DIWUG Presentation on security in general. What is changing when you go from an on-premises environment to a cloud environment. Also what Microsoft gives to protect against threats
4. Sobering statistics
The frequency and sophistication of cybersecurity attacks are escalating
$6T
annual cost
of cybercrime to the
global economy
$4M
average cost of a
data breach to a
company
140+
median # days attackers
reside within a victim’s
network before
detection
network intrusions
due to compromised
user credentials
75%+
6. Updated NIST Guidelines
Three main changes:
1. No more periodic password changes
2. No more imposed password complexity
3. Validate new passwords against commonly used passwords
http://aka.ms/passwordguidance
Minimum Length Requirements (to defeat brute force hash attacks)
Don’t use commonly attacked passwords
Use unique passwords
10. Conditional Access
Microsoft Cloud
3rd Party SaaS Apps
On Premises Apps
Microsoft Azure
Prevent data leak
Disable print
Restrict download
Enforce MFA
Block sign-in
Allow sign-in
Access Control
Session Restrictions
OS Platform
Is Compliant / Domain joined
Is lost or stolen
Device Risk
Device
User identity
Group membership
Session Risk
User
Mobile or Cloud app
Per app policy
App
Location
IP range
Country / Region
ApplicationsPolicy ControlsPolicy Conditions
Windows
Defender
Azure AD
Identity
Protection
Service
Terms of Use
Partners
11. IF
Privileged user?
Credentials found in public?
Accessing sensitive app?
Unmanaged device?
Malware detected?
IP detected in Botnet?
Impossible travel?
Anonymous client?
High
Medium
Low
User risk
10TB
per day
THEN
Require MFA
Allow access
Deny access
Force password reset******
Limit access
High
Medium
Low
Session risk
Azure
Bing
OneDrive
Microsoft
Cyber Defense
Operations Center
Microsoft
Cybercrime Center
Xbox Live
Microsoft
Accounts
Skype
Risk-based
conditional access
16. Access
granted
to data
Microsoft Enterprise Mobility + Security
Apps
Risk
MICROSOFT INTUNE
AZURE ACTIVE
DIRECTORY
MICROSOFT CLOUD
APP SECURITY
AZURE INFORMATION
PROTECTION
MICROSOFT ADVANCED
THREAT ANALYTICS
!
Device
!
CONDITIONAL
ACCESS
Location
Classify
Audit
Protect
Label
!
!
18. Microsoft Enterprise Mobility + Security
Technology Benefit E3 E5
Azure Active Directory
Premium P1
Secure single sign-on to cloud and on-premises app
MFA, conditional access, and advanced security reporting ● ●
Azure Active Directory
Premium P2
Identity and access management with advanced protection for
users and privileged identities ●
Microsoft Intune
Mobile device and app management to protect corporate apps
and data on any device ● ●
Azure Information Protection P1
Encryption for all files and storage locations
Cloud-based file tracking
● ●
Azure Information Protection P2
Intelligent classification and encryption for files shared inside
and outside your organization ●
Microsoft Cloud App Security
Enterprise-grade visibility, control, and protection for your
cloud applications ●
Microsoft Advanced Threat Analytics
Protection from advanced targeted attacks leveraging user
and entity behavioral analytics ● ●
Identity and access
management
Managed mobile
productivity
Information
protection
Threat Detection
19. Privileged Identity Management
Enforce on-demand, just-in-time
administrative access when needed
Ensure policies are met with alerts,
audit reports and access reviews
Manage admins access in Azure AD
and also in Azure RBAC
User Administrator
Discover, restrict, and monitor privileged identities
UserAdministrator
privileges expire after
a specified interval