5. Identity Secure Score
Visibility into your Identity security position and how to improve it
Insights into your
Identity security position
Guidance to increase
your security level
Easily compare score against
other organizations
View trends
Set an ideal score.
Choose controls to achieve ideal score based on
impact.
Ignore controls that are not valid for you.
3rd party product support.
Checkout your Identity secure score now @ http://aka.ms/MyIdentitySecureScore
15. Microsoft Enterprise Mobility + Security
Technology Benefit E3 E5
Azure Active Directory
Premium P1
Secure single sign-on to cloud and on-premises app
MFA, conditional access, and advanced security reporting ● ●
Azure Active Directory
Premium P2
Identity and access management with advanced protection for
users and privileged identities ●
Microsoft Intune
Mobile device and app management to protect corporate apps
and data on any device ● ●
Azure Information Protection P1
Encryption for all files and storage locations
Cloud-based file tracking
● ●
Azure Information Protection P2
Intelligent classification and encryption for files shared inside
and outside your organization ●
Microsoft Cloud App Security
Enterprise-grade visibility, control, and protection for your
cloud applications ●
Microsoft Advanced Threat Analytics
Protection from advanced targeted attacks leveraging user
and entity behavioral analytics ● ●
Identity and access
management
Managed mobile
productivity
Information
protection
Threat Detection
17. Privileged Identity Management
Enforce on-demand, just-in-time
administrative access when needed
Ensure policies are met with alerts,
audit reports and access reviews
Manage admins access in Azure AD
and also in Azure RBAC
User Administrator
Discover, restrict, and monitor privileged identities
UserAdministrator
privileges expire after
a specified interval
Going thru Secure score, how to get there
Part of Office 365 Secure score and Microsoft secure score
Custom Controls
Trusona is using a driver's license
Duo is using an app like Azure MFA
RSA is using hardware tokens or app
11
Conditional Access including baseline
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-baseline-protect-administrators
Policies -> What If for Twitter
test user (diwug@arjancornelissen.nl)
NL IP: 84.86.200.150
Afghanistan IP: 43.230.209.0
Twitter
Google -> Terms of use
15
PIM Role activate
Azure resource demo
Now in preview
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-phone-sign-in
AzureADPreview version 2.0.2.5 is needed
New-AzureADPolicy -Type AuthenticatorAppSignInPolicy -Definition '{"AuthenticatorAppSignInPolicy":{"Enabled":true}}' -isOrganizationDefault $true -DisplayName AuthenticatorAppSignIn
Password Spray (aka Brute Force, Hammering)
Complexiteit, expiration werkt niet. Medewerkers gebruiken zaken die te onthouden zijn.
Sticky notes