The document provides an overview of Microsoft 365 Enterprise E5's security features which aim to simplify security management against rising cyber threats. It emphasizes the integration of native security capabilities, reduced complexity, and improved visibility for organizations, enabling efficient threat protection and data governance. Key benefits include automated security responses, identity management, compliance facilitation, and holistic protection across the digital landscape.

1. Security through simplicity
Microsoft 365 Enterprise E5
security overview
David J. Rosenthal
Vice President, Digital Business
Microsoft Technology Center, New York City
October 24, 2019

2. TECHNOLOGY HAS CHANGED THE WAY WE DO BUSINESS.
PROTECTING COMPANY ASSETS REQUIRES A NEW APPROACH.
of the world’s data has been
created in the last two years
IBM Marketing Cloud, “10 Key Marketing Trends For 2017”
90%
cloud apps in the avg. large
enterprise, 61% is shadow IT.
Microsoft 2018
1,181of hacking breaches leverage
stolen/ weak passwords
Verizon 2017 Data Breach Investigation Report
81%
The intelligent, connected cloud
introduces both opportunity and risk

3. Complexity is the enemy of intelligent security
$1.37M
On average that an
organization spends annually
in time wasted responding to
erroneous malware alerts
1.87M
Global cybersecurity
workforce shortage by 2022
70 35Security products Security vendors
Is the average for companies
with over 1,000 employees
Global Information Security Workforce Study 2017Nick McQuire, VP Enterprise Research CCS Insight. “The Cost of Insecure Endpoints” Ponemon Institute©
Research Report, June 2017

4. Cloud Redefines Security Responsibilities

5. $$
Customer
Security landscape

6. Complex and expensive integration
Constant training on new tools
Too many alerts to handle
Gaps in visibility
The ‘best-of-breed’ model is broken

7. The security paradigm needs to change.

8. Native capabilities provide simplicity
Fewer vendors and products to manage
Less end-user friction and resistance
Lower integration costs
Reduced blindspots
“If you make security hard,
people may work around it.
With Microsoft 365, we get
native capabilities,
visibility into our
operational environment,
and simplicity for all
employees.”
Simon Hodgkinson
Group Chief Information Security Officer
BP, United Kingdom

10. Securing the enterprise
with Microsoft 365

11. Threat
Protection
Information
Protection
Security
Management
Optimize with
security insights and
configuration tools
Correlate threat
information and
automatically respond
Data is your most
important company
asset
Identity & Access
Management

12. Secure identities to
reach zero trust
Strengthen
your security posture
with insights and
guidance
Help stop
damaging attacks
with integrated and
automated security
Protect sensitive
information
anywhere it lives
Threat
Protection
Identity & Access
Management
Information
Protection
Security
Management
Intelligent security for the modern workplace
Microsoft 365 unifies enterprise security and user productivity
Holistic security across your digital landscape

13. For enterprise customers
that embrace Microsoft
productivity tools,
significant gains can be
realized in security

14. https://www.youtube.com/watch?v=AL2V-wCaYps
Placeholder for overview video

15. Microsoft 365 Enterprise E5 value
Adds incremental value to Microsoft 365 E3 across these solution areas
Microsoft Internal Use Only
Brings together information
protection & advanced
compliance capabilities to
protect and govern data while
reducing risk
Compliance
Adds audio conferencing and
calling capabilities in the
cloud to enable your teams
Meetings & Calling
Adds Power BI capabilities
that help you realize
significant business value
from your data
Analytics
Extends identity and
threat protection
to help stop damaging
attacks with integrated
and automated security
Security
Microsoft 365 E5

16. Productivity, Creativity
and Teamwork solutions
Analytics
Office Applications
Outlook/ Exchange
Microsoft Teams
Skype for Business
Delve
Azure Active Directory P2
Windows Defender Advanced Threat Protection
Office 365 Advanced Threat Protection P1 & P2
Azure Advanced Threat Protection
Microsoft Cloud App Security
Azure Information Protection P2
Office 365 Cloud App Security
Advanced eDiscovery
Customer Lockbox
Advanced Data Governance
Skype Audio Conferencing
Phone System
Power BI Pro, MyAnalytics
Microsoft
365
Enterprise E5
(includes E3 solutions)
E3 E5
Microsoft 365 Enterprise E5
Azure Active Directory P1
Windows Hello
Credential Guard
Microsoft Advanced Threat Analytics
Windows Defender Antivirus
Azure Information Protection P1
Office 365 Data Loss Prevention
Windows Information Protection
BitLocker
eDiscovery
Compliance
Security

