Office 365 Security - MacGyver, Ninja or Swat team

A
AntonioMaio2
Internal Audit, Risk, Business & Technology Consulting OFFICE 365 SECURITY MACGYVER, NINJA OR SWAT TEAM? AntonioMaio Protiviti | SeniorSharePoint Architect Microsoft OfficeServer andServices MVP Email: antonio.maio@protiviti.com Blog: www.trustsharepoint.com Slide share: http://www.slideshare.net/AntonioMaio2 Twitter: @AntonioMaio2
MACGYVER 2 IT Team Member • Typically work alone • Given responsibility for Office 365 • No formal security training, or self-trained • Smart - Comfortable learning & working with technology • Good at pulling together solutions with what’s available • Smaller organization – No/low budget for training & tools • Very security minded/concerned
NINJA 3 The Security Expert • Typically work alone • Formally trained security expert / Know your stuff (CISSP, CISM, MSCP, OSCP, etc.) • Very security minded/concerned • Some budget for training & tools
SWAT TEAM 4 The Information Security Team • Highly skilled team members • Comprised of multiple security experts • Distributed roles & responsibilities • Larger or heavily regulated organizations • Very security minded & compliance focused • Annual budgets for training & tools
Internal Audit, Risk, Business & Technology Consulting BUILT IN SECURITY What everyone should know…
6 • Understand Cloud Provider Responsibilities • Understand Your Responsibilities In a cloud environment, security and information protection must be a Shared Responsibility. Understanding how your responsibilities are managed requires strong Information Governance policies & procedures. SAAS = Office 365 PAAS = Azure Web Services, Azure Functions, etc. IAAS = Azure VMs
Office 365 Security - MacGyver, Ninja or Swat team
https://channel9.msdn.com/Shows/Azure-Friday/Red-vs-Blue-Internal-security-penetration-testing-of-Microsoft- Azure
Reference and cipher suites: https://technet.microsoft.com/en-us/library/dn569286.aspx
Office 365 Security - MacGyver, Ninja or Swat team
Internal Audit, Risk, Business & Technology Consulting MACGYVER – IT TEAM MEMBER
Office 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat team
Control how sites and documents can be shared with External Users on a site collection by site collection basis.
Click Settings > Services and Add-Ins > Sites
Office 365 Security - MacGyver, Ninja or Swat team
SharePoint Online has the same inherited, hierarchical, permissive permission model as SharePoint On Premise. Office 365 Customer Tenant SharePoint Online Site Collection Site Collection Site Site Library List Document Item Site Document Document Item Demo Members SharePoint Group Edit Demo Owners SharePoint Group Full Control Demo Visitors SharePoint Group Read Finance Team Domain Group Edit Senior Mgmt Domain Group Full Control Research Team Domain Group Full Control Senior Mgmt Domain Group Full Control Research Team Domain Group Full Control Senior Mgmt Domain Group Full Control Antonio.Maio Domain User Full Control • Ifauserisamemberofmultiplegroupswhichhaveaccesstoaresource, theuserwillgetthehighestlevelofgroupaccessgranted. • Toremoveauser’saccesstoaresource,theymustberemovedfromall groupswhichhaveaccess. • Thereisnoconceptofadenypolicy.
• https://securescore.office.com
Internal Audit, Risk, Business & Technology Consulting NINJA – SECURITY EXPERT
Multi-factor authentication helps protect against unauthorized access to the Office 365 environment.
Multi-factor authentication helps protect against unauthorized access to the Office 365 environment.
• New integrated authentication mechanism built into Office client apps • Uses ADAL (Active Directory Authentication Library) • Cross platform: Windows, Mac OS X, Windows Phone, iOS, Android • Provides advanced sign in features for the Office clients: • Multi-Factor Authentication (MFA) • SAML third-party identity providers • Smart card • Certificate based authentication • Microsoft Authenticator App • Third party Authenticator App • Microsoft Outlook no longer requires “basic authentication” • Greaterconsistencyin the user experienceforusersauthenticatingto Office365 servicesand apps • GreatersecurityacrosstheentireOffice365 service& appsuite Newly launched authentication protocol which became generally available in May 20, 2016.
• Dependent on client application (requires Office/Outlook 2016, or Office 2013 with latest SP) • Support must be enabled on Office Clients and in Office 365 service: • Ex. Outlook 2016 will attempt Modern Authentication and auto-revert to Basic Authentication if Exchange Online is not enabled • No support planned for: Office 2010 or 2007, Office for Mac 2011, Windows Phone 7, OWA for iOS or Android • Default enablement in some Office 365 services: • Exchange Online: OFF by default • SharePoint Online: ON by default • Skype for Business: OFF by default • Enabled via PowerShell Modern authentication must be on-boarded for some Office 365 services and environments.
Data Loss Prevention policies identify and protect sensitive data in SharePoint Online & OneDrive for Business. • Automatically identify andprotect 80 sensitive data types (SSN, credit card #, national ID #, etc.) • AppliestoSharePoint Online • AppliestoOneDriveforBusiness • Appliestofiles/documents • Doesnotapplytolistitems • Manage policies that whensensitive data is foundcan: • Educateuserswithpolicytips • Blockaccess • AlertAdminsorInfoSecteams • Createincidentreports
Classification labels provide a method for users to specify retention policies on individual documents/emails. • Click Classifications > Label Policies • Not used by Azure Information Protection or Rights Management • Primarily used for retention of documents and email • Labels define a retention period • Define what occurs when retention period expires
Classification labels provide a method for users to specify retention policies on individual documents/emails. • Click Classifications > Label Policies • Define if a label is published and which services it is available to – can publish labels to:
Manage how spam, malware is blocked & quarantined by adjusting your Office 365 Mail Filtering policies. • Default standard anti-spampolicies already inplace • Manage Allow Lists by senderor domain • Manage Block Lists by sender or domain • Customize policies by:
Internal Audit, Risk, Business & Technology Consulting SWAT – INFORMATION SECURITY TEAM
• Customer must approve access request, before Microsoft engineer gets any access to Customer tenant Customers can control whether Microsoft Office 365 engineers may have access to their tenant.
Monitor user and admin activity with machine learning to identity suspicious behavior and automatically apply security policies to protect against malicious attackers. • Click Alerts > Manage Alerts • Click Manage Advanced Alerts
Office 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat team
THANK YOU Antonio Maio Protiviti | Senior SharePoint Architect Microsoft Office Server and Services MVP Email: antonio.maio@protiviti.com Blog: www.trustsharepoint.com Slide share: http://www.slideshare.net/AntonioMaio2 Twitter: @AntonioMaio2
1 of 33

Office 365 Security - MacGyver, Ninja or Swat team

Download to read offline
Software

Do you know the tools and tricks in your MacGyver kit for Office 365 Security? Would you consider yourself a Security Ninja, fully versed and prepared to take advantage of the Office 365 Security and Compliance Center? Is your SWAT Team prepared to take down adversaries in worst-case scenarios? Join Antonio Maio, 5-time Microsoft MVP and 20-year security professional, as he reviews the recommended game plan to enable your inner MacGyver, execute tactical strikes like a Ninja and arm your team with information governance and security practices in use at global 100 companies. Through customer case studies and hands-on demonstrations of capabilities such as alerts, data loss prevention policies, activity audit logs, advanced security management and advanced threat protection, Antonio will show you the tools and tricks you need to effectively secure your information in Office 365.

A
AntonioMaio2

Recommended

A beginners guide to administering office 365 with power shell antonio maio by
A beginners guide to administering office 365 with power shell antonio maioA beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maioAntonioMaio2
5.1K views19 slides
Office 365 security new innovations from microsoft ignite - antonio maio by
Office 365 security new innovations from microsoft ignite - antonio maioOffice 365 security new innovations from microsoft ignite - antonio maio
Office 365 security new innovations from microsoft ignite - antonio maioAntonioMaio2
633 views18 slides
CollabDays BeNeLux Sensitivity labels: what's new by
CollabDays BeNeLux Sensitivity labels: what's newCollabDays BeNeLux Sensitivity labels: what's new
CollabDays BeNeLux Sensitivity labels: what's newAlbert Hoitingh
158 views26 slides
AzureThursday Mirabeau - Azure Information Protection by
AzureThursday Mirabeau - Azure Information ProtectionAzureThursday Mirabeau - Azure Information Protection
AzureThursday Mirabeau - Azure Information ProtectionAlbert Hoitingh
293 views24 slides
Being more secure using Microsoft 365 Business by
Being more secure using Microsoft 365 BusinessBeing more secure using Microsoft 365 Business
Being more secure using Microsoft 365 BusinessRobert Crane
1.8K views49 slides
Working securely with Microsoft Teams - Techorama 2021 by
Working securely with Microsoft Teams - Techorama 2021Working securely with Microsoft Teams - Techorama 2021
Working securely with Microsoft Teams - Techorama 2021Albert Hoitingh
130 views40 slides

More Related Content

What's hot

Azure information protection and SharePoint by
Azure information protection and SharePoint Azure information protection and SharePoint
Azure information protection and SharePoint Albert Hoitingh
939 views31 slides
File Security in Microsoft SharePoint and OneDrive by
File Security in Microsoft SharePoint and OneDriveFile Security in Microsoft SharePoint and OneDrive
File Security in Microsoft SharePoint and OneDriveDavid J Rosenthal
1.1K views16 slides
Microsoft 365 Security & Compliance User Group - Microsoft Teams compliance by
Microsoft 365 Security & Compliance User Group - Microsoft Teams compliance Microsoft 365 Security & Compliance User Group - Microsoft Teams compliance
Microsoft 365 Security & Compliance User Group - Microsoft Teams compliance Albert Hoitingh
117 views28 slides
Microsoft 365 Security and Compliance by
Microsoft 365 Security and ComplianceMicrosoft 365 Security and Compliance
Microsoft 365 Security and ComplianceDavid J Rosenthal
4K views55 slides
Office 365 Security Best Practices by
Office 365 Security Best PracticesOffice 365 Security Best Practices
Office 365 Security Best PracticesCommunity IT Innovators
1.8K views34 slides
Azure Information Protection by
Azure Information ProtectionAzure Information Protection
Azure Information ProtectionRobert Crane
6.2K views34 slides

What's hot(20)

Azure information protection and SharePoint by Albert Hoitingh
Azure information protection and SharePoint Azure information protection and SharePoint
Azure information protection and SharePoint
Albert Hoitingh939 views
File Security in Microsoft SharePoint and OneDrive by David J Rosenthal
File Security in Microsoft SharePoint and OneDriveFile Security in Microsoft SharePoint and OneDrive
File Security in Microsoft SharePoint and OneDrive
David J Rosenthal1.1K views
Microsoft 365 Security & Compliance User Group - Microsoft Teams compliance by Albert Hoitingh
Microsoft 365 Security & Compliance User Group - Microsoft Teams compliance Microsoft 365 Security & Compliance User Group - Microsoft Teams compliance
Microsoft 365 Security & Compliance User Group - Microsoft Teams compliance
Albert Hoitingh117 views
Microsoft 365 Security and Compliance by David J Rosenthal
Microsoft 365 Security and ComplianceMicrosoft 365 Security and Compliance
Microsoft 365 Security and Compliance
David J Rosenthal4K views
Office 365 Security Best Practices by Community IT Innovators
Office 365 Security Best PracticesOffice 365 Security Best Practices
Office 365 Security Best Practices
Community IT Innovators1.8K views
Azure Information Protection by Robert Crane
Azure Information ProtectionAzure Information Protection
Azure Information Protection
Robert Crane6.2K views
What's new in Security and Compliance in SharePoint , OneDrive for Business &... by Vignesh Ganesan I Microsoft MVP
What's new in Security and Compliance in SharePoint , OneDrive for Business &...What's new in Security and Compliance in SharePoint , OneDrive for Business &...
What's new in Security and Compliance in SharePoint , OneDrive for Business &...
Vignesh Ganesan I Microsoft MVP153 views
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps by Vignesh Ganesan I Microsoft MVP
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Vignesh Ganesan I Microsoft MVP786 views
Secure Productive Enterprise from Microsoft and Atidan by David J Rosenthal
Secure Productive Enterprise from Microsoft and AtidanSecure Productive Enterprise from Microsoft and Atidan
Secure Productive Enterprise from Microsoft and Atidan
David J Rosenthal813 views
Cryptzone SharePoint and Office 365 Security Solutions Guide by David J Rosenthal
Cryptzone SharePoint and Office 365 Security Solutions GuideCryptzone SharePoint and Office 365 Security Solutions Guide
Cryptzone SharePoint and Office 365 Security Solutions Guide
David J Rosenthal826 views
Securing Governing and Protecting Your Office 365 Investments by Chris Bortlik
Securing Governing and Protecting Your Office 365 InvestmentsSecuring Governing and Protecting Your Office 365 Investments
Securing Governing and Protecting Your Office 365 Investments
Chris Bortlik136 views
Working with MS Endpoint Manager by George Grammatikos
Working with MS Endpoint ManagerWorking with MS Endpoint Manager
Working with MS Endpoint Manager
George Grammatikos574 views
Management of all the devices using Microsoft 365 Business by Robert Crane
Management of all the devices using Microsoft 365 BusinessManagement of all the devices using Microsoft 365 Business
Management of all the devices using Microsoft 365 Business
Robert Crane453 views
Labelling in Microsoft 365 - Retention & Sensitivity by Drew Madelung
Labelling in Microsoft 365 - Retention & SensitivityLabelling in Microsoft 365 - Retention & Sensitivity
Labelling in Microsoft 365 - Retention & Sensitivity
Drew Madelung479 views
Azure AD with Office 365 and Beyond! by Ravikumar Sathyamurthy
Azure AD with Office 365 and Beyond!Azure AD with Office 365 and Beyond!
Azure AD with Office 365 and Beyond!
Ravikumar Sathyamurthy2.2K views
What is Microsoft 365 Business? by Robert Crane
What is Microsoft 365 Business?What is Microsoft 365 Business?
What is Microsoft 365 Business?
Robert Crane2.3K views
Information protection & classification by David De Vos
Information protection & classificationInformation protection & classification
Information protection & classification
David De Vos157 views
SharePoint Saturday Cambridge: Security & compliance by Albert Hoitingh
SharePoint Saturday Cambridge: Security & complianceSharePoint Saturday Cambridge: Security & compliance
SharePoint Saturday Cambridge: Security & compliance
Albert Hoitingh92 views
Azure Information Protection - Taking a Team Approach by Joanne Klein
Azure Information Protection - Taking a Team ApproachAzure Information Protection - Taking a Team Approach
Azure Information Protection - Taking a Team Approach
Joanne Klein1.1K views
Building solutions with SPFx that work across SharePoint and Teams by Vignesh Ganesan I Microsoft MVP
Building solutions with SPFx that work across SharePoint and TeamsBuilding solutions with SPFx that work across SharePoint and Teams
Building solutions with SPFx that work across SharePoint and Teams
Vignesh Ganesan I Microsoft MVP264 views

