Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Rencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar

333 views

Published on

Securing and maintaining a trustworthy Office 365 and Microsoft Azure deployment is not an easy task.

Join Jussi in his session where we’ll take a look into how you can secure and control your cloud-based servers and services, data and users using Azure Active Directory, Azure Security Center, Privileged Identity Management, and Advanced Security Management.

In addition, we’ll also take a look at how Operations Management Suite and Microsoft Advanced Threat Analytics can be used to provide better overall security for on-premises and hybrid deployments.

Published in: Technology
  • Be the first to comment

Rencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar

  1. 1. w: rencore.com | e: info@rencore.com | t: @rencoreab Securing Office 365 and Microsoft Azure like a Rockstar Jussi Roine April 27th, 2017
  2. 2. Matthias Einig Microsoft MVP CEO at Rencore Jussi Roine Microsoft MVP, Microsoft Regional Director, MCSM, MCT CTO at Onsight, Helsinki Our Guest Your Host
  3. 3. rencore.com Q&A Please use the Q&A functionality in Zoom instead of chat. We will pick up some questions at the end and answer the others in the follow-up email. FAQ: Recording of this webinar? Yes, the session is recorded and you will get the recording later today.
  4. 4. Agenda Security building blocks  The big picture  Azure Active Directory Beyond basics  ASM, OMS, PIM, TI, CAS, ASC and other acronyms
  5. 5. Office 365: Core services
  6. 6. Office 365: All major services
  7. 7. Office 365: Additional services
  8. 8. Office 365: With Azure-related services MFA Stream OMS Azure AD
  9. 9. Wait, what? Do I have to manage all these AND on-premises too?
  10. 10. A starting point: ”We are in the cloud!” This is the common, kind-of hybrid architecture model Microsoft Azure Office 365 Site-to Site VPN Azure AD Connect ADFS Proxy On-premises
  11. 11. The heart of security: Azure Active Directory  The core of each Azure subscription  You can have multiple AAD tenants within the same Azure subscription  Managed through Azure Portal, some tiny things are still only available in the Classic Portal  It’s important to understand the difference between AAD, AD and AAD Connect (and AAD DS) Identities, management and security
  12. 12. Your mission Protect the identities – it is the new perimeter!
  13. 13. Azure Active Directory: Free, Basic, Premium Feature AAD Free AAD Basic AAD Premium P1 AAD Premium P2 SSO support 10 apps/user 10 apps/user No limit No limit Security reports 3 (basic) 3 (basic) Advanced Advanced Self-Service password reset Multi-Factor Authentication Connect Health Cloud App Discovery Privileged Identity Management Identity Protection Price Free! 0,85 €/user/month 5.06 €/user/month 7.59 €/user/month A few highlighted features of AAD and a comparison between licenses (cloud users) (cloud users)
  14. 14. Security building blocks in Azure Securing assets Security Center Role-Based Access Control Key Vault Microsoft anti-malware Rights Management/Information Protection Cloud App Discovery Infrastructure Network Security Groups (NSG) Site-to-Site VPN Point-to-Site VPN ExpressRoute Network Security Appliances Host-based firewalls Azure Active Directory Connect Health Identity Protection Privileged Identity Management OMS Security & Audit Multi-Factor Authentication
  15. 15. Azure Security Center  Central overview of security state of all Azure resources  Includes behavioral analytics and incident reporting  Standard license gives advanced threat detection & intelligence Available as Free or Standard
  16. 16. Azure Monitor: inbuilt monitoring  Query against Azure backends to see operations against services  Connect with  Log Analytics (for further analysis)  Power BI (for reports)  Application Insights (for wisdom) Search, view and react to activities happening within Azure subscriptions
  17. 17. Beyond basics
  18. 18. Secure Score on Office 365  Guidelines for user management, including MFA, password resets etc.  Action list for things to fix, in order to achieve a higher score  Max score is 344, Office 365 average is 29  Automated scan of your Office 365 subscription settings and general security
  19. 19. Securing Azure: Azure AD Connect Health  Monitors your AD FS, AD FS Proxy, AAD Domain Services and AAD Connect status  Can alert you when things break down  Deploying is easy: install agents for AD FS, AAD Connect and AD DS from Azure Portal  Requires AAD Premium – all users must be licensed in the scope of AAD CH Agent-based service to monitor your Azure AD synchronization health