17. Why Microsoft 365 security?

18. Why Microsoft 365 E5?
Provides unmatched depth and breadth in enterprise security signals
Prioritizes user productivity alongside security
Products are designed to work better together
Automates routine tasks to speed up incident response
Secures more than just Microsoft products
Reduces Total Cost of Ownership (TCO)

19. Why Microsoft 365 E5?
Provides unmatched depth and breadth in enterprise security signals
Prioritizes user productivity alongside security
Products are designed to work better together
Automates routine tasks to speed up incident response
Secures more than just Microsoft products
Reduces Total Cost of Ownership (TCO)

20. Microsoft Intelligent Security Graph

21. Why Microsoft 365 E5?
Provides unmatched depth and breadth in enterprise security signals
Prioritizes user productivity alongside security
Integrates products to work better together
Automates routine tasks to speed up incident response
Secures more than just Microsoft products
Reduces Total Cost of Ownership (TCO)

22. Getting to a world without passwords
High security, convenient methods of strong authentication
Windows Hello Microsoft Authenticator FIDO2 Security Keys

23. Corporate
Network
Geo-location
Microsoft
Cloud App SecurityMacOS
Android
iOS
Windows
Windows
Defender ATP
Client apps
Browser apps
Google ID
MSA
Azure AD
ADFS
Require
MFA
Allow/block
access
Block legacy
authentication
Force
password
reset
******
Limited
access
Controls
Employee & Partner
Users and Roles
Trusted &
Compliant Devices
Physical &
Virtual Location
Client apps &
Auth Method
Conditions
Machine
learning
Policies
Real time
Evaluation
Engine
Session
Risk
3
40TB
Effective
policy
Conditional Access

24. Holistic Identity Protection
Azure
Active Directory
Proactively identifies
suspicious login attempts and
challenges them with MFA
Microsoft
Cloud App Security
Detects anomalous behavior
and reduces threats by limiting
access to data and applications
Microsoft
Intelligent Security
Graph
Azure
Advanced Threat Protection
Recognizes compromised accounts and
lateral movement, alerts you, and
visualizes the attack timeline
SCENARIO: A third-party site is hacked and user
credentials are exposed on the dark web.

25. Attachment
opened
Integration + Automation
Malware
infects PC
!
Windows Defender ATP
removes malware
Remediate infected
end-points
Search companywide email
and remove attachment
from affected mailboxes
Phishing
mail
Intelligent Security Graph
Shared security signals
Personal email
SCENARIO: Malware gets onto a work PC through
a personal email inbox.
Windows Defender ATP
Office 365 ATP
Infection
detected
Block the attachment
from future attacks

26. Malicious emails
found
User anomalies
suggest identity
compromise
Threat signal
shared with
WDATP for auto
remediation
Automatic
remediation
actions complete
Because Minutes Matter

27. Browse to
a website
Phishing
mail
Open
attachment
Click a URL
Exploitation
& Installation
Command
& Control
User account
is compromised
Brute force account or use
stolen account credentials
Attacker attempts
lateral movement
Privileged account
compromised
Domain
compromised
Attacker accesses
sensitive data
Exfiltrate data
Azure AD Identity Protection
Identity protection & conditional access
Microsoft Cloud App Security
Extends protection & conditional
access to other cloud appsProtection across the attack kill chain
Office 365 ATP
Malware detection, safe links,
and safe attachments
Windows Defender ATP
Endpoint Detection and Response
(EDR) & End-point Protection (EPP)
Azure ATP
Identity protection
Attacker collects
reconnaissance &
configuration data

28. DEVICES
ON P REMISES
CLOUD & SaaS AP P S
Wherever it lives or travels
Protect sensitive
information
• Discover sensitive data across apps,
cloud, on-premises and endpoints
• Classify documents and apply persistent
sensitivity labels
• Prevent unauthorized sharing or unsafe
storage with encryption and rights-
restrictions
• Apply DLP actions based on classification
labels, such as block sharing

29. Labels are easy for users to
see and understand
Label is metadata written to data, so it is persistent and
readable by other systems e.g. DLP engine
Sensitive data is automatically detected
Classify & label sensitive company data
Automatically discover personal data and apply persistent labels

30. Detect content in cloud storage services
• Inspect files for sensitive information –
based on policy
• Discover sensitive data across 3rd party
clouds like SalesForce, Box, Dropbox and
others.
Apply classification labels & protection
Automatically apply labels defined in
Microsoft Information Protection to sensitive
files discovered in cloud apps
Automatically classify, label & protect files
in cloud apps

31. Scan for sensitive files on-premises
Manage sensitive data prior to migrating to Office 365 or other cloud services
• Use discover mode to identify and report
on files containing sensitive data
• Use enforce mode to automatically classify,
label and protect files with sensitive data
• Can be configured to scan:
• CIFS file shares
• SharePoint Server 2016
• SharePoint Server 2013

32. Meet data privacy requirements
• Discover compliance-related sensitive data
across locations, including on-premises
• GDPR-specific sensitive information types
helps protect personal data in EU countries
• Assess whether your cloud apps are GDPR
compliant
• Gain visibility into classification, labeling and
protection of personal data (including
endpoints, locations, users)
• Guide end-users when working with personal
data – with policy tips and recommendations

33. • Dedicated security workspace for security
administration and operations teams
• Centralized visibility, control and
guidance across Microsoft 365 security
• Actionable insights help security
administrators assess historic and current
security postures
• Centralized alerts and tools help
security operations better manage
incident response
Centralized security management
Microsoft 365 Security Center

34. • Quantifiable measurement of your
security posture
• Visibility across all of Microsoft 365
security services and managed
entities (e.g.: Identities, Endpoints, etc)
• Board-level trend report to shows
security ROI
• Benchmarks for industry and size
• Recommendations for improving
your score
Improve your security posture
Microsoft Secure Score

35. Insights and recommendations
• Learn about the latest
threats as they emerge in
the threat landscape
• Determine your
endpoints exposure to
the latest threats
• Identify recommended
mitigations and actions
• Prioritize your next steps

36. Teaming up with our security partners to build an ecosystem of intelligent
security solutions that better defend against a world of increased threats
Integration with the security tools you already have
Microsoft Intelligent Security Association

37. Why Microsoft 365 E5?
Provides unmatched depth and breadth in enterprise security signals
Prioritizes user productivity alongside security
Products are designed to work better together
Automates routine tasks to speed up incident response
Secures more than just Microsoft products
Reduces Total Cost of Ownership (TCO)

38. Microsoft 365 secures more than just Microsoft products
• Single sign on for thousands of applications, use Azure
Multi-Factor Authentication or your current MFA solution
• Monitors and protects how your data is accessed in real-
time across your non-Microsoft cloud apps and services
• Integrates with your current Data Loss Prevention solution
• Maintains data classification and protection when emails
or documents travel to non-Microsoft platforms
• Protects emails and files on any device (Windows, Mac,
iOS, Android, or Android Enterprise)
• Extends Microsoft data labels and protections to any non-
Microsoft or internally-developed solution
• Integrates security signals from Microsoft’s Intelligent
Security Graph into your SIEM
• Protects workloads running in the cloud, for both
Windows and Linux

39. Why Microsoft 365 E5?
Provides unmatched depth and breadth in enterprise security signals
Prioritizes user productivity alongside security
Products are designed to work better together
Automates routine tasks to speed up incident response
Secures more than just Microsoft products
Reduces Total Cost of Ownership (TCO)

40. Workers gained
Microsoft 365 Enterprise E5 – by the numbers
Productivity
in end user data breaches
($3.3M PV saved in remediation
and other related costs)
EXAMPLE:
5,000 users, 3 yrs
101% ROI
NPV = $23.5M, $4,696/ user
10.25% reduced TCO
11.3 months faster
adoption as a unified
solution
10-15% across-the-board
productivity improvement
Forrester Total Economic Impact™ (TEI) Achieving Digital
Business Transformation With Microsoft 365 Enterprise E5:
A Total Economic Impact Analysis, September 2017
accessing systems and
information
22minutes
per day
from increased collaboration
and information sharing
Security
24minutes
per day
Highly mobile workers saved
from reducing 3rd-party
security solutions
55.3%
Reduction
$442,467PV total savings

