- STEPHEN ROSE: Welcome and thank you for joining us. This is episode 3 of our remote work with Microsoft Teams webcast, and I'm your host, Stephen Rose. Topic for today: Microsoft Teams security. We have some great guests. We have Stephanie Lio and Mayunk Jain from our marketing and engineering teams. We have Sami Laiho as our special guest, and we have an awesome unboxing. We're going to be showing off the Bose and Jabra headsets this week, with the brand-new, dedicated Teams buttons. As usual, post all your questions in chat. If we don't answer them during the show, we will respond to you back on Twitter. My Twitter handle is @stephenlrose. You are more than welcome to reach out to me there, and we'll post all the links that we mentioned in the show in the chat so you can click on them immediately. Let's get to our guests. So our first guest is Stephanie Lio. Hi, Stephanie. Thanks for joining us today. STEPHANIE LIO: Hi, it's great to be here. STEPHEN ROSE: Awesome! You're a senior product marketing manager with our Security Compliance and Identity Division. You lead a lot of our product marketing efforts around Azure Active Directory and external identities and first-line workers, and you are also a fellow Kellogg School of Management, Northwestern University graduate. Tell us a little bit about yourself beyond what I just shared. STEPHANIE LIO: Yes, I loved my time in Chicago. Brought me back out to the West Coast where I grew up, and I have been with Microsoft since. So I think you mentioned the two areas that I work on: both external identities and first-line workers. We talk a lot about Teams and how we can collaborate better using all the tools that Microsoft has, whether you're an employee in an organization or working with someone outside of it. So, this is a great topic. STEPHEN ROSE: Awesome. Well, we have a lot of good questions for you, but I want to introduce my second guest, Mayunk Jain. Mayunk has 15 years of technical marketing experience across remote productivity cloud and security. Mayunk, tell us a little bit about yourself. MAYUNK JAIN: Hey, Stephen. I'm so happy to be here again, and it's nice to talk to you. So I've been at Microsoft about three years. This is the city . . . I moved here with Microsoft and I saw snow for the first time, moving from India, so that has been the highlight so far as I stay here. [laughs] I mean, just before the show you were promising that you would get me all of your Twitter followers, so I hope that happens. STEPHEN ROSE: There you go, awesome. [laughs] Well, we're excited to have you on the show, thank you. So Stephanie, I'm going to start with you. Security is kind of a dance, with circles that continually grow. People aren't aware that security does not need to be laborious, it is not this huge individual process. We were chatting last week and we talked about, it's not about securing the device, it's is about securing the data. It's allowing users to work across organizations and companies. So, how do you look at and how should our listeners look at the overall security vision? STEPHANIE LIO: So, I think we know that in this digital transformation world so many things are going to the cloud-- all of our resources and data. And organizations today, they actually have more apps in use than IT can keep track of. So I think you're right, that it's not about locking down every device or even making sure that a certain trusted relationship has access, but thinking about all of the risk factors at play, every time somebody is trying to get hold of that valuable data. I know you're going to talk a little bit about zero trust later on, but I couldn't help teasing that a little bit first. STEPHEN ROSE: Yeah. STEPHANIE LIO: In this environment, that's actually why identity is that key that you use to go around and access the things you need, and it's why, within the Identity Division, we take it really seriously that we secure from the identity. STEPHEN ROSE: And one of the biggest areas where people are very confused is business-to-business collaboration because there are so many different ways to set it up and you really need to think about who's able to connect and who can't and what are their rights. I would love to have you talk about how do we best work with external users and guest access, and what is the easiest way to be able to give them access to what's important to them, to those specific apps, leveraging their own credentials and how MFA fits into this. And if you want to do a demo to show some of this, that's absolutely fine, too. STEPHANIE LIO: Yeah. I'd love to show that. But before I show you how easy it is, I did want to echo the sentiment that we recognize that user experience of security has to feel pretty invisible for it to work. It doesn't matter how secure your policies are, how many policies are layering on if your employees are constantly finding ways to circumvent it. So when we design, we have to think about how can we make access pretty seamless while giving the admin enough control to make sure that they're applying either the same conditional access policies that they want their external users to do similar to corporate users or even adding additional layers