Workplace Ninja Summit 2024: Full Schedule

13:15 CEST

Forward to the Past and Back to the Future - Cybercrime in 2023/2024

Monday September 16, 2024 13:15 - 14:15 CEST

Join Sami Laiho, Chief Research Officer of Adminize, for a look back in to what 2023 changed in the Security Threat Landscape and to hear his predictions on what will the future have in store for us.

Speakers

Sami Laiho

Chief Research Officer, Matti Laiho Oy

Sami Laiho is one of the world's leading professionals in the Windows OS and Security. Sami has been working with and teaching OS troubleshooting, management, and security since 1995. Sami's session was evaluated as the best session in TechEd North America, Europe and Australia in... Read More →

Sami Laiho F2PandB2F pdf

Monday September 16, 2024 13:15 - 14:15 CEST
Luzerner Saal

Security

Session format Breakout session (60 min)
Subjects Endpoint Management, Microsoft Intune, Security, AVD, Azure AD, Windows 365, Conditional Access, Windows Client OS, Linux, Identity, Sentinel, MicrosoftXDR, Zero Trust, Security Copilot
Level Intermediate

14:30 CEST

Navigating the Battlefield: Leveraging MITRE ATT&CK Tactics

Monday September 16, 2024 14:30 - 15:30 CEST

Clubraum 1

The current threat landscape necessitates organizations to proactively detect and remediate vulnerabilities before attackers discover and exploit them. The MITRE ATT&CK framework acts as a repository of tactics, techniques, and procedures that security professionals use to understand the behavior of attackers. Using the MITRE ATT&CK knowledge base that maps external and internal TTP, red teams can develop threat models and methodologies for more effective attacks. Researching the TTP through MITRE ATT&CK will enable analysts and defenders to better understand threats against their organizations or enterprises.

The session aims to better understand the importance of MITRE ATT&CK tactics in a live demo. The session will also demonstrate how Microsoft products use MITRE ATT&CK for SOC operations.

In the session:
- An introduction to MITRE ATT&CK tactics and techniques
- Designing breach and attack simulations process with the help of MITRE ATT&CK
- How Microsoft 365 Defender and Microsoft Sentinel use MITRE ATT&CK

Speakers

Sergey Chubarov

Ethical Hacker

Sergey Chubarov is a Security and Cloud Expert, Instructor with 15+ years' experience on Microsoft technologies.His day-to-day job is to help companies securely embrace cloud technologies.He has certifications and recognitions such as Microsoft MVP: Security, OSCP, OSEP, eCPPT, eCPTX... Read More →

MITRE WPNinja pptx

Monday September 16, 2024 14:30 - 15:30 CEST
Clubraum 1

Security

Session format Breakout session (60 min)
Subjects Security, MicrosoftXDR, Security Copilot
Level Advanced

15:45 CEST

Navigating the SaaS Attack Landscape: How Microsoft Defender for Cloud Apps Can Protect Your Busines

Monday September 16, 2024 15:45 - 16:45 CEST

Clubraum 1

In this session, we delve into the evolving threats within the SaaS application ecosystem, examining recent trends and the innovative techniques employed by adversaries. We will explore the challenges faced by defenders in securing the SaaS surface against emerging attack techniques. We will discuss the importance of Microsoft Defender for Cloud Apps as part of Microsoft Defender XDR in scoping and containing sophisticated attacks. Additionally, we will address the critical role of SaaS Security Posture Management (SSPM) in early identification of risky configurations and the necessity for a research-led approach to SSPM enhancements. Join us as we share insights on recent product advancement to stay ahead of the adversary pace.

Speakers

Ran Marom

Group Product Manager, Microsoft

Ran is the group product manager for Microsoft Defender for Cloud Apps, previously to Microsoft Ran was leading security products in different domains such as cloud-native and network security

Maayan Bar-Niv

General Manager, Defender for Cloud Apps, Microsoft

Maayan Bar-Niv serves as the General Manager of Microsoft Defender for Cloud Apps, where she leads the charge in advancing SaaS threat protection in Microsoft Security. With a rich background in cybersecurity and IT solutions, over a decade at Microsoft, and a track record of spearheading... Read More →

Navigating the SaaS Attack Landscape How Microsfot Defender for Cloud Apps Can Protect Your Business pdf

Monday September 16, 2024 15:45 - 16:45 CEST
Clubraum 1

Security, Defender for Cloud Apps

Session format Breakout session (60 min)
Subjects Azure AD, Sentinel, Security, MicrosoftXDR
Level Advanced
Area Microsoft

15:45 CEST

Strong Authentication with Entra Certificate-Based Authentication

Monday September 16, 2024 15:45 - 16:45 CEST

Clubraum 2

Identity is the most critical aspect of security. Ensuring that users are who they claim to be is vital. Today, usernames and passwords alone are insufficient. Although Multifactor Authentication (MFA) mitigates some risks associated with standard credentials, digital certificates are a better choice. Organizations can improve their security posture by adopting strong, phishing-resistant credentials in digital certificates by implementing Microsoft Entra Certificate-Based Authentication (CBA).

Speakers

Richard Hicks

President, Richard M. Hicks Consulting, Inc.

