Dutch Microsoft & Security Meetup - Ignite recap Microsoft 365 Security and Compliance

•Download as PPTX, PDF•

3 likes•509 views

The slides for my presentation at the Dutch Microsoft & Security Meetup on November 14th 2019. Topics I cover are: - Security baseline for Office 365 ProPlus - Office cloud policy service + security policy advisor - Safe documents - Application guard - Sensitivity labels in SharePoint and Office web apps - Information barriers in Microsoft Teams - Insider risk management - Communication compliance - Microsoft Compliance Score

Presentations & Public Speaking

Ignite recap Microsoft 365
Dutch Microsoft & Security Meetup 14 november 2019
@maarteneekels

Aangenaam :)
Contact
@maarteneekels
meekels@portiva.nl
www.eekels.net

Agenda
• Security baseline for Office 365 ProPlus
• Office cloud policy service + security policy advisor
• Safe documents
• Application guard
• Sensitivity labels in SharePoint and Office web apps
• Information barriers in Microsoft Teams
• Insider risk management
• Communication compliance
• Microsoft Compliance Score
• More news

New security baseline for
Office 365 ProPlus
https://aka.ms/
officesecbaseline

Office cloud policy service +
Security policy advisor
General available and public preview
https://config.office.com
• Roams with user
• From version 1908

When available?
Safe Documents – Spring 2020
In preview now: https://aka.ms/safedocspreview
Application Guard for Office – Summer 2020
In limited preview now: https://aka.ms/appguardpreview

Sensitivity labels in SharePoint
and Office web apps
Public preview
Set-SPOTenant -EnableAIPIntegration $true
https://docs.microsoft.com/en-
gb/microsoft-365/compliance/sensitivity-
labels-sharepoint-onedrive-files

Information Barriers
in Microsoft Teams
General available
Restrict communications between two groups to avoid a conflict of interest
from occurring in your organization.
• Searching for a user
• Adding a member to a team
• Starting a chat session with someone
• Starting a group chat
• Inviting someone to join a meeting
• Sharing a screen
• Placing a call https://docs.microsoft.com/en-us/microsoft-
365/compliance/information-barriers-policies
It takes about 30 mins for policies to be applied
Or longer for large orgs (1 hour per 5000 users)

$Information Barriers deployment Give admin consent to the Information Barriers app: Login-AzureRmAccount $appId="bcf62038-e005-436d-b970-2a472f8c1982" $sp=Get-AzureRmADServicePrincipal -ServicePrincipalName $appId if ($sp -eq $null) { New-AzureRmADServicePrincipal -ApplicationId $appId } Start-Process "https://login.microsoftonline.com/common/adminconsent?client_id=$appId" Create segments: New-OrganizationSegment -Name “Sales" -UserGroupFilter "Department -eq ‘Sales’" Create policies: New-InformationBarrierPolicy -Name "Sales-Research" -AssignedSegment "Sales" -SegmentsBlocked "Research" -State Inactive Apply policies: Get-InformationBarrierPolicy Set-InformationBarrierPolicy -Identity <GUID> -State Active Start-InformationBarrierPoliciesApplication$

Insider Risk Management
Private preview
• Obtain real-time native signals across Office, Windows and
Azure, including file activity, communications sentiment and
abnormal user behaviors
• Additional third-party signals from HR systems such as SAP
and Workday can be integrated via connectors
• Includes configurable playbooks tailored for risks, such as
digital IP theft and confidentiality breach

Communication Compliance
Available today
Quickly identify and remediate communications risks
• Corporate policies – comply with ethical and other
corporate standards
• Risk management – Identify and manage legal and
corporate risk
• Regulatory compliance – SEC, FINRA require
communications oversight

Microsoft Compliance Score
Public preview

More news
• Protected PDF support in Edge Chromium (public
preview)
• Data protection in Power BI (public preview)
• Classify and label sensitive data
• Integration with Cloud App Security
• Microsoft Defender ATP for Mac with endpoint
detection and response (EDR) (public preview)
• Microsoft Cloud App Security connectors for AWS (GA)
and Google Cloud (public preview)
• Azure MFA part of Azure AD free plan

Dutch Microsoft & Security Meetup - Ignite recap Microsoft 365 Security and Compliance

This document provides an overview of Azure Information Protection (AIP) including its functionality, roadmap, and best practices for implementation. It discusses how AIP can help with regulatory compliance, data classification, and external sharing. It outlines Microsoft's information protection solutions including AIP, Office 365, Windows Information Protection, and Cloud App Security. The document demonstrates AIP's capabilities for detecting, classifying, protecting, and monitoring sensitive data. It provides guidance on getting started with AIP through default labels and defines key takeaways around AIP being part of an overall data protection strategy.

