SlideShare a Scribd company logo

Msft cloud architecture_security_commonattacks

Akram Qureshi
Akram Qureshi

M365 Cloud Architecture Security

Technology
1 of 1
Download to read offline
Enter Enter Begin attack Traverse Traverse Exfiltrate data Device based Identity based Spear-phishing Attacker uses information specifically about a user to construct a more plausible phishing attack. Broad-based phishing campaigns Attacker masquerades as a trusted entity, dupes employees into opening emails, texts or IMs. Password spray Attacker tries a large list of possible passwords for a given account or set of accounts. Other similar attacks Credential stuffing, leaked passwords. Network based Extended detection and response (XDR) Device compromise Malware is installed on the device. This can include viruses, spyware, ransomware, and other unwanted software that installs without concent. Lost or stolen device An employee clicks on a link and enters their credentials Exchange Online Protection protects against spam, malware and other email threats. Microsoft 365 Defender: Microsoft Defender for Office 365 natively coordinates detection, prevention, investigation & response across endpoints, identities, email. Microsoft Defender SmartScreen protects against phishing or Malware websites and applications, and downloading of potentially malicious files. Weak passwords are systematically identified Azure AD Identity Protection discovers leaked credential and detects password spray attacks. Azure AD password protections enforces a minimum requirements for passwords, dynamically bans common passwords and force resets leaked passwords. Azure AD Smart Lockout Helps to lock out bad actors that guess your password or use brute-force method to get in. Malicious files and viruses are introduced into the environment Microsoft 365 Defender: Microsoft Defender for Endpoint helps prevent, detect, investigate and respond to advanced threats. Microsoft Defender Application Guard for Microsoft Edge helps isolate untrusted sites. You define the trusted web sites, cloud resources, and internal networks. Possession is unknown Microsoft Intune mobile device management (MDM) enforces password and/or pin requirements and wipes the device after a specific failed attempts. DDos Attacks aim to overwhelm online services with more traffic to make the service inoperable. Eavesdropping An attacker intercepts network traffic and aims to obtain passwords, credit card numbers, and other confidential information. Code and SQL injection An attacker transmits malicious code instead of data values over a form or through an API. Cross site scripting An attacker uses third-party web resources to run scripts in the victim’s web browser. Type of attack Attacks are conducted using network traffic vulnerabilities Azure DDoS Protection provides enhanced DDoS mitigation features to defend against DDoS attacks. Azure Web Application Firewall provides web protection against common exploits and vulnerabilities. Azure Defender stands up against RDP brute force attacks, SQL Injection. Microsoft Azure Attestation verifies the identity and security posture of a platform before you interact with it. Common Attacks and Microsoft Capabilities that Protect Your Organization September 2021 © 2021 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at CloudAdopt@microsoft.com. Attacker uses stolen credentials to gain access to the user’s mail and files. Azure AD Multifactor Authentication (MFA) adds a layer of protection to the sign-in process. Azure AD Conditional Access rules block access based on risky sign-in, unmanaged PC, and other criteria that you set. Sign-in risk-based Conditional Access represents the probability that a given authentication request isn’t authorized by the identity owner. Microsoft 365 Defender: Microsoft Defender for Identity leverages on- premises AD signals to identify, detect and investigate advanced threats, compromised identities, and malicious insider actions. An employee clicks on a malicious link or opens a malicious file Microsoft Defender Antivirus scans for malware, virus, and security threats. Microsoft Defender Firewall helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter. Windows Defender SmartScreen checks to see if new apps lack reputation or are known to be malicious, and responds accordingly. Attacker gains access into the device Windows Hello for Business replaces username and password with strong two- factor authentication tied to a device. Intune application protection with conditional launch controls protects data at application level, including custom apps and store apps. Attacker gains access to the network Azure Defender provides security alerts and advanced threat protection for virtual machines, SQL databases, containers, web applications, your network, and more. Network Security Groups filter network traffic to and from Azure resources in an Azure virtual network. These contain security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol. Azure Firewall is a managed, cloud-based network security service that protects Azure Virtual Network resources. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. Azure AD Multifactor Authentication (MFA) adds a layer of protection to the sign-in process. Microsoft 365 Defender: Microsoft Defender for Endpoint discovers unmanaged devices on the network. Microsoft extended detection and response (XDR) solutions deliver intelligent, automated, and integrated security across domains. This in turn help defenders connect seemingly disparate alerts and get ahead of attackers. Attacker moves laterally, gaining access to cloud services and resources in the environment. Identity: Azure AD conditional access rules block access from noncompliant devices and enforce multi factor authentication for access to cloud services. Microsoft 365 Defender: Microsoft Defender for Identity leverages Active Directory to identify, detect and investigate advanced threats, compromised identities and malicious insider actions. Microsoft Cloud App Security detects and alerts on anomalous activity for all SaaS apps in your environment, including activity originating from and new and infrequent locations, suspicious locations, new and untrusted devices, and risky IP addresses. Microsoft Information Protection helps discover, classify & protect sensitive information. Insider Risk: Communication compliance helps minimize communication risks by helping you detect, capture, and act on inappropriate messages in your organization. Insider Risk: Insider Risk Management helps minimize internal risks by enabling you to detect, investigate, and act on malicious and inadvertent activities in your organization. Insider Risk: Information barriers allow you to restrict communication and collaboration between two internal groups to avoid a conflict of interest from occurring in your