Richard Hicks is the founder and principal consultant at Richard M. Hicks Consulting, Inc. A Microsoft Most Valuable Professional (MVP) with more than 25 years of experience implementing secure remote access and public key infrastructure (PKI) solutions, he is a widely recognized... Read More →

Strong Authentication with Entra Certificate Based Authentication pptx

Monday September 16, 2024 15:45 - 16:45 CEST
Clubraum 2

Security

Session format Breakout session (60 min)
Subjects Endpoint Management, Microsoft Intune, Security, Conditional Access, Windows Client OS, Compliance, Identity, Zero Trust
Level Intermediate

17:00 CEST

Eliminate privileged Entra roles in your tenant

Monday September 16, 2024 17:00 - 18:00 CEST

Auditorium

Environments with multiple Global Administrators, Intune Administrators and Security Administrators are a nightmare for every Microsoft Security Consultant.
Therefore it is important to implement least privilege, protect critical access and apply just in time access.

During this session we will in take a deep dive into the world of Intune Scope Tags, Entra Administrative Units, Defender Device groups and how to leverage access to those objects using Privileged Identity Management.

We provide you valuable insights from our experience deploying these solutions with large enterprise customers.

Speakers

Janic Verboon

Senior Endpoint Engineer, baseVISION AG

Endpoint Engineer with interests in everything Intune & Entra related, enjoys a good beer 🍺 and is a big fan of heavy & loud music 🤘

Nicola Suter

Security Consultant & MVP, baseVISION

Building cyber defense with the latest Microsoft technology available today - to defeat tomorrows threats. Passionately curious about all things related to tech, real-world-proven about topics such as identity, endpoint management and security.

Eliminate privileged Entra roles in your tenant pdf

Monday September 16, 2024 17:00 - 18:00 CEST
Auditorium

Security, Role Based

Session format Breakout session (60 min)
Subjects Security, Microsoft Intune, Identity, Zero Trust, MicrosoftXDR, Azure AD
Level Expert

17:00 CEST

Unified SOC platform

Monday September 16, 2024 17:00 - 18:00 CEST

Clubraum 1

Presenting the next generation of SOC platforms - the unified platform bringing the power of out-of-the-box protection value of the XDR suite along with the customizability of SEIM, protecting all org assets.

Speakers

Hadar Feldman

XDR GPM, Microsoft

started my journey as a security researcher in the endpoint world, moved to building defender for endpoint experiences and capabilities as a product manager, and managed several product team focusing in investigation experience and protection toolset.

Monday September 16, 2024 17:00 - 18:00 CEST
Clubraum 1

Security

Session format Breakout session (60 min)
Subjects Security, Sentinel, Identity, MicrosoftXDR, Security Copilot
Level Intermediate

08:00 CEST

Detecting and responding to next generation threats with Defender for Office 365

Tuesday September 17, 2024 08:00 - 09:00 CEST

Clubraum 2

In this session we will cover how organizations are using Defender for Office 365 to detect and respond to new and emerging collaboration threats including phishing and BEC. We will walk through how SOC teams can be more effective and efficient using the power of XDR as well as build user resilience to new and emerging threats.

Speakers

Sumit Malhotra

Group Product Manager, Microsoft

Leading teams on our vision and delivery of enterprise security focused solutions for our M365 customers. Driving rapid improvements in end users and security teams' resilience to emerging threats through automation in awareness, detection, investigation and response.

Girish Chander

General Manager, Microsoft

Protecting against next gen email and collab threats pptx

Tuesday September 17, 2024 08:00 - 09:00 CEST
Clubraum 2

Security, XDR

Session format Breakout session (60 min)
Subjects Security, MicrosoftXDR, Automation
Level Advanced
Area Microsoft

08:00 CEST

Let’s replace your VPN with a real Zero Trust Network Access !

Tuesday September 17, 2024 08:00 - 09:00 CEST

Clubraum 1

We've spent the last few years modernizing clients, kicking them out of Active Directory and optimizing them to run outside the corporate network. The use of modern protocols, conditional access and the integration of MDE and Intune now enables us to access cloud services with access management that largely complies with the principles of zero trust.

However, when it comes to accessing legacy apps in the old data center world, we unfortunately all too often fall back on the old solutions - perhaps enhanced with some SAML and certificates - and features such as microsegmentation and session revocation are sought in vain.

In this session I would like to discuss and show why Microsoft's SSE solution is so much closer to my understanding of Zero Trust Network Access by explicitly checking every session in the network during its establishment, limiting access to the least necessary and disconnecting in case of a breach.

As a security architect who used to deal intensively with networks and in recent years with identity, I am very much looking forward to a deep dive on the topic of Single SignOn when accessing the OnPrem environment with Private Access.

In addition to the way the technology works, you will learn what needs to be considered during POC and rollout and what differences there are to a classic VPN project.

Speakers

Christopher Brumm

Cyber Security Architect, glueckkanja AG

I am a big fan of Microsoft Cloud Security products because there my two favorite topics Identity and Security work together in a unique way. I've been working in IT for quite a while and have almost 15 years of experience in IT security in various roles. At the moment I am a Cybersecurity... Read More →

WPNinja24 Lets replace your VPN with a real Zero Trust Network Access pdf

Tuesday September 17, 2024 08:00 - 09:00 CEST
Clubraum 1

Security, Zero Trust

Session format Breakout session (60 min)
Subjects Security, Azure AD, Conditional Access, Identity, Zero Trust
Level Advanced

09:20 CEST

No Country for Old Hackers: A Journey inside Passwordless Authentication with Passkey’s

Tuesday September 17, 2024 09:20 - 10:20 CEST

Clubraum 1

Think you know Passwordless Authentication? Well, think again. In this deep dive session, Join Microsoft MVP, Andy Malone as he takes you on a journey inside the next generation of Passwordless authentication using FIDO technologies. Now that FIDO keys have become virtual and can be deployed via any mobile device or desktop. Design to thwart hackers and ensure your digital world remains secure. With discussions, demos, tips and advice. Andy will walk you through all aspects of exactly what Passkey’s are, how they work and of course how to manage them.

