The document discusses various cybersecurity threats that can impact Microsoft 365 environments and how to mitigate them. It begins with an overview of common phishing and password spraying attacks before examining how to configure security features in Microsoft 365 like Exchange Online Protection, Azure Active Directory Premium, and Azure MFA to prevent account takeovers. It then covers techniques attackers use to bypass MFA and discusses how passwordless authentication and FIDO2 can provide stronger protection. The document also provides recommendations for protecting sensitive user and administrator data as well as securing endpoints from threats like ransomware.
3. #M365May @M365May M365May.com @SP_Twit
TRADITIONAL OWNERS
We acknowledge the traditional custodians of the land on which this online conference is
hosted, and the traditional custodians of the lands where our Australian-based speakers
and participants are located.
We would also like to pay our respects to Elders past, present and future
Tēnā koutou, tēnā koutou, tēnā tātou katoa.
On behalf of M365 May we would like to welcome and acknowledge all our speakers and
participants from Aotearoa New Zealand. Thank you for supporting this hui.
Tēnā koutou, tēnā koutou, tēnā tātou katoa.
WELCOME TO OUR SPEAKERS AND PARTICIPANTS FROM AROUND THE WORLD
4. #M365May @M365May M365May.com @SP_Twit
SÉBASTIEN PAULET
Document Mgt, Compliance, IT Security, Lean
Blog : https://sppublish.wordpress.com/
7. #M365May @M365May M365May.com @SP_Twit
ENTERPRISE MOBILITY +
SECURITY
Azure Active Directory Premium
Azure MFA
Azure Advanced Protection
Microsoft Cloud App Security
Azure Information Protection Premium
Azure Right Management Premium
Intune
8. #M365May @M365May M365May.com @SP_Twit
THIS SESSION PROGRAM
Fraud to the Chairman / Phishing
Brute force / spray attack
Bypassing MFA
Enduser data leak
Admins data leak
Endpoint robbery / loss
Cryptolocker
10. #M365May @M365May M365May.com @SP_Twit
FRAUD TO THE CHAIRMAN /
PHISHING
Decreases for large companies, an increase for small and medium-sized enterprises
(SMEs)
To protect yourself :
Awareness
Don't leave information on the Internet
ACTION : Prevent email spoofing by implementing SPF, DKIM, DMARC
11. #M365May @M365May M365May.com @SP_Twit
EXCHANGE ONLINE PROTECTION
(EOP)
Feature included in O365. Add-on for Exchange On-Premise
Incoming emails:
Filter
Antivirus
Policies check
Anti Spam
[EMS]If ATP, ATP
Delivery
16. #M365May @M365May M365May.com @SP_Twit
PREVIEW : ENDUSERS CHECK THEIR
OWN LOGIN DATA
See: https://mysignins.microsoft.com or https://myprofile.microsoft.com/
17. #M365May @M365May M365May.com @SP_Twit
REGULAR MFA
Included with Office 365
Set up the session
cache/authentication method.
[EMS]Conditional Access
Keep an admin account without
MFA (Glass breaker) with
random password of 20
characters minimum
18. #M365May @M365May M365May.com @SP_Twit
DISABLE LEGACY PROTOCOLS
Microsoft will disable basic
authentication protocols (except
SMTP) from October 2020
Protocol / service Parameter (for Policies)
Exchange Active Sync (EAS) AllowBasicAuthActiveSync
Autodiscover AllowBasicAuthAutodiscover
IMAP4 AllowBasicAuthImap
MAPI over HTTP (MAPI/HTTP) AllowBasicAuthMapi
Offline Address Book (OAB) AllowBasicAuthOfflineAddressBook
Outlook Service AllowBasicAuthOutlookService
POP3 AllowBasicAuthPop
Reporting Web Services AllowBasicAuthReportingWebServices
Outlook Anywhere (RPC over HTTP) AllowBasicAuthRpc
Authenticated SMTP AllowBasicAuthSmtp
Exchange Web Services (EWS) AllowBasicAuthWebServices
PowerShell AllowBasicAuthPowerShell
24. #M365May @M365May M365May.com @SP_Twit
PASSWORDLESS WITH
AUTHENTICATOR
On enduser side, go to https://aka.ms/mysecurityinfo to set up Authenticator (requires
recording the phone)
Don’t protect against MitM attacks
28. #M365May @M365May M365May.com @SP_Twit
SENSITIVITY LABELS
Office 365 E3 requis
Disponible in Outlook, SharePoint, OWA and O365 Pro Plus clients
29. #M365May @M365May M365May.com @SP_Twit
SENSITIVITY LABELS - EFFECTS
File encryption
-> Unable to open for unauthorized / not authenticated
users
Restriction of permissions
-> Disabling copy and paste, printing, screenshot, email
transfer, etc.