of security. For example, if you're extra concerned about vendors being based in multiple locations, logging in from multiple devices. In a second I can show you just how easy it is to take a multifactor policy that you might be applying to your employees and enforcing that for a guest, as well. STEPHEN ROSE: Absolutely. And I think as you switch over to the demo, that's a really important thing is that people are going to work from multiple devices and multiple locations. That's absolutely critical. But it has to be somewhat seamless, and if people have to go through a lot of steps, it gets really difficult. And I think that's something that we've done very well with MFA is being able to make it where you just log in, you pick up your phone and you say approve, or it looks at you or you type in a single code to be able to do that. So why don't you walk us through that, Stephanie? STEPHANIE LIO: Sure. So, as I mentioned, access by an external user to a corporate application can actually be gated by the same conditional access policies as for a corporate user. So here, I'm going to click on that. You can see that in Azure Active Directory, we are requiring that multifactor authentication is performed in order to access this custom application that I have called BrowserStack. So when I click on Require two factor authentication, you can see under Users and Groups, actually, that I'm applying this to all users, but if I wanted this to be specific to, say, external users, I could set that up that way, too. So I'm going to enable that policy, and then hit Save. And now if you go back to the external user's browser session, so let's say I'm John, I'm a vendor to the Contoso Corporation and I want to access BrowserStack. So I've already been set up in the system to have access, but once I try to log in, you're going to see that I'm going to be prompted to complete the initial configuration of MFA. So I'm being asked for my phone number. Add that in. And very quickly, I'm going to get a text message, pop in that verification code, and I'm going to enter that. And this is a setup that I only have to do the very first time that I set up MFA, and in the future, I'll be prompted for it pretty seamlessly whenever I try to access the app. And if you want your external users not have to encounter MFA every single time, you can also configure that quite differently. So I think I'm done. STEPHEN ROSE: Cool, and then as we're doing that, can we set the length for those policies? So let's say we have a vendor that's working on something. Now we have him in MFA, we have them in the system, we're allowed to really see what they're working on, what kind of levels we have. How easy is it to control that, to set a cut-off date for all that happening, Stephanie? As we kind of bring that together. STEPHANIE LIO: Yeah, with the User Flow tool, it's very easy to customize. You can set reminders for yourself so that you're reviewing those access policies every year, shorter than that, if you need to. And those are really great built-in tools because at the end of the day, admins, we're all human, and it's hard to keep track of that on your own. So, we really try to automate as much of that as possible. STEPHEN ROSE: Awesome. We'll come back to you in a few minutes with questions. I want to switch over to Mayunk. So Mayunk, now that we have that user enrolled, we want to make sure that the device that they're using and our goal is, we want to allow people, and I've said this many times to work anywhere from any device securely. So do we have to enroll a device in order to manage it? And let's talk about how that applies to Microsoft Teams, both on iOS and Android. MAYUNK JAIN: Absolutely. And I think that's where this whole integration with what Stephanie just spoke about really comes into play. If you have any of the E3 products-- for example, you have M365 E3 or EMS E3-- you have all the pieces already in place along with the Teams. You have Azure Active Directory, you have Intune or what we now Microsoft Endpoint Manager, which is unification of Intune and Configuration Manager. And the good thing about that is that you don't necessarily have to manage the devices. Yes, you can, but we give you the flexibility to just manage the apps, if that's what you want to do. That's what had to get started quickly, and that's the demo that I'll probably show you a little later if you're interested. STEPHEN ROSE: Yeah, absolutely. So the challenges for IT pros are really, how do I step up and support more users remotely? And as I take a look at all of those sharing surfaces, OneDrive and SharePoint and email and Teams, how do I secure all that data with users that can be anywhere and I'm IT. So of course, all that security of data lands on us. So how do we look at stepping up some more and supporting those remote users better, and what are some of the key things as we look to secure that data not just in Teams but in OneDrive, SharePoint, email, all the places where we can share. And if you want to jump into a demo, that that's absolutely fine. MAYUNK JAIN: Sure, so before I do that, I did want to underline something you just said, which is about protecting against malicious