Speakers

Andy Malone

Microsoft 365 Expert, Worldwide Speaker, YouTuber, Tech Instructor, Author, Quality Training Ltd

Andy Malone MVP, MCTWinning the coveted Microsoft Speaker Idol competition in 2006 catapulted Andy into a prestigious international speaking career. Today, Andy is not only a world class conference speaker but is also a renowned security & technology expert who has delivered ground-breaking... Read More →

No Country for Old Hackers A Journey inside Passwordless Authentication with Passkey’s pdf

Tuesday September 17, 2024 09:20 - 10:20 CEST
Clubraum 1

Security, Password-less

Session format Breakout session (60 min)
Subjects Security, Azure AD, Sentinel, Zero Trust
Level Intermediate

10:40 CEST

Defending endpoints like a pro: path to mastery

Tuesday September 17, 2024 10:40 - 11:40 CEST

Auditorium

Have you always wanted to understand the inner workings of Defender for Endpoint, to improve your troubleshooting skills or to help customers get successfully set up in their unique environment?

Join this session to gain a deeper understanding of Defender for Endpoint, how it works, what to keep an eye on and how to ensure smooth operation in a variety of environments. We will walk through architecture, deployment, portal setup and (security) operations as well as troubleshooting - giving you the tools you need to defend endpoints like a pro!

In addition, you will get a glimpse of where the product is heading in the future.

Speakers

Paul Huijbregts

Principal Product Manager, Microsoft

Paul works at Microsoft as a Principal Product Manager for Defender for Endpoint. As a seasoned technologist and a subject matter expert in endpoint and cloud security, he is always open to gathering feedback for the product, sharing knowledge and helping others to be successful... Read More →

Defender for Endpoint Huijbregts Defending Endpoints Tues pptx

Tuesday September 17, 2024 10:40 - 11:40 CEST
Auditorium

Security, Defender for Endpoint

Session format Breakout session (60 min)
Subjects Security, Windows Client OS, Endpoint Management, MicrosoftXDR
Level Expert
Area Microsoft

12:40 CEST

Reimagine your security operations with a unified platform

Tuesday September 17, 2024 12:40 - 13:40 CEST

Luzerner Saal

Modern security teams use various tools like SIEM, XDR, SOAR, UEBA, exposure management, and threat intelligence. However, these tools generate a large number of alerts and security signals, making it difficult for security professionals to manage them efficiently. In this session, Ramya Chitrakar will discuss how a unified security operations platform can break down these silos with a seamless experience, allowing security admins and analysts to work more effectively to level up your company’s defenses and ultimately bring down your MTTR in the case of an attack.

Speakers

Ramya Chitrakar

Corporate Vice President - Microsoft Defender for Office 365, Microsoft Defender for Cloud Apps and Microsoft Defender for Identity, Microsoft

Ramya Chitrakar is Corporate Vice President for core Security products, including Microsoft Defender for Cloud Apps, Microsoft Defender for Office 365, and Microsoft Defender for Identity all part of Microsoft Threat Protection and drives product strategy and engineering execution... Read More →

Tuesday September 17, 2024 12:40 - 13:40 CEST
Luzerner Saal

Security, Keynote

Session format Keynote
Subjects Security, Sentinel, Zero Trust, MicrosoftXDR, Security Copilot
Level Intermediate
Area Microsoft

14:00 CEST

Taking automated protection to the next level: Attack Disruption 2.0

Tuesday September 17, 2024 14:00 - 15:00 CEST

Clubraum 1

Automatic attack disruption, offered by Microsoft’s Unified Security and Operations Platform, provides out-of-the-box protection to its customers.

In this session, we will update you on the current status, recent advancements, and future plans in the area of threat intelligence and data-science based disruption.

The talk will also include a technical deep-dive into a real-life incident.
We will conclude by showing what you need to do to maximize the benefit of this powerful capability.

Speakers

Hadar Feldman

XDR GPM, Microsoft

Tuesday September 17, 2024 14:00 - 15:00 CEST
Clubraum 1

Security, Attack Disruption

Session format Breakout session (60 min)
Subjects Security, Automation, MicrosoftXDR
Level Intermediate
Area Microsoft

15:20 CEST

AI for Next-Gen Security: OpenAI and Copilot for Security Synergy

Tuesday September 17, 2024 15:20 - 16:20 CEST

Clubraum 2

This demo-based session explores the potent collaboration between OpenAI and Copilot for Security.

Discover how the fusion of artificial intelligence is revolutionizing threat detection, response strategies, and proactive risk mitigation.

The session contains following topics:
- How AI used by attackers
- How Copilot for Security works
- Setting up security using with AI
- Detect threats with the AI-assistant
- Give a quick and informative AI-driven response
- A few words about licensing

Speakers

Sergey Chubarov

Ethical Hacker

AI WPNinja pptx

Tuesday September 17, 2024 15:20 - 16:20 CEST
Clubraum 2

Security, AI

Session format Breakout session (60 min)
Subjects Sentinel, Security, Security Copilot
Level Advanced

15:20 CEST

Kerberos is alive and kicking in the cloud

Tuesday September 17, 2024 15:20 - 16:20 CEST

Clubraum 1

Microsoft first introduced Kerberos as an authentication protocol in Windows 2000 Active Directory. Since then, many extensions to the protocol have been introduced to allow for constrained delegation, protocol translation and more. You may be surprised that Kerberos is still actively used in Microsoft Entra and solves several challenges, including SSO for hybrid users, hybrid user sign-ins using FIDO keys, Kerberos sign-in to Windows auth websites, and user authentication to cloud-hosted SMB file share.

