Blog

(Podcast) Identity Protection with DFI, Entra ID, and more

“Defend Your Time” is the podcast dedicated to helping security leaders get more out of their Microsoft security investments. Listen and subscribe through Spotify or Apple Podcasts

In this episode, we go deep on Identity Protection with Ryan Huls, a Microsoft security expert at Ontinue, and Rob Smith, CEO and founder of Lionfish Tech Advisory. Ryan and Rob talk about the new Attack Surface Map in the Defender console, risk-based conditional access, and modern versus legacy multi-factor authentication methods.  

  • Introduction and Setup (0:00)
  • Why Identity Matters (1:02)
  • Identity Protection within the Microsoft 365 Suite (2:44)
  • Relying on Legacy Authentication Methods without Realizing It (7:03)

Related resource: Guide: Maximizing your Microsoft Licensing to Reduce Costs and Increase Security

Why Identity Matters

Rob Smith, a former Gartner analyst and executive at Verisign, emphasizes that identity is the cornerstone of cybersecurity. He explains that even the most robust security systems can be compromised if a user’s identity is breached. According to Rob, 80% of all attacks are identity-based. 

Identity Protection within the Microsoft 365 Suite

Ryan Huls discusses how Ontinue helps protect user environments by deploying Microsoft Defender for Identity sensors both on-premises and in the cloud. He describes the relatively new Attack Surface Map, which allows security analysts to explore assets and connections to visualize potential paths that an attacker might take. 

Rob and Ryan also touch on the complexities of Microsoft licensing. They note that while MFA (Multi-Factor Authentication) is now included in E3 licenses, the more advanced risk-based conditional access is available in E5. This feature not only verifies user identity through MFA but also monitors patterns of behavior to ensure continuous security.

Relying on Legacy Authentication Methods without Realizing It

Ryan warns that many companies don’t realize they are still using legacy authentication methods, which are vulnerable to breaches. They may not realize they’re allowing SMS and voice calls for MFA, particularly if their Azure authentication methods policy is set to the pre-migration or progress stage. He advises organizations to transition to modern authentication methods before Microsoft discontinues support for legacy systems on September 30, 2025.

Conclusion

Identity is the most crucial aspect of cybersecurity. As Rob succinctly puts it, “Identity matters most.” By focusing on robust identity protection measures, organizations can significantly reduce their risk of cyberattacks. For more insights and to strengthen your identity security, join our Defender User Group and connect with other Microsoft Security product users.

Thank you for tuning in to “Defend Your Time.” Subscribe to stay updated on the latest in cybersecurity.

Sharing
Article By

Ontinue
AI-Powered MXDR

We detect and respond to security threats. Quickly. With AI-driven automation that enables smarter, faster decision-making and action. But we’re also in the business of preventing threats—with always-on protection that keeps going. And learning. And improving. Well past your previous definition of secure.