May 2020 Microsoft 365 Need to Know Webinar

Robert Crane

ECS19 - Nicki Borell - Microsoft Cybersecurity Reference Architecture

European Collaboration Summit

The document discusses Microsoft's cybersecurity reference architecture and how it can help protect organizations by protecting access at the front door, detecting and remediating attacks, and protecting data anywhere through solutions like identity management, threat protection, information protection, and advanced security monitoring. It provides examples of how conditional access policies and user risk assessments can help secure access to applications and detects anomalies and threats across on-premises, cloud, and mobile environments. The reference architecture leverages solutions from Enterprise Mobility and Security to classify and label sensitive data and monitor for policy violations to help organizations discover, protect, and govern their most important information throughout its lifecycle.

O365Con18 - Classify, Label and Protect your Data with Azure Information Prot...

NCCOMMS

Azure Information Protection allows organizations to classify, label, and protect their data through its full data lifecycle. It addresses challenges of controlling data across a complex environment of employees, partners, customers, apps and devices. The solution classifies data based on sensitivity, applies persistent labels, and encrypts files for protection when sharing outside the organization. It also includes features for document tracking, revocation, and setting information protection policies.

CollabDays BeNeLux Sensitivity labels: what's new

Albert Hoitingh

O365Con18 - Exploring Conditional Access to content stored in Office 365 - Pa...

NCCOMMS

This document discusses conditional access and access management in Microsoft 365. It covers authentication versus authorization, roles-based access control, conditional access policies, Azure AD Privileged Identity Management, and Privileged Access Management in Office 365. It provides information on the capabilities of different license tiers and describes how to configure Privileged Access Management in Office 365.

Data governance in Office 365

CloudFronts Technologies LLP.

Being more secure using Microsoft 365 Business

Robert Crane

The document discusses security challenges for businesses and how Microsoft 365 solutions provide defense in depth across devices, apps, and identity. It highlights growing threats like phishing, password spraying, and account takeovers. Microsoft uses intelligence from trillions of signals to detect anomalies and threats. The solutions incorporate multi-factor authentication, conditional access policies, advanced threat protection, information protection, and more to help secure organizations.

With Office 365 PowerShell, you can manage Office 365 for your organization using commands and scripts that streamline your day to day work. Microsoft provides several easy to use admin centers to help manage Office 365. However, whether you’re an Office 365 administrator yourself or a service owner for Office 365 in your organization (working with other administrators), you’ll quickly find that you need to go beyond the capabilities that these admin centers provide. PowerShell can help you automate tasks so that they are easily repeatable, it can help you script management tasks so that they are automatically performed on a schedule and it can help you quickly output large amounts of data about your Office 365 environment. As well, some Office 365 settings are only manageable using PowerShell, with no UX provided. In this session, you’ll learn how to get started with Office 365 PowerShell and how to quickly become productive with it, making you more productive and empowered as you manage your Office 365 environment.

October 2020 Microsoft 365 Need to Know Webinar

Robert Crane

2020-03-05 Secure IT day 2020 Abalon - comment protéger votre environnement ...

Patrick Guimonet

The document outlines five key steps to secure an Office 365 environment: 1. Implement identity and access management with conditional access controls, identity protection, and secure authentication like multifactor authentication. 2. Employ threat protection with integrated and automated security services like Azure ATP. 3. Use information protection tools like Azure Information Protection to classify and protect sensitive data across apps and services. 4. Strengthen security management with insights from tools like Microsoft Secure Score and Azure Security Center. 5. Conduct end user security awareness training on best practices and risks.

