Paul Hunt, profile picture
Uploaded byPaul Hunt
PPTX, PDF319 views

Exploring conditional access to content stored in office 365 spsce

This document summarizes a presentation about exploring conditional access to content in Office 365. It discusses authentication versus authorization, and what conditional access means. It outlines the different access layers in Microsoft 365 including encryption, role-based access control, conditional access, and Azure AD privileged identity management. It compares the capabilities of privileged identity management and privileged access management. Finally, it provides information on configuring privileged access management in Office 365.

Embed presentation

Download to read offline
Exploring Conditional Access to content in Office 365 Paul Hunt SharePoint Saturday Central Europe 31.08.2019 #SPSCentralEurope
A big thank you to our sponsors!
Who am I?
Who am I?
What is this session about?
Access Layers in Microsoft 365 Encryption RBAC Conditional Access Azure AD PIM PAM in Office 365 Prevent unauthorized illegitimate access Govern legitimate access Role & risk based Standing access (Permissions) JIT & JEA With Approval (Elevation of Privilege)
RBAC & Conditional Access RBAC Conditional Access Role & risk based Standing access (Permissions) Access Reviews & Conditional Access Govern legitimate access
Authentication Versus Authorisation
Authentication Versus Authorisation
When are they accessing? What do we mean by conditional access?
When are they accessing? What do we mean by conditional access?
When are they accessing? What do we mean by conditional access?
Additional options – EM+S E5
Additional options EM+S
What can be achieved with ADFS
What can be achieved with ADFS
What can be achieved with ADFS
What can be achieved with ADFS
What CAN’T be achieved with ADFS? @tenant.onmicrosoft.com
What can be achieved with E1/E3/E5
What can be achieved with E1/E3/E5
What can be achieved with E1/E3/E5
What can be achieved with E1/E3/E5
What can be achieved with E1/E3/E5
What can be achieved with E1/E3/E5
What can be achieved with E1/E3/E5
What can be achieved with E1/E3/E5
What can be achieved with E1/E3/E5
What can be achieved with E1/E3/E5
What can be achieved with E1/E3/E5
MFA Pro Tip!
SharePointPerimeterBlocking&MFA
What can be achieved with EM+S E3
What can be achieved with EM+S E3*
SharePointSiteCollectionScoped Policies
Site Classification Label
Central Admin Control
BRK3101 – Securing your SharePoint and OneDrive content with access policies and labels – Sesha Mani Watch the Ignite Session for Demos
What can be achieved with EM+S E5
What can be achieved with EM+S E5
What can be achieved with EM+S E5
What can be achieved with EM+S E5
What can be achieved with EM+S E5
What can be achieved with EM+S E5
What can be achieved with EM+S E5
RiskBasedPolicies,IdentityProtection andEntitlementPackages
Access Layers in Microsoft 365 Encryption RBAC Conditional Access Azure AD PIM PAM in Office 365 Prevent unauthorized illegitimate access Govern legitimate access Role & risk based Standing access (Permissions) JIT & JEA With Approval (Elevation of Privilege) Access Reviews & Conditional Access
PIM & PAM Azure AD PIM PAM in Office 365 JIT & JEA With Approval (Elevation of Privilege) Govern legitimate access Access Reviews
Comparing PIM/PAM Requires EM+S E5 (Or Azure AD P2) Permits Role based control Available for 32 Admin Roles Available for Azure Resources Ignite – BRK3248 Person Focussed GA Announced 25/09 @ Ignite Requires Office 365 E5 (or Advanced Compliance Sku) Permits TASK/ROLE based control Only available for EXCHANGE initially. Ignite – BRK3222 Task Focussed Azure PIM Office 365 PAM
PIMinaction
Configuring Office 365 PAM
Configuring Office 365 PAM
Configuring Office 365 PAM
Configuring Office 365 PAM
Configuring Office 365 PAM
Configuring Office 365 PAM
Configuring Office 365 PAM
Configuring Office 365 PAM
PAMinaction
Useful Resources Access Control Policies Access Control Policies AD Risk Events https://aka.ms/mfasetup Docs Preview Docs Docs Docs
Thank you

More Related Content

PPTX
Exploring conditional access to content stored in Office 365
byPaul Hunt
 
PPTX
Password less auth using Azure AD
byCloudFronts Technologies LLP.
 
PDF
SAML and Liferay
byMika Koivisto
 
PPTX
Exploring conditional access to content stored in Office 365 - SPS Helsinki
byPaul Hunt
 
PPTX
Spunite exploring identity management options in office 365
byPaul Hunt
 
PPTX
AWS Meetup June - Windows Workloads
byPolarSeven Pty Ltd
 
PDF
Taking a Pragmatic Look at the Salesforce Security Model
bySalesforce Developers
 
PPTX
SAML Smackdown
byPat Patterson
 
Exploring conditional access to content stored in Office 365
byPaul Hunt
 
Password less auth using Azure AD
byCloudFronts Technologies LLP.
 
SAML and Liferay
byMika Koivisto
 
Exploring conditional access to content stored in Office 365 - SPS Helsinki
byPaul Hunt
 
Spunite exploring identity management options in office 365
byPaul Hunt
 
AWS Meetup June - Windows Workloads
byPolarSeven Pty Ltd
 
Taking a Pragmatic Look at the Salesforce Security Model
bySalesforce Developers
 
SAML Smackdown
byPat Patterson
 

What's hot

PPTX
IdP, SAML, OAuth
byDan Brinkmann
 
PPTX
Secure and Optimize APIs using Azure API Management
byBizTalk360
 
PDF
Power BI - Dynamic role level security
byLorenzo Vercellati
 
PDF
Secure Salesforce: Org Access Controls
bySalesforce Developers
 
PDF
Evaluate Drupal & Symfony - Yuriy Gerasimov & Taras Omelianenko
byDrupalCamp Kyiv
 
PDF
Amazon Lex Chatbot Tutorial | Amazon Lex Chatbot Demo | AWS Certification Tra...
byEdureka!
 
PPTX
Azure API Management Update
byBizTalk360
 
PPTX
API as-a-Product with Azure API Management (APIM)
byBishoy Demian
 
PPT
Salesforce Security Model (Dmitry Goshko, Igor Haritonovich)
byYury Bondarau
 
PPTX
Azure API Management
byjeremysbrown
 
PDF
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
byCloudIDSummit
 
PPTX
Azure API Management
byDaniel Toomey
 
PPTX
XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...
byDavid Brossard
 
PPT
Salesforce Integration
byJoshua Hoskins
 
PPTX
DD109 Claims Based AuthN in SharePoint 2010
bySpencer Harbar
 
PPT
Modelando y Asegurando Servicios
bymascodigo
 
PDF
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...
byEric Shupps
 
PPTX
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
byEric Shupps
 
PDF
CIS14: Enterprise Identity APIs
byCloudIDSummit
 
PDF
Azure API Management - Global Azure Bootcamp 2019
bySam Fernando
 
IdP, SAML, OAuth
byDan Brinkmann
 
Secure and Optimize APIs using Azure API Management
byBizTalk360
 
Power BI - Dynamic role level security
byLorenzo Vercellati
 
Secure Salesforce: Org Access Controls
bySalesforce Developers
 
Evaluate Drupal & Symfony - Yuriy Gerasimov & Taras Omelianenko
byDrupalCamp Kyiv
 
Amazon Lex Chatbot Tutorial | Amazon Lex Chatbot Demo | AWS Certification Tra...
byEdureka!
 
Azure API Management Update
byBizTalk360
 
API as-a-Product with Azure API Management (APIM)
byBishoy Demian
 
Salesforce Security Model (Dmitry Goshko, Igor Haritonovich)
byYury Bondarau
 
Azure API Management
byjeremysbrown
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
byCloudIDSummit
 
Azure API Management
byDaniel Toomey
 
XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...
byDavid Brossard
 
Salesforce Integration
byJoshua Hoskins
 
DD109 Claims Based AuthN in SharePoint 2010
bySpencer Harbar
 
Modelando y Asegurando Servicios
bymascodigo
 
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...
byEric Shupps
 
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
byEric Shupps
 
CIS14: Enterprise Identity APIs
byCloudIDSummit
 
Azure API Management - Global Azure Bootcamp 2019
bySam Fernando
 

Similar to Exploring conditional access to content stored in office 365 spsce

PDF
MSFT Cloud Architecture Information Protection
byKesavan Munuswamy
 
PPTX
Security and Compliance with SharePoint and Office 365
byRichard Harbridge
 
PDF
Microsoft 365 Enterprise Security with E5 Overview
byDavid J Rosenthal
 
PDF
Microsoft Office 365 Security and Compliance
byDavid J Rosenthal
 
PPTX
Secure your M365 resources using Azure AD Identity Governance
byVignesh Ganesan I Microsoft MVP
 
PDF
O365Con18 - Exploring Conditional Access to content stored in Office 365 - Pa...
byNCCOMMS
 
PPTX
Securing, Governing, and Protecting Your Office 365 Investments
byChris Bortlik
 
PPTX
Rencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
byRencore
 
PDF
December 2019 Microsoft 365 Need to Know Webinar
byRobert Crane
 
PPTX
Azure AD with Office 365 and Beyond!
byRavikumar Sathyamurthy
 
PPTX
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
byScott Hoag
 
PDF
Softwerx Microsoft 365 Security Webinar Presentation
byPatrick Leckie
 
PPTX
Office 365 Saturday - Office 365 Security Best Practices
byBenoit HAMET
 
PDF
O365Engage17 - Protecting O365 Data in a Modern World
byNCCOMMS
 
PPTX
B2 - The History of Content Security: Part 2 - Adam Levithan
bySPS Paris
 
PPTX
20171207 we are moving to the cloud what about security
byArjan Cornelissen
 
PPTX
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
byAdam Levithan
 
PPTX
ESDDC - Making Secured Content Discoverable in SharePoint
byJonathan Ralton
 
PPTX
SIKM Boston - Making Secured Content Discoverable in SharePoint
byJonathan Ralton
 
PPTX
Safely Enabling Office 365
byHammerNJ
 
MSFT Cloud Architecture Information Protection
byKesavan Munuswamy
 
Security and Compliance with SharePoint and Office 365
byRichard Harbridge
 
Microsoft 365 Enterprise Security with E5 Overview
byDavid J Rosenthal
 
Microsoft Office 365 Security and Compliance
byDavid J Rosenthal
 
Secure your M365 resources using Azure AD Identity Governance
byVignesh Ganesan I Microsoft MVP
 
O365Con18 - Exploring Conditional Access to content stored in Office 365 - Pa...
byNCCOMMS
 
Securing, Governing, and Protecting Your Office 365 Investments
byChris Bortlik
 
Rencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
byRencore
 
December 2019 Microsoft 365 Need to Know Webinar
byRobert Crane
 
Azure AD with Office 365 and Beyond!
byRavikumar Sathyamurthy
 
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
byScott Hoag
 
Softwerx Microsoft 365 Security Webinar Presentation
byPatrick Leckie
 
Office 365 Saturday - Office 365 Security Best Practices
byBenoit HAMET
 
O365Engage17 - Protecting O365 Data in a Modern World
byNCCOMMS
 
B2 - The History of Content Security: Part 2 - Adam Levithan
bySPS Paris
 
20171207 we are moving to the cloud what about security
byArjan Cornelissen
 
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
byAdam Levithan
 
ESDDC - Making Secured Content Discoverable in SharePoint
byJonathan Ralton
 
SIKM Boston - Making Secured Content Discoverable in SharePoint
byJonathan Ralton
 
Safely Enabling Office 365
byHammerNJ
 

More from Paul Hunt

PPTX
Making auditing great again! Office 365
byPaul Hunt
 
PPTX
Spsnl18 exploring identity management options in office 365
byPaul Hunt
 
PPT
Iw411 migrating content by search from 2010 into 2013 - minified
byPaul Hunt
 
PPTX
What do you mean 90 days isnt enough
byPaul Hunt
 
PPTX
SPSBE building an faq for end users
byPaul Hunt
 
PPTX
SUGUK Cambridge - Display Templates & JSLink for IT Pros
byPaul Hunt
 
PPTX
Spsbe using js-linkanddisplaytemplates
byPaul Hunt
 
PPTX
JSLink for ITPros - SharePoint Saturday Jersey
byPaul Hunt
 
PPTX
Creating an FAQ for end users, An evolution of an idea - SharePoint Saturday ...
byPaul Hunt
 
PPTX
#SPSLondon - Session 2 JSLink for IT Pros
byPaul Hunt
 
PPTX
#SPSLondon - Session 1 - Building an faq for end users
byPaul Hunt
 
PDF
SPSSTHLM - Using JSLink and Display Templates for ITPros
byPaul Hunt
 
PPTX
Using js link and display templates
byPaul Hunt
 
Making auditing great again! Office 365
byPaul Hunt
 
Spsnl18 exploring identity management options in office 365
byPaul Hunt
 
Iw411 migrating content by search from 2010 into 2013 - minified
byPaul Hunt
 
What do you mean 90 days isnt enough
byPaul Hunt
 
SPSBE building an faq for end users
byPaul Hunt
 
SUGUK Cambridge - Display Templates & JSLink for IT Pros
byPaul Hunt
 
Spsbe using js-linkanddisplaytemplates
byPaul Hunt
 
JSLink for ITPros - SharePoint Saturday Jersey
byPaul Hunt
 
Creating an FAQ for end users, An evolution of an idea - SharePoint Saturday ...
byPaul Hunt
 
#SPSLondon - Session 2 JSLink for IT Pros
byPaul Hunt
 
#SPSLondon - Session 1 - Building an faq for end users
byPaul Hunt
 
SPSSTHLM - Using JSLink and Display Templates for ITPros
byPaul Hunt
 
Using js link and display templates
byPaul Hunt
 

Recently uploaded

PDF
Here are the winners of KALIDASA SAMMAN.
byglcppro
 
PDF
Hire-NET-Developers. Dot Net Developers
byDigisoft Solution
 
PDF
Micro project .pdf drone technology Report
byRenitaMamgain
 
PPTX
CaseStudy-CloudMigration -For USE CASE -Customer Success Info -6-Aug-25.pptx
bywinlentech
 
PDF
How Social Media Management Tools Work – Step-by-Step Guide
byTurrboo
 
PPTX
Role of VMware and Cloud Computing in CyberSecurity.pptx
byalehanoor1325
 
PDF
Design For Test - Getting Test Automation value from Design Expressions.
byDavid Harrison
 
PPTX
BIG DATA it is talking about the big data.pptx
byAbhishekGarg269
 
PPT
Lecture_3 Network Securityeyeyggegeg.ppt
bysawsan202
 
PDF
tokiohotellistening.pdf for tokiohotelfans
byrafaelgombos1234
 
PPTX
ChatGPT on education positively snd negatively
by88rtgpscxx
 
PPTX
COĞRAFYA ödevi 70 sayfa güzeldir hayırlı olsun
bydtilter
 
PDF
Xnspy vs FlexiSPY: 2025 Monitoring Comparison
byMichael Carter
 
PPTX
PRITHVI theater, A true artist. Newzfeaturez.pptx
bysc05digital
 
PPTX
Computer Networks 01[1 using all terms].pptx
bywaqasahmedbhatti633
 
PDF
WShell Gameplay and Games of Games of Games
byzramirezmtz9
 
PPTX
Introduction Digital Signal Processing.pptx
byumairmuhammad0409
 
PPTX
Bibhav Singh.pptx it's very useful for us it's in very good and very nice
byabhishekjaiswal5th33
 
PPTX
Abhishek Jaiswal.ppt.pptx for you it is very useful for me and I am sharing w...
byabhishekjaiswal5th33
 
PPTX
SriLank SLT LTE Network Sharing V2.pptx
bynthuang
 
Here are the winners of KALIDASA SAMMAN.
byglcppro
 
Hire-NET-Developers. Dot Net Developers
byDigisoft Solution
 
Micro project .pdf drone technology Report
byRenitaMamgain
 
CaseStudy-CloudMigration -For USE CASE -Customer Success Info -6-Aug-25.pptx
bywinlentech
 
How Social Media Management Tools Work – Step-by-Step Guide
byTurrboo
 
Role of VMware and Cloud Computing in CyberSecurity.pptx
byalehanoor1325
 
Design For Test - Getting Test Automation value from Design Expressions.
byDavid Harrison
 
BIG DATA it is talking about the big data.pptx
byAbhishekGarg269
 
Lecture_3 Network Securityeyeyggegeg.ppt
bysawsan202
 
tokiohotellistening.pdf for tokiohotelfans
byrafaelgombos1234
 
ChatGPT on education positively snd negatively
by88rtgpscxx
 
COĞRAFYA ödevi 70 sayfa güzeldir hayırlı olsun
bydtilter
 
Xnspy vs FlexiSPY: 2025 Monitoring Comparison
byMichael Carter
 
PRITHVI theater, A true artist. Newzfeaturez.pptx
bysc05digital
 
Computer Networks 01[1 using all terms].pptx
bywaqasahmedbhatti633
 
WShell Gameplay and Games of Games of Games
byzramirezmtz9
 
Introduction Digital Signal Processing.pptx
byumairmuhammad0409
 
Bibhav Singh.pptx it's very useful for us it's in very good and very nice
byabhishekjaiswal5th33
 
