[MUSIC PLAYING] So for me, Microsoft Identity Modernization, it means moving things more to run from the cloud. So that means moving off things that you would-- using legacy protocols when you're building applications-- Kerberos, NTLM. And moving off that into SAML and modern protocols, like OAuth and OpenID Connect, which means you can then apply a lot of the security controls. So that for me is what modernization means for identity.
One big thing that I see happening all the time is people think they need to do everything together. They don't really need to do that. There are lots of different places you can start modernizing, and you can also stop the bleed. So you can come up with-- it's not even technology related. You can change your procurement processes, for example, to say, don't buy applications that use legacy protocols.
Make sure when you're procuring that you're always getting the modern protocol based apps. So that way, you can come at it from different angles. You reduce a lot of the rework for you in the future by just adopting newer standards as you onboard new applications. Yeah, so that's one of the big things.
The other one is it doesn't have to be a big bang. You just need to do things slowly. And there are lots of different angles you can start from where you can talk about identity modernization, the device modernization, and app modernization. So there are lots of different areas that you can focus on and that you do a little bit at a time. And it's easier to modernize in the long run. You look back five years later and go, oh, we've already done a lot of the things. So that's how I would recommend that.
So some common misconceptions that I see people have about identity modernization is thinking they need to do everything in one go, because it doesn't need to be a big bang approach. You can start small. Modernization has three different pillars from identity. It could be app modernization, use identity modernization, and devices modernization. So you can move them from being all on prem to the cloud. So devices join from the Active Directory, you can move them to being Entra joined.
So you do the cloud bit. You have identity of users that could be being provisioned on prem. You can slowly start moving them over to the cloud. And the same way is for apps as well. You can move away from Kerberos and NTLM and all those legacy protocols, which all require VPN. You move to modern protocols like OAuth and OpenID Connect and SAML so that you can apply a lot of the security controls, like conditional access in Entra to modernize those.
So there are lots of different journeys that you can take, and you don't need to do all of them in one go. You can just do them a little bit at a time, especially when it comes to things like procurement. It's not even technology related. You just put in a business process that says, stop buying applications that are on prem based applications that use NTLM, Kerberos. So that's a good journey to get started on.
The biggest challenges that I see people facing is when it comes to applications, they are really big, because it could be a company that has 2,000 apps or 3,000. Or it could be a few apps, but that are used across the board by the entire company. So switching over those apps from a legacy protocol to Android, and the cloud based authentication will take time. Sometimes they need to upgrade the app. They need to sometimes even move to an entirely new application because the legacy app is no longer being built. They were just running it on its last legs.
So the part of app modernization is what usually takes the longest. Things like devices you can easily do over a period. When you get new laptops, you can say, OK, these new laptops are going to be interjoined. And it's a lot more seamless process for devices. And even users' authentication. You can do them over a few months. But apps take a lot of effort, especially if you are a bigger company, an enterprise with lots of apps that you need to migrate and modernize.
You need to reach out to every single app dev who built the app or the vendor, work with them, and reach the IDPs and so on. So that's the biggest challenge I see when you do it. So just be careful when you are doing that because you can try to solve that problem early on by not even procuring legacy applications. So that's how I see it going.
So the goal's primarily cost is one of the biggest factors. They save a lot of money getting rid of all these legacy apps and whole teams having to maintain them as they move to more SaaS-m based applications, which cost less to run in the long run. And it's easy to move off those apps as well. So cost is a big one.
Security is the other biggest one, as we've heard in the conference. There are lots of ways that attackers can get in when things are all on prem and legacy. And if you modernize them to the cloud, it gives you a lot better visibility from a security perspective, and so on. So cost and security-- it's a win-win for both sides of it, which is why a lot of organizations are looking to modernize as well as they go through this process.
So people always ask, will Active Directory ever go away? And I think the answer is when you look at legacy systems like the COBOL systems and all the other systems that PCs were supposed to replace, they're still in use today in 2025 across banks and other vectors. So Active Directory will always have a place for a long time to come, but it won't be the big thing that it is today. It won't be the primary source of identity driving the rest of the organization. It will become like just another app in the ecosystem.
And I feel that prominence of being the center of the world is where it would shift. That's how I would answer to a lot of people asking me about is Active Directory going to die or go away? Eventually, it will become a footnote. Maybe 30 years later it will still be deployed and be used in all. But it won't be the piece that's at the center of all of a company's infrastructure and model.
A success is where you've done the migration of apps and identities and devices and modernized them with very little impact to the business. And for me, that is a very successful one, where the IT team does all of the heavy lifting behind the scenes, and users don't even notice a blimp, except for maybe the Sign-In page looks different for them. But that is the most successful one where there is no business disruption, because a lot of the tech and the work has been done by SMEs and all the folks behind the scenes to make it as seamless as possible to users.
07:53