41. Recap
The cloud continues to change security
‘Best of platform’ approach reduces complexity
Integration and automation at-scale
put Microsoft ahead of the market
Microsoft 365 secures non-Microsoft products
and plays well with the security tools you love

42. I need to be compliant with
data protection regulations, like
GDPR. How can Microsoft help
me discover, classify and protect
my sensitive data?
How do I find and manage
shadow IT and rogue devices,
and put in place policies to
ensure we remain compliant and
secure?
If a user gets compromised, how
can I configure security policies
that automatically enforce
additional layers of
authentication to keep my
organization safe?
Microsoft 365 addresses real-world security challenges
I have solutions from many
vendors in my enterprise IT
environment, how can Microsoft
help me secure our entire digital
landscape?
Eventually, we will experience a
breach. How can Microsoft help
me detect it and respond
fast to limit damage?
How can Microsoft help me
understand my security posture
and get recommendations on
how to improve it?

43. Contact Information
© 2019 Razor Technology www.razor-tech.com
David Rosenthal
VP & General Manager
Digital Business
@DavidJRosenthal
SlideShare
Blog: www.razor-tech.com
5 Tower Bridge
300 Barr Harbor Dr., Suite 705
West Conshohocken, PA 19428
www.razor-tech.com
David.Rosenthal@razor-tech.com
Cell: 215.801.4430
Office: 866.RZR.DATA
LETS KEEP IN TOUCH
43

44. Appendix

46. Security operations that work for you
Partnerships for a heterogeneous worldEnterprise-class intelligent security

47. “We chose Microsoft 365 Enterprise E5
because of its components’ tight integration,
intuitive user experiences, and the strong
Microsoft cloud roadmap and commitment
to security. We also find it easy to attach
best-of-breed security add-ins where we like.
Perhaps most important, we use the native
security capabilities in Microsoft 365 to
reduce complexity and streamline
processes.”
Simon Hodgkinson
Group Chief Information
Security Officer, BP UK

48. “Given our strategy to digitally
transform using native technologies
underpinned by secure platforms,
we recognized that we needed to
take the best of all Microsoft
products, which are combined in
Microsoft 365 Enterprise E5.”
Simon Hodgkinson
Group Chief Information
Security Officer, BP UK

49. “As we see the security landscape
evolving with more sophisticated
attacks, we trust Microsoft to stay
ahead of the latest threats to protect
our network and our data.”
Chris Krebs
Chief Information Officer
Fruit of the Loom

50. “Using Cloud App Security as a magnifying
glass, we gain amazing visibility into our
SaaS environment. Cloud App Security
works with Azure Information Protection
to alert us if someone is trying to share
sensitive data. Our vision is to use Cloud
App Security together with the Azure
conditional access policies that we have
already defined, such as for our
SuccessFactors app.”
Muhammad Yasir Khan
Head of IT Infrastructure
Nakilat, Qatar Gas Transport

51. “With Azure Active Directory, we can set
policies that treat employees outside the
office more strictly than those inside it
and that prompt for Multi-Factor
Authentication on unmanaged devices
or for certain applications. With
Microsoft 365, we no longer have to
choose between mobility and security—
we have both.”
Bryan Ackermann
Chief Information Officer
Korn Ferry, United States

52. “We set Azure Information
Protection so that when you click
‘confidential,’ the file will be
encrypted automatically and access
will be restricted to designated
users—even if you accidentally send
it to the wrong person.”
Erlend Skuterud
Chief Information Security Officer
Yara, Norway

53. “We’re using Azure AD to give each of
our 20,000 employees one identity and
one password, which lets us provide
simple, safeguarded access to network
assets across business units. We’ve used
Azure to change the culture at Hearst—
we’re getting people to look ahead and
see IT as an enabler, not a barrier.”
Chris Suozzi
Director of Cloud Programs
Hearst Communications

54. “Teams across different divisions and
different countries can now easily
build and safely store and share
documents. In the past, there was
nothing comparable.”
Conor O’Halloran
Head of Identity Management
Merck KGaA, Darmstadt, Germany

55. “Today, we trust EMS and Surface
devices running Windows 10 as a
highly reliable platform that protects
our data—such as the proprietary
running shoe designs that make our
name—in a mobile environment.”
Edwin Idema
IT Manager, EMEA
Asics

56. “The biggest advantage of
Windows Defender ATP over any
other endpoint protection software
is that it’s already part of the
operating system and not a third-
party add-in.”
Itzik Menashe
VP IT and Information Security
Telit, United Kingdom

57. “I can take numbers and actions
from Secure Score to management
to explain what we’re going to do
next and how that will improve our
level of protection. It helps us keep
on top of security.”
Itzik Menashe
VP IT and Information Security
Telit, United Kingdom

58. The security perimeter
has changed
devices datausers apps
On-premises
& Web apps

59. On-premises
& Web apps

60. Data center
security
Data loss
prevention
Compliance
tools
Anomaly
detection
Security
management
Information
rights
management
Email
security
Threat
detection
Hybrid cloud
security
The security market is
segmented and confusing

61. How do you balance
security and productivity?
Built-in, native security for
your platform, devices, and
productivity tools.
?
A

62. Jason’s Deli
January 11, 2018
As many as 2 million payment cards
were stolen and sold on the dark web.
FedEx
February 15, 2018
Personal information was found on
an unsecure cloud storage server.
Under Armour
March 29, 2018
An unauthorized party acquired data
from 150 million cloud app users.
Saks Fifth Avenue
April 1, 2018
Hackers stole 5 million credit and debit
cards and sold them on the dark web.
Real life data breaches

63. Realities of digital
transformation

64. of companies have
embraced the cloud
(1.88B) of the global
workforce will be mobile
by 2023
of European companies
say they are GDPR
compliant
of successful enterprise
attacks will be on Shadow
IT resources by 2020
96% 43% 1/3 Only 26%
The intelligent, connected cloud
introduces both opportunity and risk
Technology has changed the way
enterprises conduct business…
…requiring a new approach to
protecting company assets
2018 State of the Cloud Survey (Rightside) Global Mobile Workforce Forecast Update 2017-2023,
Strategy Analytics
How to eliminate enterprise shadow IT, Gartner, April 11,
2017
“The State of GDPR Readiness: GDPR Readiness
Progresses, But Strategies Depend Too Heavily on IT”
Forrester, January, 2018

65. complexity
Lack of specific recommendations
on how to improve security
posture
Too much time spent
managing security vendors
Too many alerts to investigate
Learning how to configure and
manage disparate security
solutions slows deployment
Integration is time-consuming and
increases total cost of ownership
User productivity is compromised
for the sake of security, resulting
in users bypassing security
measures

66. Microsoft 365 Enterprise E5
security products

67. Security solutions in Microsoft 365 Enterprise E5
Azure Active Directory
Microsoft Cloud App Security
Windows Hello
Windows Credential Guard
Microsoft 365 Security Center
Microsoft Secure Score
Microsoft Cloud App Security
Azure Advanced Threat Protection
Windows Defender
Advanced Threat Protection
Office 365 Advanced Threat Protection
Microsoft Cloud App Security
Azure Information Protection
Office 365 Data Loss Prevention
Microsoft Cloud App Security
Windows Information Protection
Microsoft Intune
BitLocker
Threat
Protection
Identity & Access
Management
Information
Protection
Security
Management

68. Identity & Access
Management
Threat
Protection
Security
Management
Information
Protection
Secure Email Gateway
Endpoint Detection and Response (EDR)
Endpoint Protection (EPP)
Anti-phishing
Anti-virus/ Anti-malware
User and Entity Behavior Analytics (UEBA)
Anomaly Detection
Threat Intelligence Feeds
Remote Browser
Intrusion Detection System (IDS)
Intrusion Prevention System (IPS)
Host intrusion prevention system (HIPS)
Host Firewall
Security Scoring
Reporting
Secrets Management
Database Security
Encrypted Cloud Storage
Back Up
Disaster Recovery
Virtual Private Networks (VPN)
IoT Protection
Cloud Workload Protection
DDoS Protection
Incident Response Services
Asset Discovery
Pen Testing/ Risk Assessment
Vulnerability Assessment
Web Application Testing
Managed detection and response (MDR)
SOC
Security training
SIEM (SIM/ SEM/ Log management)
Incident Ticket System
Network Firewall
Mobile Threat Detection tools
Cross-platform endpoint protection
Single Sign-on (SSO)
Multi-Factor Authentication (MFA)
Access Control
Privileged Access Management (PAM)
Data Loss Prevention (DLP)
Data Encryption
Information Protection
Data Classification
Data Governance
Cloud Access Security Broker (CASB)
Key Management
Mobile Application Management
Cloud-based Management
Security categories M365 Enterprise E5 covers
Security categories other Microsoft solutions cover
What Microsoft Services/ MSSPs/ ISVs cover
What Microsoft integrates with
What Microsoft doesn’t do
Network traffic analysis (NTA)
Container Security*
Anti-tamper software*
Deception
Web content filtering

