SlideShare a Scribd company logo

Microsoft 365 Security and Compliance

David J Rosenthal
David J Rosenthal

Cyberspace is the new battlefield: We’re seeing attacks on civilians and organizations from nation states. Attacks are no longer just against governments or enterprise systems directly. We’re seeing attacks against private property—the mobile devices we carry around everyday, the laptop on our desks—and public infrastructure. What started a decade-and-a-half ago as a sense that there were some teenagers in the basement hacking their way has moved far beyond that. It has morphed into sophisticated international organized crime and, worse, sophisticated nation state attacks. Personnel and resources are limited: According to an annual survey of 620 IT professional across North America and Western Europe from ESG, 51% respondents claim their organization had a problem of shortage of cybersecurity skills—up from 23% in 2014.1 The security landscape is getting more complicated and the stakes are rising, but many enterprises don’t have the resources they need to meet their security needs. Virtually anything can be corrupted: The number of connected devices in 2018 is predict to top 11 billion – not including computers and phones. As we connect virtually everything, anything can be disrupted. Everything from the cloud to the edge needs to be considered and protected.2

1 of 55
Download to read offline
Cyberspace is the new battlefield Security skills are in short supply Virtually anything can be attacked The cybersecurity landscape is rapidly changing
Source: https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Microsoft Intelligent Security Graph
Stopping cyber attacks Real-world intelligence at work Intelligent Edge Intelligent Cloud Local ML models, behavior-based detection algorithms, generics, heuristics Metadata-based ML models Sample analysis-based ML models Detonation-based ML models Big data analytics March 6 – Behavior-based detection algorithms blocked more than 400,000 instances of the Dofoil trojan. February 3 – Client machine learning algorithms automatically stopped the malware attack Emotet in real time. October 2017 – Cloud-based detonation ML models identified Bad Rabbit, protecting users 14 minutes after the first encounter. 2017 2018 August 2018 – Cloud machine learning algorithms blocked a highly targeted campaign to deliver Ursnif malware to under 200 targets
The changing landscape of enterprise security Mobile workforce 72% of the US workforce will be mobile by 2020, relying on devices other than their laptops to be productive. 72% 1/3 Shadow IT By 2022, a third of successful attacks experienced by enterprises will be on their shadow IT resources. Compromised passwords 81% of confirmed data breaches involved weak, default, or stolen passwords. 81%
Everyone agrees that security is important… Of global organizations indicate that security is a top challenge 77%
…but most don’t prioritize it. Of global organizations indicate that security is a top challenge 77% Of customers have turned on multi-factor authentication2%
Intelligent security Protect users’ identities and control access to valuable resources Protect against advanced threats and recover quickly when attacked Ensure documents and emails are seen only by authorized people Gain visibility and control over security tools Identity & access management Threat protection Security management Information protection
Securing Privileged Access Office 365 Security Rapid Cyberattacks (Wannacrypt/Petya) https://aka.ms/MCRA Video Recording Strategies SQL Encryption & Data Masking Office 365 Dynamics 365 +Monitor Data Loss Protection Data Governance eDiscovery
Securing Privileged Access Office 365 Security Rapid Cyberattacks (Wannacrypt/Petya) https://aka.ms/MCRA Video Recording Strategies SQL Encryption & Data Masking Office 365 Dynamics 365 +Monitor Data Loss Protection Data Governance eDiscovery
Intelligent security Protect users’ identities and control access to valuable resources Protect against advanced threats and recover quickly when attacked Ensure documents and emails are seen only by authorized people Gain visibility and control over security tools Identity & access management Threat protection Security management Information protection
The path to reducing vulnerabilities with your Microsoft 365 Security products Advanced securityFundamental baseline security
Fundamental baseline security The path to reducing vulnerabilities with your Microsoft 365 Security products Advanced security
Baseline security Covering your bases Identity protection Device protection App/information protection
Baseline security Covering your bases Identity protection Device protection App/information protection Azure Active Directory Conditional access Multifactor authentication Single sign-on Password reset PROTECTING AGAINST: Password hacks and credential theft Basic device protection for mobile devices Intune Mobile Device Management Mobile App Management PROTECTING AGAINST: Unauthorized data access/ data leakage Office ATP Basic email protection PROTECTING AGAINST: Email and URL hacking
Fundamental baseline security Advanced security The path to reducing vulnerabilities with your Microsoft 365 Security products
Fundamental baseline security Advanced security IDENTITY AND THREAT PROTECTION INFORMATION PROTECTION AND COMPLIANCE The path to reducing vulnerabilities with your Microsoft 365 Security products
Advanced security Identity and threat protection Identity protection Device protection App/information protection
Advanced security Identity and threat protection Identity protection Device protection App/information protection PROTECTING AGAINST: Unacceptable access/Insider threats PROTECTING AGAINST: Cyber threats to endpoints PROTECTING AGAINST: Anomalous use against policies /Shadow IT Azure Active Directory P2–Identity Protection Azure Active Directory P2–Privileged Identity Management Azure Advanced Threat Protection Windows Defender Advanced Threat Protection Microsoft Cloud App Security Advanced endpoint protection EDR Visibility and control of cloud applications
Fundamental baseline security Advanced security IDENTITY AND THREAT PROTECTION INFORMATION PROTECTION AND COMPLIANCE The path to reducing vulnerabilities with your Microsoft 365 Security products
Advanced security Information protection and compliance Information protection Compliance
Advanced security Information protection and compliance Data Loss Protection for Office workloads—starter for blocking sharing of exchange files Office DLP Basic classification/labeling/ encryption Azure Information Protection P1 Automatic classification and labeling for content on prem or in cloud Azure Information Protection P2 Information protection Compliance PROTECTING AGAINST: Unauthorized access or sharing of classified content Perform search of content sources in organization, relevant to legal or compliance cases, analysis Use ML to drive governance, find/retain important data while eliminating unnecessary data Provision/manage keys used to encrypt data at rest in Office 365 Approve/reject access request made by support engineers to access customer data Advanced eDiscovery Advanced data governance 2nd Customer Key 2nd Customer Lock Box PROTECTING AGAINST: Unauthorized content searches
Default file encryptions Permissions for SharePoint and OneDrive for Business libraries External sharing policies Device access policies for SharePoint Online and OneDrive for Business Intune device management of PCs Protect data Protect people and devices Getting to baseline security
Protect data Protect people and devices Mobile apps protection Intune device management of PCs and phones/tablets Azure Active Directory multi-factor authentication Azure Active Directory conditional access Classification, labeling, and protection Getting to advanced security Bring Your Own Key (BYOK) with Azure information Protection and SharePoint Online Hold Your Own Key (HYOK) with Active Directory Rights Management Service and SharePoint Online Data Loss Prevention (DLP) in Office 365 Office 365 service encryption with Customer Key (coming soon) Windows 10 capabilities: Bitlocker and Windows Information Protection (WIP) Azure Active Directory Identity Protection Microsoft Cloud App Security or, Office 365 Cloud App Security Azure Active Directory Privileged Identity Management