Come to this session, and John Craddock will show you how Kerberos works and how Microsoft has implemented Kerberos in the cloud. This is packed with demos and insights that will allow you to troubleshoot your environments. Don't miss this session!

Speakers

John Craddock

Identity and security architect, XTSeminars Ltd

John has designed and implemented computing systems ranging from high-speed industrial controllers to distributed IT systems focusing on security and high availability. A key player in many IT projects for industry leaders, including Microsoft, the UK Government and multi-nationals... Read More →

Kerberos is alive and kicking in the cloud pdf

Tuesday September 17, 2024 15:20 - 16:20 CEST
Clubraum 1

Security, Identity

Session format Breakout session (60 min)
Subjects Security, Conditional Access, Zero Trust
Level Intermediate

16:40 CEST

Improve your resilience with cybersecurity table-top exercises

Tuesday September 17, 2024 16:40 - 17:40 CEST

Clubraum 2

This session will provide a comprehensive introduction to tabletop cybersecurity exercises, focusing on their importance, design, and execution. Participants will gain insights into the benefits of conducting tabletop exercises, including improved incident response readiness, enhanced communication and coordination among stakeholders, and identification of gaps in policies and procedures. Practical guidance will be provided on structuring exercises to align with organizational objectives, selecting relevant scenarios, and engaging participants effectively.

Speakers

Stefan Schörling

Security and Infra Geek - Onevinn AB, Onevinn

Stefan Schörling has over 25 years of experience from working with Cybersecurity.Today Stefan is helping customers to be successful with implementing and adopting Cloud Security with a focus on Azure and Microsoft 365.For the last 15+ years he has been awarded as a Microsoft MVP... Read More →

Mattias Borg

Cyber Security Geek, Mattias Borg

Incident Response Specialist with focus on Threat hunting in the Microsoft defense stack.Cyber Security consultant and Threat HunterResearching vulnerabilities when not working for customers.MSRC Security Research Acknowledgement (2018,2022,2023)CVE-2022-26788Speaker:Teamsdagen 2023... Read More →

WP Improve your resillience with cybersecurity tabletop exercises pdf

Tuesday September 17, 2024 16:40 - 17:40 CEST
Clubraum 2

Security

Session format Breakout session (60 min)
Subjects Security
Level Intermediate

08:00 CEST

Beyond the Thunderdome: Microsoft 365 Guest & External Access Inside & Out!

Wednesday September 18, 2024 08:00 - 09:00 CEST

Auditorium

Guest access and external sharing are such an important collaborative feature in both Microsoft Azure and Microsoft 365. But, setting incorrect permissions, or selecting the wrong settings can cause access problems or even serious data leakage. In this fascinating deep dive, join award winning international speaker, YouTuber, and Microsoft MVP Andy Malone as he discusses everything you’ll need to know to correctly implement, manage and troubleshoot external access. Also, Andy will bring you up to date with the very latest developments, including both new and incoming features. If you’re looking to learn how to manage guests, then this will be a demo packed session not to miss.

Speakers

Andy Malone

Microsoft 365 Expert, Worldwide Speaker, YouTuber, Tech Instructor, Author, Quality Training Ltd

Beyond the thunderdome pdf

Wednesday September 18, 2024 08:00 - 09:00 CEST
Auditorium

Security, Identity

Session format Breakout session (60 min)
Subjects Identity
Level Intermediate

08:00 CEST

Everything you need to know about Microsoft's new Defender for Identity sensor

Wednesday September 18, 2024 08:00 - 09:00 CEST

Clubraum 1

In this session we will dive into the new Defender for Identity sensor, why it is being built, how the different components work, and what the future holds.

Speakers

Martin Schvartzman

Principal Product Manager, Microsoft

Martin is a Principal Product Manager in the Microsoft Defender for Identity team. Has over 20 years of experience in the technology industry, primarily around IT and Cyber Security with vast knowledge of Cloud Services. Martin is passionate about technology and innovation, and he... Read More →

New MDI Sensor Martin Schvartzman Day 3 pdf

Wednesday September 18, 2024 08:00 - 09:00 CEST
Clubraum 1

Security, Defender for Identity

Session format Breakout session (60 min)
Subjects Identity, MicrosoftXDR, Security
Level Expert
Area Microsoft

09:20 CEST

Troubleshooting Modern Authentication Protocols – OAuth 2.0 & OpenID Connect

Wednesday September 18, 2024 09:20 - 10:20 CEST

Clubraum 1

If you have been working with claims-aware apps, you may have experience with WS-Federation and SAML. As we move into a new era of authentication and delegation, the modern authentication protocols OpenID Connect and OAuth 2.0 are becoming predominant. Giving us seamless authentication with perhaps SSO when it all works, but what if it doesn’t, do you know how to troubleshoot?
Come to this deep-dive session with John Craddock, and he will share his extensive real-world experience. You will learn how to rapidly troubleshoot issues and identify the source of the problem whether it be an application issue or as the result of a misconfigured identity provider (IdP). You will discover how to troubleshooting with Entra ID as the IdPs. The session is packed with demos, the session will be high on the geek meter scale and shouldn’t be missed.

