Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Office 365 Security - MacGyver, Ninja or Swat team

1,332 views

Published on

Do you know the tools and tricks in your MacGyver kit for Office 365 Security? Would you consider yourself a Security Ninja, fully versed and prepared to take advantage of the Office 365 Security and Compliance Center?
Is your SWAT Team prepared to take down adversaries in worst-case scenarios? Join Antonio Maio, 5-time Microsoft MVP and 20-year security professional, as he reviews the recommended game plan to enable your inner MacGyver, execute tactical strikes like a Ninja and arm your team with information governance and security practices in use at global 100 companies. Through customer case studies and hands-on demonstrations of capabilities such as alerts, data loss prevention policies, activity audit logs, advanced security management and advanced threat protection, Antonio will show you the tools and tricks you need to effectively secure your information in Office 365.

Published in: Software
  • Be the first to comment

  • Be the first to like this

Office 365 Security - MacGyver, Ninja or Swat team

  1. 1. Internal Audit, Risk, Business & Technology Consulting OFFICE 365 SECURITY MACGYVER, NINJA OR SWAT TEAM? AntonioMaio Protiviti | SeniorSharePoint Architect Microsoft OfficeServer andServices MVP Email: antonio.maio@protiviti.com Blog: www.trustsharepoint.com Slide share: http://www.slideshare.net/AntonioMaio2 Twitter: @AntonioMaio2
  2. 2. MACGYVER 2 IT Team Member • Typically work alone • Given responsibility for Office 365 • No formal security training, or self-trained • Smart - Comfortable learning & working with technology • Good at pulling together solutions with what’s available • Smaller organization – No/low budget for training & tools • Very security minded/concerned
  3. 3. NINJA 3 The Security Expert • Typically work alone • Formally trained security expert / Know your stuff (CISSP, CISM, MSCP, OSCP, etc.) • Very security minded/concerned • Some budget for training & tools
  4. 4. SWAT TEAM 4 The Information Security Team • Highly skilled team members • Comprised of multiple security experts • Distributed roles & responsibilities • Larger or heavily regulated organizations • Very security minded & compliance focused • Annual budgets for training & tools
  5. 5. Internal Audit, Risk, Business & Technology Consulting BUILT IN SECURITY What everyone should know…
  6. 6. 6 • Understand Cloud Provider Responsibilities • Understand Your Responsibilities In a cloud environment, security and information protection must be a Shared Responsibility. Understanding how your responsibilities are managed requires strong Information Governance policies & procedures. SAAS = Office 365 PAAS = Azure Web Services, Azure Functions, etc. IAAS = Azure VMs
  7. 7. https://channel9.msdn.com/Shows/Azure-Friday/Red-vs-Blue-Internal-security-penetration-testing-of-Microsoft- Azure
  8. 8. Reference and cipher suites: https://technet.microsoft.com/en-us/library/dn569286.aspx
  9. 9. Internal Audit, Risk, Business & Technology Consulting MACGYVER – IT TEAM MEMBER
  10. 10. Control how sites and documents can be shared with External Users on a site collection by site collection basis.
  11. 11. Click Settings > Services and Add-Ins > Sites
  12. 12. SharePoint Online has the same inherited, hierarchical, permissive permission model as SharePoint On Premise. Office 365 Customer Tenant SharePoint Online Site Collection Site Collection Site Site Library List Document Item Site Document Document Item Demo Members SharePoint Group Edit Demo Owners SharePoint Group Full Control Demo Visitors SharePoint Group Read Finance Team Domain Group Edit Senior Mgmt Domain Group Full Control Research Team Domain Group Full Control Senior Mgmt Domain Group Full Control Research Team Domain Group Full Control Senior Mgmt Domain Group Full Control Antonio.Maio Domain User Full Control • Ifauserisamemberofmultiplegroupswhichhaveaccesstoaresource, theuserwillgetthehighestlevelofgroupaccessgranted. • Toremoveauser’saccesstoaresource,theymustberemovedfromall groupswhichhaveaccess. • Thereisnoconceptofadenypolicy.
  13. 13. • https://securescore.office.com
  14. 14. Internal Audit, Risk, Business & Technology Consulting NINJA – SECURITY EXPERT
  15. 15. Multi-factor authentication helps protect against unauthorized access to the Office 365 environment.
  16. 16. Multi-factor authentication helps protect against unauthorized access to the Office 365 environment.
  17. 17. • New integrated authentication mechanism built into Office client apps • Uses ADAL (Active Directory Authentication Library) • Cross platform: Windows, Mac OS X, Windows Phone, iOS, Android • Provides advanced sign in features for the Office clients: • Multi-Factor Authentication (MFA) • SAML third-party identity providers • Smart card • Certificate based authentication • Microsoft Authenticator App • Third party Authenticator App • Microsoft Outlook no longer requires “basic authentication” • Greaterconsistencyin the user experienceforusersauthenticatingto Office365 servicesand apps • GreatersecurityacrosstheentireOffice365 service& appsuite Newly launched authentication protocol which became generally available in May 20, 2016.
  18. 18. • Dependent on client application (requires Office/Outlook 2016, or Office 2013 with latest SP) • Support must be enabled on Office Clients and in Office 365 service: • Ex. Outlook 2016 will attempt Modern Authentication and auto-revert to Basic Authentication if Exchange Online is not enabled • No support planned for: Office 2010 or 2007, Office for Mac 2011, Windows Phone 7, OWA for iOS or Android • Default enablement in some Office 365 services: • Exchange Online: OFF by default • SharePoint Online: ON by default • Skype for Business: OFF by default • Enabled via PowerShell Modern authentication must be on-boarded for some Office 365 services and environments.
  19. 19. Data Loss Prevention policies identify and protect sensitive data in SharePoint Online & OneDrive for Business. • Automatically identify andprotect 80 sensitive data types (SSN, credit card #, national ID #, etc.) • AppliestoSharePoint Online • AppliestoOneDriveforBusiness • Appliestofiles/documents • Doesnotapplytolistitems • Manage policies that whensensitive data is foundcan: • Educateuserswithpolicytips • Blockaccess • AlertAdminsorInfoSecteams • Createincidentreports
  20. 20. Classification labels provide a method for users to specify retention policies on individual documents/emails. • Click Classifications > Label Policies • Not used by Azure Information Protection or Rights Management • Primarily used for retention of documents and email • Labels define a retention period • Define what occurs when retention period expires
  21. 21. Classification labels provide a method for users to specify retention policies on individual documents/emails. • Click Classifications > Label Policies • Define if a label is published and which services it is available to – can publish labels to:
  22. 22. Manage how spam, malware is blocked & quarantined by adjusting your Office 365 Mail Filtering policies. • Default standard anti-spampolicies already inplace • Manage Allow Lists by senderor domain • Manage Block Lists by sender or domain • Customize policies by:
  23. 23. Internal Audit, Risk, Business & Technology Consulting SWAT – INFORMATION SECURITY TEAM
  24. 24. • Customer must approve access request, before Microsoft engineer gets any access to Customer tenant Customers can control whether Microsoft Office 365 engineers may have access to their tenant.
  25. 25. Monitor user and admin activity with machine learning to identity suspicious behavior and automatically apply security policies to protect against malicious attackers. • Click Alerts > Manage Alerts • Click Manage Advanced Alerts
  26. 26. THANK YOU Antonio Maio Protiviti | Senior SharePoint Architect Microsoft Office Server and Services MVP Email: antonio.maio@protiviti.com Blog: www.trustsharepoint.com Slide share: http://www.slideshare.net/AntonioMaio2 Twitter: @AntonioMaio2

×