The document discusses Microsoft 365 security strategies, emphasizing comprehensive protection against identity attacks and data breaches across various platforms, including Azure and Office 365. It highlights the importance of using advanced analytics for threat detection and response, as well as the increasing prevalence of cyber threats such as phishing and ransomware. Additionally, it includes links to resources for implementing Microsoft Cloud App Security and monitoring anomalies in user and file behavior.

1. #M365May @M365May M365May.com
THANK YOU TO OUR SPONSORSTHANK YOU TO OUR SPONSORS

2. #M365May @M365May M365May.com
ROBERT CRANE
MEGAN & LORYAN STRANT | STRANT CONSULTING
HOW TO GET DEEPER ADMINISTRATION
INSIGHTS INTO YOUR TENANT
@directorcia
http://about.me/ciaops

3. Detect ProtectClassify Monitor
C L O U DD E V I C E S O N P R E M I S E S
Comprehensive protection of sensitive data throughout the lifecycle – across
devices, apps, cloud services and on-premises
Microsoft’s approach to information protection

4. User browses to a
website
Phishing
mail
Opens
attachment
Clicks on a URL
+
Exploitation
& Installation
Command
& Control
Brute force account or
use stolen account credentials
User account
is compromised
Attacker
attempts lateral
movement
Privileged
account
compromised
Domain
compromised
Attacker accesses
sensitive data
Exfiltrate data
Protection across
Azure AD Identity Protection
Identity protection &
conditional access
Cloud App Security
Extends protection & conditional
access to other cloud apps
Azure ATP
Azure AD Identity Protection
Identity protection &
conditional access
Identity protection
Windows Defender
ATP
Endpoint protection
Office 365 ATP
Malware detection, safe links,
safe attachments
Attacker collects recon
and config data

5. Phishinglllllllll
Password
Spraylllllllll
Breach
Replay
attacker-driven sign-ins
detected in October 20191.7B
high-risk enterprise sign-in
attempts flagged in October 2019901K
compromised enterprise
accounts detected in
October 2019
162K
Phishinglllllllll
Password
Spraylllllllll
Breach
Replay
of hacking breaches leverage
stolen or weak passwords
81% Verizon 2017 Data Breach
Investigation Report
300%
increase in identity attacks
over the past year.
2017: 10M/day 2018: 100M/day 2019: 300M/day
2.5% definitively password spray; 1.6% definitively breach replay; 95.9% indeterminate

6. devices datausers apps
On-premises /
Private cloud
Firewall used to be the
Security Perimeter

8. $$
Office 365
On-
premises

9. Unique insights, informed by trillions of signals

12. Azure AD as the control point
Active Directory

13. Logs

14. https://protection.office.com/unifiedauditlog

15. https://protection.office.com/unifiedauditlog

16. How long does Azure AD store the data?
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/reference-reports-data-retention

17. Alerts

18. Protection Alerts
https://protection.office.com/alertpolicies

19. Activity Alerts
https://protection.office.com/managealerts

20. #M365May @M365May M365May.com
COMPETITION WEEK 1
REGISTERED PARTICIPANTS - SCAN THE QR CODE TO ENTER THE PRIZE DRAW
COMPETITION AND PRIZE RULES
m365may.com/competition-rules

21. Monitor

22. Microsoft Cloud App
Security
What is Microsoft CAS ?
A multi-mode Cloud Access Security Broker
Insights into threats to identity and data
Raise alerts on user or file behavior anomalies in cloud apps
leveraging their API connectors
In scope for this engagement (with Office 365)
Ability to respond to detected threats, discover shadow IT
usage and configure application monitoring and control
Out of scope for this engagement
Requirements
Available to organizations with an Azure tenant or an Office 365
commercial subscription and who are in the multi-tenant and Office
365 U.S. Government Community cloud

23. Malicious Insider
Protect against disgruntled
employees before they cause
damage
Ransomware
Identify ransomware using
sophisticated behavioral analytics
technology
Rogue Application
Identify rouge applications that
access your data
Compromised Accounts
Combat advanced attackers that leverage
compromise user credentials
Malware
Detect malware in cloud
storage as soon as it’s
uploaded
Data exfiltration
Detect unusual flow of data outside of
your organization

28. Blast Off

32. Unusual file share activity
Unusual file download
Unusual file deletion activity
Ransomware activity
Data exfiltration to unsanctioned apps
Activity by a terminated employee
Indicators of a
compromised session
Malicious use of
an end-user account
Suspicious inbox rules (delete, forward)
Malware implanted in cloud apps
Malicious OAuth application
Multiple failed login attempts to app
Threat delivery
and persistence
!
!
!
Unusual impersonated activity
Unusual administrative activity
Unusual multiple delete VM activity
Malicious use of
a privileged user
Activity from suspicious IP addresses
Activity from anonymous IP addresses
Activity from an infrequent country
Impossible travel between sessions
Logon attempt from a suspicious user agent

39. Demo

40. https://docs.microsoft.com/en-us/azure/sentinel/overview

43. Conclusions

45. Resources
• Cloud App Discovery/Security - https://blog.ciaops.com/2019/05/31/cloud-app-discovery-security/
• Quickstart: Get started with Microsoft Cloud App Security - https://docs.microsoft.com/en-
gb/cloud-app-security/getting-started-with-cloud-app-security
• Office 365 Security and Compliance - https://docs.microsoft.com/en-
us/office365/securitycompliance/
• Set up Cloud Discovery - https://docs.microsoft.com/en-gb/cloud-app-security/set-up-cloud-
discovery
• Microsoft Cloud App Security overview - https://docs.microsoft.com/en-us/cloud-app-
security/what-is-cloud-app-security
• Microsoft 365 licensing guidance for security & compliance - https://docs.microsoft.com/en-
us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-
licensing-guidance/microsoft-365-security-compliance-licensing-guidance
• Microsoft Cloud App Security documentation - https://docs.microsoft.com/en-us/cloud-app-
security/

46. Email : director@ciaops.com
Twitter : @directorcia

47. #M365May @M365May M365May.com
THANK YOU TO OUR SPONSORSTHANK YOU TO OUR SPONSORS