October 2021 Microsoft 365 Need to Know Webinar

Robert Crane

Need to Know Webinar - October 2017

Robert Crane

Cryptzone SharePoint and Office 365 Security Solutions Guide

David J Rosenthal

The SharePoint and Office 365 Security Gap While thousands of organizations are deploying SharePoint and Office 365 to manage enterprise content, streamline business processes, and deliver enterprise 2.0 collaboration capabilities, compliance and security concerns − and their associated risks − remain top of mind. As the amount of content and user interaction increases, particularly given the enhanced collaborative capabilities of Microsoft's collaboration platforms, the chance for a SharePoint or Office 365 security breach or compliance violation increases as well. A solution that automatically classifies, applies permissions, tracks, encrypts and prevents the inappropriate storage, access and distribution of sensitive content stored in SharePoint and Office 365 is clearly necessary to overcome this confidence gap.

2018 10-17 J1 1B - How to plan your modern workplace project - Ammar Hasayen

Modern Workplace Conference Paris

This document outlines Ammar Hasayen's presentation on how to plan a modern workplace project. It begins with explaining the shift from old ways of working to new ways enabled by digital transformation. It then covers initiating a modern workplace project, using the Pentagon Framework to structure solutions, and providing a case study example. The outline includes sections on why modern workplace, project initiation, the Pentagon Framework, and a case study.

May 2018 Office 365 Need to Know Webinar

Robert Crane

September 2020 Microsoft 365 Need to Know Webinar

Robert Crane

What is Office 365 | Benifits of Office 365 | Learn Office 365

Gloire Tech

Office 365 provides various benefits for small businesses including maintaining online websites and blogs to increase visitors, facilitating online conferences and document sharing through Outlook or a browser, sharing diaries and calendars, quickly setting up intranet sites and wikis, protecting against viruses and spam through disaster recovery, and paying only for what is used with 99.9% uptime. Key benefits include access to emails, documents, contacts and calendars from anywhere; enabling online meetings and collaboration; enhanced security; and assistance in creating good looking websites. Gloire Tech offers Office 365 training on these benefits.

The End of the Domain Controller

Robert Crane

If businesses no longer require a traditional domain controller what does that means for the IT resellers? How can you utilise the latest cloud services to not only provide identity but security and management for customers? Will this mean a change of business model or simply an integration of new services and techniques into your current offerings? This session will help you understand the direction your business needs to focus on to take full advantage of the evolving cloud services that are fast making traditional domain controllers redundant.

Microsoft Cloud Updates - October 2017

Robert Crane

O365Con18 - Protecting your Data in Office 365 - Arjan Cornelissen

NCCOMMS

The document discusses security in Office 365 and provides statistics on cybercrime costs and common attacks. It then summarizes Microsoft's approach to security including multi-factor authentication, conditional access policies, and tools to protect devices, applications, and privileged identities. Screenshots demonstrate features like conditional access for SharePoint and the Identity Secure Score dashboard.

Security and compliance in Office 365 -Part 1

Vignesh Ganesan I Microsoft MVP

This document provides an overview of security and compliance in Office 365. It discusses the modern workplace and security challenges in a cloud-first, mobile-first world. It then describes Office 365's defense-in-depth, multi-dimensional approach to security across physical, network, host, application, administration and data layers. Specific Office 365 security and compliance offerings are outlined, including Cloud Access Security Brokers, SIEM, MDR and CASB tools. The document concludes by discussing upcoming topics that will be covered in future parts, such as Exchange Online Protection, Advanced Threat Protection, Threat Intelligence, GDPR compliance and data governance tools.

Azure Functions and Microsoft Graph

Microsoft Tech Community

Identity and Data protection with Enterprise Mobility Security in ottica GDPR

Jürgen Ambrosi

Introduzione agli scenari di autenticazione per i servizi informativi nei contesti lavorativi moderni. Panoramica delle soluzioni offerte dalla soluzione Enterprise Mobility and Security per la messa in sicurezza delle identità e delle informazioni nel loro completo ciclo di vita. Prevenzione, rilevamento, contenimento e risposta a minacce di tipo avanzato con riferimenti alla cyber kill chain (focus su Endpoint, Identità, servizi di produttività e cloud app).