Secure identities to reach zero trust Identity & access management Security management Strengthen your security posture with insights and guidance Threat protection Help stop damaging attacks with integrated and automated security Locate and classify information anywhere it lives Information protection Infrastructure security
Infrastructure security Defense in Depth Azure Built-in Controls Identity & Access Apps & Data Security Network Security Threat Protection Security Management
Infrastructure security Defense in Depth Microsoft + Partners Role based access Encryption DDoS Protection Antimalware Log Management Multi-Factor Authentication Confidential Computing NG Firewall AI Based Detection and Response Security Posture Assessment Central Identity Management Key Management Web App Firewall Cloud Workload Protection Policy and governance Identity Protection Certificate Management Enterprise Connectivity SQL Threat Protection Regulatory Compliance Privileged Identity Management Information Protection Network Segmentation IoT Security SIEM Identity & Access Apps & Data Security Network Security Threat Protection Security Management
Secure data through its lifecycle Protect data in useStandard Data Protection At rest Encrypt inactive data when stored in blob storage, database, etc. In transit Encrypt data that is flowing between untrusted public or private networks In use Protect/Encrypt data that is in use during computation
Manage keys and certificates for secure applications Key, Secrets & Certificate Management, backed by cloud hosted HSMs- Azure Key Vault Virtual machines Applications Storage & databases Encrypt keys and small secrets using keys in Hardware Security Modules (HSMs) Simplify and automate tasks for SSL/TLS certificates, enroll and automatically renew certificates Rapidly scale to meet the cryptographic needs of your cloud applications and match peak demand Safeguard cryptographic keys and other secrets used by cloud apps and services
Application protection Network protection services enabling zero trust Network Security Groups Distributed inbound & outbound network (L3-L4) traffic filtering on VM, Container or subnet DDoS protection DDOS protection tuned to your application traffic patterns Micro segmentation Web Application Firewall Centralized inbound web application protection from common exploits and vulnerabilities Azure Firewall Centralized outbound and inbound (non-HTTP/S) network and application (L3-L7) filtering Service Endpoints Restrict access to Azure service resources (PaaS) to only your Virtual Network
Manage Security Posture and Define Governance Continuous Assessment & Recommendations Centralized Security Policy Compliance Reports Templates & Blueprints Cloud Security Posture Management + Governance
Identity and access management Conditional access Identity protectionSecure authentication
Secure authentication Getting to a world without passwords Microsoft Authenticator FIDO2 Security KeysWindows Hello
Secure authentication Microsoft Authenticator MFA for enterprise and consumer accounts and applications Device registration (workplace join) Single sign-on to native mobile apps Certificate-based SSO
Identity protection An integral component of Microsoft Threat Protection Azure AD Identity Protection Azure ATP Microsoft Cloud App Security
Microsoft Threat Protection Correlate across attack vectors Detect & remediate breaches Protect the digital estate Help stop damaging attacks with integrated and automated security
Microsoft Threat Protection Identities Endpoints User Data Cloud Apps Infrastructure Intelligent Security Graph | 6.5 TRILLION signals per day
Protect the digital estate Guidance for better control over expanding attack surface Shared signal helps protect all attack vectors Unparalleled visibility helps you focus on the right actions
Correlate across attack vectors
Detect and remediate breaches Seamless integration across services to stop advanced threats Detailed, real-time telemetry to provide threat campaign information In-depth alerts and intelligent recommendations for threat mitigation
Microsoft Information Protection Discover & classify sensitive information Apply protection based on policy Monitor & remediate Apps On-premisesCloud servicesDevices Across Accelerate Compliance
Follow the data—throughout its lifecycle Apply protection based on policy Have you defined what “sensitive data” means for your company? Do you have a way to detect sensitive data across your company? Do you have a way to ensure that labels persist with the data—wherever it travels? Which regulations and compliance factors impact you? Are you able to empower end-users to classify and label content themselves, or apply automatically based on company policies? Detect & classify sensitive information Monitor & remediate Do you have visibility into how sensitive data is being access and shared, even across 3rd-party SaaS apps and cloud services? Are you able to remediate actions immediately, such as quarantine data or block access? Are you able to integrate event information into your SIEM system or other tools?
Security management Strengthen your security posture with insights and guidance Visibility Control Guidance Devices InfrastructureApps & dataIdentity Across
Visibility
Control
Guidance
M365 F1 M365 E31 M365 E51 Operating System Windows Enterprise (including VDA rights) ⚫2 ⚫ ⚫ Productivity & Collaboration Office client apps (Word, Excel, PowerPoint, OneNote, Access) ⚫ ⚫ Office Mobile apps, chat and meetings (Microsoft Teams, Skype for Business Online), email & calendar (Outlook, Exchange), social & Internet (SharePoint, Yammer), task management (PowerApps, Flow, Planner) ⚫3 ⚫ ⚫ Device & App Management Microsoft Intune, Windows AutoPilot, Fine Tuned User Experience, and Windows Analytics Device Health ⚫ ⚫ ⚫ Security Microsoft Advanced Threat Analytics, Windows Defender Antivirus, Device Guard4, Azure Active Directory Plan 1, Windows Hello, Credential Guard, Direct Access4 ⚫ ⚫ ⚫ Microsoft 365 E5 Security (Microsoft Cloud App Security, Azure Active Directory Plan 2, Office 365 Advanced Threat Protection Plan 2, Azure Advanced Threat Protection, Windows Defender Advanced Threat Protection) ⚫ Compliance Windows Information Protection, BitLocker, Azure Information Protection Plan 1 ⚫ ⚫ ⚫ Office 365 Data Loss Prevention ⚫ ⚫ Microsoft 365 E5 Compliance (Office 365 Advanced Compliance, Azure Information Protection Plan 2) ⚫ Communications Audio Conferencing, Phone System ⚫ Analytics MyAnalytics ⚫ ⚫ ⚫ Delve ⚫ ⚫ Power BI Pro ⚫ SeeSpeakerNotesforfootnotes Microsoft 365 Enterprise Plan Overview
challenges integrating with customers’ existing security tools and workflows connecting customers’ security technologies to streamline operations and improve threat defense opportunities+
Unify integration with Microsoft Graph ALL • Microsoft 365 • Azure • Microsoft Partners ONE https://graph.microsoft.com
Microsoft Graph Security API Streamline alert correlation and management Simplify orchestration and automation Unlock context to inform security operations
What is the Security API? Microsoft services – no extra cost
Alerts Other Security Entities* (context, actions, …) Common Libraries, Authentication, and Authorization Graph Security API Federates Queries, Aggregates Results, Applies Common Schema Secure Score Other Graph Services (Azure AD, O365, SharePoint, Intune …) Intune Azure AD Identity Protection Azure ATP Cloud Application Security Azure Security Center Azure Info ProtectionOffice 365 ATP Windows Defender ATP SIEM + log analytics Your custom app Security applications
Contact Information © 2019 Razor Technology, LLCwww.razor-tech.com David Rosenthal VP & General Manager Digital Business @DavidJRosenthal Slideshare Blog: www.razor-tech.com 5 Tower Bridge 300 Barr Harbor Dr., Suite 705 West Conshohocken, PA 19428 www.razor-tech.com David.Rosenthal@razor-tech.com Cell: 215.801.4430 Office: 866.RZR.DATA LETS KEEP IN TOUCH

