things changed and we changed the format to an virtual event and this also for 2021.
Back in february we start planning for the 3rd edition 2022 and we decided to go back to our original idea to hold it as a in-person event, but with the experience of two virtual events we move it to an hybrid event. Yesterday was our 1st Cloud Identity Summit 2022 as hybrid edition and I can say, I was really exited about it. Why?
Our 1st IdentitySummit is over and we had a amazing Summit with our powerfull Speakers and our attendees.
We (Azure Bonn Orga Team) started planning the Summit in March 2020. The Orga Team from the AzureBonn Meetup consists of Melanie Eibl, Thomas Naunheim and René de la Motte. The idea came from Thomas (our Identity Expert) and we can say that was a wonderful idea.
We meet together at the Debeka Innovation Center (DICE) in Koblenz to organize and streaming all the sessions from one central place. The current Corona situation has unfortunately not made a complete live event possible, so we have met under the rules in force to ensure a smooth process and bring a little live feeling.
Now after 6 session in 2 parallel Tracks we can say it was worth every minute of planning – Why?
The answer is simple: First of all because of our great speakers. Each session was planned with a minimum of 300, and each session went deep into the relevant topics, showing what needs to be considered, the pitfalls and best practices available.
I´ve updated the article because the actual sign-in query only logs all login attempts of the break glass account (successfully, unsuccessfully, etc.) . I added the different IDs so that you can setup the alert mail based on a indivudal filter. Thank you goes out to Eric Soldierer for this note. I also updated some changed services that had left their preview status.
In the past I do a lot of Azure Governance workshop and one interesting topic is how to handle the Break Glass Account. Before we going deeper, first we take a look was is the Break Glass Account. For each Administrator role in Azure or Office365 is it best practice to use MFA to secure the account and get a better security for the Tenant. To realize this, normally we use Conditional Access and create a rule, that every Admin require MFA for login. But what can we do, when:
the MFA service is down
we create a Conditinal Access that with a wrong rule set and lost sign-in access
we do not regulary update our control list and the admin account goes lost
For this cases we need a Break glass account, an additional account with a high security password, to enter the Tenant in an emergeny case. For this account, there are some recommendations:
only use a generic account
create a complex password with more than 16 characters
for compliance reason divide the password into two parts
save each part in a different location
create a security group that contains the break glass accounts
create two break glass accounts with no standard username like breakglass@ or emergency
use the Tenant name for the account
do not use a custom domain name
in futher it will be possible to use FIDO2 security key for break glass (right now is in preview and not recommended for such critical scenario)
Now we can discuss in some ways a security gap – a service account with Global admin rights that do not require MFA for login. Now you see, why it is so important to monitor this accounts and get notified when they will be used for login.