Office 365 security concerns, EU General Data Protection Regulation (GDPR)

Sonja Madsen

Office 365 provides access to information from different devices not only from secure office locations, but also from just about any location in the world. Data security, governance and compliance are the biggest concerns. This talk is about the robust security that is built into Office 365: data loss prevention, mobile device management, password and multi-factor authentication, message encryption, EU General Data Protection Regulation (GDPR) and Rights Management Service.

Microsoft 365 Threat Management and security - EMS E5

Ammar Hasayen

Azure AD B2C Webinar Series: Custom Policies Part 3 Troubleshooting

Vinu Gunasekaran

This document outlines the agenda and topics that will be covered in an Azure AD B2C webinar on troubleshooting custom policies. The webinar will cover visual studio code extensions for custom policies, navigating and editing policies, deploying policies using PowerShell, application insights monitoring of user journeys and technical profiles, and interacting with an Azure AD B2C tenant through the Microsoft Graph API and viewing protocol exchanges. Attendees are encouraged to complete a post-call survey to provide feedback and ask any remaining questions.

May 2018 Azure Need to Know Webinar

Robert Crane

30 March 2017 - Vuzion Ireland Love Cloud

Vuzion

Kieran McDonnell from Vuzion Ireland gave a presentation on digital transformation and how Vuzion can help businesses future proof themselves. Vuzion is a cloud aggregator that has been delivering and selling cloud services for 20 years. They have a rich portfolio of cloud services and work with a smart ecosystem of partners. Vuzion's GTM model involves pre-sales engagement, operational delivery, capability development, and bespoke solutions. Julian Dyer from Vuzion then provided direction on Microsoft including updates on products like Skype for Business and Security as a Service. Elaine Pakes from DocuSign discussed how DocuSign can be used to sign documents anytime, anywhere on any device to ensure secure and compliant

Avner Algom - Cloud is the new world economy

Avner Algom

This document discusses a meetup group focused on cloud computing called IGTCloud. The group has over 4,700 members who network and learn about cloud technologies like OpenStack, DevOps, analytics, and more. The cloud market is growing rapidly and expected to hit $240 billion by 2020, driving growth in areas like SaaS, IaaS, PaaS, and more. The document outlines perspectives for both cloud users and vendors on opportunities in the cloud.

What's hot

A beginners guide to administering office 365 with power shell antonio maio

AntonioMaio2

October 2020 Microsoft 365 Need to Know Webinar

Robert Crane

2020-03-05 Secure IT day 2020 Abalon - comment protéger votre environnement ...

Patrick Guimonet

October 2021 Microsoft 365 Need to Know Webinar

Robert Crane

Need to Know Webinar - October 2017

Robert Crane

Cryptzone SharePoint and Office 365 Security Solutions Guide

David J Rosenthal

2018 10-17 J1 1B - How to plan your modern workplace project - Ammar Hasayen

Modern Workplace Conference Paris

May 2018 Office 365 Need to Know Webinar

Robert Crane

September 2020 Microsoft 365 Need to Know Webinar

Robert Crane

What is Office 365 | Benifits of Office 365 | Learn Office 365

Gloire Tech

The End of the Domain Controller

Robert Crane

Microsoft Cloud Updates - October 2017

Robert Crane

O365Con18 - Protecting your Data in Office 365 - Arjan Cornelissen

NCCOMMS

Security and compliance in Office 365 -Part 1

Vignesh Ganesan I Microsoft MVP

Azure Functions and Microsoft Graph

Microsoft Tech Community

Identity and Data protection with Enterprise Mobility Security in ottica GDPR

Jürgen Ambrosi

Office 365 security concerns, EU General Data Protection Regulation (GDPR)

Sonja Madsen

Microsoft 365 Threat Management and security - EMS E5

Ammar Hasayen

Azure AD B2C Webinar Series: Custom Policies Part 3 Troubleshooting

Vinu Gunasekaran

May 2018 Azure Need to Know Webinar

Robert Crane

What's hot (20)

A beginners guide to administering office 365 with power shell antonio maio

October 2020 Microsoft 365 Need to Know Webinar

2020-03-05 Secure IT day 2020 Abalon - comment protéger votre environnement ...

