The document discusses the evolving landscape of cybersecurity, highlighting the critical shortage of security skills and the increasing reliance on advanced technologies like machine learning for threat detection and prevention. It emphasizes the importance of protecting users' identities, data management, and adopting a zero-trust security posture as a response to emerging threats in the mobile workforce. Additionally, it outlines various Microsoft security products and strategies aimed at mitigating vulnerabilities and securing organizational assets against cyberattacks.

2. Cyberspace is the
new battlefield
Security skills are in
short supply
Virtually anything
can be attacked
The cybersecurity landscape is rapidly changing

3. Source: https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

5. Microsoft Intelligent Security Graph

6. Stopping cyber attacks
Real-world intelligence at work
Intelligent Edge
Intelligent Cloud
Local ML models, behavior-based detection algorithms,
generics, heuristics
Metadata-based ML models
Sample analysis-based ML models
Detonation-based ML
models
Big data
analytics
March 6 – Behavior-based detection algorithms
blocked more than 400,000 instances of the
Dofoil trojan.
February 3 – Client machine learning
algorithms automatically stopped the malware
attack Emotet in real time.
October 2017 – Cloud-based detonation ML
models identified Bad Rabbit, protecting users 14
minutes after the first encounter.
2017 2018
August 2018 – Cloud machine learning algorithms
blocked a highly targeted campaign to deliver
Ursnif malware to under 200 targets

7. The changing landscape of enterprise security
Mobile workforce
72% of the US workforce will
be mobile by 2020, relying on
devices other than their
laptops to be productive.
72% 1/3
Shadow IT
By 2022, a third of successful
attacks experienced by
enterprises will be on their
shadow IT resources.
Compromised
passwords
81% of confirmed data
breaches involved weak,
default, or stolen passwords.
81%

8. Everyone agrees that security is important…
Of global
organizations
indicate that security
is a top challenge
77%

9. …but most don’t prioritize it.
Of global
organizations
indicate that security
is a top challenge
77%
Of customers have turned on
multi-factor authentication2%

10. Intelligent security
Protect users’ identities
and control access to
valuable resources
Protect against advanced
threats and recover quickly
when attacked
Ensure documents and
emails are seen only by
authorized people
Gain visibility and control
over security tools
Identity & access
management
Threat
protection
Security
management
Information
protection

11. Securing Privileged Access
Office 365 Security
Rapid Cyberattacks
(Wannacrypt/Petya)
https://aka.ms/MCRA Video Recording Strategies
SQL Encryption &
Data Masking
Office 365
Dynamics 365
+Monitor
Data Loss Protection
Data Governance
eDiscovery

12. Securing Privileged Access
Office 365 Security
Rapid Cyberattacks
(Wannacrypt/Petya)
https://aka.ms/MCRA Video Recording Strategies
SQL Encryption &
Data Masking
Office 365
Dynamics 365
+Monitor
Data Loss Protection
Data Governance
eDiscovery

13. Intelligent security
Protect users’ identities
and control access to
valuable resources
Protect against advanced
threats and recover quickly
when attacked
Ensure documents and
emails are seen only by
authorized people
Gain visibility and control
over security tools
Identity & access
management
Threat
protection
Security
management
Information
protection

14. The path to reducing
vulnerabilities with your Microsoft
365 Security products
Advanced securityFundamental
baseline security

15. Fundamental
baseline security
The path to reducing
vulnerabilities with your Microsoft
365 Security products
Advanced security

16. Baseline security
Covering your bases
Identity protection Device protection App/information protection

17. Baseline security
Covering your bases
Identity protection Device protection App/information protection
Azure Active Directory
Conditional access
Multifactor authentication
Single sign-on
Password reset
PROTECTING
AGAINST:
Password hacks
and credential
theft
Basic device protection
for mobile devices
Intune
Mobile Device Management
Mobile App Management
PROTECTING
AGAINST:
Unauthorized
data access/
data leakage
Office ATP
Basic email protection
PROTECTING
AGAINST:
Email and URL
hacking