Similar to Office 365 Security - MacGyver, Ninja or Swat team

Intro to Office 365 Security & Compliance Center by
Intro to Office 365 Security & Compliance CenterIntro to Office 365 Security & Compliance Center
Intro to Office 365 Security & Compliance CenterCraig Jahnke
2.2K views35 slides
SC-900 Capabilities of Microsoft Compliance Solutions by
SC-900 Capabilities of Microsoft Compliance SolutionsSC-900 Capabilities of Microsoft Compliance Solutions
SC-900 Capabilities of Microsoft Compliance SolutionsFredBrandonAuthorMCP
268 views38 slides
Azure Information Protection - Taking a Team Approach - SPS Montreal by
Azure Information Protection - Taking a Team Approach - SPS MontrealAzure Information Protection - Taking a Team Approach - SPS Montreal
Azure Information Protection - Taking a Team Approach - SPS MontrealJoanne Klein
1.2K views73 slides
Information security in office 365 a shared responsibility - antonio maio by
Information security in office 365 a shared responsibility - antonio maioInformation security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maioAntonioMaio2
664 views14 slides
How To Eliminate Security Exposures in Office 365 Webinar by
How To Eliminate Security Exposures in Office 365 WebinarHow To Eliminate Security Exposures in Office 365 Webinar
How To Eliminate Security Exposures in Office 365 WebinarConcept Searching, Inc
920 views11 slides
Andy Malone - Microsoft office 365 security deep dive by
Andy Malone - Microsoft office 365 security deep diveAndy Malone - Microsoft office 365 security deep dive
Andy Malone - Microsoft office 365 security deep diveNordic Infrastructure Conference
7.8K views61 slides

Similar to Office 365 Security - MacGyver, Ninja or Swat team(20)

Intro to Office 365 Security & Compliance Center by Craig Jahnke
Intro to Office 365 Security & Compliance CenterIntro to Office 365 Security & Compliance Center
Intro to Office 365 Security & Compliance Center
Craig Jahnke2.2K views
SC-900 Capabilities of Microsoft Compliance Solutions by FredBrandonAuthorMCP
SC-900 Capabilities of Microsoft Compliance SolutionsSC-900 Capabilities of Microsoft Compliance Solutions
SC-900 Capabilities of Microsoft Compliance Solutions
FredBrandonAuthorMCP268 views
Azure Information Protection - Taking a Team Approach - SPS Montreal by Joanne Klein
Azure Information Protection - Taking a Team Approach - SPS MontrealAzure Information Protection - Taking a Team Approach - SPS Montreal
Azure Information Protection - Taking a Team Approach - SPS Montreal
Joanne Klein1.2K views
Information security in office 365 a shared responsibility - antonio maio by AntonioMaio2
Information security in office 365 a shared responsibility - antonio maioInformation security in office 365 a shared responsibility - antonio maio
Information security in office 365 a shared responsibility - antonio maio
AntonioMaio2664 views
How To Eliminate Security Exposures in Office 365 Webinar by Concept Searching, Inc
How To Eliminate Security Exposures in Office 365 WebinarHow To Eliminate Security Exposures in Office 365 Webinar
How To Eliminate Security Exposures in Office 365 Webinar
Concept Searching, Inc920 views
Andy Malone - Microsoft office 365 security deep dive by Nordic Infrastructure Conference
Andy Malone - Microsoft office 365 security deep diveAndy Malone - Microsoft office 365 security deep dive
Andy Malone - Microsoft office 365 security deep dive
Nordic Infrastructure Conference7.8K views
Data Breaches and Security Rights in SharePoint Webinar by Concept Searching, Inc
Data Breaches and Security Rights in SharePoint WebinarData Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint Webinar
Concept Searching, Inc1.1K views
SharePoint Saturday NL 2016 - Security & Compliance by Albert Hoitingh
SharePoint Saturday NL 2016 - Security & ComplianceSharePoint Saturday NL 2016 - Security & Compliance
SharePoint Saturday NL 2016 - Security & Compliance
Albert Hoitingh1.7K views
Data Loss Prevention in O365 by Don Daubert
Data Loss Prevention in O365Data Loss Prevention in O365
Data Loss Prevention in O365
Don Daubert452 views
Microsoft Teams in the Modern Workplace by Joanne Klein
Microsoft Teams in the Modern WorkplaceMicrosoft Teams in the Modern Workplace
Microsoft Teams in the Modern Workplace
Joanne Klein357 views
Microsoft Viva governance and compliance implications | Viva Explorers Commun... by Nikki Chapple
Microsoft Viva governance and compliance implications | Viva Explorers Commun...Microsoft Viva governance and compliance implications | Viva Explorers Commun...
Microsoft Viva governance and compliance implications | Viva Explorers Commun...
Nikki Chapple46 views
March 2023 CIAOPS Need to Know Webinar by Robert Crane
March 2023 CIAOPS Need to Know WebinarMarch 2023 CIAOPS Need to Know Webinar
March 2023 CIAOPS Need to Know Webinar
Robert Crane700 views
One name unify them all by BizTalk360
One name unify them allOne name unify them all
One name unify them all
BizTalk360250 views
Office 365 Security, Privacy and Compliance - SMB Nation 2015 by Robert Crane
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Robert Crane283 views
Securing your digital world - Cybersecurity for SBEs by Sonny Hashmi
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEs
Sonny Hashmi148 views
Securing your digital world cybersecurity for sb es by Sonny Hashmi
Securing your digital world cybersecurity for sb esSecuring your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb es
Sonny Hashmi712 views
Web Security Overview by Noah Jaehnert
Web Security OverviewWeb Security Overview
Web Security Overview
Noah Jaehnert150 views
Pure Bookkeeping Webinar, Productivity and Security with Microsoft Office 365 by DavidNicholls52
Pure Bookkeeping Webinar, Productivity and Security with Microsoft Office 365Pure Bookkeeping Webinar, Productivity and Security with Microsoft Office 365
Pure Bookkeeping Webinar, Productivity and Security with Microsoft Office 365
DavidNicholls52110 views
Microsoft 365 | Modern workplace by Siddick Elaheebocus
Microsoft 365 | Modern workplaceMicrosoft 365 | Modern workplace
Microsoft 365 | Modern workplace
Siddick Elaheebocus156 views
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa... by Rencore
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore Webinar: Understanding EU GDPR from an Office 365 perspective with Pa...
Rencore257 views

