[SOFT MUSIC] Microsoft Identity Modernization means, for me, phish-resistant authentication. And that's because, as a person who works on Entra IP protection, all I see all day are password compromise, phishing attacks, session replay, all these sorts of attacks. And the way to avoid all of those attacks is through phishing-resistant authentication.
The biggest challenges that our customers face are, I would say, three-- in three main areas. One is endpoints-- so making sure that all of the endpoints are managed by the organization so that they can then require, with a device-based conditional access policy, that only users with managed devices are allowed access.
Another area would be modern authentication methods-- so passwordless authentication. Getting that rolled out can be very challenging based off of a whole host of factors. Sometimes, it has to do with getting certificates rolled out, getting devices that can do Windows Hello for business, all those sorts of things.
And the final one I would say that's very difficult is single sign-on. It seems so simple. But there are so many applications in some large enterprises that getting everything on single sign-on, particularly for older applications, can be very difficult. But once you do those things, you're in a much better security posture.
The main goals that we see with modernization of identity are resilience, identity resilience, boosting identity security and reducing enterprise risk, and also taking the load off of the security operations center. So there's a lot of things that we've done in Microsoft Entra to enable each of those things.
First of all, we've made big investments in resiliency over the years. We've also made it possible to do automated detection and response for incidents. And that takes a lot of the load off of the security operations center by letting end users remediate their risk. And by doing that, we're also enabling that productivity that every business expects from the identity system, which is that people have access to do the collaboration that they need, but they'll do it in a safe and secure way.
So for the time being, most of our customers in Microsoft, our Enterprise customers, are hybrid. And that means maintaining both on-prem AD and Entra in the cloud. But over time, as the legacy applications phase out and are retired, there's going to be a diminishing need for-- I see-- for on-prem AD. It still needs to have the strongest security it can possibly have while it's there. But the reliance will over time, I think, diminish.
Success in an identity modernization project probably has a few components. But they all need to be aligned to business goals. And so the first one would be productivity. How can we make sure that we are unblocking people and getting them back to work as quickly as possible? So the example of auto-remediation, helping end users remediate their own risk or their own identity compromise, means that they are not stuck at the help desk.
Similarly, fewer help desk calls, fewer incidents being sent to security operations means saved cost and fewer tickets from either of those offices. And finally, reduced overall enterprise risk-- so to the extent that we can help customers respond faster and detect more attacks and resolve them more quickly, well, that's going to save a lot of risk for the organization.
03:26