users, the external hackers, the cyber attackers, sure we have to protect against that, but also the accidental leakage, people who are just finding the right thing they are trying to do their work and are inadvertently, maybe I post something, but I should not post it. So some of these policies that we've talked about will also help you to prevent that and just give that confidence to remote workers that they can be on any device they want and their company has made sure that they've kept their data where it needs to be. STEPHEN ROSE: Let me ask you a question before you go to the demo real quick. Does it make a difference, then, if the data is all stored in the cloud for using OneDrive and SharePoint or if the data is all local on servers that I host? Are there any advantages, then, to moving all this stuff to the cloud? What am I losing by cloud hosting all of an end user's data? MAYUNK JAIN: You're not losing anything. Actually, you're gaining a lot. The first thing you're gaining is the ability to have that data available across your devices. STEPHEN ROSE: Right. MAYUNK JAIN: And that for the end user, but for the organization. Now think about the fact that you're all working remote right now, and maybe I'm using many devices, but some day we will go back to the office, right? STEPHEN ROSE: Right. MAYUNK JAIN: And at that point, you don't want your data to be just scattered, your intellectual property to be just scattered all over the world on different devices, even if its your devices, right? STEPHEN ROSE: Yeah. MAYUNK JAIN: So this really help you bring it in one place, and one of the policies that we can apply at the device level is to make sure that people don't save, say, Teams data onto their device. STEPHEN ROSE: Right. MAYUNK JAIN: Because maybe they I'm logging in to my phone. I put the data here, and then I forget about it. And then tomorrow, I log in from my laptop and I'm like, where was that file that Stephen sent me? I can't find it. STEPHEN ROSE: Right. MAYUNK JAIN: So, we can have a policy that just goes to OneDrive all the time. STEPHEN ROSE: Yeah, awesome. Let's go to the demo. I think the other thing that's important is the challenges for end users. It has to be really simple--so, reducing the learning curve, security needs to be easy if not invisible, and those elements need to be blended. The one thing that, you know, that IT pros continually tell me is, this is all really great, but I can't get my people to use it. And I go, it's because you're making it too difficult. If they have to do more than look at their phone and say approve or type in a three-digit code, you're asking them to do a lot, you're slowing down the work process. It should be effortless, it should be inclusive. So let's take a look at the demo that you've set up for us, Mayunk, and have you walk through it. MAYUNK JAIN: Yep. So, as I mentioned earlier this is the Microsoft Endpoint Manager admin portal. This is the unification of Intune and Configuration Manager. A couple of things I wanted to highlight here, as I said, you probably have access to this with your licenses for Teams if you're using an E3 license, for example, and what we saw or what this whole last six months or so is, a lot of people deploy Teams on various devices. And the necessity of securing them is really there and it's super easy. So you see here that you can secure the devices, you can secure the apps, you can secure it at different levels. As Stephanie said, it all begins with identity. So that's where our integration with Azure Active Directory comes in. But what I really wanted to point out here is that not only can you manage all kinds of platforms, whether it's Windows, iOS, Mac, Android, but we have this thing called App Protection Policies. And I'm not going to create the entire policy for you, but I'm going to give you a flavor, a quick flavor of how powerful this is and how straightforward it is for your deployment. So suppose I create a policy called Teams. Now here, you see that I don't have to necessarily target it to all devices. I can simply target unmanaged devices. Now, as we were discussing earlier, this is where it becomes really key for users that are remote and you don't want to necessarily manage their home PCs or their home iOS device or their home iPhones, Android. You can simply manage the Teams app without managing the entire device. And then, when you come here, you can select all these apps that we support. So you can select Teams. You can select, say, Outlook, and you can just keep adding them, or you can just look for all of these other apps that we support, including so many of these third-party apps like Adobe Acrobat Reader. You can just scroll down and see just how many apps we have. But for now, let me just go ahead and show you what you can do with this. On the top, you click the Data Collection tab, and here's where you see, what are you asking me earlier, Stephen, about whether you can back up the organization's data to, say, a personal cloud like iCloud or can you only send it OneDrive, known apps, policy-managed apps. So here's where you have all of that choice that, OK, I can only share data with other trusted apps, policy-managed