18. Fundamental
baseline security
Advanced security
The path to reducing
vulnerabilities with your Microsoft
365 Security products

19. Fundamental
baseline security
Advanced security
IDENTITY
AND THREAT
PROTECTION
INFORMATION
PROTECTION AND
COMPLIANCE
The path to reducing
vulnerabilities with your Microsoft
365 Security products

20. Advanced security
Identity and threat protection
Identity protection Device protection App/information protection

21. Advanced security
Identity and threat protection
Identity protection Device protection App/information protection
PROTECTING
AGAINST:
Unacceptable
access/Insider
threats
PROTECTING
AGAINST:
Cyber threats to
endpoints
PROTECTING
AGAINST:
Anomalous use
against policies
/Shadow IT
Azure Active Directory
P2–Identity Protection
Azure Active Directory
P2–Privileged Identity
Management
Azure Advanced
Threat Protection
Windows Defender Advanced
Threat Protection
Microsoft Cloud App Security
Advanced endpoint
protection
EDR
Visibility and control
of cloud applications

22. Fundamental
baseline security
Advanced security
IDENTITY
AND THREAT
PROTECTION
INFORMATION
PROTECTION AND
COMPLIANCE
The path to reducing
vulnerabilities with your Microsoft
365 Security products

23. Advanced security
Information protection and compliance
Information protection Compliance

24. Advanced security
Information protection and compliance
Data Loss Protection for
Office workloads—starter for
blocking sharing of
exchange files
Office DLP
Basic classification/labeling/
encryption
Azure
Information
Protection P1
Automatic classification
and labeling for content
on prem or in cloud
Azure
Information
Protection P2
Information protection Compliance
PROTECTING
AGAINST:
Unauthorized
access or sharing
of classified
content
Perform search of content
sources in organization,
relevant to legal or
compliance cases, analysis
Use ML to drive governance,
find/retain important data
while eliminating
unnecessary data
Provision/manage keys used
to encrypt data at rest in
Office 365
Approve/reject access
request made by support
engineers to access
customer data
Advanced
eDiscovery
Advanced data
governance
2nd Customer
Key
2nd Customer
Lock Box
PROTECTING
AGAINST:
Unauthorized
content searches

25. Default file
encryptions
Permissions for
SharePoint and
OneDrive for
Business libraries
External sharing
policies
Device access policies
for SharePoint
Online and OneDrive
for Business
Intune device
management of PCs
Protect data
Protect people and devices
Getting to baseline security

26. Protect data
Protect people and devices
Mobile apps
protection
Intune device
management of PCs
and phones/tablets
Azure Active
Directory multi-factor
authentication
Azure Active Directory
conditional access
Classification,
labeling, and
protection
Getting to advanced security
Bring Your Own Key
(BYOK) with Azure
information Protection
and SharePoint Online
Hold Your Own Key (HYOK)
with Active Directory Rights
Management Service and
SharePoint Online
Data Loss Prevention
(DLP) in Office 365
Office 365 service
encryption with
Customer Key
(coming soon)
Windows 10 capabilities:
Bitlocker and Windows
Information Protection (WIP)
Azure Active
Directory Identity
Protection
Microsoft Cloud
App Security or,
Office 365 Cloud
App Security
Azure Active
Directory
Privileged Identity
Management

27. Secure identities to
reach zero trust
Identity & access
management
Security
management
Strengthen your security
posture with insights
and guidance
Threat
protection
Help stop damaging
attacks with integrated and
automated security
Locate and classify
information anywhere
it lives
Information
protection
Infrastructure security

28. Infrastructure security
Defense in Depth
Azure Built-in Controls
Identity &
Access
Apps & Data
Security
Network
Security
Threat
Protection
Security
Management

