Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

SharePoint Saturday Brussels 2019: Keynote

314 views

Published on

Trust me, I know what I’m doing: I found this USB stick on the ground. In this keynote together with Maarten Eekels we walk through the essential security capabilities in Office 365 and Azure

Published in: Technology
  • Be the first to comment

SharePoint Saturday Brussels 2019: Keynote

  1. 1. KEYNOTE - Trust me, I know what I’m doing: I found this USB stick on the ground.. Jussi Roine | Maarten Eekels SharePoint Saturday Belgium 2019 #SPSBE
  2. 2. Platinum Gold Silver Community Thanks to our sponsors!
  3. 3. Jussi Roine @JussiRoine Maarten Eekels @maarteneekels
  4. 4. Security! And trust.. issues So, what will we talk about? A little bit about what not to do Some good jokes about the Swedes
  5. 5. Let’s talk about security! You need to do these 3 things. RIGHT AFTER THIS KEYNOTE! Check your Secure Score Enforce MFA for admins Create emergency access accounts
  6. 6. Securing Privileged Access Office 365 Security Rapid Cyberattacks (Wannacrypt/Petya) https://aka.ms/MCRA Video Recording Strategies Office 365 Dynamics 365 +Monitor Azure Sentinel – Cloud Native SIEM and SOAR (Preview) SQL Encryption & Data Masking Data Loss Protection Data Governance eDiscovery
  7. 7. “Just enable MFA!”- Consultants, who used to say it depends
  8. 8. Passwordless and FIDO2 tokens
  9. 9. Azure SentinelYour SIEM in the cloud
  10. 10. Demo Azure Sentinel FIDO2 tokens and passwordless
  11. 11. Help, I was hit by ransomware!
  12. 12. Demo Ransomware
  13. 13. Meet my new friend, Bastion • A secure jump-server in the cloud • In practice, a VM that allows connections to your internal VMs • • Supports RDP and SSH for secure remote access • Pricing is per hour – about 0.081 €/hour, or 60 €/month + outbound data • What about JIT access, then?
  14. 14. • Windows Defender Advanced Threat Protection • Part of Microsoft 365 licensing • Onboard clients, and then blame the user when something goes wrong! Defending users on Windows 10
  15. 15. Let’s share some files with SharePoint • Anonymous links • One-time password protected links • Read-only links • Block download
  16. 16. Time to protect those docs! • Azure Information Protection vs Unified Labeling • New reporting in Azure Portal
  17. 17. Conditional Access Allow and deny access based on • Location • Apps • Risk • Device
  18. 18. Intune – the last piece of the management puzzle Enroll & manage access Provision config, policies and apps Manage & protectRetire & revoke
  19. 19. Demo Protecting docs Windows Defender ATP Conditional Access – let’s block the Swedes!
  20. 20. Everything else Additional services, add-ons, licenses, restrictions MFA and SSPR You don’t have to do passwordless first Modern management Opens up numerous opportunities for additional security Identity first Identities, security, reporting, licenses. The Golden Config: Microsoft 365 Office 365IntuneMFAAzure AD https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-policies-configurations
  21. 21. 2 3 4 5 6 Get to a secure level Run Secure Score, and orient yourself Create break-glass admin accounts Guidance can be found at https://docs.microsoft.com/en-us/azure/active- directory/users-groups-roles/directory-emergency-access Enable Conditional Access Requires AAD P1/P2 licensing Store your files in the cloud The cloud is your backup. Explain file sharing options to your users There are so many options. Make sure you setup the right defaults for your organisation too. Enable MFA 99% of phishing attacks are unsuccesful with MFA enabled. 1 Survival guide for security and the cloud
  22. 22. #SPSBE http://spsbe.be Please rate this session!
  23. 23. SharePoint Saturday Belgium 2019 #SPSBE

×