Speakers

John Craddock

Identity and security architect, XTSeminars Ltd

Troubleshooting OpenID Connect and OAuth2.0 pdf

Wednesday September 18, 2024 09:20 - 10:20 CEST
Clubraum 1

Security, Identity

Session format Breakout session (60 min)
Subjects Security, Identity, Zero Trust
Level Advanced

10:40 CEST

Managing security like a pro: the less technical side of cyber security.

Wednesday September 18, 2024 10:40 - 11:40 CEST

Clubraum 2

It is not easy to keep up when both cyber security threats and products evolve at light speed. Throw into the mix cyber security insurance and increased regulations, and you get a potentially explosive cocktail that requires just a little more than configuring a few security products. In this session, Michael will guide you through how to create, maintain and implement a security strategy that will help you do the right thing at the right time.

Speakers

Michael Van Horenbeeck

CEO, The Collective

Michael Van Horenbeeck is an expert in Cloud Security, Compliance, and Identity Management, holding both the Microsoft Certified Solutions Master (MCSM) certification and the Microsoft Most Valuable Professional for Security (MVP) award simultaneously.As CEO and Sr. Architect at The... Read More →

Wednesday September 18, 2024 10:40 - 11:40 CEST
Clubraum 2

Security

Session format Breakout session (60 min)
Subjects Security
Level Intermediate

10:40 CEST

Zero Trust - Dope or Nope?

Wednesday September 18, 2024 10:40 - 11:40 CEST

Auditorium

Zero Trust must be the worst name in the history of Security. But is it just a bad name? Does it really offer worthwhile goals or is it an overkill? I hear sales pitches for it, like for many other security solutions, that concentrate on "What we can't allow anymore because of changed security landscape" all the time. Why does security have to be so negative? A well done Zero Trust environment gives you "the ability to work as efficiently and securely, whether you are sitting in Starbucks or the corporate office" - Which I believe most of us want. Come and listen to this talk about rights and wrongs of how to achieve Zero Trust and how keep Security as what it's meant to be - a support function for a happy workforce.

Speakers

Sami Laiho

Chief Research Officer, Matti Laiho Oy

Sami Laiho Zero Trust Dope or Nope pdf

Wednesday September 18, 2024 10:40 - 11:40 CEST
Auditorium

Security

Session format Breakout session (60 min)
Subjects Endpoint Management, Microsoft Intune, Security, Conditional Access, Sentinel, Windows 365, Identity, MicrosoftXDR, Zero Trust
Level Intermediate

14:00 CEST

Entra Suite deep dive

Wednesday September 18, 2024 14:00 - 15:00 CEST

Clubraum 2

Learn how to securely manage your Identity and remote access across the enterprise, from private resources to Internet ones

Speakers

Peter Lenzke

Sen. Product Manager, Microsoft Corp.

Working in IT for 15+ years and for the last 12 years at Microsoft. Being a Program Manager in the identity division making Entra better every day.

Security Lenzke EntraSuite deepdive Wednesday pptx

Wednesday September 18, 2024 14:00 - 15:00 CEST
Clubraum 2

Security, Identity

Session format Breakout session (60 min)
Subjects Identity, Security, Conditional Access
Level Intermediate

14:00 CEST

Exceptional Detections in Your Microsoft Security Stack

Wednesday September 18, 2024 14:00 - 15:00 CEST

Clubraum 1

In session where we learn the fundamental concepts of detection engineering and receive guidance on creating the best detections in your Microsoft Security stack

Speakers

Gianni Castaldi

Kustoking and NinjaCat, KustoWorks

Gianni Castaldi is a NinjaCat @ KustoWorks, he started in IT in 2008 and in cybersecurity since 2017. His blogs can be read at kustoking.com and on medium.com/@giannicastaldiHe spends most of his time securing companies with the Microsoft Security Stack, Palo Alto Networks, and Tenable... Read More →

Creating exceptional security detections within Your Microsoft Security stack pdf

Wednesday September 18, 2024 14:00 - 15:00 CEST
Clubraum 1

Security

Session format Breakout session (60 min)
Subjects Security, Sentinel, MicrosoftXDR
Level Advanced

15:20 CEST

Conditional Access, from basic to advanced: Part 1, basic scenarios

Wednesday September 18, 2024 15:20 - 16:20 CEST

Clubraum 1

This session, which is part 1 of a 2 part workshop, Kenneth van Surksum will take your Microsoft Entra Conditional Access knowledge from basic to advanced. In part 1, we will go through the basics of designing and implementing Conditional Access. Kenneth will explain what Conditional Access is, how to create your own Conditional Access policies and will share his best practices based on years of experience implementing Conditional Acces at many customers. Kenneth will share his basic set of Conditional Access policies, to give you a head start for your own Conditional Access implementation.

Speakers

Kenneth van Surksum

Modern Workplace Consultant, Secure At Work

As a Microsoft 365 Modern Workplace consultant I help customers implement modern workplace solutions based on top of theirMicrosoft 365 licensing, leveraging products like Microsoft Intune, Microsoft Entra, Microsoft Defender, Exchange Online, Microsoft Teams, Microsoft SharePoint... Read More →

WPNinjaSummit2024 Conditional Access implementation from basic to advanced part 1 the basics sched pdf

Wednesday September 18, 2024 15:20 - 16:20 CEST
Clubraum 1

Security, Conditional Access

Session format Breakout session (60 min)
Subjects Security, Azure AD, Compliance, Microsoft Intune
Level Advanced

16:40 CEST

Conditional Access, from basic to advanced: Part 2, advanced scenarios

Wednesday September 18, 2024 16:40 - 17:40 CEST

Clubraum 1

This session, which is part 1 of a 2 part workshop, Kenneth van Surksum will take your Microsoft Entra Conditional Access knowledge from basic to advanced. In part 2, we will go through the advanced scenarios you can implement with Conditional Access allowing you to take your Conditional Access policies one step further. Kenneth will talk about integrating Conditional Access with Microsoft Defender for Cloud Apps and Microsoft Purview, but will also explain how to leverage Authentication Context, Authentication Strength, Authentication Flow, Filters and more.