organization. Insider Risk: Privileged access management allows granular access control over privileged Exchange Online admin tasks in Office 365. It can help protect your organization from breaches that use existing privileged admin accounts with standing access to sensitive data or access to critical configuration settings. Securing Privileged Access Roadmap is guidance to mitigate lateral traversal and credential theft techniques for your on- premises and hybrid cloud environments. Intune device compliance policies define criteria for healthy and compliant devices. Microsoft 365 Defender: Microsoft Defender for Endpoint helps detect, investigate and respond to advanced attacks on your network. Windows 10 Credential Guard prevents attackers from gaining access to other resources in the organization through Pass- the-Hash or Pass-the-Ticket attacks. For on-premises networks, Advanced Threat Analytics identifies abnormal activity by using behavioral analytics and leveraging Machine Learning. Azure AD Privileged Identity Management enables you to manage, control, and monitor access to important resources in your organization. Azure Defender for IoT performs Continuous asset discovery, vulnerability management, and threat detection for IoT devices. Azure Data Encryption-at-Rest provides data encryption for services across- SaaS, PaaS or IaaS. Azure Identity Protection automates the detection and remediation of identity based risks. Azure Key Vault It enhances data protection and compliance with the help of secure key management to protect data in the cloud. Attacker removes data from the environment. Microsoft 365 Defender: Microsoft Cloud App Security detects and alerts on anomalous activity for all SaaS apps in your environment, including activity originating from and new and infrequent locations, suspicious locations, new and untrusted devices, and risky IP addresses. Microsoft 365 Exchange Email flow rules prevents auto-forwarding of mail to external domain Microsoft Information Protection (MIP) helps you discover, classify, and protect sensitive information wherever it lives or travels. M365 Data Loss Prevention (DLP) rules prevent sensitive data from leaving the environment. Endpoint data loss prevention extends monitoring and protection capabilities of DLP to sensitive items that are stored on Windows 10 devices. Intune mobile device management rules prevent business data from leaving approved business apps on mobile devices. Insider Risk Management helps minimize internal risks by enabling you to detect, investigate and act on malicious activities. Azure Purview helps you manage and govern your on-premises, multi-cloud, and SaaS data with automated data discovery, sensitive data classification, and end-to-end data lineage. Azure Technologies provide encryption for discs and storage, SQL Encryption, and Key vault. Azure Backup is a service you can use to back up and restore your data in the Microsoft cloud. This service includes capabilities to protect your backups from ransomware. Azure Sentinel is a cloud-native security information and event manager (SIEM). Microsoft Azure Confidential Ledger Protects data at rest, in-transit and in-use with hardware-backed secure enclaves. SQL Database dynamic data masking limits sensitive data exposure by masking it to non- privileged users. SQL Threat Detection alerts on suspicious database activities, potential vulnerabilities, and SQL injection attacks, as well as anomalous database access patterns. Azure Sentinel To gain visibility across your entire environment and include data from other security solutions such as firewalls and existing security tools, connect Microsoft Defender to Azure Sentinel, Microsoft’s cloud-native SIEM. Azure Sentinel is deeply integrated with Microsoft Defender so you can integrate your XDR data in only a few clicks and combine it with all your security data from across your entire enterprise. Azure Sentinel To gain visibility across your entire environment and include data from other security solutions such as firewalls and existing security tools, connect Microsoft Defender to Azure Sentinel, Microsoft’s cloud-native SIEM. Azure Sentinel is deeply integrated with Microsoft Defender so you can integrate your XDR data in only a few clicks and combine it with all your security data from across your entire enterprise. Azure Defender Delivers XDR left capabilities to protect multi-cloud and hybrid workloads, including virtual machines, databases, containers, IoT, and more. It combines: • Azure Defender for Servers • Azure Defender for IoT • Azure Defender for SQL Azure Defender Delivers XDR left capabilities to protect multi-cloud and hybrid workloads, including virtual machines, databases, containers, IoT, and more. It combines: • Azure Defender for Servers • Azure Defender for IoT • Azure Defender for SQL Microsoft 365 Defender Microsoft 365 Defender delivers XDR capabilities for identities, endpoints, cloud apps, email and documents. Its built-in self-healing technology fully automates remediation more than 70% of the time. It combines: • Microsoft Defender for Endpoint • Microsoft Defender for Office 365 • Microsoft Defender for Identity • Microsoft Cloud App Security • Azure AD Identity Protection Microsoft 365 Defender delivers XDR capabilities for identities, endpoints, cloud apps, email and documents. Its built-in self-healing technology fully automates remediation more than 70% of the time. It combines: • Microsoft Defender for Endpoint • Microsoft Defender for Office 365 • Microsoft Defender for Identity • Microsoft Cloud App Security • Azure AD Identity Protection Microsoft 365 Defender Microsoft 365 Defender delivers XDR capabilities for identities, endpoints, cloud apps, email and documents. Its built-in self-healing technology fully automates remediation more than 70% of the time. It combines: • Microsoft Defender for Endpoint • Microsoft Defender for Office 365 • Microsoft Defender for Identity • Microsoft Cloud App Security • Azure AD Identity Protection aka.ms/defender365eval aka.ms/defender365eval Top resources Microsoft Security documentation Technical guidance to help security professionals build and implement cybersecurity strategy, architecture, and prioritized roadmaps. docs.microsoft.com/security Microsoft Security documentation Technical guidance to help security professionals build and implement cybersecurity strategy, architecture, and prioritized roadmaps. docs.microsoft.com/security Microsoft 365 security documentation docs.microsoft.com/microsoft-365/security Microsoft 365 security documentation docs.microsoft.com/microsoft-365/security Evaluate and pilot Microsoft 365 Defender aka.ms/defender365eval Evaluate and pilot Microsoft 365 Defender aka.ms/defender365eval Azure security documentation docs.microsoft.com/azure/security Azure security documentation docs.microsoft.com/azure/security

Recommended

3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AADAndrew Bettany
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105 Thomas Treml
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyMicrosoft Österreich
 
1 Modern Security - Keynote
1 Modern Security - Keynote1 Modern Security - Keynote
1 Modern Security - KeynoteAndrew Bettany
 
Azure Sentinel Tips
Azure Sentinel Tips Azure Sentinel Tips
Azure Sentinel Tips Mario Worwell
 
4 Modern Security - Integrated SecOps and incident response with MTP
4 Modern Security - Integrated SecOps and incident response with MTP4 Modern Security - Integrated SecOps and incident response with MTP
4 Modern Security - Integrated SecOps and incident response with MTPAndrew Bettany
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
Microsoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewMicrosoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewAllessandra Negri
 

Recommended

3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AADAndrew Bettany
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105 Thomas Treml
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyMicrosoft Österreich
 
1 Modern Security - Keynote
1 Modern Security - Keynote1 Modern Security - Keynote
1 Modern Security - KeynoteAndrew Bettany
 
Azure Sentinel Tips
Azure Sentinel Tips Azure Sentinel Tips
Azure Sentinel Tips Mario Worwell
 
4 Modern Security - Integrated SecOps and incident response with MTP
4 Modern Security - Integrated SecOps and incident response with MTP4 Modern Security - Integrated SecOps and incident response with MTP
4 Modern Security - Integrated SecOps and incident response with MTPAndrew Bettany
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
Microsoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewMicrosoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewAllessandra Negri
 
Nicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security CenterNicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security CenterMicrosoft Österreich
 
