The document provides guidance on securing Microsoft 365 services through tools like Conditional Access policies and Zero Trust concepts. It recommends emphasizing identity security using Azure AD, enforcing multi-factor authentication, and applying Conditional Access rules. The document also provides references to security advisors and resources like books, blogs, and Twitter accounts that provide best practices for securing Microsoft 365.

1. Improve your security – Manage your data, devices and processes better!
Emphasis in this Deck on Securing MS-365 Via Microsoft Security Tooling
FOCUS TODAY – Conditional Access Policies and Zero Trust Concepts!
Zero Trust Architecture / Clear Segments / Conditional Access
Trusted Advisors (If we have time!)
Microsoft Security Advice
Securing Our MICROSOFT Cloud Estate
(Microsoft 365 and Azure today)

2. Microsoft Digital Defense Report – Latest Version October 2023

5. Microsoft Digital Defense Report – Stopping Ransomware

6. Microsoft Licensing Labyrinth!
Website provides GREAT links &
Interactive Guides
What is included in EACH
license or bundle – Links to
feature descriptions and
documentation
Knowing or planning for your
licensing is KEY to succeeding
with SECURING MICROSOFT
365
After struggling with this we
negotiated to get E5 licenses
for MOST of our estate!
Recent Change:
Full logging now available to
ALL customers in ALL service
levels and licenses

7. DEFENDING YOUR USERS ACCOUNTS AND SERVICES
Identity IS the New Perimeter
• Entra ID (Azure AD) Accounts and Azure MFA
• Avoid Easily Phished MFA
For ALL User Accounts & Access:
Microsoft Authenticator and Number
Matching with Managed Devices /
App
For All ADMIN Accounts: FIDO Key
MFA and Privileged Identity
Management
(No standing admin access)
Conditional Access Rules
Apply conditions to strengthen
security
Require STRONG MFA and Compliant
Devices; Block Otherwise (Geo, etc.)
Secure Score for Identity is KEY
NGC Uses CrowdStrike Identity Protection Too

8. DEFENDING YOUR USERS ACCOUNTS AND SERVICES
Secure Score Makes YOUR SETUP Very Visible Versus Microsoft / Best Practice Guidance (ALL Accounts &
Services)

9. DEFENDING YOUR USERS ACCOUNTS AND SERVICES
Identity Protection Relies On Microsoft AND End User Signals – Auto-Remediates Detected Risk / Disrupts
Attacks

10. Improve your security – Manage your data, devices and processes better!
Secure Your MS365 Solutions / “Best Practices” Advisors, Sources
Reduce and Classify Data Footprint
Zero Trust Architecture / Clear Segments / Conditional Access
Microsoft Security Advice
Securing Our MICROSOFT Cloud Estate (Microsoft 365 today)
Protecting MS365 / AzureAD / Entra ID Accounts from On-Premises Compromise

11. Protecting MS365/Cloud Admins (Applies to Azure Too!)
Merill Fernando is a top-notch
resource! Follow on X and sign
up for weekly newsletter!
Dedicated Cloud Only Accounts
(we call these X-accounts)
Use FIDO Compliant Auth –
Passkeys, Authenticator, HW
Keys
Use Conditional Access Policies
to apply Zero Trust – Devices,
Roles, Session length and More!
Use PIM for JIT Role Activation
Deploy a PAW for most
privileged admin roles (Global
Administrator)

13. Conditional Access – The Basics

15. https://aka.ms/MCRA
S3
Azure Active Directory
Azure Key Vault
Azure Backup
GitHub Advanced Security – Secure development and software supply chain
Defender for Cloud – Cross-Platform Cloud Security Posture Management (CSPM)
B2B B2C
Azure AD App Proxy
Beyond User VPN
Security Documentation
Microsoft Best Practices
Top 10
Benchmarks CAF WAF
Security & Other Services
Discover
Protect
Classify
Monitor
Microsoft Sentinel – Cloud Native SIEM, SOAR, and UEBA for IT, OT, and IoT
Endpoint
& Server/VM
Office 365
Email and Apps
Cloud
Azure, AWS, GCP,
On Premises &
other 3rd party
clouds
Identity
Cloud &
On-Premises
SaaS
Cloud Apps
Other Tools,
Logs, & Data
Sources
+ More
OT, IoT, SQL,
and more

16. ADVICE FOR SECURING
MICROSOFT 365 SERVICES
• SECURE SCORE Tooling
• Part of Defender – at Security.Microsoft.com
• Loaded with Microsoft Guidance
• Connected to your tenant (licenses, settings)
• Shows Current, Planned and Achievable Score
• Simple way to convey MS365 Security Plans and
report on your status
ADMIN.MICROSOFT.COM Guidance Too!
Microsoft 365 Admin Center (Product Specifics)