Recommended

Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Vignesh Ganesan I Microsoft MVP
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 Overview
David J Rosenthal
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
David J Rosenthal
 
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
David J Rosenthal
 
Microsoft 365 Security Overview
Microsoft 365 Security OverviewMicrosoft 365 Security Overview
Microsoft 365 Security Overview
Robert Crane
 
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 PlansMicrosoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
David J Rosenthal
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptx
Mohit Chhabra
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for Endpoint
Cheah Eng Soon
 

Recommended

Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Vignesh Ganesan I Microsoft MVP
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 Overview
David J Rosenthal
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
David J Rosenthal
 
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
David J Rosenthal
 
Microsoft 365 Security Overview
Microsoft 365 Security OverviewMicrosoft 365 Security Overview
Microsoft 365 Security Overview
Robert Crane
 
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 PlansMicrosoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
David J Rosenthal
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptx
Mohit Chhabra
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for Endpoint
Cheah Eng Soon
 
Microsoft intune
Microsoft intuneMicrosoft intune
Microsoft intune
ManishKumar959920
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
Karina Matos
 
Microsoft 365 Compliance and Security Overview
Microsoft 365 Compliance and Security OverviewMicrosoft 365 Compliance and Security Overview
Microsoft 365 Compliance and Security Overview
David J Rosenthal
 
Azure active directory
Azure active directoryAzure active directory
Azure active directory
Raju Kumar
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and Compliance
David J Rosenthal
 
Microsoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 OverviewMicrosoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 Overview
David J Rosenthal
 
Microsoft Azure Sentinel
Microsoft Azure SentinelMicrosoft Azure Sentinel
Microsoft Azure Sentinel
BGA Cyber Security
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
Allen Brokken
 
Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365
Dock 365
 
Microsoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance FrameworkMicrosoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance Framework
Alistair Pugin
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinel
arnaudlh
 
Microsoft 365 Compliance
Microsoft 365 ComplianceMicrosoft 365 Compliance
Microsoft 365 Compliance
David J Rosenthal
 
Microsoft Information Protection.pptx
Microsoft Information Protection.pptxMicrosoft Information Protection.pptx
Microsoft Information Protection.pptx
ChrisaldyChandra
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
Robert Crane
 
Working with MS Endpoint Manager
Working with MS Endpoint ManagerWorking with MS Endpoint Manager
Working with MS Endpoint Manager
George Grammatikos
 
Microsoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionMicrosoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat Protection
David J Rosenthal
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
David J Rosenthal
 
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VMSecuring Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Drew Madelung
 
An introduction to Defender for Business
An introduction to Defender for BusinessAn introduction to Defender for Business
An introduction to Defender for Business
Robert Crane
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck
Matt Soseman
 
Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365
Ravikumar Sathyamurthy
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisus
Primend
 

More Related Content

What's hot

Microsoft intune
Microsoft intuneMicrosoft intune
Microsoft intune
ManishKumar959920
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
Karina Matos
 
Microsoft 365 Compliance and Security Overview
Microsoft 365 Compliance and Security OverviewMicrosoft 365 Compliance and Security Overview
Microsoft 365 Compliance and Security Overview
David J Rosenthal
 
Azure active directory
Azure active directoryAzure active directory
Azure active directory
Raju Kumar
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and Compliance
David J Rosenthal
 
Microsoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 OverviewMicrosoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 Overview
David J Rosenthal
 
Microsoft Azure Sentinel
Microsoft Azure SentinelMicrosoft Azure Sentinel
Microsoft Azure Sentinel
BGA Cyber Security
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
Allen Brokken
 
Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365
Dock 365
 
Microsoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance FrameworkMicrosoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance Framework
Alistair Pugin
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinel
arnaudlh
 
Microsoft 365 Compliance
Microsoft 365 ComplianceMicrosoft 365 Compliance
Microsoft 365 Compliance
David J Rosenthal
 
Microsoft Information Protection.pptx
Microsoft Information Protection.pptxMicrosoft Information Protection.pptx
Microsoft Information Protection.pptx
ChrisaldyChandra
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
Robert Crane
 
Working with MS Endpoint Manager
Working with MS Endpoint ManagerWorking with MS Endpoint Manager
Working with MS Endpoint Manager
George Grammatikos
 
Microsoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionMicrosoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat Protection
David J Rosenthal
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
David J Rosenthal
 
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VMSecuring Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Drew Madelung
 
An introduction to Defender for Business
An introduction to Defender for BusinessAn introduction to Defender for Business
An introduction to Defender for Business
Robert Crane
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck
Matt Soseman
 

What's hot (20)

Microsoft intune
Microsoft intuneMicrosoft intune
Microsoft intune
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
 
Microsoft 365 Compliance and Security Overview
Microsoft 365 Compliance and Security OverviewMicrosoft 365 Compliance and Security Overview
Microsoft 365 Compliance and Security Overview
 
Azure active directory
Azure active directoryAzure active directory
Azure active directory
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and Compliance
 
Microsoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 OverviewMicrosoft 365 eEnterprise E5 Overview
Microsoft 365 eEnterprise E5 Overview
 
Microsoft Azure Sentinel
Microsoft Azure SentinelMicrosoft Azure Sentinel
Microsoft Azure Sentinel
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365Overview of Data Loss Prevention Policies in Office 365
Overview of Data Loss Prevention Policies in Office 365
 
Microsoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance FrameworkMicrosoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance Framework
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinel
 
Microsoft 365 Compliance
Microsoft 365 ComplianceMicrosoft 365 Compliance
Microsoft 365 Compliance
 
Microsoft Information Protection.pptx
Microsoft Information Protection.pptxMicrosoft Information Protection.pptx
Microsoft Information Protection.pptx
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
 
Working with MS Endpoint Manager
Working with MS Endpoint ManagerWorking with MS Endpoint Manager
Working with MS Endpoint Manager
 
Microsoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionMicrosoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat Protection
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VMSecuring Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
Securing Team, SharePoint, and OneDrive in Microsoft 365 - M365VM
 
An introduction to Defender for Business
An introduction to Defender for BusinessAn introduction to Defender for Business
An introduction to Defender for Business
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck
 

Similar to Microsoft 365 Security and Compliance

Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365
Ravikumar Sathyamurthy
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisus
Primend
 
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
PlatformSecurityManagement
 
Value Microsoft 365 E5 English
Value Microsoft 365 E5 EnglishValue Microsoft 365 E5 English
Value Microsoft 365 E5 English
Guillaume Lagache
 
Information protection & classification
Information protection & classificationInformation protection & classification
Information protection & classification
David De Vos
 
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + SecurityGet Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
David J Rosenthal
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview
Syed Sabhi Haider
 
Thread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 Security
Thread Legal
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam Levithan
SPS Paris
 
[IGNITE2018] [BRK2495] What’s new in Microsoft Information Protection solutio...
[IGNITE2018] [BRK2495] What’s new in Microsoft Information Protection solutio...[IGNITE2018] [BRK2495] What’s new in Microsoft Information Protection solutio...
[IGNITE2018] [BRK2495] What’s new in Microsoft Information Protection solutio...
☁️ Gustavo Magella
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
Chirag Joshi, CISA, CISM, CRISC
 