More from AntonioMaio2

Introduction to Microsoft Enterprise Mobility + Security by
Introduction to Microsoft Enterprise Mobility + SecurityIntroduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityAntonioMaio2
5.3K views26 slides
Learn how to protect against and recover from data breaches in Office 365 by
Learn how to protect against and recover from data breaches in Office 365Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365AntonioMaio2
393 views50 slides
SharePoint Saturday Ottawa - How secure is my data in office 365? by
SharePoint Saturday Ottawa - How secure is my data in office 365?SharePoint Saturday Ottawa - How secure is my data in office 365?
SharePoint Saturday Ottawa - How secure is my data in office 365?AntonioMaio2
2.1K views30 slides
Real world SharePoint information governance a case study - published by
Real world SharePoint information governance a case study - publishedReal world SharePoint information governance a case study - published
Real world SharePoint information governance a case study - publishedAntonioMaio2
1.9K views32 slides
Overcoming Security Threats and Vulnerabilities in SharePoint by
Overcoming Security Threats and Vulnerabilities in SharePointOvercoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePointAntonioMaio2
2.2K views34 slides
What’s new in SharePoint 2016! by
What’s new in SharePoint 2016!What’s new in SharePoint 2016!
What’s new in SharePoint 2016!AntonioMaio2
2.1K views23 slides

More from AntonioMaio2(20)

Introduction to Microsoft Enterprise Mobility + Security by AntonioMaio2
Introduction to Microsoft Enterprise Mobility + SecurityIntroduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + Security
AntonioMaio25.3K views
Learn how to protect against and recover from data breaches in Office 365 by AntonioMaio2
Learn how to protect against and recover from data breaches in Office 365Learn how to protect against and recover from data breaches in Office 365
Learn how to protect against and recover from data breaches in Office 365
AntonioMaio2393 views
SharePoint Saturday Ottawa - How secure is my data in office 365? by AntonioMaio2
SharePoint Saturday Ottawa - How secure is my data in office 365?SharePoint Saturday Ottawa - How secure is my data in office 365?
SharePoint Saturday Ottawa - How secure is my data in office 365?
AntonioMaio22.1K views
Real world SharePoint information governance a case study - published by AntonioMaio2
Real world SharePoint information governance a case study - publishedReal world SharePoint information governance a case study - published
Real world SharePoint information governance a case study - published
AntonioMaio21.9K views
Overcoming Security Threats and Vulnerabilities in SharePoint by AntonioMaio2
Overcoming Security Threats and Vulnerabilities in SharePointOvercoming Security Threats and Vulnerabilities in SharePoint
Overcoming Security Threats and Vulnerabilities in SharePoint
AntonioMaio22.2K views
What’s new in SharePoint 2016! by AntonioMaio2
What’s new in SharePoint 2016!What’s new in SharePoint 2016!
What’s new in SharePoint 2016!
AntonioMaio22.1K views
Data Visualization in SharePoint and Office 365 by AntonioMaio2
Data Visualization in SharePoint and Office 365Data Visualization in SharePoint and Office 365
Data Visualization in SharePoint and Office 365
AntonioMaio26.3K views
Hybrid Identity Management with SharePoint and Office 365 - Antonio Maio by AntonioMaio2
Hybrid Identity Management with SharePoint and Office 365 - Antonio MaioHybrid Identity Management with SharePoint and Office 365 - Antonio Maio
Hybrid Identity Management with SharePoint and Office 365 - Antonio Maio
AntonioMaio22.4K views
Developing custom claim providers to enable authorization in share point an... by AntonioMaio2
Developing custom claim providers to enable authorization in share point an...Developing custom claim providers to enable authorization in share point an...
Developing custom claim providers to enable authorization in share point an...
AntonioMaio212.9K views
Identity management challenges when moving share point to the cloud antonio... by AntonioMaio2
Identity management challenges when moving share point to the cloud antonio...Identity management challenges when moving share point to the cloud antonio...
Identity management challenges when moving share point to the cloud antonio...
AntonioMaio2540 views
A Practical Guide Information Governance with Microsoft SharePoint 2013 by AntonioMaio2
A Practical Guide Information Governance with Microsoft SharePoint 2013A Practical Guide Information Governance with Microsoft SharePoint 2013
A Practical Guide Information Governance with Microsoft SharePoint 2013
AntonioMaio2908 views
Best practices for security and governance in share point 2013 published by AntonioMaio2
Best practices for security and governance in share point 2013 publishedBest practices for security and governance in share point 2013 published
Best practices for security and governance in share point 2013 published
AntonioMaio21.4K views
Keeping SharePoint Always On by AntonioMaio2
Keeping SharePoint Always OnKeeping SharePoint Always On
Keeping SharePoint Always On
AntonioMaio2774 views
How Claims is Changing the Way We Authenticate and Authorize in SharePoint by AntonioMaio2
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
AntonioMaio23.2K views
Best practices for Security and Governance in SharePoint 2013 by AntonioMaio2
Best practices for Security and Governance in SharePoint 2013Best practices for Security and Governance in SharePoint 2013
Best practices for Security and Governance in SharePoint 2013
AntonioMaio24.9K views
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013... by AntonioMaio2
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
AntonioMaio22K views
Best Practices for Security in Microsoft SharePoint 2013 by AntonioMaio2
Best Practices for Security in Microsoft SharePoint 2013Best Practices for Security in Microsoft SharePoint 2013
Best Practices for Security in Microsoft SharePoint 2013
AntonioMaio229.7K views
Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013 by AntonioMaio2
Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013
Intro to Develop and Deploy Apps for Microsoft SharePoint and Office 2013
AntonioMaio22.1K views
SharePoint Governance: Impacts of Moving to the Cloud by AntonioMaio2
SharePoint Governance: Impacts of Moving to the CloudSharePoint Governance: Impacts of Moving to the Cloud
SharePoint Governance: Impacts of Moving to the Cloud
AntonioMaio2610 views
Share point security 101 sps-ottawa 2012 - antonio maio by AntonioMaio2
Share point security 101 sps-ottawa 2012 - antonio maioShare point security 101 sps-ottawa 2012 - antonio maio
Share point security 101 sps-ottawa 2012 - antonio maio
AntonioMaio22.1K views

