This document contains slides from a presentation on securing Office 365 with Secure Score. The presentation discusses current cybersecurity trends, GDPR responsibilities, evaluating Secure Score assessments, and Office 365 threat intelligence. It provides an overview of Microsoft's Secure Score, which analyzes an organization's security posture and provides recommendations to improve security and compliance. Secure Score helps prioritize actions, understand risks, and monitor security improvements over time. The presentation includes demonstrations of the Security & Compliance Center and performing a risk assessment using Secure Score.

1. Slide
‹#›1
Black Belting Office 365 Security with Secure Score
Andy Malone MVP

2. Slide
‹#›
Black Belting Office 365 Security with Secure Score | Andy Malone) | 21st June 2017 ] 10.45am – 12.00pm
Follow us:
#O365ENGAGE17
Andy Malone MVP, MCT (UK)
• Microsoft MVP (Enterprise Security)
• Microsoft Certified Trainer (20 years)
• Founder: Cybercrime Security Forum
• Worldwide Event Speaker
• Author: The Seventh Day
• www.AndyMalone.org
2

3. Slide
‹#›

4. Slide
‹#›
Black Belting Office 365 Security with Secure Score | Andy Malone) | 21st June 2017 ] 10.45am – 12.00pm
Follow us:
#O365ENGAGE17
This session will talk about …
• Current Cybersecurity Trends
• Understand your GDPR Responsibilities
• The Importance of Risk Planning
• Microsoft Secure Score
• Evaluating your Secure Score Assessment
• Secure Score for Developers
• Office 365 Threat Intelligence
• Review
4

5. “Look your data is
in the Cloud. It’s
Safe, It’s Secure.
Honestly”

8. Lessons I learned for Cloud Security from

9. Slide
‹#›
Protect the King!

10. Slide
‹#›
Or the Queen J

11. Next! Build a Castle

12. Adopt Physical Security Solutions

13. Slide
‹#›
Protect from
Insider Threat

14. Slide
‹#›
Defend against
Threats in Transit!

15. Slide
‹#›
Deploy an Intrusion
Prevention System

16. Pray it’s not
too Late!)

17. Slide
‹#›
Session Title (Keep title BOLD) | Presenter Name (normal) | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER]
Firstly: A Word about GDPR
Responsibilities & Why I Should care!
17

18. Slide
‹#›T R A D I T I O N A L H I E R A R C H I E S R E S P O N S I V E N E T W O R K S
The Constantly Changing Shape of Data

19. Slide
‹#›
Session Title (Keep title BOLD) | Presenter Name (normal) | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER]
CIA Triad

20. Slide
‹#›
Providing clarity and consistency
for the protection of personal data
Enhanced personal privacy rights
Increased duty for protecting data
Mandatory breach reporting
Significant penalties for non-compliance
The EU General Data
Protection Regulation
(GDPR) imposes new rules on
organizations that offer goods and
services to people in the European
Union (EU), or that collect and analyze
data tied to EU residents, no matter
where they are located.

21. Slide
‹#›
Personal
privacy
Individuals have the right to:
• Access their personal data
• Correct errors in their
personal data
• Erase their personal data
• Object to processing of
their personal data
• Export personal data
Controls and
notifications
• Strict security requirements
• Breach notification
obligation
• Appropriate consents for
data processing
• Confidentiality
• Recordkeeping
Transparent
policies
Transparent and easily
accessible policies
regarding:
• Notice of data collection
• Notice of processing
• Processing details
• Data retention/deletion
IT and
training
Need to invest in:
• Privacy personnel and
employee training
• Data policies
• Data Protection Officer
(larger organizations)
• Processor/Vendor
contract
What are the key changes with the GDPR?

22. Slide
‹#›
What’s the Impact of GDPR?
Source:
1 http://blogs.forrester.com/enza_iannopollo/16-04-20-the_eu_general_data_protection_regulation_gdpr_is_here, Enza Iannopollo, April 20, 2016
2 Forrester’s Predictions 2017: Six Ways Privacy Will Rock Global Business, By Fatemeh Khatibloo with Christopher McClean, Heidi Shey, Enza Iannopollo, Laura Koetzle,
Srividya Sridharan, Alexander Spiliotes, Christian Austin, Nov 1, 2016
The regulation applies
to companies that trade
products or services
with European
customers or in
European market1.
Potential Global
Impact
GDPR policies require
privacy-by-design and
by-default.
Partners can become
privacy consultants or
implementers to
support customer
GDPR journey.
Operational
Complexity
Fines for non-
compliance can be up
to 4% of your global
revenues or €20
million, whichever is
greater.
A fine of this magnitude
could put many
companies out of
business1.
Significant Fines
There will be a serious
resource shortfall of
Privacy Professionals.
Professional Services
vendors will pick up the
slack2.
Need for Privacy
Professionals