Turning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conferenceTurning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conference
Dean Iacovelli
 
Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365
Robert Crane
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure Score
Joel Oleson
 
Microsoft Intune y Gestión de Identidad Corporativa
Microsoft Intune y Gestión de Identidad Corporativa Microsoft Intune y Gestión de Identidad Corporativa
Microsoft Intune y Gestión de Identidad Corporativa
Plain Concepts
 
Softwerx Microsoft 365 Security Webinar Presentation
Softwerx Microsoft 365 Security Webinar PresentationSoftwerx Microsoft 365 Security Webinar Presentation
Softwerx Microsoft 365 Security Webinar Presentation
Patrick Leckie
 
Cloud_security.pptx
Cloud_security.pptxCloud_security.pptx
Cloud_security.pptx
SofiyaKhan49
 
Protect your data in / with the Cloud
Protect your data in / with the CloudProtect your data in / with the Cloud
Protect your data in / with the Cloud
GWAVA
 
How You Can Keep Your Organization Secure
How You Can Keep Your Organization Secure How You Can Keep Your Organization Secure
How You Can Keep Your Organization Secure
Christi Williams (Keating)
 
Information protection and compliance
Information protection and complianceInformation protection and compliance
Information protection and compliance
Dean Iacovelli
 

Similar to Microsoft 365 Security and Compliance (20)

Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365
 
Primend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisusPrimend praktiline konverents - Office 365 turvalisus
Primend praktiline konverents - Office 365 turvalisus
 
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
ASMC 2017 - Martin Vliem - Security < productivity < security: syntax ...
 
Value Microsoft 365 E5 English
Value Microsoft 365 E5 EnglishValue Microsoft 365 E5 English
Value Microsoft 365 E5 English
 
Information protection & classification
Information protection & classificationInformation protection & classification
Information protection & classification
 
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + SecurityGet Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview
 
Thread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 Security
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam Levithan
 
[IGNITE2018] [BRK2495] What’s new in Microsoft Information Protection solutio...
[IGNITE2018] [BRK2495] What’s new in Microsoft Information Protection solutio...[IGNITE2018] [BRK2495] What’s new in Microsoft Information Protection solutio...
[IGNITE2018] [BRK2495] What’s new in Microsoft Information Protection solutio...
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
 
Turning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conferenceTurning the tables talk delivered at CCISDA conference
Turning the tables talk delivered at CCISDA conference
 
Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure Score
 
Microsoft Intune y Gestión de Identidad Corporativa
Microsoft Intune y Gestión de Identidad Corporativa Microsoft Intune y Gestión de Identidad Corporativa
Microsoft Intune y Gestión de Identidad Corporativa
 
Softwerx Microsoft 365 Security Webinar Presentation
Softwerx Microsoft 365 Security Webinar PresentationSoftwerx Microsoft 365 Security Webinar Presentation
Softwerx Microsoft 365 Security Webinar Presentation
 
Cloud_security.pptx
Cloud_security.pptxCloud_security.pptx
Cloud_security.pptx
 
Protect your data in / with the Cloud
Protect your data in / with the CloudProtect your data in / with the Cloud
Protect your data in / with the Cloud
 
How You Can Keep Your Organization Secure
How You Can Keep Your Organization Secure How You Can Keep Your Organization Secure
How You Can Keep Your Organization Secure
 
Information protection and compliance
Information protection and complianceInformation protection and compliance
Information protection and compliance
 

More from David J Rosenthal

Microsoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made SimpleMicrosoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made Simple
David J Rosenthal
 
Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021
David J Rosenthal
 
Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021
David J Rosenthal
 
Viva Connections from Microsoft
Viva Connections from MicrosoftViva Connections from Microsoft
Viva Connections from Microsoft
David J Rosenthal
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chain
David J Rosenthal
 
Microsoft Viva Introduction
Microsoft Viva IntroductionMicrosoft Viva Introduction
Microsoft Viva Introduction
David J Rosenthal
 
Microsoft Viva Learning
Microsoft Viva LearningMicrosoft Viva Learning
Microsoft Viva Learning
David J Rosenthal
 
Microsoft Viva Topics
Microsoft Viva TopicsMicrosoft Viva Topics
Microsoft Viva Topics
David J Rosenthal
 
A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365
David J Rosenthal
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
David J Rosenthal
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 Overview
David J Rosenthal
 
Windows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid WorldWindows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid World
David J Rosenthal
 
Windows 11 for the Enterprise
Windows 11 for the EnterpriseWindows 11 for the Enterprise
Windows 11 for the Enterprise
David J Rosenthal
 
Microsoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital AssistantMicrosoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital Assistant
David J Rosenthal
 
What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021
David J Rosenthal
 
Modernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureModernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft Azure
David J Rosenthal
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active Directory
David J Rosenthal
 
Nintex Worflow Overview
Nintex Worflow OverviewNintex Worflow Overview
Nintex Worflow Overview
David J Rosenthal
 
Microsoft Power BI Overview
Microsoft Power BI OverviewMicrosoft Power BI Overview
Microsoft Power BI Overview
David J Rosenthal
 
Better Meetings with Microsoft Teams
Better Meetings with Microsoft TeamsBetter Meetings with Microsoft Teams
Better Meetings with Microsoft Teams
David J Rosenthal
 

More from David J Rosenthal (20)

Microsoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made SimpleMicrosoft Teams Phone - Calling Made Simple
Microsoft Teams Phone - Calling Made Simple
 
Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021Whats New in Microsoft Teams Calling November 2021
Whats New in Microsoft Teams Calling November 2021
 
Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021Whats New in Microsoft Teams Hybrid Meetings November 2021
Whats New in Microsoft Teams Hybrid Meetings November 2021
 
Viva Connections from Microsoft
Viva Connections from MicrosoftViva Connections from Microsoft
Viva Connections from Microsoft
 
Protect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chainProtect your hybrid workforce across the attack chain
Protect your hybrid workforce across the attack chain
 
Microsoft Viva Introduction
Microsoft Viva IntroductionMicrosoft Viva Introduction
Microsoft Viva Introduction
 
Microsoft Viva Learning
Microsoft Viva LearningMicrosoft Viva Learning
Microsoft Viva Learning
 
Microsoft Viva Topics
Microsoft Viva TopicsMicrosoft Viva Topics
Microsoft Viva Topics
 
A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 Overview
 
Windows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid WorldWindows365 Hybrid Windows for a Hybrid World
Windows365 Hybrid Windows for a Hybrid World
 
Windows 11 for the Enterprise
Windows 11 for the EnterpriseWindows 11 for the Enterprise
Windows 11 for the Enterprise
 
Microsoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital AssistantMicrosoft Scheduler for M365 - Personal Digital Assistant
Microsoft Scheduler for M365 - Personal Digital Assistant
 
What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021What is New in Teams Meetings and Meeting Rooms July 2021
What is New in Teams Meetings and Meeting Rooms July 2021
 
Modernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft AzureModernize Java Apps on Microsoft Azure
Modernize Java Apps on Microsoft Azure
 
Microsoft Azure Active Directory
Microsoft Azure Active DirectoryMicrosoft Azure Active Directory
Microsoft Azure Active Directory
 
Nintex Worflow Overview
Nintex Worflow OverviewNintex Worflow Overview
Nintex Worflow Overview
 
Microsoft Power BI Overview
Microsoft Power BI OverviewMicrosoft Power BI Overview
Microsoft Power BI Overview
 
Better Meetings with Microsoft Teams
Better Meetings with Microsoft TeamsBetter Meetings with Microsoft Teams
Better Meetings with Microsoft Teams
 