Recently uploaded

DSD-INT 2023 Simulation of Coastal Hydrodynamics and Water Quality in Hong Ko... by
DSD-INT 2023 Simulation of Coastal Hydrodynamics and Water Quality in Hong Ko...DSD-INT 2023 Simulation of Coastal Hydrodynamics and Water Quality in Hong Ko...
DSD-INT 2023 Simulation of Coastal Hydrodynamics and Water Quality in Hong Ko...Deltares
14 views23 slides
Airline Booking Software by
Airline Booking SoftwareAirline Booking Software
Airline Booking SoftwareSharmiMehta
6 views26 slides
Team Transformation Tactics for Holistic Testing and Quality (Japan Symposium... by
Team Transformation Tactics for Holistic Testing and Quality (Japan Symposium...Team Transformation Tactics for Holistic Testing and Quality (Japan Symposium...
Team Transformation Tactics for Holistic Testing and Quality (Japan Symposium...Lisi Hocke
30 views124 slides
20231129 - Platform @ localhost 2023 - Application-driven infrastructure with... by
20231129 - Platform @ localhost 2023 - Application-driven infrastructure with...20231129 - Platform @ localhost 2023 - Application-driven infrastructure with...
20231129 - Platform @ localhost 2023 - Application-driven infrastructure with...sparkfabrik
5 views46 slides
Short_Story_PPT.pdf by
Short_Story_PPT.pdfShort_Story_PPT.pdf
Short_Story_PPT.pdfutkarshsatishkumarsh
5 views16 slides
SAP FOR CONTRACT MANUFACTURING.pdf by
SAP FOR CONTRACT MANUFACTURING.pdfSAP FOR CONTRACT MANUFACTURING.pdf
SAP FOR CONTRACT MANUFACTURING.pdfVirendra Rai, PMP
13 views2 slides

Recently uploaded(20)