  20. 20. Azure AD Identity Protection  Analyzes user sign-ins and associates risk events  Ability to automatically flag suspicious events  Can enforce additional policies if risk factors seem high  Typically enforces MFA, or password reset  Also sends a weekly digest of findings Monitoring for risk events, vulnerabilities and automatic policy changes
  21. 21. Azure AD Privileged Identity Management  Instead of granting permanent admin privileges, PIM allows ad-hoc & just-in- time admin roles  Central view & management for all admins roles throughout Azure and Office 365  Admin roles become non-permanent  Duration can be set from 1 hour to 72 hours  Can enforce MFA during role grant Just-in-time administration functionality for administrative roles
  22. 22. Operations Management Suite (OMS)  Azure OMS together with Log Analytics provides System Center Operations Manager capabilities in the cloud  Gathers logs (also custom ones), configuration data, update status, availability, backup info etc.
  23. 23. Operations Management Suite: Security & Audit  Provides management & monitoring capabilities for on-premises and cloud resources for IT Pros  Includes support for Office 365 assets, AAD, networking, security updates etc.  Data is collected through logs using a management agent  Allows for in-depth analysis of security events  Ability to export findings to Power BI for further drill-down and reporting ”System Center Ops Manager in the cloud” – easier, and more fun
  24. 24. Multi-Factor Authentication (MFA)  Enforces security beyond username and password  The user must possess something – typically a mobile device  Available as Office 365 MFA, Azure MFA for Admins and Azure MFA Strong authentication for on-premises, hybrid & the cloud  Enables easy securing of VPNs, IIS web apps & Remote Desktop  Maybe not the most logical to set up..  Supports RADIUS so fairly easy to integrate with legacy systems ;) Multi-Factor Authentication Server for on-premises
  25. 25. Cloud App Discovery  Install agents on workstations (and servers if needed)  Get data & findings on usage patterns  Based on reports, act accordingly Finding unmanaged cloud applications through your users
  26. 26. Advanced Security Management (ASM)  Similar to OMS, but more directly aimed for Office 365 workloads  Records all activities of users, including external users  Supports on-premises edge router log analysis also! Discover activity and incidents in Office 365
  27. 27. Threat Intelligence  Rollout in April, 2017 for Office 365 tenants  Provides insights and analysis based on evidence, act accordingly Evidence-based knowledge on threats and actionable advice
  28. 28. Advanced Threat Analytics (ATA)  Captures all authentication traffic to-and-from Domain Controllers  Uses Machine Learning to identify issues and unauthorized usage  Fully automatic, install & forget! Almost like SharePoint ;-) Aggressive auditing and analytics for on-premises Active Directory requests
  29. 29. Demo How it all fits together
  30. 30. Enterprise Mobility + Security (EMS) Used to be known as Enterprise Mobility Suite  A bundled collection of licenses for Azure-based services  Available as E3 and E5 (Source: Microsoft)
  31. 31. Don’t worry, security will keep you busy
  32. 32. Don’t worry, security will keep you busy
  33. 33. Don’t worry, security will keep you busy
  34. 34. Don’t worry, security will keep you busy
  35. 35. Don’t worry, security will keep you busy
  36. 36. Don’t worry, security will keep you busy
  37. 37. Recommendations Follow current practices and patterns: http://onsig.ht/azuresecpnp  Adjust accordingly – balance between usability and security  Azure Security Center holds your hand together with OMS: Security & Audit  Get the book! http://onsig.ht/azuresecbook  And get the guidance! http://onsig.ht/perimeterbook
  38. 38. Recap Deploy the free services  Azure Active Directory reporting  Azure Security Center  Operations Management Suite Strongly consider upgrading your licenses  EM+S for AAD Premium offerings  Privileged Identity Management and Identity Protection  MFA for admins – preferrably also for users via conditional access  Azure AD Cloud App Discovery is great for initial auditing  Advanced Security Management is not cheap but gives great visibility for external usage
  39. 39. Q&A
  40. 40. Spencer Harbar Microsoft MVP, MCSM, MCT User Profile Synchronization with Identity Manager and SharePoint Server 2016  rencore.com/media/webinar/Sign up now Next Rencore Webinar 2017-05-17,10:00 AM (EDT) / 4:00 PM (CEST)
  41. 41. Thank you for attending! The webinar recording will be sent to you later today.

×