apps, or with any apps. Does that make sense? And then, as we go through, yeah, you see some of the access requirements. Again, when you are on a probably an unknown device or a device that's outside your corporate perimeter, right? At this point, a lot of people are not going into their campuses to make sure that the data stays in the campus. You need to be extra careful about having access requirements. My son, my daughter, they regularly pick up my office phone. They're frustrated by the fact that I have all these PIN requirements and all these access requirements on my phone because it's so easy for them, especially if they're young, to just pick it up, try to go to their streaming app, but accidentally maybe just share something that they didn't intend to share because maybe my email was open or my chat window is open. So having these kinds of strict policies for types, a strict . . . maybe enforcing face ID instead of PIN, if that's what you need, things like that will really help you add that layer of security without adding any friction, It needs to be invisible. It just needs to be there under the hood and still give you that view. STEPHEN ROSE: No, I agree. I think that's absolutely great. We're going to take a short break, and then we're going to come back. I had an opportunity to chat with Sami Laiho about what zero-trust security means. So we're going to take a look at that. Then, we'll come back with Stephanie and Mayunk with more questions. I'm very excited to have direct from Finland my friend Sammy Laiho join us today. Hey, Sami. How are you? SAMI LAIHO: I am absolutely great. Nice to be on. How are you? STEPHEN ROSE: Great to have you. I'm well, thank you. We've known each other for over 10 years now, but for the folks out there who don't know you, take a moment or two and tell us a little bit about yourself and your tenure, careers, and MVP, and all the great work that you've done around security and helping IT pros and admins. SAMI LAIHO: Sure. So, my name is Sami Laiho. I live in Helsinki. Still six months ago, I used to travel around 200 days a year, teaching people in classrooms and in conferences about Windows operating system security and operating system troubleshooting. And I set up in operating systems MVP for 10 years now. I just got my 10th year anniversary ring today. STEPHEN ROSE: That's awesome. And also you co-lead the TechMentor Conference, SAMI LAIHO: Yeah, we-- STEPHEN ROSE: Which you've been doing for a long time with Dave, yeah. SAMI LAIHO: Yeah, we do two conferences per year, one for West Coast and one for East Coast, and that's been going on. I've be in a speaker there, actually an attendee, since Vista times, and then about three years ago, I guess I took over as the conference chair with Dave Kawula STEPHEN ROSE: Yeah. SAMI LAIHO: ... from Canada. STEPHEN ROSE: You and David are great guys. So with COVID and everything happening, we saw IT pros and administrators have to kind of take a step back and roll out software in weeks that they had planned to do in months, whether that's Exchange Online or Office 365 or Teams or any one of those. And one of the things that we've heard a lot is now that you've gotten it out there, you should really go back and retake a look at all your security settings. We've talked about this with Chris Jackson and a lot of different folks. But one of the key things that I continually see in a lot of articles is, it's important to take a zero-trust security posture. Can you take a few moments and kind of walk us through what that means and what that is because I don't think everybody understands what zero-trust security means. SAMI LAIHO: Yeah, sure. So, I myself have been a loud voice of running as a nonadmin and, say, a limited user, and I always try to remind everyone that the NT 3.1 User Guide back from 1993 states that, "To keep any kind of security in Windows, you have to have the principle of least privilege applied." That's something that people were kind of getting grips on, but when this COVID thing started happening, then, of course, everyone had to get laptop users out of the reach of the IT support. And that's one of the things that many people are not going back to, which is, for example, limiting the privileges that people have. Many people tell me if I don't have admin rights, I can't fix my computer. But I've always said that if you don't have admin rights, you can't break your computer and-- STEPHEN ROSE: Yes. SAMI LAIHO: It's one of the principles of zero trust. Now, zero trust itself, as a concept, you could kind of say that the idea is never trust and always verify. STEPHEN ROSE: Right. SAMI LAIHO: Zero trust means a lot of things, but I think the easiest way to think about it is that we used to live in a world where if you were in a company premises inside of your company firewall, then people thought that would be a more secure environment than being out on the public internet, sitting in Starbucks or something like that. And now we're trying to get everyone to forget that and start treating every environment like it was a potentially hostile public environment. So even internal networks, everything needs to be verified. Everyone needs