23. Slide
‹#›
How you can Prepare for GDPR
1 2 3 4 5
Discover
Identify what
personal data
they have and
where it resides.
Control
Manage how
personal data is
used and accessed
Protect
Establish security
controls to prevent,
detect, and
respond to
vulnerabilities &
data breaches
Report
Action data
requests and
keep required
documentation
Review
Analyze data and
systems, stay
compliant and
reduce risk

24. Slide
‹#›
Black Belting Office 365 Security with Secure Score | Andy Malone) | 21st June 2017 ] 10.45am – 12.00pm
Follow us:
#O365ENGAGE17
GDPR in a Nutshell
1. This is a regulation, not a directive, i.e. It’s LAW!
2. Data processors will be held responsible for data protection
3. The regulation has global ramifications
4. Users will be able make compensation claims
5. There are tighter rules on transferring data on EU citizens outside the EU
6. Harmonized user request rights
7. New erasure rights
8. It is the controllers responsibility to inform users of their rights
9. Tougher sanctions and streamlined incident reporting
10. Encryption and tokenisation can come to your rescue

25. Slide
‹#›
Session Title (Keep title BOLD) | Presenter Name (normal) | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER]
How Microsoft are Preparing for GDPR?
25

26. Slide
‹#›
Session Title (Keep title BOLD) | Presenter Name (normal) | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER]
New Localized Data Centre Deployments
• Two new datacenter regions, located in
Magdeburg and Frankfurt am Main,
Germany
• German data centers controlled by Deutsche
Telekom & Microsoft
• Offers a choice in how their data is handled
and where it is stored
• Adopts a new German data trustee model
• Designed specifically for region, local or
industry sensitive data

27. Slide
‹#›
Session Title (Keep title BOLD) | Presenter Name (normal) | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER]
New UK Data Centre Deployment
• Allows Microsoft to now bid for cloud computing
contracts involving sensitive government data,
which it was restricted from providing before
• Amazon to also to open new data center's in UK
& Germany
• Offers a choice in how their data is handled and
where it is stored
• should address highly regulated organization's
privacy concerns
• Designed specifically for UK sensitive data

28. Slide
‹#›
User log-ins
Unauthorized data access
Data encryption
Malware
System updates
Enterprise security
Attacks
Phishing Denial of service
User accounts
Device log-ins
Multi-factor authentication

29. Slide
‹#›
300B
1B
200B
Microsoft intelligence

30. Slide
‹#› 3
0
The Traditional Data Governance Model
Challenges
Point in time data
Captures data at a point in time which miss any edits in place
or from transport agents in flight
Increased risks
Content may be compromised moving from one environment
to another
Increased time
Waiting for indexing increases time required to find relevant
data
Increased costs
Having a separate copy of the data being stored significantly
increases costs
No service wide insights
Unable to leverage service wide machine learning to draw
correlations between the data
Exchange Data Outsourced Data Journaling
Third party
outsourced
journaling
Many organizations transfer data to a third party hosted archiving service which has challenges

31. Slide
‹#›
3
1
In-Place Office 365 Data Governance
Office 365 In-Place Data Governance
In-Place Compliance over Traditional Journaling
Location, query or policy based
Apply preservation to mailbox or SharePoint site, apply a
query to hold less content, or use preservation policies
Higher fidelity and lower costs
Content stays in Exchange and SharePoint, which results
in lower storage costs, and higher fidelity data
No impact to users
Seamlessly create, edit, and delete without knowing
data is being preserved
Reduce risk
Data is not duplicated to another provider or compliance
boundary. Record all actions taken on the data
Insights
Insights to enable you to keep what’s important, delete
what’s not, and to share according to policy
Data stays in-place and does not need to be continually transferred out of Office 365 providing benefits

32. Slide
‹#›
Office 365 In-place Compliance Solutions
Ensuring data compliance
Preserve vital data
Organization needs
Find relevant data Monitor activity
Data Governance
Import, store, preserve and expire data
eDiscovery
Quickly identify the most relevant data
Auditing
Monitor and investigate actions taken on data
Security & Compliance Center
Manage compliance for all your data across Office 365

33. Slide
‹#›
Office 365: Where do I go to enable security features?

34. Slide
‹#›
Demo
Office 365 Security Centre
34

35. Slide
‹#›
Session Title (Keep title BOLD) | Presenter Name (normal) | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER]
How can Secure Score Help?
35

36. Slide
‹#›
Getting Started with Office 365 Secure Score
All Cloud Security Controls in one place, with a score-based framework to determine
what the highest impact actions are, and an easy way to do them.

