Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Secure Modern Workplace With Microsoft 365 Threat Protection


Published on

Join me as I walk you through alll what Microsoft 365 has to offer to protect your business and organization. I am going to cover every security feature and how it fits in the big picture. Whether you are on-premises organization or migrating to the cloud, there is something for you to look at.

Follow me on twitter @ammarhasayen and connect on Linkedined

Here is the full blog post:

Published in: Technology

Secure Modern Workplace With Microsoft 365 Threat Protection

  1. 1. SECURING THE MODERN WORKPLACE WITH MICROSOFT 365 THREAT PROTECTION @AmmarHasayen Digital Transformation | Cloud Architect | Cybersecurity | Microsoft MVP | Speaker | Author Ammar Hasayen
  2. 2. Advanced Threat Protection - Office 365 ATP - Windows ATP - Azure ATP New Defense in Depth - Identity driven security - Zero Trust Networks Outline
  3. 3. Windows 10 Enterprise Mobility and Security Office 365 Microsoft 365 E-discovery, advanced security [Office 365 ATP] Collaboration Tools PIM, Identity Protection, CAS, Azure ATP Identity Sync, Mobile Management, From RMS to AIP, ATA Windows Defender Advanced Threat Protection BitLocker, Windows Firewall, Windows Defender, VBS Complete Solution E3 E5
  4. 4. Complete Protection Solution Threat Protection Devices Identity Email & SharePoint Windows ATP Azure ATP Office 365 ATP
  5. 5. Integrated Experience
  6. 6. Multi-Tier Threat Protection 2 3 1 Windows ATP Office 365 ATP Azure ATP
  7. 7. Multi-Tier Threat Protection 2 1 Windows ATP Office 365 ATP
  8. 8. Office 365 ATP
  9. 9. Office 365 ATP SAFE ATTACHMENTS SAFE LINKS If links points to attachment Works with SPO and ODFB Spoof Intelligence Anti-phishing Office 365 ATP
  10. 10. Windows Defender ATP
  11. 11. Windows Defender Endpoint Detection and Response Windows Defender Endpoint Protection Windows Defender Smart Screen Windows Defender ATP Block malicious websites Block low reputation web downloads Monitors behaviors and terminates bad processes Block malicious programs and content After execution – Windows Defender Hexadite can reverse damage After execution – Windows Defender ATP monitors for post-breach signals Endpoint Protection Detection and Remediation
  12. 12. Advanced Real-Time Defense Client holds file and upload sample Sample is processed & checked against machine learning classifiers Cloud generates signature and sends to client Client blocks file and report back, protecting all customers 1 2 3 4 5 6
  13. 13. Machine Learning for Endpoint Protection Local ML models, behavior-based detection algorithms, generics and heuristics Metadata-based ML models Sample Analysis-based ML models Detonation-based ML Models Big Data Analysis Client Cloud Milliseconds Milliseconds Seconds Minutes Hours
  14. 14. Next Generation Protection for Endpoint YnQU.jpg:large
  15. 15. Azure ATP
  16. 16. Advanced Persistence Attacks 356 days 60% APT maintained access to victim networks Attackers are able to compromise an organizations within minutes
  17. 17. User account is compromised Attacker attempts lateral movement Privileged account compromised Attacker accesses sensitive data Attacker steals sensitive data Zero-day/ brute force attack Anatomy of an attack
  18. 18. Anatomy of an attack Anomalous user behavior Unfamiliar sign-in locations Lateral movement attacks Escalation of privileged Account impersonation
  19. 19. How Things Would Work? New Security Expert
  20. 20. Discovery Who works here? Users Groups [Nested] Computers
  21. 21. Identify Sensitive Accounts Who is sensitive? Automatic Identification Manual Identification
  22. 22. Study The Environment
  23. 23. Behavioral Analytics Working hours Works with His laptop Many failed logon attempts Logon at unfamiliar times Access unfamiliar resources Logon from unfamiliar machine
  24. 24. 1 2 4 53 Azure ATP Cloud evolution for Microsoft ATA Collect DC Logs, SIEM, Windows Events. L7 Deep Packet Inspection Analyze & Learn Self-learning and profiling technology, patented IP resolution, unlimited scale by Azure Alert & Investigate Intuitive attack timeline. Lateral movement graphs. Alert via email & scheduled reports. Detect Abnormal behavior & Suspicious activities Integrate Integrated with Windows Defender ATP to further dig deep into the device health. Azure ATP
  25. 25. New Defense In Depth
  26. 26. Corporate Network Mobile Anywhere Public Internet Traditional Security Perimeters Are No Longer Effective Alone
  27. 27. Defense In Depth DevicesIdentity Applications Data Download the poster here
  28. 28. Identity MFA • Compromised Identity • Stolen Credentials • Azure ATP • Azure Identity Protection • Azure MFA Devices Lost Device • Configuration Manager • Intune MDM, MAM • Hybrid Management • Azure AD domain Join • Windows Hello for Business • Windows Defender ATP
  29. 29. WHO? [Users] Azure AD Conditional Access WHERE? [Application] Device? [Compliance] Network? [IN-OUT Corp] Risk? [Identity Protection] Allow Access Require MFA Password Reset Deny Access Limit Access New Identity Firewall Read more here
  30. 30. SSO with SaaS Applications Azure AD Management Layer Self-Service Password Reset Azure AD Domain Join MFA Registration Group Management Shadow IT Discovery Cloud App Security Risk Scoring Policies for Data Control Collaboration Behavior and Anomaly Detection Shadow IT Read more here
  31. 31. DLP for Office 365 Data Layer Mobile App Policies AIP Labeling and Classification AIP Protection & Reporting Office 365 Secure Score Office 365 Security Office 365 Threat Explorer Office 365 ATP Data Leak Exchange Online Protection
  32. 32. Resources • Azure ATP [ ] • Cloud App Security [ ] • Defense in Depth Diagram [ ] • Azure AD Conditional Access [ access/ ] • Exchange Online Protection Architecture [ protection-architecture/ ] • Zero Trust Network with M365 [ ]