Video wird geladen...

Video konnte nicht geladen werden

Zur Startseite

I kept meaning to write an article for this, decided to record a quick video instead 🎥 TL;DW - Create an auth context, target the auth context in a CA policy (SIF Every time, other conditions), select auth context in PIM role settings Thanks Stephan G for the reminder :)

15,843 Aufrufe • vor 1 Jahr •via X (Twitter)

8 Kommentare

Profilbild von Stephan G
Stephan Gvor 1 Jahr

Thanks again for that great input on how to make security better.

Profilbild von Nathan McNulty
Nathan McNultyvor 1 Jahr

Thank you! So glad I can help 😊

Profilbild von GrittyBlu
GrittyBluvor 1 Jahr

@StephanG_AIM Why build a policy only for the auth context? Is there a difference in building a CA policy that targets the app(s) and includes phish-resistant auth with session controls?

Profilbild von Nathan McNulty
Nathan McNultyvor 1 Jahr

@StephanG_AIM This is a great question! :) Auth contexts are amazing and allow us to do things that resource based policies can't For PIM, we are using Sign-in Frequency - Every time to force a fresh authentication on role activation to prevent an attacker with a stolen token from activating

Profilbild von Andy
Andyvor 1 Jahr

@StephanG_AIM Would be interesting to also see the sign-in behavior once the above policy is set, because for me; if I set 'sign-in frequency' along with auth context / auth strength, I get stuck in a constant sign-in loop using passkeys in the MS auth app.

Profilbild von Nathan McNulty
Nathan McNultyvor 1 Jahr

@StephanG_AIM We deploy like this often and it works great, but you do need to have registered the method already. If you don't, I believe it attempts to send you to register and gets stuck.

Profilbild von @m1ru1
@m1ru1vor 1 Jahr

@StephanG_AIM What is the recommendations for high privilege admins GA, Intune, Sharepoints?

Profilbild von Nathan McNulty
Nathan McNultyvor 1 Jahr

@StephanG_AIM I usually recommend a few CA policies for activating privileged admins (using auth context): 1) Block all users except filter for devices listing explicit deviceIds of admin devices 2) Require phishing resistant auth, SIF - Every time 3) Block outside network location/GSA

Ähnliche Videos

New short course: LLMs as Operating Systems: Agent Memory, created with Letta, and taught by its founders Charles Packer and Sarah Wooders. An LLM's input context window has limited space. Using a longer input context also costs more and results in slower processing. So, managing what's stored in this context window is important. In the innovative paper MemGPT: Towards LLMs as Operating Systems, its authors (which include the instructors) proposed using an LLM agent to manage this context window. Their system uses a large persistent memory that stores everything that could be included in the input context, and an agent decides what is actually included. Take the example of building a chatbot that needs to remember what's been said earlier in a conversation (perhaps over many days of interaction with a user). As the conversation's length grows, the memory management agent will move information from the input context to a persistent searchable database; summarize information to keep relevant facts in the input context; and restore relevant conversation elements from further back in time. This allows a chatbot to keep what's currently most relevant in its input context memory to generate the next response. When I read the original MemGPT paper, I thought it was an innovative technique for handling memory for LLMs. The open-source Letta framework, which we'll use in this course, makes MemGPT easy to implement. It adds memory to your LLM agents and gives them transparent long-term memory. In detail, you’ll learn: - How to build an agent that can edit its own limited input context memory, using tools and multi-step reasoning - What is a memory hierarchy (an idea from computer operating systems, which use a cache to speed up memory access), and how these ideas apply to managing the LLM input context (where the input context window is a "cache" storing the most relevant information; and an agent decides what to move in and out of this to/from a larger persistent storage system) - How to implement multi-agent collaboration by letting different agents share blocks of memory This course will give you a sophisticated understanding of memory management for LLMs, which is important for chatbots having long conversations, and for complex agentic workflows. Please sign up here!

Andrew Ng

200,752 Aufrufe • vor 1 Jahr