to be identified, and we will basically trust no one, and we always assume breach. STEPHEN ROSE: Right. And I've always said, it's not about securing the device, especially today when people want to work from anywhere on any device, but it's about securing the data. And that's really at the core and using Azure Information Protection and tools like that, where we can ensure when we stop working with that person, we can remove their access to that content, we can have that content call home--it's so important when you start thinking about people working from anywhere on any device, and you think about data and things like that. What are some of the key things that you share with your different customers around that? SAMI LAIHO: Like you said, we've changed our view on protecting the data itself. We used to always protect the devices and the parameters around it. For the past 14 years, it's been possible to have BitLocker on your machine and you still need that, but that still is an offline protection. And nowadays, we're concentrating more on protecting the data on the fly, so when you move your data from your own device to someone else, the data needs to stay protected throughout and the encryption has to stay with it. There were huge increases in security with Windows 10, Microsoft changed the Encrypting File System [EFS] file format from the old-- STEPHEN ROSE: NTFS. SAMI LAIHO: NTFS. Yeah, that the required metadata and the-- STEPHEN ROSE: Right. SAMI LAIHO: And nowadays, with the P file format that is used, that you can actually take the data, put it on a FAT32- or EXFAT-formatted USB key and it still stays encrypted. That has allowed . . . and then, exactly what you mentioned, Windows Information Protection. We need to identify data. Whenever I start protecting a customer's data, my problem is usually that the data is not classified correctly, and it's not stored in a correct location. So we have different classifications of data in the same location, or (well, most of the time, of course, we don't have the classification at all) so classifying data, keeping it protected on the fly, as well, not just on the device itself. Those are kind of the things that we now cant trust the media anymore. We used to have a trusted ethernet media going from my laptop to my server, and we used to say that as long as it doesn't go out on the public internet, we're fine. But now, there's no such thing anymore. STEPHEN ROSE: Yeah. And it's getting that data into the cloud so that it can be better managed and protected and turned off using SharePoint and OneDrive and Teams. You have far more control than you do when that data is just sitting on somebody's C drive not being backed up to the cloud and not being managed with DLP and all of these other things. So it has certainly changed the position. Any last thoughts on a good best practices or advice that you would give to IT pros who are moving through this now, when it comes to how their security posture or how they should take a look at security. SAMI LAIHO: Well, first of all, kind of the thought that I just said in the beginning: Forget having internal internet compared. STEPHEN ROSE: Treat them all the same. SAMI LAIHO: Treat them all the same as the internet. Identify your users, not just with a user name and password: Use multifactor authentication to kill 99% of phishing attacks. And one thing I am doing every single day currently is implementing different kinds of allow listing, deny listing solutions like AppLocker, for example, or Windows Defender Application Control so that we also do not assume that apps are trusted until we have tested them and until we have allowed those in our systems. If you do not allow unsigned code to run on your system, even without any antimalware, you kill more 950,000 pieces of new malware per day. STEPHEN ROSE: Yeah, that's crazy. Awesome. Sami, I appreciate you staying up late to meet with us today. Thanks so much. And what is the best way for people to get a hold of you if they have a question. I know you use Twitter quite a bit, so what's your Twitter handle? SAMI LAIHO: My Twitter handle is @samilaiho, S-A-M-I-L-A-I-H-O. And absolutely, Twitter is the fastest and easiest way. And if you want to find out about my own stuff, I have a website called win-fu.com/. STEPHEN ROSE: Awesome. We will definitely get that link up there for folks. Thanks again. Have a great weekend. And thanks for joining us, Sami. We'll talk to you soon. SAMI LAIHO: Thank you so much for having me. STEPHEN ROSE: And again, I want to thank Sami Laiho for staying up late and joining us from Finland last Friday, after his kids went to bed to do that interview. So that was great of him. We have a lot of questions, so let's see. How does Teams security work when dealing with users outside the organization, either in a B2B or, worst case, B2C scenario? Stephanie, you want to take that one? STEPHANIE LIO: Yeah. I think one of the reasons we wanted to emphasize multifactor authentication is that it is one of the most, one of the best things you can do when bringing in a B2B user or even a B2C user into your Teams environment. Now, we know Teams already has a lot of built-in security and information