DSD-INT 2023 Simulation of Coastal Hydrodynamics and Water Quality in Hong Ko... by Deltares
DSD-INT 2023 Simulation of Coastal Hydrodynamics and Water Quality in Hong Ko...DSD-INT 2023 Simulation of Coastal Hydrodynamics and Water Quality in Hong Ko...
DSD-INT 2023 Simulation of Coastal Hydrodynamics and Water Quality in Hong Ko...
Deltares14 views
Airline Booking Software by SharmiMehta
Airline Booking SoftwareAirline Booking Software
Airline Booking Software
SharmiMehta6 views
Team Transformation Tactics for Holistic Testing and Quality (Japan Symposium... by Lisi Hocke
Team Transformation Tactics for Holistic Testing and Quality (Japan Symposium...Team Transformation Tactics for Holistic Testing and Quality (Japan Symposium...
Team Transformation Tactics for Holistic Testing and Quality (Japan Symposium...
Lisi Hocke30 views
20231129 - Platform @ localhost 2023 - Application-driven infrastructure with... by sparkfabrik
20231129 - Platform @ localhost 2023 - Application-driven infrastructure with...20231129 - Platform @ localhost 2023 - Application-driven infrastructure with...
20231129 - Platform @ localhost 2023 - Application-driven infrastructure with...
sparkfabrik5 views
Short_Story_PPT.pdf by utkarshsatishkumarsh
Short_Story_PPT.pdfShort_Story_PPT.pdf
Short_Story_PPT.pdf
utkarshsatishkumarsh5 views
SAP FOR CONTRACT MANUFACTURING.pdf by Virendra Rai, PMP
SAP FOR CONTRACT MANUFACTURING.pdfSAP FOR CONTRACT MANUFACTURING.pdf
SAP FOR CONTRACT MANUFACTURING.pdf
Virendra Rai, PMP13 views
360 graden fabriek by info33492
360 graden fabriek360 graden fabriek
360 graden fabriek
info3349238 views
DSD-INT 2023 3D hydrodynamic modelling of microplastic transport in lakes - J... by Deltares
DSD-INT 2023 3D hydrodynamic modelling of microplastic transport in lakes - J...DSD-INT 2023 3D hydrodynamic modelling of microplastic transport in lakes - J...
DSD-INT 2023 3D hydrodynamic modelling of microplastic transport in lakes - J...
Deltares9 views
AI and Ml presentation .pptx by FayazAli87
AI and Ml presentation .pptxAI and Ml presentation .pptx
AI and Ml presentation .pptx
FayazAli8711 views
Fleet Management Software in India by Fleetable
Fleet Management Software in India Fleet Management Software in India
Fleet Management Software in India
Fleetable11 views
Myths and Facts About Hospice Care: Busting Common Misconceptions by Care Coordinations
Myths and Facts About Hospice Care: Busting Common MisconceptionsMyths and Facts About Hospice Care: Busting Common Misconceptions
Myths and Facts About Hospice Care: Busting Common Misconceptions
Care Coordinations5 views
Agile 101 by John Valentino
Agile 101Agile 101
Agile 101
John Valentino7 views
Unleash The Monkeys by Jacob Duijzer
Unleash The MonkeysUnleash The Monkeys
Unleash The Monkeys
Jacob Duijzer7 views
DSD-INT 2023 Process-based modelling of salt marsh development coupling Delft... by Deltares
DSD-INT 2023 Process-based modelling of salt marsh development coupling Delft...DSD-INT 2023 Process-based modelling of salt marsh development coupling Delft...
DSD-INT 2023 Process-based modelling of salt marsh development coupling Delft...
Deltares7 views
DSD-INT 2023 European Digital Twin Ocean and Delft3D FM - Dols by Deltares
DSD-INT 2023 European Digital Twin Ocean and Delft3D FM - DolsDSD-INT 2023 European Digital Twin Ocean and Delft3D FM - Dols
DSD-INT 2023 European Digital Twin Ocean and Delft3D FM - Dols
Deltares7 views
DSD-INT 2023 Machine learning in hydraulic engineering - Exploring unseen fut... by Deltares
DSD-INT 2023 Machine learning in hydraulic engineering - Exploring unseen fut...DSD-INT 2023 Machine learning in hydraulic engineering - Exploring unseen fut...
DSD-INT 2023 Machine learning in hydraulic engineering - Exploring unseen fut...
Deltares7 views
DSD-INT 2023 Salt intrusion Modelling of the Lauwersmeer, towards a measureme... by Deltares
DSD-INT 2023 Salt intrusion Modelling of the Lauwersmeer, towards a measureme...DSD-INT 2023 Salt intrusion Modelling of the Lauwersmeer, towards a measureme...
DSD-INT 2023 Salt intrusion Modelling of the Lauwersmeer, towards a measureme...
Deltares5 views
DSD-INT 2023 Delft3D FM Suite 2024.01 1D2D - Beta testing programme - Geertsema by Deltares
DSD-INT 2023 Delft3D FM Suite 2024.01 1D2D - Beta testing programme - GeertsemaDSD-INT 2023 Delft3D FM Suite 2024.01 1D2D - Beta testing programme - Geertsema
DSD-INT 2023 Delft3D FM Suite 2024.01 1D2D - Beta testing programme - Geertsema
Deltares17 views
.NET Developer Conference 2023 - .NET Microservices mit Dapr – zu viel Abstra... by Marc Müller
.NET Developer Conference 2023 - .NET Microservices mit Dapr – zu viel Abstra....NET Developer Conference 2023 - .NET Microservices mit Dapr – zu viel Abstra...
.NET Developer Conference 2023 - .NET Microservices mit Dapr – zu viel Abstra...
Marc Müller38 views
SUGCON ANZ Presentation V2.1 Final.pptx by Jack Spektor
SUGCON ANZ Presentation V2.1 Final.pptxSUGCON ANZ Presentation V2.1 Final.pptx
SUGCON ANZ Presentation V2.1 Final.pptx
Jack Spektor22 views