37. Slide
‹#›
Getting
Started with
Office 365
Secure Score

38. Slide
‹#›
Black Belting Office 365 Security with Secure Score | Andy Malone) | 21st June 2017 ] 10.45am – 12.00pm
Follow us:
#O365ENGAGE17
Risk analysis
• Accurate Risk Analysis is a
critical skill for an information
security professional.
• Risk decisions dictate which
safeguards we deploy to
protect our assets, and the
amount of money and
resources we spend doing so

39. Slide
‹#›
Black Belting Office 365 Security with Secure Score | Andy Malone) | 21st June 2017 ] 10.45am – 12.00pm
Follow us:
#O365ENGAGE17
Assets
Vulnerabilities
Threats and
Controls

40. Slide
‹#›
Black Belting Office 365 Security with Secure Score | Andy Malone) | 21st June 2017 ] 10.45am – 12.00pm
Follow us:
#O365ENGAGE17
Assets Vulnerabilities Threats and Controls

41. Slide
‹#›
Black Belting Office 365 Security with Secure Score | Andy Malone) | 21st June 2017 ] 10.45am – 12.00pm
Follow us:
#O365ENGAGE17
Threats

42. Slide
‹#›
Black Belting Office 365 Security with Secure Score | Andy Malone) | 21st June 2017 ] 10.45am – 12.00pm
Follow us:
#O365ENGAGE17
The Risk Triad Assets Vulnerabilities and Threats
• Assets :- are the valuable resources you are trying to protect ,
• People, buildings, property. Intellectual property etc.
• The value or criticality of the asset dictates the safeguards you deploy.
• A threat is a potentially harmful occurrence, such as
• Natural Threats :- Earthquake, Flood, Fire
• Technical Threats :- Power outage, or a network-based worm like
WanaCrypt0r
• Human Threats :- Malicious activity by a disgruntled ex-employee

43. Slide
‹#›
Black Belting Office 365 Security with Secure Score | Andy Malone) | 21st June 2017 ] 10.45am – 12.00pm
Follow us:
#O365ENGAGE17
The Risk Triad Assets Vulnerabilities and Threats
• A vulnerability is a weakness that allows a threat to cause harm.
• Examples of vulnerabilities are
• Buildings that are not built to withstand earthquakes,
• A data centre without proper backup power
• A Microsoft Windows system that has not been patched in a few
years.
• Or if it automatically runs software on a USB token when inserted.
• A Linux system has no vulnerability to a virus therefore runs no risk
from it.

44. Slide
‹#›
Black Belting Office 365 Security with Secure Score | Andy Malone) | 21st June 2017 ] 10.45am – 12.00pm
Follow us:
#O365ENGAGE17
• Quantitative and Qualitative Risk Analysis are two
methods for analysing risk.
• Quantitative Risk Analysis uses hard metrics, such as
cost.
• Qualitative Risk Analysais uses simple approximante
values and estimations.
• Quantitative is more objective;
• Qualitative is more subjective.
Qualitative and Quantitative Risk Analysis methods

45. Slide
‹#›
Black Belting Office 365 Security with Secure Score | Andy Malone) | 21st June 2017 ] 10.45am – 12.00pm
Follow us:
#O365ENGAGE17
Choosing How to Deal with Risk
• Acceptable ways to deal with risk
include:
• Accept:
• Organization believes the benefits
outweigh the potential loss
• Transfer:
• Insurance, outsourcing
• Mitigate (Reduce):
• Choose remedial measures to
counteract each risk
• Countermeasure selections

46. 4
6
Ingestion of data outside Office 365 In-Place data creation, retention and archiving In-Place eDiscovery
Auditing
Export
Office 365 Compliance Data Lifecycle

47. Slide
‹#›
Secure Score
Insights into your security position
One place to understand your security
position and what features you have
enabled.
Guidance to increase your security level
Learn what security features are available
to reduce risk while helping you balance
productivity and security.