Cloud summit demystifying cloud security
Cloud summit demystifying cloud securityCloud summit demystifying cloud security
Cloud summit demystifying cloud securityDavid De Vos
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Cloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityCloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityHari Kumar
 
Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Microsoft Österreich
 
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 PlansMicrosoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 PlansDavid J Rosenthal
 
Mct summit 2021
Mct summit 2021Mct summit 2021
Mct summit 2021Kushantha Gunawardana
 
Emma Aubert | Information Protection
Emma Aubert | Information ProtectionEmma Aubert | Information Protection
Emma Aubert | Information ProtectionMicrosoft Österreich
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Syed Sabhi Haider
 
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...Microsoft Österreich
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security IssuesHTS Hosting
 
CLOUD SECURITY IN INSURANCE INDUSTRY WITH RESPECT TO INDIAN MARKET
CLOUD SECURITY IN INSURANCE INDUSTRY WITH RESPECT TO INDIAN MARKETCLOUD SECURITY IN INSURANCE INDUSTRY WITH RESPECT TO INDIAN MARKET
CLOUD SECURITY IN INSURANCE INDUSTRY WITH RESPECT TO INDIAN MARKETAmity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASBAmmar Hasayen
 
Microsoft 365 Compliance and Security Overview
Microsoft 365 Compliance and Security OverviewMicrosoft 365 Compliance and Security Overview
Microsoft 365 Compliance and Security OverviewDavid J Rosenthal
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security GovernanceShankar Subramaniyan
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell ApartIBM Security
 
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRIdentity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRJürgen Ambrosi
 
Introduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityIntroduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityAntonioMaio2
 
Importance of Azure infrastructure?-Microsoft Azure security infrastructure
Importance of Azure infrastructure?-Microsoft Azure security infrastructure Importance of Azure infrastructure?-Microsoft Azure security infrastructure
Importance of Azure infrastructure?-Microsoft Azure security infrastructureZabeel Institute
 
Data Protection & Shadow IT in a cloud era
Data Protection & Shadow IT in a cloud eraData Protection & Shadow IT in a cloud era
Data Protection & Shadow IT in a cloud eraDavid De Vos
 
Secure remote work
Secure remote workSecure remote work
Secure remote workAllessandra Negri
 
What are the Different Types of Endpoint Security Solutions-converted.pdf
What are the Different Types of Endpoint Security Solutions-converted.pdfWhat are the Different Types of Endpoint Security Solutions-converted.pdf
What are the Different Types of Endpoint Security Solutions-converted.pdfIT AMC Support Dubai - Techno Edge Systems LLC
 

More Related Content

What's hot

Nicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security CenterNicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security CenterMicrosoft Österreich
 
Cloud summit demystifying cloud security
Cloud summit demystifying cloud securityCloud summit demystifying cloud security
Cloud summit demystifying cloud securityDavid De Vos
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Cloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityCloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityHari Kumar
 
Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Microsoft Österreich
 
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 PlansMicrosoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 PlansDavid J Rosenthal
 
Emma Aubert | Information Protection
Emma Aubert | Information ProtectionEmma Aubert | Information Protection
Emma Aubert | Information ProtectionMicrosoft Österreich
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Syed Sabhi Haider
 
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...Microsoft Österreich
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security IssuesHTS Hosting
 
Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASBAmmar Hasayen
 
Microsoft 365 Compliance and Security Overview
Microsoft 365 Compliance and Security OverviewMicrosoft 365 Compliance and Security Overview
Microsoft 365 Compliance and Security OverviewDavid J Rosenthal
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell ApartIBM Security
 
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRIdentity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRJürgen Ambrosi
 
Introduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityIntroduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityAntonioMaio2
 
Importance of Azure infrastructure?-Microsoft Azure security infrastructure
Importance of Azure infrastructure?-Microsoft Azure security infrastructure Importance of Azure infrastructure?-Microsoft Azure security infrastructure
Importance of Azure infrastructure?-Microsoft Azure security infrastructureZabeel Institute
 
Data Protection & Shadow IT in a cloud era
Data Protection & Shadow IT in a cloud eraData Protection & Shadow IT in a cloud era
Data Protection & Shadow IT in a cloud eraDavid De Vos
 

What's hot (20)

Nicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security CenterNicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security Center
 
Cloud summit demystifying cloud security
Cloud summit demystifying cloud securityCloud summit demystifying cloud security
Cloud summit demystifying cloud security
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
 
Cloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityCloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls Security
 
Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...
 