Speakers

Kenneth van Surksum

Modern Workplace Consultant, Secure At Work

WPNinjaSummit2024 Conditional Access implementation from basic to advanced part 2 advanced scenarios sched pdf

Admin Step UP MFA Authentication Strength mp4

Wednesday September 18, 2024 16:40 - 17:40 CEST
Clubraum 1

Security, Conditional Access

Session format Breakout session (60 min)
Subjects Endpoint Management, Microsoft Intune, Security, Azure AD, Conditional Access, Identity, Windows Client OS, Zero Trust
Level Expert

16:40 CEST

Deep Dive into Multi-Cloud Security with Microsoft Defender for Cloud

Wednesday September 18, 2024 16:40 - 17:40 CEST

Clubraum 2

Learn how to transition from a siloed approach to a cohesive, risk-based cloud security model. This session covers the complete security lifecycle, from posture management to workload protection, across multi-cloud environments. Discover how CNAPP helps Microsoft protect against multi-vector attacks and ensures end-to-end security through the SDLC and runtime. Join this demo session to explore the latest CNAPP use cases and scenarios, and the integration of XDR and exposure management with Microsoft Defender for Cloud.

Speakers

Lior Arviv

Senior Product Manager, Microsoft

Lior Arviv is a Senior Product Manager on the Defender for Cloud team, with over 15 years of experience in Microsoft technologies, particularly in cloud services and security. Passionate about innovation, Lior is dedicated to developing products that simplify complex challenges and... Read More →

MDC Arviv Multi Cloud Security Day 3 pdf

Wednesday September 18, 2024 16:40 - 17:40 CEST
Clubraum 2

Security, Defender for Cloud

Session format Breakout session (60 min)
Subjects Security
Level Advanced
Area Microsoft

08:00 CEST

Entra Private Access deep dive

Thursday September 19, 2024 08:00 - 09:00 CEST

Clubraum 1

Learn in depth about Entra Private Access integration with Entra ID for Zero-trust VPN replacement and on prem MFA capabilities

Speakers

Peter Lenzke

Sen. Product Manager, Microsoft Corp.

Working in IT for 15+ years and for the last 12 years at Microsoft. Being a Program Manager in the identity division making Entra better every day.

Security Lenzke Entraprivateaccess deepdive Thursday no videos pptx

Thursday September 19, 2024 08:00 - 09:00 CEST
Clubraum 1

Security, Private Access

Session format Breakout session (60 min)
Subjects Security, Identity, Zero Trust
Level Advanced

08:00 CEST

Securing the Unseen: Microsoft Defender for IoT Explained

Thursday September 19, 2024 08:00 - 09:00 CEST

Clubraum 2

As organizations increasingly adopt Internet of Things (IoT) devices, ensuring their security becomes paramount. Microsoft Defender for IoT offers a multi-layered defense approach, combining agentless monitoring via passive network traffic analysis (NTA) with endpoint micro-agents. In this session, we’ll delve into the architecture, deployment strategies, and real-world use cases of Defender for IoT. Join us to learn how to protect your IoT devices effectively and enhance your overall security posture.

Speakers

Alain Schneiter

Partner | Solutions Architect, scopewyse GmbH

Alain (Al) Schneiter is one of the scopewyse founders and an Microsoft Secuirty MVP. As an experienced solutions architect he is supporting clients and partners in training, concepts, designs and implementations using cloud solutions from Microsoft Azure and Microsoft 365. Alain is... Read More →

Thursday September 19, 2024 08:00 - 09:00 CEST
Clubraum 2

Security, IOT

Session format Breakout session (60 min)
Subjects MicrosoftXDR, Zero Trust, Sentinel
Level Advanced

09:20 CEST

Copilot for Security

Thursday September 19, 2024 09:20 - 10:20 CEST

Clubraum 2

Deep dive in Copilot for Security which will encompass a combination of embedded functionalities as well as standalone use cases.

Speakers

Gabriel Tiberiu Damaschin

Product Manager - Copilot for Security - Microsoft, Microsoft

I am a Product Manager with a keen focus on Copilot for Security. My expertise in this domain has been central to spearheading advancements and delivering robust cybersecurity solutions. I am deeply invested in understanding the intricacies of the security landscape and am committed... Read More →

Thursday September 19, 2024 09:20 - 10:20 CEST
Clubraum 2

Security

Session format Breakout session (60 min)
Subjects Security Copilot, MicrosoftXDR
Level Expert
Area Microsoft

09:20 CEST

Most common misconfigurations identified during our Red Team engagements

Thursday September 19, 2024 09:20 - 10:20 CEST

Clubraum 1

Explore prevalent misconfigurations uncovered in red team engagements and learn how to mitigate them. Gain practical insights into identifying and addressing vulnerabilities to strengthen your organization's defenses against cyber threats.