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 

Microsoft 365 Security and Compliance

  • 1.
  • 2. Cyberspace is the new battlefield Security skills are in short supply Virtually anything can be attacked The cybersecurity landscape is rapidly changing
  • 4.
  • 6. Stopping cyber attacks Real-world intelligence at work Intelligent Edge Intelligent Cloud Local ML models, behavior-based detection algorithms, generics, heuristics Metadata-based ML models Sample analysis-based ML models Detonation-based ML models Big data analytics March 6 – Behavior-based detection algorithms blocked more than 400,000 instances of the Dofoil trojan. February 3 – Client machine learning algorithms automatically stopped the malware attack Emotet in real time. October 2017 – Cloud-based detonation ML models identified Bad Rabbit, protecting users 14 minutes after the first encounter. 2017 2018 August 2018 – Cloud machine learning algorithms blocked a highly targeted campaign to deliver Ursnif malware to under 200 targets
  • 7. The changing landscape of enterprise security Mobile workforce 72% of the US workforce will be mobile by 2020, relying on devices other than their laptops to be productive. 72% 1/3 Shadow IT By 2022, a third of successful attacks experienced by enterprises will be on their shadow IT resources. Compromised passwords 81% of confirmed data breaches involved weak, default, or stolen passwords. 81%
  • 8. Everyone agrees that security is important… Of global organizations indicate that security is a top challenge 77%
  • 9. …but most don’t prioritize it. Of global organizations indicate that security is a top challenge 77% Of customers have turned on multi-factor authentication2%
  • 10. Intelligent security Protect users’ identities and control access to valuable resources Protect against advanced threats and recover quickly when attacked Ensure documents and emails are seen only by authorized people Gain visibility and control over security tools Identity & access management Threat protection Security management Information protection
  • 11. Securing Privileged Access Office 365 Security Rapid Cyberattacks (Wannacrypt/Petya) https://aka.ms/MCRA Video Recording Strategies SQL Encryption & Data Masking Office 365 Dynamics 365 +Monitor Data Loss Protection Data Governance eDiscovery
  • 12. Securing Privileged Access Office 365 Security Rapid Cyberattacks (Wannacrypt/Petya) https://aka.ms/MCRA Video Recording Strategies SQL Encryption & Data Masking Office 365 Dynamics 365 +Monitor Data Loss Protection Data Governance eDiscovery
  • 13. Intelligent security Protect users’ identities and control access to valuable resources Protect against advanced threats and recover quickly when attacked Ensure documents and emails are seen only by authorized people Gain visibility and control over security tools Identity & access management Threat protection Security management Information protection
  • 14. The path to reducing vulnerabilities with your Microsoft 365 Security products Advanced securityFundamental baseline security
  • 15. Fundamental baseline security The path to reducing vulnerabilities with your Microsoft 365 Security products Advanced security
  • 16. Baseline security Covering your bases Identity protection Device protection App/information protection
  • 17. Baseline security Covering your bases Identity protection Device protection App/information protection Azure Active Directory Conditional access Multifactor authentication Single sign-on Password reset PROTECTING AGAINST: Password hacks and credential theft Basic device protection for mobile devices Intune Mobile Device Management Mobile App Management PROTECTING AGAINST: Unauthorized data access/ data leakage Office ATP Basic email protection PROTECTING AGAINST: Email and URL hacking
  • 18. Fundamental baseline security Advanced security The path to reducing vulnerabilities with your Microsoft 365 Security products
  • 19. Fundamental baseline security Advanced security IDENTITY AND THREAT PROTECTION INFORMATION PROTECTION AND COMPLIANCE The path to reducing vulnerabilities with your Microsoft 365 Security products
  • 20. Advanced security Identity and threat protection Identity protection Device protection App/information protection
  • 21. Advanced security Identity and threat protection Identity protection Device protection App/information protection PROTECTING AGAINST: Unacceptable access/Insider threats PROTECTING AGAINST: Cyber threats to endpoints PROTECTING AGAINST: Anomalous use against policies /Shadow IT Azure Active Directory P2–Identity Protection Azure Active Directory P2–Privileged Identity Management Azure Advanced Threat Protection Windows Defender Advanced Threat Protection Microsoft Cloud App Security Advanced endpoint protection EDR Visibility and control of cloud applications
  • 22. Fundamental baseline security Advanced security IDENTITY AND THREAT PROTECTION INFORMATION PROTECTION AND COMPLIANCE The path to reducing vulnerabilities with your Microsoft 365 Security products
  • 23. Advanced security Information protection and compliance Information protection Compliance
  • 24. Advanced security Information protection and compliance Data Loss Protection for Office workloads—starter for blocking sharing of exchange files Office DLP Basic classification/labeling/ encryption Azure Information Protection P1 Automatic classification and labeling for content on prem or in cloud Azure Information Protection P2 Information protection Compliance PROTECTING AGAINST: Unauthorized access or sharing of classified content Perform search of content sources in organization, relevant to legal or compliance cases, analysis Use ML to drive governance, find/retain important data while eliminating unnecessary data Provision/manage keys used to encrypt data at rest in Office 365 Approve/reject access request made by support engineers to access customer data Advanced eDiscovery Advanced data governance 2nd Customer Key 2nd Customer Lock Box PROTECTING AGAINST: Unauthorized content searches
  • 25. Default file encryptions Permissions for SharePoint and OneDrive for Business libraries External sharing policies Device access policies for SharePoint Online and OneDrive for Business Intune device management of PCs Protect data Protect people and devices Getting to baseline security
  • 26. Protect data Protect people and devices Mobile apps protection Intune device management of PCs and phones/tablets Azure Active Directory multi-factor authentication Azure Active Directory conditional access Classification, labeling, and protection Getting to advanced security Bring Your Own Key (BYOK) with Azure information Protection and SharePoint Online Hold Your Own Key (HYOK) with Active Directory Rights Management Service and SharePoint Online Data Loss Prevention (DLP) in Office 365 Office 365 service encryption with Customer Key (coming soon) Windows 10 capabilities: Bitlocker and Windows Information Protection (WIP) Azure Active Directory Identity Protection Microsoft Cloud App Security or, Office 365 Cloud App Security Azure Active Directory Privileged Identity Management
  • 27. Secure identities to reach zero trust Identity & access management Security management Strengthen your security posture with insights and guidance Threat protection Help stop damaging attacks with integrated and automated security Locate and classify information anywhere it lives Information protection Infrastructure security
  • 28. Infrastructure security Defense in Depth Azure Built-in Controls Identity & Access Apps & Data Security Network Security Threat Protection Security Management
  • 29. Infrastructure security Defense in Depth Microsoft + Partners Role based access Encryption DDoS Protection Antimalware Log Management Multi-Factor Authentication Confidential Computing NG Firewall AI Based Detection and Response Security Posture Assessment Central Identity Management Key Management Web App Firewall Cloud Workload Protection Policy and governance Identity Protection Certificate Management Enterprise Connectivity SQL Threat Protection Regulatory Compliance Privileged Identity Management Information Protection Network Segmentation IoT Security SIEM Identity & Access Apps & Data Security Network Security Threat Protection Security Management
  • 30. Secure data through its lifecycle Protect data in useStandard Data Protection At rest Encrypt inactive data when stored in blob storage, database, etc. In transit Encrypt data that is flowing between untrusted public or private networks In use Protect/Encrypt data that is in use during computation
  • 31. Manage keys and certificates for secure applications Key, Secrets & Certificate Management, backed by cloud hosted HSMs- Azure Key Vault Virtual machines Applications Storage & databases Encrypt keys and small secrets using keys in Hardware Security Modules (HSMs) Simplify and automate tasks for SSL/TLS certificates, enroll and automatically renew certificates Rapidly scale to meet the cryptographic needs of your cloud applications and match peak demand Safeguard cryptographic keys and other secrets used by cloud apps and services
  • 32. Application protection Network protection services enabling zero trust Network Security Groups Distributed inbound & outbound network (L3-L4) traffic filtering on VM, Container or subnet DDoS protection DDOS protection tuned to your application traffic patterns Micro segmentation Web Application Firewall Centralized inbound web application protection from common exploits and vulnerabilities Azure Firewall Centralized outbound and inbound (non-HTTP/S) network and application (L3-L7) filtering Service Endpoints Restrict access to Azure service resources (PaaS) to only your Virtual Network
  • 33. Manage Security Posture and Define Governance Continuous Assessment & Recommendations Centralized Security Policy Compliance Reports Templates & Blueprints Cloud Security Posture Management + Governance
  • 34. Identity and access management Conditional access Identity protectionSecure authentication
  • 35. Secure authentication Getting to a world without passwords Microsoft Authenticator FIDO2 Security KeysWindows Hello
  • 36. Secure authentication Microsoft Authenticator MFA for enterprise and consumer accounts and applications Device registration (workplace join) Single sign-on to native mobile apps Certificate-based SSO
  • 37. Identity protection An integral component of Microsoft Threat Protection Azure AD Identity Protection Azure ATP Microsoft Cloud App Security
  • 38. Microsoft Threat Protection Correlate across attack vectors Detect & remediate breaches Protect the digital estate Help stop damaging attacks with integrated and automated security
  • 39. Microsoft Threat Protection Identities Endpoints User Data Cloud Apps Infrastructure Intelligent Security Graph | 6.5 TRILLION signals per day
  • 40. Protect the digital estate Guidance for better control over expanding attack surface Shared signal helps protect all attack vectors Unparalleled visibility helps you focus on the right actions
  • 42. Detect and remediate breaches Seamless integration across services to stop advanced threats Detailed, real-time telemetry to provide threat campaign information In-depth alerts and intelligent recommendations for threat mitigation
  • 43. Microsoft Information Protection Discover & classify sensitive information Apply protection based on policy Monitor & remediate Apps On-premisesCloud servicesDevices Across Accelerate Compliance
  • 44. Follow the data—throughout its lifecycle Apply protection based on policy Have you defined what “sensitive data” means for your company? Do you have a way to detect sensitive data across your company? Do you have a way to ensure that labels persist with the data—wherever it travels? Which regulations and compliance factors impact you? Are you able to empower end-users to classify and label content themselves, or apply automatically based on company policies? Detect & classify sensitive information Monitor & remediate Do you have visibility into how sensitive data is being access and shared, even across 3rd-party SaaS apps and cloud services? Are you able to remediate actions immediately, such as quarantine data or block access? Are you able to integrate event information into your SIEM system or other tools?
  • 45. Security management Strengthen your security posture with insights and guidance Visibility Control Guidance Devices InfrastructureApps & dataIdentity Across
  • 49. M365 F1 M365 E31 M365 E51 Operating System Windows Enterprise (including VDA rights) ⚫2 ⚫ ⚫ Productivity & Collaboration Office client apps (Word, Excel, PowerPoint, OneNote, Access) ⚫ ⚫ Office Mobile apps, chat and meetings (Microsoft Teams, Skype for Business Online), email & calendar (Outlook, Exchange), social & Internet (SharePoint, Yammer), task management (PowerApps, Flow, Planner) ⚫3 ⚫ ⚫ Device & App Management Microsoft Intune, Windows AutoPilot, Fine Tuned User Experience, and Windows Analytics Device Health ⚫ ⚫ ⚫ Security Microsoft Advanced Threat Analytics, Windows Defender Antivirus, Device Guard4, Azure Active Directory Plan 1, Windows Hello, Credential Guard, Direct Access4 ⚫ ⚫ ⚫ Microsoft 365 E5 Security (Microsoft Cloud App Security, Azure Active Directory Plan 2, Office 365 Advanced Threat Protection Plan 2, Azure Advanced Threat Protection, Windows Defender Advanced Threat Protection) ⚫ Compliance Windows Information Protection, BitLocker, Azure Information Protection Plan 1 ⚫ ⚫ ⚫ Office 365 Data Loss Prevention ⚫ ⚫ Microsoft 365 E5 Compliance (Office 365 Advanced Compliance, Azure Information Protection Plan 2) ⚫ Communications Audio Conferencing, Phone System ⚫ Analytics MyAnalytics ⚫ ⚫ ⚫ Delve ⚫ ⚫ Power BI Pro ⚫ SeeSpeakerNotesforfootnotes Microsoft 365 Enterprise Plan Overview
  • 50. challenges integrating with customers’ existing security tools and workflows connecting customers’ security technologies to streamline operations and improve threat defense opportunities+
  • 51. Unify integration with Microsoft Graph ALL • Microsoft 365 • Azure • Microsoft Partners ONE https://graph.microsoft.com
  • 52. Microsoft Graph Security API Streamline alert correlation and management Simplify orchestration and automation Unlock context to inform security operations
  • 53. What is the Security API? Microsoft services – no extra cost
  • 54. Alerts Other Security Entities* (context, actions, …) Common Libraries, Authentication, and Authorization Graph Security API Federates Queries, Aggregates Results, Applies Common Schema Secure Score Other Graph Services (Azure AD, O365, SharePoint, Intune …) Intune Azure AD Identity Protection Azure ATP Cloud Application Security Azure Security Center Azure Info ProtectionOffice 365 ATP Windows Defender ATP SIEM + log analytics Your custom app Security applications
  • 55. Contact Information © 2019 Razor Technology, LLCwww.razor-tech.com David Rosenthal VP & General Manager Digital Business @DavidJRosenthal Slideshare Blog: www.razor-tech.com 5 Tower Bridge 300 Barr Harbor Dr., Suite 705 West Conshohocken, PA 19428 www.razor-tech.com David.Rosenthal@razor-tech.com Cell: 215.801.4430 Office: 866.RZR.DATA LETS KEEP IN TOUCH