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 PlansMicrosoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
 
Mct summit 2021
Mct summit 2021Mct summit 2021
Mct summit 2021
 
Emma Aubert | Information Protection
Emma Aubert | Information ProtectionEmma Aubert | Information Protection
Emma Aubert | Information Protection
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview
 
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
 
The Top Cloud Security Issues
The Top Cloud Security IssuesThe Top Cloud Security Issues
The Top Cloud Security Issues
 
CLOUD SECURITY IN INSURANCE INDUSTRY WITH RESPECT TO INDIAN MARKET
CLOUD SECURITY IN INSURANCE INDUSTRY WITH RESPECT TO INDIAN MARKETCLOUD SECURITY IN INSURANCE INDUSTRY WITH RESPECT TO INDIAN MARKET
CLOUD SECURITY IN INSURANCE INDUSTRY WITH RESPECT TO INDIAN MARKET
 
Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASB
 
Microsoft 365 Compliance and Security Overview
Microsoft 365 Compliance and Security OverviewMicrosoft 365 Compliance and Security Overview
Microsoft 365 Compliance and Security Overview
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell Apart
 
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRIdentity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
 
Introduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + SecurityIntroduction to Microsoft Enterprise Mobility + Security
Introduction to Microsoft Enterprise Mobility + Security
 
Importance of Azure infrastructure?-Microsoft Azure security infrastructure
Importance of Azure infrastructure?-Microsoft Azure security infrastructure Importance of Azure infrastructure?-Microsoft Azure security infrastructure
Importance of Azure infrastructure?-Microsoft Azure security infrastructure
 
Data Protection & Shadow IT in a cloud era
Data Protection & Shadow IT in a cloud eraData Protection & Shadow IT in a cloud era
Data Protection & Shadow IT in a cloud era
 

Similar to Msft cloud architecture_security_commonattacks

Microsoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 OverviewMicrosoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 OverviewDavid J Rosenthal
 
cryptography .pptx
cryptography .pptxcryptography .pptx
cryptography .pptxRRamyaDevi
 
Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365Ravikumar Sathyamurthy
 
unit 2 IT security solution.pptx
unit 2 IT security solution.pptxunit 2 IT security solution.pptx
unit 2 IT security solution.pptxlochanrajdahal
 
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonImportance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonAdam Levithan
 
Azure Fundamentals Part 3
Azure Fundamentals Part 3Azure Fundamentals Part 3
Azure Fundamentals Part 3CCG
 
Common Risks to Azure Security
Common Risks to Azure SecurityCommon Risks to Azure Security
Common Risks to Azure SecuritySandy Lewis
 
Planning and implementing. Unveiling the advanced technology of Microsoft Azu...
Planning and implementing. Unveiling the advanced technology of Microsoft Azu...Planning and implementing. Unveiling the advanced technology of Microsoft Azu...
Planning and implementing. Unveiling the advanced technology of Microsoft Azu...Prometix Pty Ltd
 
IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024
IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024
IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024Michael Noel
 
Thread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal
 
The 15 best cloud security practices
The 15 best cloud security practices The 15 best cloud security practices
The 15 best cloud security practices Cloudride LTD
 
20181213 - wazug protecting your data with azure ad
20181213 - wazug protecting your data with azure ad20181213 - wazug protecting your data with azure ad
20181213 - wazug protecting your data with azure adArjan Cornelissen
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security pptSAIKAT BISWAS
 
What is Cyber security.pdf
What is Cyber security.pdfWhat is Cyber security.pdf
What is Cyber security.pdfchanduvarma019
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreJoel Oleson
 

Similar to Msft cloud architecture_security_commonattacks (20)

Secure remote work
Secure remote workSecure remote work
Secure remote work
 
What are the Different Types of Endpoint Security Solutions-converted.pdf
What are the Different Types of Endpoint Security Solutions-converted.pdfWhat are the Different Types of Endpoint Security Solutions-converted.pdf
What are the Different Types of Endpoint Security Solutions-converted.pdf
 
