SharePoint Saturday Geneve session about cloud security and the cloud mindset that need to change when moving from on-prem to the cloud. Azure AD, Conditional Access, MFA, Identity protection

1. #SPSGeneva6th December 2018
Geneva
WELCOME

2. #SPSGeneva
We are moving to the cloud, what about security
Arjan Cornelissen – Work Together

3. #SPSGeneva
#SPSGeneva

4. #SPSGeneva
A Huge “Thank You!” To Our Sponsors …

5. #SPSGeneva
Arjan Cornelisssen
SharePoint & Office 365 Architect
WorkTogether.tech
@arjancornelis

6. #SPSGeneva
How did we do security?

7. #SPSGeneva
Sobering statistics
The frequency and sophistication of cybersecurity attacks are escalating
$6T
annual cost
of cybercrime to the
global economy
$3M
average cost of a
data breach to a
company
140+
median # days
attackers reside within
a victim’s network
before detection
network intrusions
due to
compromised user
credentials
81%+

8. #SPSGeneva
Common passwords
1. 123456
2. 123456789
3. qwerty
4. 111111
5. 12345678
6. 123123
7. password
8. 1234567
9. 12345
10. 1234567890
11. abc123
12. 123
13. 123321
14. password1
15. qwertyuiop
16. 666666
17. a123456
18. 1234
19. 654321
20. 5201314
21. 123456a
22. iloveyou
23. 11111111
24. 159753
25. 123123123

9. #SPSGeneva
Updated NIST Guidelines
Three main changes:
1. No more periodic password changes
2. No more imposed password complexity
3. Validate new passwords against commonly used passwords
http://aka.ms/passwordguidance
Minimum Length Requirements (to defeat brute force hash attacks)
Don’t use commonly attacked passwords
Use unique passwords

10. #SPSGeneva
Cloud security

11. #SPSGeneva
On-premises /
Private cloud

12. #SPSGeneva
lllllllll
lllllllll
Phishing
Password
Spray
Breach
Replay
200K
password spray attacks
blocked in August 2018
23M
high risk enterprise sign-in
attempts detected in March 2018
4.6B
attacker-driven sign-ins
detected in May 2018
Top attacks against Azure AD
John Doe
lllllll

13. #SPSGeneva
Corporate
Network
Geo-location
MacOS
Android
iOS
Windows
Windows
Defender ATP
Client apps
Browser apps
Google ID
MSA
Azure AD
ADFS
Employee & Partner
Users and Roles
Trusted &
Compliant Devices
Location
Client apps &
Auth Method
Conditions
Microsoft
Cloud App Security
Force
password
reset
Require
MFA
Allow/block
access
Terms of Use
******
Limited
access
Controls
Machin
e
learnin
g
Policies
Real time
Evaluation
Engine
Session
Risk
3
40TB
Effective
policy

14. #SPSGeneva
Multi Factor Authentication

15. #SPSGeneva
Conditional Access
with MFA

16. #SPSGeneva
Block legacy
authentication

17. #SPSGeneva
DEMO

18. #SPSGeneva
SharePoint Conditional Access

19. #SPSGeneva
DEMO

20. #SPSGeneva
App credentials

21. #SPSGeneva
Access
granted
to data
Microsoft Enterprise Mobility + Security
Apps
Risk
MICROSOFT INTUNE
AZURE ACTIVE
DIRECTORY
MICROSOFT CLOUD
APP SECURITY
AZURE INFORMATION
PROTECTION
MICROSOFT ADVANCED
THREAT ANALYTICS
!
Device
!
CONDITIONAL
ACCESS
Location
Classify
Audit
Protect
Label
!
!

22. #SPSGeneva
Device and Application security

23. #SPSGeneva
ADMIN SIDE

24. #SPSGeneva
Privileged Identity Management
Enforce on-demand, just-in-time
administrative access when needed
Ensure policies are met with alerts,
audit reports and access reviews
Manage admins access in Azure AD and
also in Azure RBAC
User Administrator
Discover, restrict, and monitor privileged identities
UserAdministrator
privileges expire after
a specified interval

25. #SPSGeneva
Privileged Identity

26. #SPSGeneva

27. #SPSGeneva
DEMO

28. #SPSGeneva
Identity Secure Score
Visibility into your Identity security position and how to improve it
Insights into your
Identity security position
Guidance to increase
your security level
Easily compare score against
other organizations
View trends
Set an ideal score.
Choose controls to achieve ideal score based on
impact.
Ignore controls that are not valid for you.
3rd party product support.
Checkout your Identity secure score now @ http://aka.ms/MyIdentitySecureScore

29. #SPSGeneva
Secure Score
Checkout your Identity secure score now @ http://aka.ms/MyIdentitySecureScore

30. #SPSGeneva
DEMO

31. #SPSGeneva
Microsoft Enterprise Mobility + Security
Technology Benefit E3 E5
Azure Active Directory
Premium P1
Secure single sign-on to cloud and on-premises app
MFA, conditional access, and advanced security reporting ● ●
Azure Active Directory
Premium P2
Identity and access management with advanced protection for users
and privileged identities ●
MicrosoftIntune
Mobile device and app management to protect corporate apps and
data on any device ● ●
Azure InformationProtection P1
Encryption for all files and storage locations
Cloud-based file tracking
● ●
Azure InformationProtection P2
Intelligent classification and encryption for files shared inside
and outside your organization ●
MicrosoftCloud App Security
Enterprise-grade visibility, control, and protection for your
cloud applications ●
MicrosoftAdvancedThreat Analytics
Protection from advanced targeted attacks leveraging user
and entity behavioral analytics ● ●
Identity and
access
management
Managed mobile
productivity
Information
protection
Threat Detection

32. #SPSGeneva
PREVIEW FEATURE

33. #SPSGeneva
Password-less with
Microsoft Authenticator app
aka.ms/gopasswordless
Available today
In Public preview today

34. #SPSGeneva
DEMO

35. #SPSGeneva
OUR SECURITY MINDSET
NEEDS TO BE UPDATED

36. #SPSGeneva
QUESTIONS&
ANSWERS

37. #SPSGeneva
Thank You!

38. #SPSGeneva6th December 2018
Geneva
WELCOME