69. Microsoft Cloud
App Security
Discovers cloud app being used in your
enterprise, identifies and combats
cyberthreats and enables you to
control how your data travels
Azure Information
Protection P2
Protects sensitive enterprise data, even
when it travels outside of your
organization
Windows Defender
Advanced Threat Protection
A unified endpoint security platform
that protects against advanced attacks
and automatically investigates and
remediates evolving threats
Azure ATP
Detect and investigate advanced
attacks on-premises and in the cloud
Azure Active
Directory P2
Identity & Access Management that is
automated across your entire digital
footprint
Office 365 Advanced
Threat Protection P1
Protects your email, files and online
storage against unknown and
sophisticated attacks
Security
Office 365 Advanced
Threat Protection P2
Research threats, track phishing or
malware campaigns aimed at your
users, and search for threat indicators
from user reports and other
intelligence sources
MICROSOFT 365 E5 SECURITY PRODUCT SUITE
E5
My Analytics
Customer Lockbox
Power BI Pro
Audio Conferencing, Phone
System
Advanced Data GovernanceCompliance
Analytics
Voice
Advanced eDiscovery

70. Threat protection gain insight from the
trillions of security-related signals on
the Intelligent Security Graph from
across the global Microsoft ecosystem.
Standard integration capabilities
connect to your other security tools
(3rd party or homegrown).
Security capabilities extend beyond
Microsoft to secure 3rd party platforms,
apps, and services.
Intelligent, adaptive security
gives users more freedom in
how they work, from
anywhere on any device.
Native security capabilities
reduce complexity and
shorten deployment times.
Individual products are
purpose-built to integrate,
which decreases TCO.
A security platform
approach that can reduce
the number of vendors you
manage.
Microsoft 365

71. Speed up investigations by mapping
lateral movement, providing evidence
to support alerts and making
recommendations for remediation and
improved security.
Proactively protect against threats with
advanced hunting queries and
education for end users that simulates
phish/malware attacks.
Automate security to detect threats and
correlates alerts to identify a specific
attack vector, investigates and
remediates threats, reauthenticates
high-risk users, and takes action to limit
access to data.
Discover shadow IT so it can be
secured and managed, reducing your
exposure to data leakage and finding
threats with machine learning, like
behavior-based anomalies.
Control access to sensitive data, even
when it’s shared outside of your
organization or accessed via a 3rd
party application.
Automatically change what level of
access is allowed and how users
authenticate based on ML that detects
risk, like impossible travel, an infected
device, or compromised credentials.

72. Eliminate passwords by using
biometrics or pins.
A single solution that can protect
identity across on premises and
cloud directories.
Discover, restrict, and monitor
privileged identities and their
access to resources.
Discover 3rd party cloud apps that
are in use and assess their risk, so
you can sanction or block the
application.
Alert me when a user's credentials
are for sale on the dark web and
elevate their user risk level.
If a user’s identity or device
becomes compromised,
automatically block/limit access,
or require MFA.
Secure identities to reach zero trust

73. Teach users to guard
against email phishing by
simulating an attack in a
safe environment.
Reduce false positives by
contextually aggregating
alerts together to identify a
specific attack vector.
Detect anomalies and
suspicious behavior without
needing to create and fine
tune rules.
After a threat is remediated,
share signals to trigger
protection for all email and
devices, companywide.
Detect and remove
ransomware, then recover
my files.
Advanced email protection
against phishing attempts,
and unknown (zero day)
threats.
Automatically investigate
endpoint alerts and
remediate threats,
removing them from all
impacted machines.
Detect attacks across both
on-premises and cloud
signals.
Help stop damaging attacks with integrated and automated security
Threat Protection