Azure security
Azure securityAzure security
Azure security
 
Microsoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 OverviewMicrosoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 Overview
 
cryptography .pptx
cryptography .pptxcryptography .pptx
cryptography .pptx
 
Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365
 
unit 2 IT security solution.pptx
unit 2 IT security solution.pptxunit 2 IT security solution.pptx
unit 2 IT security solution.pptx
 
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonImportance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
 
Azure Fundamentals Part 3
Azure Fundamentals Part 3Azure Fundamentals Part 3
Azure Fundamentals Part 3
 
Common Risks to Azure Security
Common Risks to Azure SecurityCommon Risks to Azure Security
Common Risks to Azure Security
 
Planning and implementing. Unveiling the advanced technology of Microsoft Azu...
Planning and implementing. Unveiling the advanced technology of Microsoft Azu...Planning and implementing. Unveiling the advanced technology of Microsoft Azu...
Planning and implementing. Unveiling the advanced technology of Microsoft Azu...
 
Network srcurity
Network srcurityNetwork srcurity
Network srcurity
 
IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024
IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024
IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024
 
Thread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 Security
 
The 15 best cloud security practices
The 15 best cloud security practices The 15 best cloud security practices
The 15 best cloud security practices
 
20181213 - wazug protecting your data with azure ad
20181213 - wazug protecting your data with azure ad20181213 - wazug protecting your data with azure ad
20181213 - wazug protecting your data with azure ad
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security ppt
 
Cybersecurity from A to Z
Cybersecurity from A to ZCybersecurity from A to Z
Cybersecurity from A to Z
 
What is Cyber security.pdf
What is Cyber security.pdfWhat is Cyber security.pdf
What is Cyber security.pdf
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure Score
 

Recently uploaded

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Recently uploaded (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Msft cloud architecture_security_commonattacks