Office 365 Security - MacGyver, Ninja or Swat team

  • 1. Internal Audit, Risk, Business & Technology Consulting OFFICE 365 SECURITY MACGYVER, NINJA OR SWAT TEAM? AntonioMaio Protiviti | SeniorSharePoint Architect Microsoft OfficeServer andServices MVP Email: antonio.maio@protiviti.com Blog: www.trustsharepoint.com Slide share: http://www.slideshare.net/AntonioMaio2 Twitter: @AntonioMaio2
  • 2. MACGYVER 2 IT Team Member • Typically work alone • Given responsibility for Office 365 • No formal security training, or self-trained • Smart - Comfortable learning & working with technology • Good at pulling together solutions with what’s available • Smaller organization – No/low budget for training & tools • Very security minded/concerned
  • 3. NINJA 3 The Security Expert • Typically work alone • Formally trained security expert / Know your stuff (CISSP, CISM, MSCP, OSCP, etc.) • Very security minded/concerned • Some budget for training & tools
  • 4. SWAT TEAM 4 The Information Security Team • Highly skilled team members • Comprised of multiple security experts • Distributed roles & responsibilities • Larger or heavily regulated organizations • Very security minded & compliance focused • Annual budgets for training & tools
  • 5. Internal Audit, Risk, Business & Technology Consulting BUILT IN SECURITY What everyone should know…
  • 6. 6 • Understand Cloud Provider Responsibilities • Understand Your Responsibilities In a cloud environment, security and information protection must be a Shared Responsibility. Understanding how your responsibilities are managed requires strong Information Governance policies & procedures. SAAS = Office 365 PAAS = Azure Web Services, Azure Functions, etc. IAAS = Azure VMs
  • 9. Reference and cipher suites: https://technet.microsoft.com/en-us/library/dn569286.aspx
  • 11. Internal Audit, Risk, Business & Technology Consulting MACGYVER – IT TEAM MEMBER
  • 14. Control how sites and documents can be shared with External Users on a site collection by site collection basis.
  • 15. Click Settings > Services and Add-Ins > Sites
  • 17. SharePoint Online has the same inherited, hierarchical, permissive permission model as SharePoint On Premise. Office 365 Customer Tenant SharePoint Online Site Collection Site Collection Site Site Library List Document Item Site Document Document Item Demo Members SharePoint Group Edit Demo Owners SharePoint Group Full Control Demo Visitors SharePoint Group Read Finance Team Domain Group Edit Senior Mgmt Domain Group Full Control Research Team Domain Group Full Control Senior Mgmt Domain Group Full Control Research Team Domain Group Full Control Senior Mgmt Domain Group Full Control Antonio.Maio Domain User Full Control • Ifauserisamemberofmultiplegroupswhichhaveaccesstoaresource, theuserwillgetthehighestlevelofgroupaccessgranted. • Toremoveauser’saccesstoaresource,theymustberemovedfromall groupswhichhaveaccess. • Thereisnoconceptofadenypolicy.
  • 19. Internal Audit, Risk, Business & Technology Consulting NINJA – SECURITY EXPERT
  • 20. Multi-factor authentication helps protect against unauthorized access to the Office 365 environment.
  • 21. Multi-factor authentication helps protect against unauthorized access to the Office 365 environment.
  • 22. • New integrated authentication mechanism built into Office client apps • Uses ADAL (Active Directory Authentication Library) • Cross platform: Windows, Mac OS X, Windows Phone, iOS, Android • Provides advanced sign in features for the Office clients: • Multi-Factor Authentication (MFA) • SAML third-party identity providers • Smart card • Certificate based authentication • Microsoft Authenticator App • Third party Authenticator App • Microsoft Outlook no longer requires “basic authentication” • Greaterconsistencyin the user experienceforusersauthenticatingto Office365 servicesand apps • GreatersecurityacrosstheentireOffice365 service& appsuite Newly launched authentication protocol which became generally available in May 20, 2016.
  • 23. • Dependent on client application (requires Office/Outlook 2016, or Office 2013 with latest SP) • Support must be enabled on Office Clients and in Office 365 service: • Ex. Outlook 2016 will attempt Modern Authentication and auto-revert to Basic Authentication if Exchange Online is not enabled • No support planned for: Office 2010 or 2007, Office for Mac 2011, Windows Phone 7, OWA for iOS or Android • Default enablement in some Office 365 services: • Exchange Online: OFF by default • SharePoint Online: ON by default • Skype for Business: OFF by default • Enabled via PowerShell Modern authentication must be on-boarded for some Office 365 services and environments.
  • 24. Data Loss Prevention policies identify and protect sensitive data in SharePoint Online & OneDrive for Business. • Automatically identify andprotect 80 sensitive data types (SSN, credit card #, national ID #, etc.) • AppliestoSharePoint Online • AppliestoOneDriveforBusiness • Appliestofiles/documents • Doesnotapplytolistitems • Manage policies that whensensitive data is foundcan: • Educateuserswithpolicytips • Blockaccess • AlertAdminsorInfoSecteams • Createincidentreports
  • 25. Classification labels provide a method for users to specify retention policies on individual documents/emails. • Click Classifications > Label Policies • Not used by Azure Information Protection or Rights Management • Primarily used for retention of documents and email • Labels define a retention period • Define what occurs when retention period expires
  • 26. Classification labels provide a method for users to specify retention policies on individual documents/emails. • Click Classifications > Label Policies • Define if a label is published and which services it is available to – can publish labels to:
  • 27. Manage how spam, malware is blocked & quarantined by adjusting your Office 365 Mail Filtering policies. • Default standard anti-spampolicies already inplace • Manage Allow Lists by senderor domain • Manage Block Lists by sender or domain • Customize policies by:
  • 28. Internal Audit, Risk, Business & Technology Consulting SWAT – INFORMATION SECURITY TEAM
  • 29. • Customer must approve access request, before Microsoft engineer gets any access to Customer tenant Customers can control whether Microsoft Office 365 engineers may have access to their tenant.
  • 30. Monitor user and admin activity with machine learning to identity suspicious behavior and automatically apply security policies to protect against malicious attackers. • Click Alerts > Manage Alerts • Click Manage Advanced Alerts
  • 33. THANK YOU Antonio Maio Protiviti | Senior SharePoint Architect Microsoft Office Server and Services MVP Email: antonio.maio@protiviti.com Blog: www.trustsharepoint.com Slide share: http://www.slideshare.net/AntonioMaio2 Twitter: @AntonioMaio2