74. Grant select partners and customers
access rights to sensitive information.
Scan historical on-premises data files
for potentially sensitive information
before you move to the cloud.
Protect sensitive data when it travels
outside of your organization via email,
USB, or a 3rd party SaaS app.
Identify potentially sensitive
information, like credit card or bank
routing numbers, and automatically
apply a sensitivity label and protection
to the file.
Automatically apply data protection
policies if a user's access to that data
changes, the user becomes
compromised or the data reaches a
certain age.
Protect sensitive information anywhere it lives
Detect and protect sensitive data that
falls under compliance regulations, such
as GDPR.

75. Incident and event forensic reporting.Detailed reports on the latest threats,
so you can answer questions, like
"How well am I protected against the
latest threats?"
Recommended actions you can take to
improve your security posture.
Benchmark your security against
companies in your industry or of
similar size.
A quantifiable measurement of your
security posture.
Strengthen your security posture with holistic visibility, control and guidance

76. Features P1
Directory Objects1 No Object Limit
User/Group Management (add/update/delete). User-based provisioning, Device registration Available
Single Sign-On (SSO). Free, basic tiers + self-service app integration templates5 No Limit
B2B Collaboration7 Available
Self-Service Password Change for cloud users Available
Connect (Sync engine that extends on-premises directories to Azure Active Directory) Available
Security/Usage Reports Advanced Reports
Group-based access management/provisioning Available
Self-Service Password Reset for cloud users Available
Company Branding (Logon Pages/Access Panel customization) Available
Application Proxy Available
SLA Available
Premium Features
Advanced group features8 Available
Self-Service Password Reset/Change/Unlock with on-premises writeback Available
Device objects 2-way sync between on-premises directories and Azure AD (Device write-back) Available
Multi-Factor Authentication (Cloud and On-premises (MFA Server)) Available
Microsoft Identity Manager user CAL4 Available
Cloud App Discovery9 Available
Connect Health6 Available
Automatic password rollover for group accounts Available
Conditional Access based on group and location Available
Conditional Access based on device state (Allow access from managed devices) Available
3rd party identity governance partners integration Available
Terms of Use Available
SharePoint Limited Access Available
OneDrive for Business Limited Access Available
3rd party MFA partner integration Preview Available
Microsoft Cloud App Security integration Available
Identity Protection
• Detecting vulnerabilities and risky accounts:
• Providing custom recommendations to improve overall security
posture by highlighting vulnerabilities
• Calculating sign-in risk levels
• Calculating user risk levels
• Investigating risk events:
• Sending notifications for risk events
• Investigating risk events using relevant and contextual information
• Providing basic workflows to track investigations
• Providing easy access to remediation actions such as password reset
• Risk-based conditional access policies:
• Policy to mitigate risky sign-ins by blocking sign-ins or requiring
multi-factor authentication challenges
• Policy to block or secure risky user accounts
• Policy to require users to register for multi-factor authentication
Advanced Identity Governance
• Privileged Identity Management (PIM)
• Access Reviews
Only in Azure AD P2
What is the difference
between Azure AD P1 & P2?

77. Features P1
Azure Information Protection content consumption by using work or school
accounts from AIP policy-aware apps and services
Available
Protection for Microsoft Exchange Online, Microsoft SharePoint Online, and
Microsoft OneDrive for Business content
Available
Bring Your Own Key (BYOK) for customer-managed key provisioning life cycle2 Available
Custom templates, including departmental templates Available
Protection for on-premises Exchange and SharePoint content via Rights
Management connector
Available
Azure Information Protection software developer kit for protection for all platforms
including Windows, Windows Mobile, iOS, Mac OSX, and Android
Available
Protection for non-Microsoft Office file formats, including PTXT, PJPG, and PFILE
(generic protection)
Available
Azure Information Protection content creation by using work or school accounts Available
Office 365 Message Encryption Available
Administrative control3 Available
Manual, default, and mandatory document classification Available
Azure Information Protection scanner for content discovery of on-premises files
matching any of the sensitive information types
Available
Azure Information Protection scanner to apply a label to all files in an on-premises
file server or repository
Available
Rights Management connector with on-premises Windows Server file shares by
using the File Classification Infrastructure (FCI) connector
Available
Document tracking and revocation Available
• Configure conditions for automatic and
recommended classification
• Azure Information Protection scanner for
automated classification, labeling, and
protection of supported on-premises files
• Hold Your Own Key (HYOK) that spans
Azure Information Protection and Active
Directory (AD) Rights Management
for highly regulated scenarios
Only in AIP P2
What is the difference
between AIP P1 & P2?