  • 1. Enter Enter Begin attack Traverse Traverse Exfiltrate data Device based Identity based Spear-phishing Attacker uses information specifically about a user to construct a more plausible phishing attack. Broad-based phishing campaigns Attacker masquerades as a trusted entity, dupes employees into opening emails, texts or IMs. Password spray Attacker tries a large list of possible passwords for a given account or set of accounts. Other similar attacks Credential stuffing, leaked passwords. Network based Extended detection and response (XDR) Device compromise Malware is installed on the device. This can include viruses, spyware, ransomware, and other unwanted software that installs without concent. Lost or stolen device An employee clicks on a link and enters their credentials Exchange Online Protection protects against spam, malware and other email threats. Microsoft 365 Defender: Microsoft Defender for Office 365 natively coordinates detection, prevention, investigation & response across endpoints, identities, email. Microsoft Defender SmartScreen protects against phishing or Malware websites and applications, and downloading of potentially malicious files. Weak passwords are systematically identified Azure AD Identity Protection discovers leaked credential and detects password spray attacks. Azure AD password protections enforces a minimum requirements for passwords, dynamically bans common passwords and force resets leaked passwords. Azure AD Smart Lockout Helps to lock out bad actors that guess your password or use brute-force method to get in. Malicious files and viruses are introduced into the environment Microsoft 365 Defender: Microsoft Defender for Endpoint helps prevent, detect, investigate and respond to advanced threats. Microsoft Defender Application Guard for Microsoft Edge helps isolate untrusted sites. You define the trusted web sites, cloud resources, and internal networks. Possession is unknown Microsoft Intune mobile device management (MDM) enforces password and/or pin requirements and wipes the device after a specific failed attempts. DDos Attacks aim to overwhelm online services with more traffic to make the service inoperable. Eavesdropping An attacker intercepts network traffic and aims to obtain passwords, credit card numbers, and other confidential information. Code and SQL injection An attacker transmits malicious code instead of data values over a form or through an API. Cross site scripting An attacker uses third-party web resources to run scripts in the victim’s web browser. Type of attack Attacks are conducted using network traffic vulnerabilities Azure DDoS Protection provides enhanced DDoS mitigation features to defend against DDoS attacks. Azure Web Application Firewall provides web protection against common exploits and vulnerabilities. Azure Defender stands up against RDP brute force attacks, SQL Injection. Microsoft Azure Attestation verifies the identity and security posture of a platform before you interact with it. Common Attacks and Microsoft Capabilities that Protect Your Organization September 2021 © 2021 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at CloudAdopt@microsoft.com. Attacker uses stolen credentials to gain access to the user’s mail and files. Azure AD Multifactor Authentication (MFA) adds a layer of protection to the sign-in process. Azure AD Conditional Access rules block access based on risky sign-in, unmanaged PC, and other criteria that you set. Sign-in risk-based Conditional Access represents the probability that a given authentication request isn’t authorized by the identity owner. Microsoft 365 Defender: Microsoft Defender for Identity leverages on- premises AD signals to identify, detect and investigate advanced threats, compromised identities, and malicious insider actions. An employee clicks on a malicious link or opens a malicious file Microsoft Defender Antivirus scans for malware, virus, and security threats. Microsoft Defender Firewall helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter. Windows Defender SmartScreen checks to see if new apps lack reputation or are known to be malicious, and responds accordingly. Attacker gains access into the device Windows Hello for Business replaces username and password with strong two- factor authentication tied to a device. Intune application protection with conditional launch controls protects data at application level, including custom apps and store apps. Attacker gains access to the network Azure Defender provides security alerts and advanced threat protection for virtual machines, SQL databases, containers, web applications, your network, and more. Network Security Groups filter network traffic to and from Azure resources in an Azure virtual network. These contain security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol. Azure Firewall is a managed, cloud-based network security service that protects Azure Virtual Network resources. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. Azure AD Multifactor Authentication (MFA) adds a layer of protection to the sign-in process. Microsoft 365 Defender: Microsoft Defender for Endpoint discovers unmanaged devices on the network. Microsoft extended detection and response (XDR) solutions deliver intelligent, automated, and integrated security across domains. This in turn help defenders connect seemingly disparate alerts and get ahead of attackers. Attacker moves laterally, gaining access to cloud services and resources in the environment. Identity: Azure AD conditional access rules block access from noncompliant devices and enforce multi factor authentication for access to cloud services. Microsoft 365 Defender: Microsoft Defender for Identity leverages Active Directory to identify, detect and investigate advanced threats, compromised identities and malicious insider actions. Microsoft Cloud App Security detects and alerts on anomalous activity for all SaaS apps in your environment, including activity originating from and new and infrequent locations, suspicious locations, new and untrusted devices, and risky IP addresses. Microsoft Information Protection helps discover, classify & protect sensitive information. Insider Risk: Communication compliance helps minimize communication risks by helping you detect, capture, and act on inappropriate messages in your organization. Insider Risk: Insider Risk Management helps minimize internal risks by enabling you to detect, investigate, and act on malicious and inadvertent activities in your organization. Insider Risk: Information barriers allow you to restrict communication and collaboration between two internal groups to avoid a conflict of interest from occurring in your organization. Insider Risk: Privileged access management allows granular access control over privileged