Improving macOS Security by Reducing Authentication Prompts

Presented at Objective by the Sea version 5.0 (2022), Oct. 7, 2022, 2:30 p.m. (50 minutes).

Excessive authentication prompts are a bad experience for end users and are bad from a security perspective. To make matters worse, security teams frequently try to mitigate risk by invoking even MORE MFA prompts for the user to jump through. However, leveraging modern authentication protocols like OpenID Connect and Apple’s SSO extension framework, we were able to greatly cut down on authentication prompts without sacrificing security to access resources in Azure AD/M365. \n\n In this talk we’ll discuss how you can locate what is generating your excessive prompts in Azure AD, how the Enterprise SSO plug-in works under the hood, and how other apps can leverage this framework. Finally, we’ll take a look at additional passwordless authentication methods you can leverage today to further improve security and the end user experience.


Presenters:

  • Michael Epping - Senior Product Manager at Microsoft
    Michael Epping is a Senior Product Manager in the Azure AD Engineering team at Microsoft. He is part of the customer experience team and his role is to accelerate the adoption of cloud services across enterprise customers. \n\n Michael helps customers deploy Azure AD features and capabilities via long-term engagements that can last years, as well as working within the engineering organization as an advocate on behalf of those customers. Michael has more than 9 years of experience working with customers to deploy Microsoft products like Azure AD, Intune, and Office 365. He's spoken at various industry events, such as BSides and The Experts Conference.
  • Mark Morowczynski - Principal Product Manager at Microsoft
    Mark Morowczynski (@markmorow) is a Principal Product Manager on the customer success team in the Microsoft Identity division. He spends most of his time working with customers on their deployments of Azure Active Directory. Previously he was Premier Field Engineer supporting Active Directory, Active Directory Federation Services and Windows Client performance. \n\n He's spoken at various industry events such as Black Hat, Defcon Blue Team Village, Blue Team Con, GrayHat, several BSides, Microsoft Ignite, Microsoft Inspire, Microsoft MVP Summits, The Experts Conference (TEC), The Cloud Identity Summit, SANs Security Summits and TechMentor. He can be frequently found on Twitter as @markmorow arguing about baseball and making sometimes funny gifs.

Links:

Similar Presentations: