March 17th, 2:30 am

Recap of the first Aussie Ninja User Group Meetup

With more than 40 people in attendance, Australia's inaugural Workplace Ninja User Group event attracted plenty of interest. 

Held at the Microsoft Office in North Sydney, attendees were treated to spectacular sweeping views of the city as they listened to talks from Steven HoskingBenoit HAMET and Jose Schenardie. There was also a panel discussion with leading industry experts: George Tzikas, Matthew Gass, Michelle Batchelor, and Peter Norris.  

With a common theme of discussing modern management and the benefits of migrating to the cloud, attendees gained actionable insights to take back to their teams and respective companies. 

Throughout the three talks and a panel discussion, attendees regularly asked questions and engaged in the conversation. For the event organiser, Jose Schenardie, the outcome and response underpinned his view that more events like this are needed in Australia. 

In case you were unable to attend, here is a recap of the afternoon. 

All things Azure Active Directory with Steven Hosking 

Senior Product Manager at Microsoft Steven Hosking packed a lot of information into his one-hour talk, particularly around the use and benefits of Azure Active Directory and Microsoft Intune. 

One topic that gained a lot of questions and conversations from the crowd was Azure Active Directory (AAD), which Steven pointed out is more secure than Active Directory. He explained AAD is more secure because every authentication process can be controlled and gated with conditional access and limited down to just the permissions required with applications. 

On the topic of passwords, it was interesting his note that it's more secure to sync them to AAD than to leave them on a domain controller—another statement that gained plenty of comments and questions from the crowd. Steven backed this up by explaining when passwords are loaded into AAD, they are checked against all passwords that exist and those sold to the black market. As AAD constantly runs checks, it can identify if passwords have been compromised. While it is possible to manage this independently with a domain controller, organisations would need to attach an agent to manage and it is ''not real time, it still has to sync with your virus definitions.'' 

From there, the discussion moved to Zero Trust and the security control benefits of AAD, particularly if users have been granted local admin rights.  

Steven also detailed some other benefits of using Autopilot and Intune including seamless single sign-on (SSO). 

Jose discusses application control using WDAC 

Event organiser and Devicie Chief Technology Officer, Jose Schenardie, discussed using Windows Defender Application Control (WDAC) in enforced mode—another topic that attracted plenty of interest and questions from audience members and guest speakers alike.   

Jose outlined the prerequisites and system requirements for using WDAC before talking through the benefits of using WDAC, particularly gaining control over what executables and code can run on a system. 

Reiterating that Application Control is the first control in the Essential Eight mitigation strategy, Jose detailed how WDAC helps users and organisations achieve level three maturity. With the capacity to implement allow listing, he also spoke about how WDAC gives users the ability to only allow authorised applications to run on a system, thereby minimising the risk of unauthorised access or data breaches. 

In the second half of his presentation, Jose spoke about the friends and enemies' of WDAC. Or, the tools and techniques that will either aid or hinder the process of implementing WDAC. 

Making the friends list, Jose pointed out Managed Installer and why the option is worth considering when implementing WDAC. There was also WDAC Wizard to help you create the policies, Windows Sandbox for a controlled testing environment, Event Viewer for local logs and Microsoft Defender for Endpoint for remote, centralised logs. 

As for the enemies, Jose mentioned PowerShell modules which use dot sourcing and applications that self-update, as they don’t work with Managed Installer.  

Overall, Jose's presentation provided a comprehensive overview of the benefits and requirements of using WDAC in enforced mode, as well as practical guidance on how to deploy and manage WDAC policies effectively. 

A new era of device management with Benoit Hamet 

As the final guest speaker, Benoit, Solution Architect at AC3 and Microsoft MVP, presented on the evolution of device management, the capabilities of modern device management solutions and the limitations of traditional device management. 

His talk also provided scope on the processes involved with moving to a modern device management solution, including the various migration options, the required infrastructure needed, the prerequisites and preparation steps.  

Among the prerequisites, Benoit said organisations need: 

  • Windows 10 or 11   

  • A deployment system  

  • Configuration manager   

  • Autopilot   

  • Azure Active Directory  

  • Configuration and application management   

  • Cloud Attach  

  • Intune 

  • Access Control   

Making no illusion about the difficulty involved in adopting a new solution, Benoit was quick to point out that moving to a modern management solution is neither straightforward nor swift. Throughout his talk, Benoit provided valuable recommendations, best-practice methods and advice for attendees and organisations to adopt when embarking on their own migration journeys.  

Overall, much of what Benoit discussed underpinned the previous speakers' comments, ideas and discussions surrounding modern management. 

Intune insights from the real world 

Closing out the event was a panel discussion where George Tzikas, Infrastructure and Operational Lead at Tourism Australia, Matthew Gass, IT Support Manager at Nine, Michelle Batchelor, Service Delivery & Modern Workplace Manager at Sydney Airport, and Peter Norris, CIO at Tourism Australia, shared their experiences with implementing Intune in their respective organizations. 

Painting a real-world picture of Intune adoption, the panellist pointed out that implementing Intune does come with a set of challenges, which provoked many conversations and questions from the crowd. 

Throughout the discussion, they shared their insights on how they overcame challenges and obstacles during the migration process. 

Overall, the panellists agreed that the Intune implementation was a challenging but worthwhile process.