Exchange Online admin tasks in Office 365. It can help protect your organization from breaches that use existing privileged admin accounts with standing access to sensitive data or access to critical configuration settings. Securing Privileged Access Roadmap is guidance to mitigate lateral traversal and credential theft techniques for your on- premises and hybrid cloud environments. Intune device compliance policies define criteria for healthy and compliant devices. Microsoft 365 Defender: Microsoft Defender for Endpoint helps detect, investigate and respond to advanced attacks on your network. Windows 10 Credential Guard prevents attackers from gaining access to other resources in the organization through Pass- the-Hash or Pass-the-Ticket attacks. For on-premises networks, Advanced Threat Analytics identifies abnormal activity by using behavioral analytics and leveraging Machine Learning. Azure AD Privileged Identity Management enables you to manage, control, and monitor access to important resources in your organization. Azure Defender for IoT performs Continuous asset discovery, vulnerability management, and threat detection for IoT devices. Azure Data Encryption-at-Rest provides data encryption for services across- SaaS, PaaS or IaaS. Azure Identity Protection automates the detection and remediation of identity based risks. Azure Key Vault It enhances data protection and compliance with the help of secure key management to protect data in the cloud. Attacker removes data from the environment. Microsoft 365 Defender: Microsoft Cloud App Security detects and alerts on anomalous activity for all SaaS apps in your environment, including activity originating from and new and infrequent locations, suspicious locations, new and untrusted devices, and risky IP addresses. Microsoft 365 Exchange Email flow rules prevents auto-forwarding of mail to external domain Microsoft Information Protection (MIP) helps you discover, classify, and protect sensitive information wherever it lives or travels. M365 Data Loss Prevention (DLP) rules prevent sensitive data from leaving the environment. Endpoint data loss prevention extends monitoring and protection capabilities of DLP to sensitive items that are stored on Windows 10 devices. Intune mobile device management rules prevent business data from leaving approved business apps on mobile devices. Insider Risk Management helps minimize internal risks by enabling you to detect, investigate and act on malicious activities. Azure Purview helps you manage and govern your on-premises, multi-cloud, and SaaS data with automated data discovery, sensitive data classification, and end-to-end data lineage. Azure Technologies provide encryption for discs and storage, SQL Encryption, and Key vault. Azure Backup is a service you can use to back up and restore your data in the Microsoft cloud. This service includes capabilities to protect your backups from ransomware. Azure Sentinel is a cloud-native security information and event manager (SIEM). Microsoft Azure Confidential Ledger Protects data at rest, in-transit and in-use with hardware-backed secure enclaves. SQL Database dynamic data masking limits sensitive data exposure by masking it to non- privileged users. SQL Threat Detection alerts on suspicious database activities, potential vulnerabilities, and SQL injection attacks, as well as anomalous database access patterns. Azure Sentinel To gain visibility across your entire environment and include data from other security solutions such as firewalls and existing security tools, connect Microsoft Defender to Azure Sentinel, Microsoft’s cloud-native SIEM. Azure Sentinel is deeply integrated with Microsoft Defender so you can integrate your XDR data in only a few clicks and combine it with all your security data from across your entire enterprise. Azure Sentinel To gain visibility across your entire environment and include data from other security solutions such as firewalls and existing security tools, connect Microsoft Defender to Azure Sentinel, Microsoft’s cloud-native SIEM. Azure Sentinel is deeply integrated with Microsoft Defender so you can integrate your XDR data in only a few clicks and combine it with all your security data from across your entire enterprise. Azure Defender Delivers XDR left capabilities to protect multi-cloud and hybrid workloads, including virtual machines, databases, containers, IoT, and more. It combines: • Azure Defender for Servers • Azure Defender for IoT • Azure Defender for SQL Azure Defender Delivers XDR left capabilities to protect multi-cloud and hybrid workloads, including virtual machines, databases, containers, IoT, and more. It combines: • Azure Defender for Servers • Azure Defender for IoT • Azure Defender for SQL Microsoft 365 Defender Microsoft 365 Defender delivers XDR capabilities for identities, endpoints, cloud apps, email and documents. Its built-in self-healing technology fully automates remediation more than 70% of the time. It combines: • Microsoft Defender for Endpoint • Microsoft Defender for Office 365 • Microsoft Defender for Identity • Microsoft Cloud App Security • Azure AD Identity Protection Microsoft 365 Defender delivers XDR capabilities for identities, endpoints, cloud apps, email and documents. Its built-in self-healing technology fully automates remediation more than 70% of the time. It combines: • Microsoft Defender for Endpoint • Microsoft Defender for Office 365 • Microsoft Defender for Identity • Microsoft Cloud App Security • Azure AD Identity Protection Microsoft 365 Defender Microsoft 365 Defender delivers XDR capabilities for identities, endpoints, cloud apps, email and documents. Its built-in self-healing technology fully automates remediation more than 70% of the time. It combines: • Microsoft Defender for Endpoint • Microsoft Defender for Office 365 • Microsoft Defender for Identity • Microsoft Cloud App Security • Azure AD Identity Protection aka.ms/defender365eval aka.ms/defender365eval Top resources Microsoft Security documentation Technical guidance to help security professionals build and implement cybersecurity strategy, architecture, and prioritized roadmaps. docs.microsoft.com/security Microsoft Security documentation Technical guidance to help security professionals build and implement cybersecurity strategy, architecture, and prioritized roadmaps. docs.microsoft.com/security Microsoft 365 security documentation docs.microsoft.com/microsoft-365/security Microsoft 365 security documentation docs.microsoft.com/microsoft-365/security Evaluate and pilot Microsoft 365 Defender aka.ms/defender365eval Evaluate and pilot Microsoft 365 Defender aka.ms/defender365eval Azure security documentation docs.microsoft.com/azure/security Azure security documentation docs.microsoft.com/azure/security