Abhishek Jaiswal.ppt.pptx for you it is very useful for me and I am sharing w...
byabhishekjaiswal5th33
 
SriLank SLT LTE Network Sharing V2.pptx
bynthuang
 

Exploring conditional access to content stored in office 365 spsce

Editor's Notes

  • #5 I also do woodturning, It’s cheaper than therapy!! Office 365 can be a lot like woodturning.. If you don’t pay attention to what you’re doing, it’s easy to make a mistake and go through the bottom of the bowl!
  • #7 Encryption first, Permissions, the Elevation of Privilege. (Diagram courtesy of Microsoft)
  • #8 Encryption first, Permissions, the Elevation of Privilege. (Diagram courtesy of Microsoft)
  • #9 Traditional access control has been what we class as Standing Access. A rigid defined set of rules.
  • #10 Conditional access has blurred the lines by introducing flexibility to the rule base.
  • #12 ADFS/PTA will honour Logon hours.. But with a very unhelpful screen! Luckily account lockout policies don’t apply to users during timeout periods!
  • #13 ADFS will honour Logon hours.. But with a very unhelpful screen! Luckily account lockout policies don’t apply to users during timeout periods!
  • #17 Office 365 wants to access your ADFS to validate certificates. This can be done manually but timing is critical.
  • #18 https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/access-control-policies-in-ad-fs
  • #19 https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/access-control-policies-w2k12
  • #20 https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/access-control-policies-in-ad-fs
  • #25 Users can log into Office 365 portal, but clicking on SharePoint are blocked.
  • #26 Teams you can open, This has now been improved! You now see the files
  • #27 Users with mobile devices will only work when connected to the corporate Wifi
  • #28 But groups works? (Although you can’t download files, only view in browser)
  • #29 But groups works? (Although you can’t download files, only view in browser) Download link gives you a useful error.. Open In Word just keeps recycling the login prompt.
  • #30 If you create a Team whilst access is blocked, the SharePoint site gets created but does NOT get connected.. Have opened this as a bug with the Teams team! This has since been fixed!
  • #33 The IP range will be your PUBLIC IP address used by your outbound proxies. Google what’s my IP
  • #37 Or Azure AD Premium P1 (Although this means no Intune policies e.g. Device health)
  • #38 Or Azure AD Premium P1 (Although this means no Intune policies e.g. Device health)
  • #45 https://www.microsoft.com/en-gb/cloud-platform/enterprise-mobility-security-pricing https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-overview
  • #46 Azure AD Conditional Access (left) can be more granular than AIP (right)
  • #48 1 - We can add Office 365 Groups (Outlook/Teams) 2 - Applications published through Azure 3 - SharePoint Sites (Note: Multi-Geo issue) 4 – Roles are appropriate to the object being added.
  • #49 We can restrict who this grants access to and who needs to approve it.
  • #50 And control the need for justification, approval time out And package expiration (with the option to extend)
  • #51 And control the need for justification, approval time out And package expiration (with the option to extend)
  • #53 Encryption first, Permissions, the Elevation of Privilege. (Diagram courtesy of Microsoft)
  • #54 Encryption first, Permissions, the Elevation of Privilege. (Diagram courtesy of Microsoft) JUST IN TIME admin and JUST ENOUGH ACCESS (And ACCESS REVIEWS for governance)
  • #55 Currently available – EM+S E5 – Azure PIM. Rolling out to O365 E5 – Office 365 PAM
  • #56 https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure https://docs.microsoft.com/en-us/office365/securitycompliance/privileged-access-management-overview Person Focussed means the control is placed on the PERSON.. Task Focussed means the control is placed on the TASK regardless of who is requesting.
  • #57 All config actions happen within the PIM Manage section of the menu. Roles – Allows us to assign people to a role. Members – Lists all users with roles (allows us to search and filter and importantly REVOKE) Alerts – Displays alerts! Access Reviews – Allows period reviews of access Wizard – drives an initial configuration of PIM Settings – Allows granular configuration
  • #58 Users are assigned to roles and given “Eligible” status. This allows them to request elevation to this role.
  • #59 Users are assigned to roles and given “Eligible” status. This allows them to request elevation to this role.
  • #61 Configuration will be a mixture of Admin GUI and Exchange PoSH. As with PIM, elevation can be automatic or approval based. https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Privileged-access-management-in-Office-365-is-now-Generally/ba-p/261751