29. Infrastructure security
Defense in Depth
Microsoft + Partners
Role based access Encryption DDoS Protection Antimalware Log Management
Multi-Factor
Authentication
Confidential
Computing
NG Firewall
AI Based Detection
and Response
Security Posture
Assessment
Central Identity
Management
Key Management Web App Firewall
Cloud Workload
Protection
Policy and
governance
Identity Protection
Certificate
Management
Enterprise
Connectivity
SQL Threat Protection
Regulatory
Compliance
Privileged Identity
Management
Information Protection Network Segmentation IoT Security SIEM
Identity &
Access
Apps & Data
Security
Network
Security
Threat
Protection
Security
Management

30. Secure data through its lifecycle
Protect data in useStandard Data Protection
At rest
Encrypt inactive data
when stored in blob
storage, database, etc.
In transit
Encrypt data that is flowing
between untrusted public
or private networks
In use
Protect/Encrypt data that is in
use during computation

31. Manage keys and certificates for secure applications
Key, Secrets & Certificate Management, backed by
cloud hosted HSMs- Azure Key Vault
Virtual machines Applications Storage & databases
Encrypt keys and small secrets using keys in Hardware
Security Modules (HSMs)
Simplify and automate tasks for SSL/TLS certificates,
enroll and automatically renew certificates
Rapidly scale to meet the cryptographic needs of your
cloud applications and match peak demand
Safeguard cryptographic keys and other
secrets used by cloud apps and services

32. Application protection
Network protection services enabling zero trust
Network
Security Groups
Distributed inbound
& outbound
network (L3-L4)
traffic filtering on
VM, Container
or subnet
DDoS
protection
DDOS protection
tuned to your
application
traffic patterns
Micro segmentation
Web
Application
Firewall
Centralized inbound
web application
protection from
common exploits
and vulnerabilities
Azure
Firewall
Centralized outbound
and inbound
(non-HTTP/S)
network and
application
(L3-L7) filtering
Service
Endpoints
Restrict access to
Azure service
resources (PaaS) to
only your Virtual
Network

33. Manage Security Posture and Define Governance
Continuous Assessment
& Recommendations
Centralized
Security Policy
Compliance Reports Templates & Blueprints
Cloud Security Posture Management
+ Governance

34. Identity and access management
Conditional access Identity protectionSecure authentication

35. Secure authentication
Getting to a world without passwords
Microsoft Authenticator FIDO2 Security KeysWindows Hello

36. Secure authentication
Microsoft Authenticator
MFA for enterprise and consumer
accounts and applications
Device registration (workplace join)
Single sign-on to native mobile apps
Certificate-based SSO

37. Identity protection
An integral component of Microsoft Threat Protection
Azure AD
Identity
Protection
Azure
ATP
Microsoft
Cloud App
Security

38. Microsoft Threat Protection
Correlate across
attack vectors
Detect & remediate
breaches
Protect the
digital estate
Help stop damaging attacks with integrated and automated security

39. Microsoft Threat Protection
Identities Endpoints User Data Cloud Apps Infrastructure
Intelligent Security Graph | 6.5 TRILLION signals per day

40. Protect the digital estate
Guidance for better control over
expanding attack surface
Shared signal helps protect all
attack vectors
Unparalleled visibility helps you focus on
the right actions

41. Correlate across attack vectors

42. Detect and remediate breaches
Seamless integration across services
to stop advanced threats
Detailed, real-time telemetry to provide
threat campaign information
In-depth alerts and intelligent
recommendations for threat mitigation

43. Microsoft Information Protection
Discover & classify
sensitive information
Apply protection
based on policy
Monitor &
remediate
Apps On-premisesCloud servicesDevices
Across
Accelerate
Compliance

44. Follow the data—throughout its lifecycle
Apply protection
based on policy
Have you defined what “sensitive data” means
for your company?
Do you have a way to detect sensitive data
across your company?
Do you have a way to ensure that labels persist
with the data—wherever it travels?
Which regulations and compliance factors impact you?
Are you able to empower end-users to classify and label
content themselves, or apply automatically based on
company policies?
Detect &
classify sensitive
information
Monitor &
remediate
Do you have visibility into how sensitive data is being access and shared, even across
3rd-party SaaS apps and cloud services?
Are you able to remediate actions immediately, such as quarantine data or block access?
Are you able to integrate event information into your SIEM system or other tools?