48. Slide
‹#›
Demo
Performing a Risk Assessment with Secure Score
48

49. Slide
‹#›
Black Belting Office 365 Security with Secure Score | Andy Malone) | 21st June 2017 ] 10.45am – 12.00pm
Follow us:
#O365ENGAGE17
What’s the Risk?

50. Slide
‹#›
Session Title (Keep title BOLD) | Presenter Name (normal) | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER]

51. Slide
‹#›
Example Secure
ScoreAssessment
Current state
Key recommendations
Partner opportunity to help
Sample agenda

52. Slide
‹#›
Complete,
93
Incomplete,
357
Current State
0
50
100
150
200
250
Account Data Device
Total
Office 365 Secure Score
Security Action
Score Summary
Office 365 Secure Score
Security Action Prioritization Summary
Office 365 Secure Score
Security Action Category Summary
0
50
100
150
200
250
Low
Low
Moderate
Low
Low
Moderate
Moderate
Moderate
Total
User Impact
Implementation Cost

53. Slide
‹#›
Key Recommendations
Quick Wins
0-3 Months
• Low user impact
• Low implementation cost
3-6 Months
• Low user impact
• Moderate implementation cost
6 Months and
beyond
• Moderate user impact
• Low and moderate implementation cost
Enable MFA for all global admins
Set strong outbound spam policy
Review signs-ins after multiple failures report weekly
Enable audit data recording
Review signs-ins from multiple geographies report weekly
Enable Information Rights Management (IRM) services
Enable Advanced Security Management Console
Enable MFA for all users
Enable Advanced Threat Protection safe attachments policy
Enable Advanced Threat Protection safe links policy
Do not allow anonymous calendar sharing
Require passwords to be reset at least every 60 days
Enable mobile device management services
Enable Data Loss Prevention policies
SPO Sites have classification policies
IRM protections applied to documents
IRM protections applied to email

54. Slide
‹#›
How Secure Score can help
0-3 Months 3-6 Months 6 Months and beyond
Protect
Detect
Respond
Managed security service : Threat detection
Managed security service : Incident response
Establish education program for IT staff and end-users
On-going service: Security Assessment
ModerateLowUser impact:
Implementation cost:
Enable MFA for all
global admins
Enable audit data
recording
Enable Advanced Threat
Protection safe links
policy
Enable Advanced
Security
Management
Console
Enable mobile device
management
services
Enable Data Loss
Prevention policies
IRM protections
applied to
documents
Enable MFA for
all users
Enable Advanced Threat
Protection safe
attachments policy
Managed security service : Reporting
Managed security service: Monitoring, account and credential abuse
IRM protections
applied to email
Set strong
outbound spam
policy

55. Slide
‹#›
Black Belting Office 365 Security with Secure Score | Andy Malone) | 21st June 2017 ] 10.45am – 12.00pm
Follow us:
#O365ENGAGE17
Recently Updated Features
• Ability to ignore a control - Office 365 Secure Score
will support the option to allow a customer to ignore a
control and have it not count towards the denominator
of their score.
• Ability to tag a control as met by a 3rd party
solution - Office 365 Secure Score will support the
option to tag a security control as met by a 3rd party
product and give you the points assigned to that
control

56. Slide
‹#›
Black Belting Office 365 Security with Secure Score | Andy Malone) | 21st June 2017 ] 10.45am – 12.00pm
Follow us:
#O365ENGAGE17
Integrated Security Solution
• Advanced Analytics
• Multi Factor Authentication
• Crypto Recommendations
• Azure Rights Management
• Security & Compliance Centre
• Azure Identity Protection
• Azure AD Privileged Identity
Protection
• Auditing, Health & Much More …

57. Slide
‹#›
Session Title (Keep title BOLD) | Presenter Name (normal) | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER]
Secure Score for Developers
57

58. Slide
‹#›
Office 365 Secure ScoreAPI
• Monitor and report on customers secure score in downstream reporting tools
• Examine your customers security configuration baseline
• Integrate the data into compliance or cybersecurity applications
• Integrate Secure Score data into SIEM or CASB to drive a hybrid or multi-cloud
framework for security analytics
Resources:
• Using the Office 365 Secure Score API: http://aka.ms/SecureScoreAPI

59. Slide
‹#›
From a Developers Perspective Why use Secure ScoreAPI
1. Monitor and report on your secure
score in downstream reporting tools.
2. Track your security configuration
baseline.
3. Integrate the data into compliance or
cybersecurity insurance applications.
4. Integrate Secure Score data into your
SIEM or CASB to drive a hybrid or
multi-cloud framework for security
analytics.

