Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Microsoft 365 Security Overview

Presentation from IAMCP QPM Au and NZ in May 2021

  • Be the first to comment

Microsoft 365 Security Overview

  1. 1. Microsoft Security May 2021 @directorcia http://about.me/ciaops
  2. 2. The Security Dilemma
  3. 3. https://www.amazon.ca/Nico-Cigarettes-Pregnant- Photo-Print/dp/B01N64C16J Some things have changed
  4. 4. Some things haven’t changed
  5. 5. Challenges with SecOps 1“The Cost of Insecure Endpoints” Ponemon Institute© Research Report 2Verizon Data Breach Investigations Report 2020 3Nick McQuire, VP Enterprise Research CCS Insight. 4The Road to Security Operations Maturity, Siemplify, 2019 Over 80% of data breaches involve use of stolen credentials or brute force2 $1.37M Average that an organization spends annually in time wasted responding to erroneous malware alerts1 70 Security products from 35 vendors Is the average for companies with over 1,000 employees3 Only 20% of SecOps professionals feel their organization’s capabilities are mature4
  6. 6. Lack of expertise Not enough resources Less familiar Overwhelmed ? ? 62% SMBs lack the skills in-house to deal with security issues.3 62% 90% SMBs would consider hiring a new managed services provider (MSP) if they offered the right cybersecurity solution 89% Why should partners care? Security creates recurring revenue opptunity 89% of SMB customers see cyber security as the top priority in their orgs 3 Underserved and Unprepared: The State of SMB Cyber Security in 2019 90%
  7. 7. Microsoft surpasses $10 billion in security business revenue, more than 40 percent year- over-year growth https://www.microsoft.com/securi ty/blog/2021/01/27/microsoft- surpasses-10-billion-in-security- business-revenue-more-than-40- percent-year-over-year-growth/
  8. 8. PCs, tablets, mobile Office 365 Data Loss Prevention Windows Information Protection & BitLocker for Windows 10 Azure Information Protection Exchange Online, SharePoint Online, Skype for Business & OneDrive for Business Highly regulated Microsoft Intune MDM & MAM for Windows, iOS & Android Microsoft Cloud App Security Office 365 Advanced Data Governance Azure Information Protection Comprehensive protection of sensitive data across devices, cloud services, and on-premises Windows 10 Office 365 EM+S & Cloud Services Advanced Device Management
  9. 9. Unique insights, informed by trillions of signals
  10. 10. Microsoft Threat Intelligence BuiltondiversesignalsourcesandAI
  11. 11. Where should you start?
  12. 12. What Is The Issue Enabling MFA? https://www.coreview.com/resources/whitepaper/microsoft-365-app-security-governance-shadow-it-report/
  13. 13. Getting to a world without passwords Microsoft Authenticator FIDO2 Security Keys Windows Hello
  14. 14. Require MFA Allow access Deny access Force password reset ****** Limit access Controls On-premises apps Web apps Users Devices Location Apps Conditions Policies Real time Evaluation Engine Session Risk 3 40TB Effective policy Azure AD Identity Protection + Azure AD conditional access Maximize Security. Maximize Productivity. Machine learning
  15. 15. Conditional Access GPS-based named locations now in public preview https://techcommunity.microsoft.com/t5/azure-active-directory-identity/conditional-access-gps-based-named-locations- now-in-public/ba-p/2365687
  16. 16. Forrester names Microsoft a Leader in the 2021 Enterprise Email Security Wave https://www.microsoft.com/security/blog/2021/05/06/forr ester-names-microsoft-a-leader-in-the-2021-enterprise- email-security-wave/
  17. 17. Multi-Layered protection stack
  18. 18. https://security.microsoft.com/auditlogsearch
  19. 19. Protection Alerts https://protection.office.com/alertpolicies
  20. 20. https://security.microsoft.com/
  21. 21. Microsoft Cloud App Security What is Microsoft CAS ? A multi-mode Cloud Access Security Broker Insights into threats to identity and data Raise alerts on user or file behavior anomalies in cloud apps leveraging their API connectors In scope for this engagement (with Office 365) Ability to respond to detected threats, discover shadow IT usage and configure application monitoring and control Out of scope for this engagement Requirements Available to organizations with an Azure tenant or an Office 365 commercial subscription and who are in the multi-tenant and Office 365 U.S. Government Community cloud
  22. 22. Unusual file share activity Unusual file download Unusual file deletion activity Ransomware activity Data exfiltration to unsanctioned apps Activity by a terminated employee Indicators of a compromised session Malicious use of an end-user account Suspicious inbox rules (delete, forward) Malware implanted in cloud apps Malicious OAuth application Multiple failed login attempts to app Threat delivery and persistence ! ! ! Unusual impersonated activity Unusual administrative activity Unusual multiple delete VM activity Malicious use of a privileged user Activity from suspicious IP addresses Activity from anonymous IP addresses Activity from an infrequent country Impossible travel between sessions Logon attempt from a suspicious user agent
  23. 23. Gartner names Microsoft a Leader in the 2021 Endpoint Protection Platforms Magic Quadrant https://www.microsoft.com/security/blog/2021/05/11/gart ner-names-microsoft-a-leader-in-the-2021-endpoint- protection-platforms-magic-quadrant/
  24. 24. Azure Sentinel What is Azure Sentinel? Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution Insights into threats Get a birds-eye view across all data ingested and detect threats using Microsoft's analytics and threat intelligence. Investigate threats with artificial intelligence and hunt for suspicious activities In scope for this engagement Ability to automatically respond to detected threats Out of scope for this engagement Requirements Available to organizations with an Azure tenant
  25. 25. Azure Sentinel
  26. 26. ….and there isn’t enough time to mention • Device Guard • Exploit Guard • Application Guard • Credential Guard • App Locker • Attack Surface Reduction • Bitlocker • Security Baselines • Azure Information Protection • Azure Identity Protection • And a whole lot more
  27. 27. Take aways • Microsoft Security is a Leader in five Magic Quadrants- https://www.microsoft.com/en-au/security/business/security-leaders-gartner-magic- quadrant • Many are not implementing protections Microsoft include with Microsoft 365 and Windows • Look to all the different ‘scoring’ (i.e., Secure Score) as a place to start • Don’t just think of Microsoft 365 when it comes to security • Microsoft provides integration across its security services • Microsoft provides automation across its security services • ALL production accounts, user AND administrator MUST have MFA! • Use machine intelligence and AI to make your life easier
  28. 28. Resources • Cyber Security: The Small Business Best Practice Guide - https://www.asbfeo.gov.au/sites/default/files/documents/ASBFEO-cyber-security-research-report.pdf • Australian Cyber Security Centre - https://www.cyber.gov.au/ • Office 365 Security and Compliance - https://docs.microsoft.com/en- us/office365/securitycompliance/ • Microsoft Trust Center - https://www.microsoft.com/en-us/trustcenter/security/office365-security • Microsoft Secure Score - https://docs.microsoft.com/en-us/office365/securitycompliance/microsoft- secure-score • Microsoft 365 for Partners Security - https://www.microsoft.com/microsoft-365/partners/security • What are Security defaults - https://docs.microsoft.com/en-gb/azure/active- directory/fundamentals/concept-fundamentals-security-defaults • Introducing conditional access for Office 365 - https://techcommunity.microsoft.com/t5/azure- active-directory-identity/introducing-conditional-access-for-the-office-365-suite/ba-p/1131979
  29. 29. Email : director@ciaops.com Twitter : @directorcia

×