protection that we apply to everyone using Teams. So if you, God forbid, have some issues and you have to pull an e-discovery log later, no matter what type of users you're bringing in to collaborate with, you're going to have that information that you need and you prevent the kind of data loss that Mayunk talks about. Similar to the policy that I showed earlier, you could set that up for whatever kind of external user you're bringing in, no matter what type of identity they're using. STEPHEN ROSE: Mayunk, does this type of policy require a device to have a broker app like MS Authenticator? MAYUNK JAIN: So, the MS Authenticator is useful for things like MFA, but to get prediction policies, you need the Intune Company Portal app. So, that's available for all iOS, Android devices. STEPHEN ROSE: And can they use third-party authentication apps? Let's say they're using Google or something like that. Does it have to be the Microsoft one, or can they use third-party authenticator apps? MAYUNK JAIN: Third party is fine. We support third party, of course. STEPHEN ROSE: Awesome. Awesome. How do app protection policies work with Azure AD conditional access policies? For example, if I wanted to allow users to securely access apps on an unmanaged device, what settings should I use at my conditional access policies? Mayunk, is that you for that one or Stephanie? MAYUNK JAIN: That's a good example of something that cuts across both either of us could answer that one, and maybe for the detailed answer I would point you to a link on a Docs page called aka.ms/memdocs. So you could check out the page on which policies you need, but in a very quick nutshell, the answer is yes, you can do that, and conditional access is actually embedded into the mem experience . . . into the Endpoint Manager experience. So, you can access it from either your Azure Active Directory portal or the engine portal. STEPHEN ROSE: Stephanie, anything to add to that? STEPHANIE LIO: I think just that we have a pretty extensive partner ecosystem, so working well and playing well with others is very much part of our engineering DNA. And we want to make sure that whatever you already have and are using as much as possible that that's integrated with the tools that Microsoft is building and what would echo Mayunk. Short answer yes, long answer, check out the details of the doc. STEPHEN ROSE: Right. All right. One last question, and then we'll answer the rest of these on Twitter after the show. As an admin, if one allows external sharing in Microsoft Teams, SharePoint, OneDrive, how secure is that, really? How can we ensure that allowing individual access via email address does not allow those invited users to allow someone else to the link that they are sent? Do we need to only add users as a guest to control this? And I can actually answer a part of that, and that is, when you invite someone-- let's say, to share a document-- they get a one-time code that is only good for a few minutes and it's a one-time use. If they use it, then that code is no good. And if you've set it up where they are read only or that they cannot forward, you can control a lot of that. Stephanie or Mayunk, anything to add to that as well? STEPHANIE LIO: I think you nailed it. A lot of the examples we show when we show a B2B guest accessing something, the invitation that they're redeeming is like that one-time pass code that they're using. Obviously, if you have a more long-term relationship and you want to kind of establish more seamless ways of doing business with that vendor or that user in particular, you can create it, using a lot of the tools that we've kind of hinted at today. But just as easily, you can make sure that it's a one-time interaction. STEPHEN ROSE: You have the ability to use Azure Information Protection, DLP, all of these other tools that ensure that people can't share, you can limit what they can send out. And again, by using AIP, you're able to ensure that that content is encrypted. So, you can remove access to it, not allow it to be shared externally no matter where it's at. So, you do have a ton of control over that. And we said this at the beginning: It's not about controlling the device, it's about controlling the data. And this is just a small bit of the many, many things that we can do. We're going to take another break. We're going to take a look at the unboxing of the new Bose and Jabra headsets for Teams. And then, we'll come back with those resources and close up. Keep asking your questions. We will continue to come back to Twitter after the show and continue to answer those. So let's go to that segment now. All right. The first of our two headsets this week is the Jabra Evolve 2 Series 85. It comes in this really nice case. So let's see what we have in here. We of course have the headphones. We also get a USB-C cable, airplane adapter, USB connector, and an AUX cable. That's great, if you're going to be on a plane and want to listen to movies and don't have the opportunity to do something wireless. Now with the headphones, they crack open very nicely, they crack into place. What's great about these is that dedicated Teams Button, we have microphone's here. We have our power