October 2021 Microsoft 365 Need to Know Webinar

Need to Know Webinar - October 2017

Cryptzone SharePoint and Office 365 Security Solutions Guide

2018 10-17 J1 1B - How to plan your modern workplace project - Ammar Hasayen

May 2018 Office 365 Need to Know Webinar

September 2020 Microsoft 365 Need to Know Webinar

What is Office 365 | Benifits of Office 365 | Learn Office 365

The End of the Domain Controller

Microsoft Cloud Updates - October 2017

O365Con18 - Protecting your Data in Office 365 - Arjan Cornelissen

Security and compliance in Office 365 -Part 1

Azure Functions and Microsoft Graph

Identity and Data protection with Enterprise Mobility Security in ottica GDPR

Office 365 security concerns, EU General Data Protection Regulation (GDPR)

Microsoft 365 Threat Management and security - EMS E5

Azure AD B2C Webinar Series: Custom Policies Part 3 Troubleshooting

May 2018 Azure Need to Know Webinar

Similar to Dutch Microsoft & Security Meetup - Ignite recap Microsoft 365 Security and Compliance

30 March 2017 - Vuzion Ireland Love Cloud

Vuzion

Avner Algom - Cloud is the new world economy

Avner Algom

June 2020 Microsoft 365 Need to Know Webinar

Robert Crane

Microsoft Ignite Recap: Microsoft 365 Security & Compliance with Vlad & Drew

Drew Madelung

The document discusses a Microsoft Ignite recap webinar on security and compliance that will take place on November 21st at 1:00 PM EST. It will feature a special guest, Antonio Maio, and will discuss topics like encryption, sensitivity labels, data residency compliance, insider risk management, and the Microsoft security and compliance roadmap. The webinar is part of a Microsoft Ignite recap webinar series.

September 2021 Microsoft 365 Need to Know Webinar

Robert Crane

2018-10-17 J1 6D - Draw your imagination with Microsoft Graph API - Dipti Chh...

Modern Workplace Conference Paris

The document discusses Microsoft Graph APIs and how they can be used to access data from Microsoft 365 services like Office 365, Azure Active Directory, and Enterprise Mobility + Security. It provides an overview of Microsoft Graph capabilities, authentication procedures, and integration opportunities. It also demonstrates the Graph Explorer tool and how to build an app that retrieves employee directory data from Azure AD using Microsoft Graph.

Tour de France Azure PaaA 1/7 Commencer avec Azure

Alex Danvy

The document provides information about an Azure PaaS tour of France including dates and locations for presentations in various cities from April to May. It also includes details about the presenter Alex Danvy and the topics that will be covered related to starting with Azure, running applications, storing data, security, DevOps, and best practices. Finally, it shares information on Microsoft Partner Network offerings at different membership levels including benefits, prerequisites, and annual pricing.

November 2022 CIAOPS Need to Know Webinar

Robert Crane

Microsoft Information Protection: Your Security and Compliance Framework

Alistair Pugin

Its one thing encrypting and protecting your data from prying eyes but what use is it, if it is not retained or protected against loss. With Microsoft Information Protection, Microsoft provides organisations the ability to: • Protection content from deletion • Adhere to compliance standards (GDPR, HIPAA, etc) • Discover content for litigation • Manage access to content based on rules By implementing the correct rules, organisations are able to mitigate risk and remain compliant and at the same time ensure that content is identified, classified, retained and disposed of accordingly.

Hyf project ideas_02

KatoK1

The document discusses selecting and implementing machine learning projects. It begins by explaining why machine learning and data science are important topics. It then provides a practical approach to narrowing the scope of a project idea by considering factors like available data, required skills, business impact, and likelihood of success. Several potential project ideas are analyzed against these criteria, with one involving predicting customer churn being selected for further analysis. The document demonstrates a customer churn prediction model and discusses next steps for learning Azure and pursuing Microsoft certifications.

October 2022 CIAOPS Need to Know Webinar

Robert Crane

Unlocking security insights with Microsoft Graph API

Microsoft Tech Community

As organizations deploy additional security controls to combat today’s evolving threats, integration challenges often limit the return of investment. The new security API in the Microsoft Graph makes it easier for enterprise developers and ISVs to unlock insights from these solutions by unifying and standardizing alerts for easier integration and correlation, bringing together contextual data to inform investigations, and enabling automation for greater SecOps efficiency. We will walk through real world examples of applications that leverage the security API to help customers realize the full value of their security investments.