45. Security management
Strengthen your security posture with insights and guidance
Visibility Control Guidance
Devices InfrastructureApps & dataIdentity
Across

46. Visibility

47. Control

48. Guidance

49. M365 F1 M365 E31 M365 E51
Operating System Windows Enterprise (including VDA rights) ⚫2 ⚫ ⚫
Productivity &
Collaboration
Office client apps (Word, Excel, PowerPoint, OneNote, Access) ⚫ ⚫
Office Mobile apps, chat and meetings (Microsoft Teams, Skype for Business Online), email &
calendar (Outlook, Exchange), social & Internet (SharePoint, Yammer), task management
(PowerApps, Flow, Planner)
⚫3 ⚫ ⚫
Device & App
Management
Microsoft Intune, Windows AutoPilot, Fine Tuned User Experience, and Windows Analytics
Device Health
⚫ ⚫ ⚫
Security
Microsoft Advanced Threat Analytics, Windows Defender Antivirus, Device Guard4, Azure
Active Directory Plan 1, Windows Hello, Credential Guard, Direct Access4 ⚫ ⚫ ⚫
Microsoft 365 E5 Security (Microsoft Cloud App Security, Azure Active Directory Plan 2, Office
365 Advanced Threat Protection Plan 2, Azure Advanced Threat Protection, Windows
Defender Advanced Threat Protection)
⚫
Compliance
Windows Information Protection, BitLocker, Azure Information Protection Plan 1 ⚫ ⚫ ⚫
Office 365 Data Loss Prevention ⚫ ⚫
Microsoft 365 E5 Compliance (Office 365 Advanced Compliance, Azure Information
Protection Plan 2)
⚫
Communications Audio Conferencing, Phone System ⚫
Analytics
MyAnalytics ⚫ ⚫ ⚫
Delve ⚫ ⚫
Power BI Pro ⚫
SeeSpeakerNotesforfootnotes
Microsoft 365 Enterprise Plan Overview

50. challenges
integrating with customers’ existing
security tools and workflows
connecting customers’ security
technologies to streamline operations
and improve threat defense
opportunities+

51. Unify integration with Microsoft Graph
ALL
• Microsoft 365
• Azure
• Microsoft Partners
ONE
https://graph.microsoft.com

52. Microsoft Graph Security API
Streamline alert correlation
and management
Simplify orchestration and
automation
Unlock context to inform
security operations

53. What is the Security API?
Microsoft services – no extra cost

54. Alerts
Other Security Entities*
(context, actions, …)
Common Libraries, Authentication, and Authorization
Graph Security API
Federates Queries, Aggregates Results, Applies Common Schema
Secure Score Other Graph Services
(Azure AD, O365, SharePoint,
Intune …)
Intune
Azure AD
Identity
Protection
Azure ATP
Cloud
Application
Security
Azure Security
Center
Azure Info
ProtectionOffice 365 ATP
Windows
Defender
ATP
SIEM + log analytics Your custom app
Security applications

55. Contact Information
© 2019 Razor Technology, LLCwww.razor-tech.com
David Rosenthal
VP & General Manager
Digital Business
@DavidJRosenthal
Slideshare
Blog: www.razor-tech.com
5 Tower Bridge
300 Barr Harbor Dr., Suite 705
West Conshohocken, PA 19428
www.razor-tech.com
David.Rosenthal@razor-tech.com
Cell: 215.801.4430
Office: 866.RZR.DATA
LETS KEEP IN TOUCH