60. Slide
‹#›
Walkthrough
Getting your App to work with Secure Score
60

66. Slide
‹#›

67. Slide
‹#›
Session Title (Keep title BOLD) | Presenter Name (normal) | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER]
Taking Secure Score further with
Advanced Threat Intelligence
67

68. Slide
‹#›
Session Title (Keep title BOLD) | Presenter Name (normal) | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER]
Threat intelligence is
evidence-based knowledge,
including context,
mechanisms, indicators,
implications and actionable
advice, about an existing or
emerging menace or
hazard to assets that can
be used to inform decisions
regarding the subject's
response to that menace or
hazard.
– Gartner
Mail
Metadata
Malware
Phish
Spoof
Activity
Audit activities
Click trace
TI Sources
GeoIP
Threat indicators
DLP hits
Machine
infections
Information
Insight/Analysis
A Word about Threat intelligence?

69. Slide
‹#›
Session Title (Keep title BOLD) | Presenter Name (normal) | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER]
Remediation is costly

70. Slide
‹#›
Session Title (Keep title BOLD) | Presenter Name (normal) | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER]
What type of attack to launch…
Who to target in attacks…
When to launch an attack…
Hackers How often to attack…
What type of attacks are happening…
Who is attacking them…
When attackers strike…
Analyst
s How often to attacks occur…
A hacker’s advantage is preparation & knowledge

71. Slide
‹#›
Session Title (Keep title BOLD) | Presenter Name (normal) | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER]
Knowledge is built on visibility
Who is
the target?
Breach
origination
Frequency
of attack
Time of attackAttack type
Breach
perpetrator

72. Slide
‹#›
Session Title (Keep title BOLD) | Presenter Name (normal) | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER]
Visibility enables preparation
Strategy & Best
Practices
Security Implementation

73. Slide
‹#›
Session Title (Keep title BOLD) | Presenter Name (normal) | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER]
Finance
Important
Locky
Targeted
Credit cards
Infected
Linda
Malware
Sensitive
Phish
Infected
Gopi
Office 365 threat intelligence built on Microsoft Security Graph

74. Slide
‹#›
Session Title (Keep title BOLD) | Presenter Name (normal) | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER]
Office 365 Threat Intelligence

75. Slide
‹#›
Session Title (Keep title BOLD) | Presenter Name (normal) | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER]
Threat Intelligence
Proactively detect advanced attacks
before they reach your organization.
Gain insights drawn from Microsoft’s
broad global presence.
Systematically protect your
organization with dynamic policies.
Respond to changing malware
threats in real time.
Get an integrated view of security
through an intuitive interface.

76. Slide
‹#›
Demo
Discovering Threat Intelligence
76

77. Slide
‹#›
Session Title (Keep title BOLD) | Presenter Name (normal) | Time and Date of Session (normal) [CHANGE THIS IN THE MASTER]
Compliance solutions for
Office 365
E1 E3 E5
eDiscovery Search X X X
eDiscovery Export X X
Advance eDiscovery X
Manual retention/deletion
policies, manual
classifications
X X X
Advanced Data Governance X
Advanced Data Governance
Capabilities in E3 vs. E5

78. Slide
‹#›
Black Belting Office 365 Security with Secure Score | Andy Malone) | 21st June 2017 ] 10.45am – 12.00pm
Follow us:
#O365ENGAGE17
Session Review
• Current Cybersecurity Trends
• Understand your GDPR Responsibilities
• The Importance of Risk Planning
• Microsoft Secure Score
• Evaluating your Secure Score Assessment
• Secure Score for Developers
• Office 365 Threat Intelligence
• Review
78

79. Slide
‹#›
Black Belting Office 365 Security with Secure Score | Andy Malone) | 21st June 2017 ] 10.45am – 12.00pm
Follow us:
#O365ENGAGE17
Questions? | Thank You!
Andy Malone
Andrew.malone@quality-training.co.uk
We’d like to know what you think!
Please fill out the evaluation form you
received at the registration desk for this
session
Session recordings and materials:
Materials will be available on
Office365Engage.com soon