and our Bluetooth connect, a USB-C, the AUX cable, and then our Volume Up, Volume Down and ANC, which is the noise canceling. One of the other nice things about this one is you can leverage and use these this way, or, if you're a boom talker and like to use a boom, there was a boom that comes out. There is a Mute button right here on the edge of the boom, which is really nice. What you can do is if you want to answer a call, you can simply just pull that down, turn, you're on the call. When you're done, you can do it that way or you can of course just use the call buttons that are built right here onto the device and not bring the boom down. But you do have the choice. Also what's nice is these do light up red on the outside when you're on a call and this will light up purple when you have a Teams message or a Teams call. Sold separately, if you don't just want to charge off, the cable does come with the dock, which is really nice so when you're not using them, you can place them in the dock. And as you can see, those are charging right up. Or you can just plug directly into the USB-C port to recharge. All right, let's take a look at the Bose 700 UC. Once again, really nice leather case. Open that up, we have our Bose headphones so move those aside. We also get a USB-C cable that we can use to charge the device, separate AUX cable for watching movies, and we have that dedicated USB adapter. So taking a look at these, these also have the dedicated Teams button, so we can see down here at the bottom: There it is. We do have our Bluetooth and our power buttons. There's the USB-C port for charging. We have microphones all around, so one, two, three, four different microphones to pick up sound. But also one of the things that I really like about these is the touchless controls. So you have a Volume Up and Volume Down, you have Forward if you're listening to music, and you have tap that you can use both for pausing and ending a call. So you don't have buttons to do that, that can be done with just a simple tap. A really nice fit and finish on these, but no boom like the Jabra has, so if you're a boom fan, you may find that the Jabras work better than the Bose. If you're more of a music purist or you really like the idea of the touchless controls, the Bose are going to be great for you. Let's take a look at our comparison slot. Bose 700 has 20 hours of battery life; the Jabra Evolve tap out around 37 hours. Both have got quick-charge capabilities: 15 minutes will get you three and a half hours with the Bose and eight hours with the Jabra. Both have a dedicated Teams button. The Jabra does have that purple ring light that will show up if it's a Teams call and the 360-degree Busy light that turns on when you're on a call. The Bose, though, does have multiple levels of noise canceling. The Bose have touch controls opposed to the button-based controls on the Jabra. Both also supply 3.5-millimeter jacks. Both of these can be used with a Mac or a PC or mobile devices, iPads, et cetera. But if you want to adjust sound quality, things like that, you'll need to use the Bose mobile app, while Jabra both has a mobile and desktop app for Mac and PC, so you could use either of those. Bose works with Google and Alexa. Jabra with Siri and Google Assistant. The Bose, though, are considerably lighter, coming in at 8.9 ounces versus the 10.8 with the Jabra. Bose, you can get an optional charging case. The Jabra have that charging stand, which we showed. Jabra come in black, the Bose multiple colors, including white, silver, rose gold, black, et cetera, Both are awesome devices with dedicated Teams buttons and pretty near the same price point for each of them. It really depends on your style, if you have a brand preference, and how you're going to be using these. If you're a boom mic fan, et cetera, what is going to be the best fit for you. But if you're using Teams, both of these are awesome headsets, and we encourage you to check them out. Awesome. I want to thank the Bose and Jabra folks for sending us those headsets, and I have a question for you-- catch me, hit me up on Twitter-- but what would you do with this Jabra headset? Hit me up on Twitter, let me know, or send me a pic of your home setup and maybe we'll do something cool for you. Some great resources today. We talked about Endpoint Manager, Intune, our Security Compliance Center, multifactor authentication, managing remote users, and Sami's win-fu. So make sure to check those out. For those of you... we got a lot of questions in this episode, we'll be getting those answers up on Twitter in the next day or so, so keep an eye out. Next episode, we'll be showing off the new Surface Duo. We have an Microsoft Ignite Preshow next Tuesday: Karuana, Brett Pullen, and some special guests. Pachin Switch will be joining us. Joey Snow and Rick Claus. Comments, questions, show ideas, send them to me on Twitter @stephenlrose and would love to hear from you. So, sorry we went over but lots of good security stuff. We'll definitely do another show on this. I want to thank our guests again, Mayunk and Stephanie, for joining us, and we will see you next week for our Ignite Preshow. Thanks! And thanks for joining us.