This session offers valuable insights into fortifying your defenses against sophisticated adversaries

Speakers

Stefan Schörling

Security and Infra Geek - Onevinn AB, Onevinn

Mattias Borg

Cyber Security Geek, Mattias Borg

WP Most common misconfiguration identified during our Red Team engagements upload pdf

Thursday September 19, 2024 09:20 - 10:20 CEST
Clubraum 1

Security, Tips

Session format Breakout session (60 min)
Subjects Windows Client OS, Security, Identity
Level Intermediate

10:40 CEST

Control Plane under Control: Securing Privileged Access by Microsoft Enterprise Access Model

Thursday September 19, 2024 10:40 - 11:40 CEST

Clubraum 1

Over the last years, Microsoft has released many design principles, best practices and security concepts for securing privileged access in a Microsoft Cloud environment. This includes also the "Enterprise Access Model" as an evolution of the previously known (Active Directory) ESAE approach.

But what are real-world experiences and examples of implementing those reference architecture? Which security controls should be applied? Who and what should be defined as "Tier0" or "Control Plane"? Which privilege escalation paths should be considered even in a tiered administration model?

In this demo-drive session, I will share my learnings and practical approach to identify, protect and monitor the high-privileged assets in Microsoft Entra. We will go through related features and monitoring capabilities but also limitations to implement a tiered administration model in a cloud environment. In addition, I will show insights of my free commmunity tool "EntraOps" which allows to automate classification and protection of privileged assets in your environment.

Speakers

Thomas Naunheim

Thomas Naunheim is a Cyber Security Architect from Germany and with focus on identity and security solutions in Microsoft Azure. He is working for glueckkanja AG and part of projects to design and implement Microsoft cloud identity and security solutions in enterprise environments.You... Read More →

Control Plane under Control pdf

Thursday September 19, 2024 10:40 - 11:40 CEST
Clubraum 1

Security, Identity

Session format Breakout session (60 min)
Subjects Azure AD, Sentinel, Identity, MicrosoftXDR, Zero Trust
Level Advanced

12:40 CEST

One Year of Fighting Adversary-in-the-Middle, notes from the field

Thursday September 19, 2024 12:40 - 13:40 CEST

Clubraum 2

Last 1,5 year we were faced with a new advanced phishing technique, called adversary-in-the-middle. This is an advanced method to bypass multiple forms of MFA.

In this session Kenneth and Erik we do a deep dive into this topic.

First of alll we start with a small demo of the AiTM case

Then we will go through our options to fight this by using differente strategies like implementing phising resistant MFA methodes or using simple Conditional Access policies, or advanced Entra ID P2 Protection methods.

After this session you will have enough information to stop this attack in several ways each with it's own advangtages and drawbacks.

Speakers

Erik Loef

CTO, Proxsys

CTO, MSc, CEH, MVP

Kenneth van Surksum

Modern Workplace Consultant, Secure At Work

WPNinja Summit 24 One year of fighting adversary in the middle notes from the field sched pdf

Thursday September 19, 2024 12:40 - 13:40 CEST
Clubraum 2

Security

Session format Breakout session (60 min)
Subjects Security, Conditional Access, Identity, Zero Trust
Level Advanced

12:40 CEST

Securing your Entra Identities in 2024

Thursday September 19, 2024 12:40 - 13:40 CEST

Clubraum 1

Security of your identities is crucial in the cloud. With Microsoft 365 we have many options and tools to make sure our identities can stay as secure as possible while at the same time we keep our users productive. Your identity is also what defines what and how you can access your resources in the cloud.

Learn how to protect both your standard users and all the privileged accounts in Entra ID.

Join in on a journey from password strategies, authentication methods, identity protection, privileged identity management, conditional access all the way over to a password-less world.

Speakers

Jan Ketil Skanke

MVP Security, Principal Cloud Architect, COO, CloudWay

Jan Ketil has been an Microsoft MVP since 2016 and are working as a COO and Principal Cloud Architect at CloudWay in Norway. He has been working in the industry for Microsoft Partners and Microsoft for more than 20 years. He loves to speak about anything around Endpoint Management... Read More →

Maurice Daly

Microsoft MVP, Principal Cloud Architect, CloudWay

Maurice has been working in the IT industry for the past 20 years. His focus is around the areas of Windows deployment, device management, Azure AD and secure productivity, Maurice has been an MCSE since 2008 and was awarded his first MVP award in the area of Enterprise Mobility in... Read More →

SecuringEntraIdentities2024 WPNinja pdf

Thursday September 19, 2024 12:40 - 13:40 CEST
Clubraum 1

Security, Identity

Session format Breakout session (60 min)
Subjects Identity, Security, Azure AD
Level Advanced

14:00 CEST

Mastering Microsoft XDR: What is new in 2024?

Thursday September 19, 2024 14:00 - 15:00 CEST

Clubraum 2

Let's delve into the advanced capabilities and technical nuances of the Defender XDR stack, Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Office, Microsoft Defender for Cloud Apps, Microsoft Defender for Cloud, and the integration with Microsoft Sentinel. This technical session, tailored for cybersecurity professionals and IT practitioners, will provide an in-depth exploration of the latest features and enhancements across the Defender XDR suite as of 2024. From endpoint protection to cloud security, threat intelligence to incident response orchestration, this session will equip you with the knowledge and insights needed to harness the full power of the Defender XDR stack in defending against modern cyber threats.

Speakers

Gianni Castaldi

Kustoking and NinjaCat, KustoWorks

Mastering Microsoft XDR What is new in 2024 pptx

Thursday September 19, 2024 14:00 - 15:00 CEST
Clubraum 2

Security, What's new

Session format Breakout session (60 min)
Subjects Security, MicrosoftXDR
Level Intermediate

14:00 CEST

Seeing Through Data: A Purview into AI-Controlled Workflows

Thursday September 19, 2024 14:00 - 15:00 CEST

Clubraum 1

In today’s data-driven landscape, the ability to effectively manage and control data flows is crucial. "Seeing Through Data: A Purview into AI-Controlled Workflows" is a session designed to unlock the potential of AI within the realm of data management, using Microsoft Purview as a pivotal tool. Attendees will embark on an exploration of the AI Hub in Purview, gaining valuable insights into the integration and control of data across various platforms.

