2. Case Study - Context
Modern transformation for Contoso Insurance
Partners
Microsoft 365 E5 Azure Sentinel
Efficiency Simplification Resilience
Microsoft Agreement
User Identities & Collaborations
A Large Acquisition
No. of Users
100K
Regulations
local data residency,
GDPR
Remote working (secure access to
corporate resources through continuous
assessment & intent-based policies.
Business Requirements
Visibility into threats across all
resources and the ability to respond
swiftly across the organization
Security
Requirements
1. SSO & MFA
2. Discover, classify &
protect information at-rest &
In-motion.
3. Protect multi-cloud apps
4. Unify sec & threat
management for on-prem and
cloud.
5. Restrict admin scope
6. Key/secrets management
7. Anti-DDoS
8. Secure email, documents
& data shared outside.
9. WAF
3. Azure Well-Architected Framework
Key pillars on which the renewed value proposition will contribute
Efficiency Simplification Resilience
Go global in minutes – deploy
your workload in any region at minimal
cost.
Azure Autoscale - to match the
right demand to accommodate
workload.
Improve Communication &
Collaboration – using OneDrive,
Teams, SharePoint, etc.
Use serverless architecture –
Avoid operations burden of own
servers.
Manage mobile devices
efficiently - enforcement of security
policies.
Democratize advance
technologies – using adv.
Technologies may help in efficiency.
Strong Identity Foundation and
Protection – Azure AD and AD
Identity Protection with least privilege,
RBAC, PIM, etc.
Automate recovery from
failures – monitor the workload and
trigger the automation where possible.
Prepare for the events and the
incidents – Develop incident
management process & run regular
simulations to accelerate the
detection, investigation and recovery.
Scale horizontally – replace one
large resource with small multiple to
reduce the impact of single failure.
Implement Azure Security
Service – like WAF, Anti DDoS,
Firewall, etc.
Anywhere Accessibility - from
any device and any location with an
internet connection.
Enable single-sign-on for all
the enterprise application – User
login once and access any resource
with provided permissions.
Stop spending money and
efforts on heavy lifting – Let
Microsoft does the heavy lifting ( data
center management, racking,
stacking , powering servers, etc.) and
simply focus on the business.
Make frequent, small and
reversable changes - update
regularly to increase the flow of
beneficial changes. Make changes in
small increments that’s reversible.
4. Microsoft 365 Security Center > Defender
Integrated protection against sophisticated attacks
Microsoft
Defender for
Endpoint
A unified endpoint platform
for preventative protection,
post-breach detection,
automated investigation,
and response.
Microsoft
Defender for
Office 365
Microsoft
Defender for
Identity
Microsoft
Defender for
Endpoint
Safeguards the organization
against malicious threats
posed by email messages,
links (URLs) and
collaboration tools.
It uses Active Directory signals to
identify, detect, and investigate
advanced threats, compromised
identities, and malicious insider
actions directed at the organization.
Microsoft 365
Defender
Cross-product single
pane of glass
Microsoft has integrated Microsoft Defender for Endpoint (formerly Microsoft
Defender ATP) and Microsoft Defender for Office 365 (formerly Office ATP)
experiences into a coordinated cross-domain security suite, with better data
coverage, combined incident management, automatic investigation and
remediation, Microsoft Threat Experts, Threat Analytics reports, and cross-domain
hunting capabilities.
& Azure AD Identity
Protection
Email and
collaboration
Comprehensive cross-SaaS solution
bringing deep visibility, strong data
controls, and enhanced threat
protection to your cloud apps.
Microsoft
Cloud App
Security
1
2 3
4
(CASB)