Content
Phishing-resistant authentication - it is one of the buzz terms showing up in Entra ID and the security industry, but what exactly is it? How does it work? And does it really live up to its name? We will explore the history of phishing-resistant authentication, how it intersects with MFA and passwordless in Entra, and look at why it is one of the best ways to protect your users and organization from sophisticated phishing attacks. With a live demonstration of Evilginx, we will see firsthand why phishing-resistant authentication is so important to organizations, discuss how to start or accelerate the journey, and touch on relevant new features slated for Entra in 2024.

Below are the questions and answers from the February 2024 Meetup Session.

Q. Tell us a bit about yourself? – City, family, hobbies, job title
A. I live in Schenectady, NY, so the upstate New York area, with my wife and our two kids, one is in elementary school and the other middle school. When I'm not doing tech stuff I really like to disconnect so hobbies are kayaking, hiking, snowshoeing, especially up in the Adirondacks; I used to be a hike leader for the Adirondack Mountain Club but don't have the time to invest in it at the moment. Also as an MVP I think that supporting the community is certainly a hobby as you need to have the time and passion to invest. I work at Semperis, which is a cybersecurity software company focused on Active Directory and Entra ID; I work in our Product Group as a Product Technical specialist, which is currently a role as a part-time PM and part time Entra ID SME.
 
Q. Tell us something about yourself that not many people know about you?
A. I love tattoos and cold weather. I have a sleeve of tattoos and some other ones scattered around, but always looking to get more - you could say I'm almost addicted to getting them.
 
Q. What does a typical workday look like for you?
A. My workday is pretty scattered, so it can be difficult to manage at times. I provide technical expertise into our products in the realm of Entra ID and so some of my work is focused on that, some of it is in technical writing and working with our technical writers on things like documentation, some of it is with our marketing team. I also do part time competitive analysis for us, mostly on the technical bits, and since October I've also become a part-time PM for one of the functions of some of our products. Mix in some PG interactions with Microsoft, acting as an "on-hand" SME for Entra ID and Azure things at times, the weeks and workdays can really be all over the place. I'm also fortunate to have the opportunity to speak at conferences, and it can really be time consuming to fit the travel and speaking in with all the other work that doesn't stop.

Q. 1st job out of college?
A. I actually left college early during the dotcom boom, I was going for Mechnical Engineering but was enticed by the whole dotcom boom, so first job was working at a regional ISP providing tech support for dial-up customers.
 
Q. Your 1st version of SharePoint that you experienced and what year?
A. It's tough to remember - probably SharePoint 2010... I was in a role where I managed the Windows server team, and actually avoided us needing to be SharePoint admins with all the other systems we had to manage.
 
Q. Last challenging project and why? (this should relate to your demo)
A. Challenging can be rather subjective - I think for me being removed from customer interactions somewhat is a bit double-sided - you glean so much information from customers as to what reality looks like for M365 and Azure and Entra ID, that being a bit removed from customer interactions can make it challenging to keep tabs on what the pain points are. And while you still have customer interactions, it's not the same working in a role where you have a few hours of conversations with customers vs when you were consulting and spent days and weeks working with them. That's when you really had the time to understand their challenges. (Answer doesn't directly relate to the demo but does to identity security in general)
 
Q. Your favorite M365 feature/tool and why?
A. Entra ID - Beyond being a Microsoft fanboy I believe that Microsoft really has a best of platform cloud identity provider. There are some gaps around hybrid identity but they are really working hard to fill those gaps.
 
Q. Where do you think Microsoft is going with M365.. Be totally honest?
A. I'm curious to see how this Copilot thing is going to pan out - I'm a bit neutral on AI, mostly in that my interactions with it have been lukewarm. I also am curious to see when E7 licensing comes out, as much as the community jokes, I was a Microsoft customer for many years consuming Office 365 and was told that E5 was going to be the end-all be-all license you need... I can definitely feel the pain for customers when everything is an add-on our premium, but I also understand that it costs time and resources, and money, to build and run cloud products, so I see the challenge from several different sides.

Q. What are the 3 cool features of the demo?
A. The demo might feel less conventional than other demos as it's actually using a red team tool to phish users, and there are a few additional slides that lead into the demo first.

I think the "cool" part of things though is that being able to demonstrate how easy it is to phish is actually what seems to wake organizations up to why phishing-resistant authentication is so important. When people see firsthand the ease at which you can steal credentials, and it not just talked about in theory, is when that light switch sort of turns on for them. It's also something any organization can do themselves without a lot of effort, if they wanted to test things out themselves to help promote the need to advanced security for authentication. Lastly even though we continually have new features in Microsoft Defender for protecting users from phishing, the threat actors always seem to be one step ahead, but with phishing-resistant authentication it doesn't matter what or how the attack looks, that the strong phishing-resistant authentication is really the thing keeping our users and company safe.

Q. What is the sizzle?
A. Companies really need to start investigating or accelerating their user of phishing-resistant authentication now. They can't keep thinking or saying "it won't happen to them" as you see attacks on all sorts of organizations these days, and it's just too easy to steal credentials.

Q. What was your first job out of hire school?
A. If this is high school - I was a groundskeeper at a hospital during the summer
 
Q. What's your biggest nightmare project you have worked on … And what did you learn from this experience?
A. I was on an identity governance project that just tanked - I was brought into a project that was poorly scoped, poorly aligned with the customer, and it was a lack of support from management at the place I was at along with a lack of change management uptake on the customers part that really hindered the project, as well as just cutting things too tight - it was a 3rd party product that nobody knew how to use, training was minimal, product was complex, but it all could have been avoided if properly planned. I was working as an Identity Architect consulting at the time and it really was the nail in the coffin for wanting to consult, at least not when projects aren't more on my terms to ensure success.
 
Q. What’s the best and worst tech advice you’ve been given?
A. Best - That security projects need to be looked at as iterative, and that we need to stop seeing projects as this waterfall with a start and finish. Worst - whenever I had perhaps tried to guess at an answer instead of saying I don't know, but I'll get the answer and get back to you. As you get older you learn to put your ego aside.
  
Q. Where do you want to be in 5 years?
A. That's a big question - I really enjoy where I am and what I'm doing, but I also sometimes aspire to consult at times, but would really want to do advisory services only, and certainly want to continue speaking and blogging and supporting education in the community.
 
Q. What's your blind spot in your Microsoft knowledge? Pitfalls
A. relative to what I do and need to know, probably devices and Intune and the intersection of that with security.
 
Q. Where do you source your knowledge? - Twitter- who do you follow, site urls
A. Twitter - it's a long list, a lot of infosec folks as well as a lot of other MVPs. I'm also a member of an EMS Discord, and honestly a lot of MS docs are quite informative, it's just a matter of knowing how to find your answers. Also big on joining the Microsoft Customer Connected Programs as they are a great source of PG and community knowledge.
  
Q. Where can people find you?
A. Twitter - @ericonidentity, LinkedIn I'm also ericonidentity, as well as BlueSky and Mastodon and I have my blog, ericonidentity.com which also has all my social media handles and the such. I'll also be speaking at various M365 and security conferences this year.