Realise True Business Value .pdf

ThousandEyes

This document provides an overview of ThousandEyes monitoring capabilities for SaaS environments. It discusses how modern application architectures and cloud adoption are creating challenges for visibility. ThousandEyes removes blind spots across the digital supply chain. The document demonstrates differences in delivery for Microsoft 365 applications like Outlook and SharePoint. It also provides an example of how ThousandEyes helped a Microsoft partner improve customer satisfaction. Finally, it shares data on the business benefits ThousandEyes can provide and calls partners to action.

Microsoft Graph community call May, 2018

Microsoft 365 Developer

Dan Kershaw from the Microsoft Graph team hosted the call and shared an overview about how to add your own custom properties to Microsoft Graph using Microsoft Graph extensions. Sarah Fender, Cloud and Enterprises Security, discussed the brand-new Microsoft Graph Security APIs, and how you could use these in your applications, including some great demos featuring a sample app and partner-built app demos. Next, Nilesh Shah from Office Platform team shared some cool demos of how to connect Excel and PowerBI to Microsoft Graph data. He then introduced us to the Visual Studio connector service that makes it a breeze to configure your VS project to work with Microsoft Graph. Yina Arenas from the Microsoft Graph team rounded things off with some information about Build 2018 – where to find the event planner and where Microsoft Graph will feature at Build.

What small businesses need to know about Azure AD premium

Miguel Tena

Windays14 - How to (remote) control Office 365 with Azure

atwork

This document discusses how to remotely control and automate Office 365 using Azure. It begins with an overview of why remote control of Office 365 is useful for automation. It then demonstrates authenticating to Azure Active Directory and Office 365 services like SharePoint and Exchange. The document discusses the various APIs and tools available to access and integrate with Office 365 services when deployed on Azure. It provides links to documentation, SDKs, blogs and samples to help developers build automated solutions using Office 365 and Azure.

Introduction to Microsoft 365

Robert Crane

CIAOPS Need to Know Office 365 Webinar - March 2018

Robert Crane

2020-05-28 Microsoft 365 Virtual Marathon - Mobility with Microsoft 365 from ...

Patrick Guimonet

Understanding Security and Compliance in Microsoft Teams - M365 Saturday Pune...

Chirag Patel

Similar to Dutch Microsoft & Security Meetup - Ignite recap Microsoft 365 Security and Compliance (20)

30 March 2017 - Vuzion Ireland Love Cloud

Avner Algom - Cloud is the new world economy

June 2020 Microsoft 365 Need to Know Webinar

Microsoft Ignite Recap: Microsoft 365 Security & Compliance with Vlad & Drew

September 2021 Microsoft 365 Need to Know Webinar

2018-10-17 J1 6D - Draw your imagination with Microsoft Graph API - Dipti Chh...

Tour de France Azure PaaA 1/7 Commencer avec Azure

November 2022 CIAOPS Need to Know Webinar

Microsoft Information Protection: Your Security and Compliance Framework

Hyf project ideas_02

October 2022 CIAOPS Need to Know Webinar

Unlocking security insights with Microsoft Graph API

Realise True Business Value .pdf

Microsoft Graph community call May, 2018

What small businesses need to know about Azure AD premium

Windays14 - How to (remote) control Office 365 with Azure

Introduction to Microsoft 365

CIAOPS Need to Know Office 365 Webinar - March 2018

2020-05-28 Microsoft 365 Virtual Marathon - Mobility with Microsoft 365 from ...

Understanding Security and Compliance in Microsoft Teams - M365 Saturday Pune...

More from Maarten Eekels

ESPC19 - Office 365 Labels Deep Dive

Dutch Microsoft & Security Meetup - Ignite recap Microsoft 365 Security and Compliance

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Dutch Microsoft & Security Meetup - Ignite recap Microsoft 365 Security and Compliance

Similar to Dutch Microsoft & Security Meetup - Ignite recap Microsoft 365 Security and Compliance (20)

More from Maarten Eekels

More from Maarten Eekels (20)

Recently uploaded

Recently uploaded (20)

Dutch Microsoft & Security Meetup - Ignite recap Microsoft 365 Security and Compliance