78. Features P1
Safe Attachments Available
Safe Links Available
Anti-Phishing Policies Available
Safe Attachments in SharePoint, OneDrive and Teams Available
Safe Links in Teams Available
Real-time reports Available
• Threat tracker
• Explorer (Advanced threat investigation)
• Automated investigation and response
• Attack simulator
Only in Office 365 ATP P2
What is the difference between
Office 365 ATP P1 & P2?

79. Mac
(3rd party)
Android, iOS
(3rd party)
Linux
(3rd party)
Windows Defender ATP
• Windows Defender ATP integrates with leading
EDR/ EPP providers for cross platform support
• These 3rd party solutions forward all events, alerts
into the Windows Defender ATP console making it
the centralized console for most of sec admin’s
day to day work
• Configuration of the 3rd party solution’s client is
still handled in the 3rd party's product but that is
often a one-time thing. Their client may be
deployed via Intune or SCCM or the 3rd party
solution itself
• If an alert shows up in Windows Defender
ATP, SecOps may need to switch over to the 3rd
party solution’s console for more detailed info

80. Privileged Identity Management
Discover, restrict, and monitor privileged identities
User Administrator UserAdministrator
privileges expire after
a specified interval
Enforce on-demand, just-in-time
administrative access when needed
Ensure policies are met with alerts,
audit reports and access reviews
Manage admins access in Azure
AD and also in Azure RBAC

81. Roadmap

82. • Comprehensive protection of sensitive data
via both manual and automated classification
and labeling
• Simplified IT operations with unified labeling
and policy management in the Security &
Compliance Center
• Labeling experiences built natively into Office
apps (Word, PowerPoint, Excel and Outlook)
across platforms – Mac, iOS, Android,
Windows, and web apps
• Complete visibility and analytics for sensitive
data across your organization
• Extend information protection to non-
Microsoft apps and services with the
Microsoft Information Protection SDK and
third-party partner ecosystem
Information protection investments –thru CY2019

83. • One console
• Combines different alerts from
different sources (endpoints, email,
identities, etc)
• Incidents are created automatically
based on ML
• Detailed view into threats impacting
the organization
Integrated SecOps experience

84. • Discover sensitive documents
on Windows devices
• Integrated reporting for
labeled documents
• Understand if sensitive
corporate data resides on
compromised devices
• Pivot to investigate and
mitigate detected endpoint
threats in 1-click
Integration for sensitive data discovery, classification and
enforcement on endpoints

85. • Define entitlements for employees
and partners
• Associate entitlements with
resources such as cloud, on-premises
apps, SharePoint Online, Security
groups
• Create policies and approval
workflows to ensure governed access
Identity governance – entitlements management

86. 55%
Lorem ipsum dolor sit amet,
consectetur adipiscing elit,
sed do eiusmod te.
Source: Lorem ipsum dolor sit
amet, consectetur
40%
Lorem ipsum dolor sit amet,
consectetur adipiscing elit,
sed do eiusmod te.
Source: Lorem ipsum dolor sit
amet, consectetur
81%
of hacking breaches leverage
stolen and/or weak
passwords.
Source: 2017 Verizon Data
Breach Investigations
Stats templates
EXAMPLE

87. 55%
Lorem ipsum dolor sit amet,
consectetur adipiscing elit,
sed do eiusmod te.
Source: Lorem ipsum dolor sit
amet, consectetur
40%
Lorem ipsum dolor sit amet,
consectetur adipiscing elit,
sed do eiusmod te.
Source: Lorem ipsum dolor sit
amet, consectetur
40%
Lorem ipsum dolor sit amet,
consectetur adipiscing elit,
sed do eiusmod te.
Source: Lorem ipsum dolor sit
amet, consectetur
Additional stats templates