Speakers

Lothar Zeitler

Senior Product Manager, Microsoft

I am Senior Product Manager for Microsoft Purview. I am driving DLP and Data Security and working closely together with our Enterprise customers across EMEA.

Thursday September 19, 2024 14:00 - 15:00 CEST
Clubraum 1

Security

Session format Breakout session (60 min)
Subjects Security
Level Intermediate
Area Microsoft

15:20 CEST

Enrich your Windows 11 MDE advanced hunting data with Sysmon

Thursday September 19, 2024 15:20 - 16:20 CEST

Clubraum 2

Defender for Endpoint is a superb data source for custom detections and the data can even be used to troubleshoot IT operations.
But as most of you are aware, MDE is also notoriously known for dedeplucating data and the dataset collected is defined by Microsoft.

If you want more flexibility Sysmon is an amazing data source for additional information and with the new Azure Monitor agent on Windows client devices the data ingestion into Microsoft Sentinel (Log Analytics) is easier than ever.

At the end of the session you will know how to implement the proposed solution, where you will find configurations to get started and what are the pitfalls in the current version.

Speakers

Fabian Bader

Cyber Security Architect, glueckkanja AG

Fabian Bader is a Cyber Security Architect and Microsoft MVP from Germany. He focuses on security and cloud solutions and works mainly with Microsoft technologies.From Azure cloud to on-premises Active Directory, he likes to automate stuff with PowerShell.Besides being a speaker at... Read More →

Enrich your Windows 11 MDE advanced hunting data with Sysmon pdf

Thursday September 19, 2024 15:20 - 16:20 CEST
Clubraum 2

Security, Windows

Session format Breakout session (60 min)
Subjects Security, Sentinel, Windows Client OS, MicrosoftXDR
Level Expert

15:20 CEST

Zero Trust - Zero Gap? Spotlight on (new) uncovered aspects of your CA design

Thursday September 19, 2024 15:20 - 16:20 CEST

Auditorium

Conditional Access is the heart of Microsoft's Zero Trust implementation as its policy enforcement engine and Microsoft introduces constantly new features to cover more and more use cases and integrations. This includes granular conditions and controls for specific authentication methods, restricted sessions and authentication flows but also new capabilities to re-trigger a policy evaluation.

In this session, we will discuss the latest features and their use cases and also challenges that you may not address in your current ruleset. Starting from automation for deployment, exclusion handling and gap monitoring, up to missing strong policy design to prevent rogue devices or protect privileged users.

Speakers

Thomas Naunheim

Christopher Brumm

Cyber Security Architect, glueckkanja AG

WPNinja24 Zero Trust Zero Gap pdf

Thursday September 19, 2024 15:20 - 16:20 CEST
Auditorium

Security, Zero-Trust

Session format Breakout session (60 min)
Subjects Security, Azure AD, Conditional Access, Identity, Zero Trust
Level Advanced

16:40 CEST

Defender for Endpoint on mobile: from Endpoint protection to Zero Trust Network Access

Thursday September 19, 2024 16:40 - 17:40 CEST

Auditorium

During this session you will learn about the three core capabilities of Defender for Endpoint for iOS and Android:
- Defender for Endpoint (Endpoint Protection)
- Microsoft Tunnel
- Microsoft Entra Private Access
You will learn about the various deployment and configuration options and how these impact the end user experience and behaviour.
I will share some notes from the field and tips and tricks how you can further streamline and enhance the deployment of the Defender app.
After you learned how you can deploy and configure MDE on mobile devices to work with the core capabilities, we will go into the subject of Conditional Access and how the signals from the Defender for Endpoint capabilities can support you in enhancing your mobile security posture using Compliance and network signals.

Speakers

Janic Verboon

Senior Endpoint Engineer, baseVISION AG

Endpoint Engineer with interests in everything Intune & Entra related, enjoys a good beer 🍺 and is a big fan of heavy & loud music 🤘

Defender for Endpoint on mobile from Endpoint protection to Zero Trust Network Access pdf

Thursday September 19, 2024 16:40 - 17:40 CEST
Auditorium

Security, Defender for Endpoint

Session format Breakout session (60 min)
Subjects Microsoft Intune, Apple (iOS/macOS), MicrosoftXDR, Endpoint Management, Conditional Access, Zero Trust
Level Advanced

16:40 CEST

Plan you log ingestions to Microsoft Sentinel

Thursday September 19, 2024 16:40 - 17:40 CEST

Clubraum 2

One of the main reasons to decide to use Microsoft Sentinel, is the ability to connect additional log sources and expand your security coverage.
With literally hundreds of content hub solutions available and in many companies a nearly matching amount of data sources available, it's sometimes hard to decide on which to focus first.

In this session I will share my experience and best practices to prioritize and add new data sources, based on the actual needs of the security operations teams.
What are good ingestion configurations to get the alerts you want without having to spent a fortune?

Speakers

Fabian Bader

Cyber Security Architect, glueckkanja AG

Plan you log ingestions to Microsoft Sentinel pdf

Thursday September 19, 2024 16:40 - 17:40 CEST
Clubraum 2

Security, Logging

Session format Breakout session (60 min)
Subjects Sentinel, MicrosoftXDR
Level Advanced