Watermarking
-> on Word files
[EMS] Blocking copy on USB key / Attachments on non
O365 services
-> Requieres WIP (Windows Information Protection) and
Intune
30. #M365May @M365May M365May.com @SP_Twit
INFORMATION PROTECTION / RMS
IRM on O365 (by O365 E3)
Bring the sharepoint-level permissions to the document.
Public/private key system and on-the-fly encryption
(public keys RSA 2048 bits, and SHA-256 for signatures)
See https://docs.microsoft.com/fr-fr/information-protection/understand-explore/how-does-it-work
Breakable system as soon as you have the “View Only” permissions https://github.com/RUB-NDS/MS-RMS-Attacks
34. #M365May @M365May M365May.com @SP_Twit
POLP – PRINCIPLE OF LEAST
PRIVILEGES APPLIED TO M365 ADMIN
Better security (Snowden only needed backups)
Minimizing the surface of external attacks
Limiting the spread of viruses
35. #M365May @M365May M365May.com @SP_Twit
GENERAL RECOMMENDATIONS
Nominal admin accounts.
2 to 4 global admin accounts MAX
1 or 2 icebreaker accounts (20+ chars pwd, renewal of password after use and
periodically).
Dedicated machines to use admin accounts
MFA/Passwordless mandatory
Delegation of rights on the principle of the least privilege.
38. #M365May @M365May M365May.com @SP_Twit
GENERAL RECOMMENDATIONS
Bitlocker encryption of hard drives (possibility of becoming local admin otherwise)
Implementation of MDM/MAM solutions
39. #M365May @M365May M365May.com @SP_Twit
MDM / MAM
System Center Configuration Manager (SCCM)
« old »
For Windows
Part of System Center
Integrable in Intune
MDM pour O365
Included in O365
iOS, Andoid, Windows compatible
Security policies (password requirement)
Remote wipe
[EMS]Microsoft Intune
Complete MDM
Included in EMS or apart
Does MDM for O365
+ Mac OS
+ Apps deployment
+ In App policies (retrict
Copy/paste)
47. #M365May @M365May M365May.com @SP_Twit
SAFETY IF YOU START FROM
SCRATCH A TENANT
Admin MFA
Users MFA
Deactivation of legacy
protocols
MFA for actions with privilege
This is the future of Microsoft
default settings within 5 years
48. #M365May @M365May M365May.com @SP_Twit
COMPETITION WEEK 4
SCAN THE QR CODE TO ENTER THE PRIZE DRAW
COMPETITION AND PRIZE RULES
m365may.com/competition-rules
We acknowledge the traditional custodians of the land on which this online conference is hosted, and the traditional custodians of the lands where our Australian-based speakers and participants are located.
We would also like to pay our respects to Elders past, present and future.
Tēnā koutou, tēnā koutou, tēnā tātou katoa. Ko Rebecca Jackson tōku ingoa. Nō Melbourne au. On behalf of M365 May I would like to welcome and acknowledge all our speakers and participants from Aotearoa New Zealand. Thank you for supporting this hui.
Centre de sécurité > Gestion des menaces > Simulateur d’attaques
Centre de sécurité > Gestion des menaces > Simulateur d’attaques
Centre de sécurité > Gestion des menaces > Simulateur d’attaques
Centre de sécurité > Gestion des menaces > Simulateur d’attaques
Centre de sécurité > Gestion des menaces > Simulateur d’attaques
Centre de sécurité > Gestion des menaces > Simulateur d’attaques
Centre de sécurité > Gestion des menaces > Simulateur d’attaques
Centre de sécurité > Gestion des menaces > Simulateur d’attaques
Centre de sécurité > Gestion des menaces > Simulateur d’attaques
Centre de sécurité > Gestion des menaces > Simulateur d’attaques
Centre de sécurité > Gestion des menaces > Simulateur d’attaques
Centre de sécurité > Gestion des menaces > Simulateur d’attaques
Centre de sécurité > Gestion des menaces > Simulateur d’attaques
Centre de sécurité > Gestion des menaces > Simulateur d’attaques
Centre de sécurité > Gestion des menaces > Simulateur d’attaques
Centre de sécurité > Gestion des menaces > Simulateur d’attaques
Centre de sécurité > Gestion des menaces > Simulateur d’attaques
Centre de sécurité > Gestion des menaces > Simulateur d’attaques
Centre de sécurité > Gestion des menaces > Simulateur d’attaques
Centre de sécurité > Gestion des menaces > Simulateur d’attaques
Centre de sécurité > Gestion des menaces > Simulateur d’attaques
Centre de sécurité > Gestion des menaces > Simulateur d’attaques
Centre de sécurité > Gestion des menaces > Simulateur d’attaques
Centre de sécurité > Gestion des menaces > Simulateur d’attaques
Centre de sécurité > Gestion des menaces > Simulateur d’attaques
Centre de sécurité > Gestion des menaces > Simulateur d’attaques
Centre de sécurité > Gestion des menaces > Simulateur d’attaques
Centre de sécurité > Gestion des menaces > Simulateur d’attaques