17. ADVICE FOR SECURING
MICROSOFT 365 SERVICES
• Microsoft Documentation: Defender for Office 365
Email Defenses Are HUGE: EOP and Defender ATP
Deploy SPF, DKIM and DMARC together!!
Also - Up to 350 User Impersonation Protection
SECURED BY DEFAULT – PRESETS APPLIED
• Leverage ‘Configuration Analyzer’ Tools
• Use Admin Center Guidance ‘Wizards’
• Groups or lists of users can have separate policies
• Be sure to turn on ‘Audit log search’
• Check Out Security Operations Guides Too

18. ADVICE FOR SECURING
MICROSOFT 365
Excellent Book:
SECURING MICROSOFT 365
• Excellent source of guidance from an MVP
• Author: Joe Stocker
• Twitter: https://twitter.com/ITguySoCal
• Blog: https://thecloudtechnologist.com/
• CEO of Patriot Consulting
• YouTube Page

19. ADVICE FOR SECURING
MICROSOFT 365
Second Excellent Book:
MICROSOFT 365 SECURITY for IT PROS
• Excellent source of guidance from several MVPs
• Author: Michael Van Horenbeeck
• Twitter: https://twitter.com/vanhybrid?lang=en
• Partner: Thijs LeCompte (also an MVP)
• Frequently posts LinkedIn and Practical365.com

20. ADVICE FOR SECURING
MICROSOFT 365
Third Excellent Book:
OFFICE 365 for IT PROS
• Not as security focused BUT lots of great admin
advice! (Are you a security specialist? Not me!)
• Author: Tony Redmond & Team
• Blog Site: https://office365itpros.com/
• Lots of Security Posts Available (2023 security
tasks)
• Page of Security Resource Links

21. ADVICE FOR SECURING AZURE AD (ENTRA
ID) WITH CONDITIONAL ACCESS
Excellent Advisor / Frequent Twitter Posts:
MERILL FERNANDO
• Rich source of Microsoft guidance
• Newsletter: Entra News ( https://entra.news/ )
• LinkedIn: https://www.linkedin.com/in/merill/
• Twitter: https://twitter.com/merill?lang=en
• Microsoft Cybersecurity & Azure Advice
• CMD.MS, idPowerToys and More!

22. ADVICE FOR SECURING
MICROSOFT 365 (AND MORE)
Excellent Advisor / Frequent Contributor:
MARK SIMOS
• Rich source of Microsoft guidance
• New Book Series – Zero Trust Playbook
• LinkedIn: https://aka.ms/markslist
• Twitter: https://twitter.com/MarkSimos
• Microsoft Cybersecurity Reference Architecture
• CISO Guidance (Videos, Information)

23. Discussions? Questions? Issues?
Emphasis in this Deck on Securing MS-365 Via Microsoft Security Tooling
Secure Your MS365 Solutions / “Best Practices” Advisors, Sources
Microsoft Security Questions?

24. https://aka.ms/MCRA
S3
Azure Active Directory
Azure Key Vault
Azure Backup
GitHub Advanced Security – Secure development and software supply chain
Defender for Cloud – Cross-Platform Cloud Security Posture Management (CSPM)
B2B B2C
Azure AD App Proxy
Beyond User VPN
Security Documentation
Microsoft Best Practices
Top 10
Benchmarks CAF WAF
Security & Other Services
Discover
Protect
Classify
Monitor
Microsoft Sentinel – Cloud Native SIEM, SOAR, and UEBA for IT, OT, and IoT
Endpoint
& Server/VM
Office 365
Email and Apps
Cloud
Azure, AWS, GCP,
On Premises &
other 3rd party
clouds
Identity
Cloud &
On-Premises
SaaS
Cloud Apps
Other Tools,
Logs, & Data
Sources
+ More
OT, IoT, SQL,
and more

25. Standing On The Shoulders Of Giants
To promote the use of best practices for providing security assurance within
Cloud Computing, and provide education on the uses of Cloud Computing
to help secure all other forms of computing.
Celebrated its 10th Anniversary at recent summit meeting!!
Software Defined Perimeter

28. What is Intune?
Register / Manage Devices
DEP / Company Owned or BYOD
Configure / Enforce Compliance
Application Delivery
Data / App Protection
Containerize Our Data on Devices
SW Defined Perimeter/PKI Support
Conditional Access
Support for rules and tools

29. Conditional Access – The Basics

30. Secure Identity Infrastructure
1. Strengthen your credentials.
2. Reduce your attack surface area.
3. Automate threat response.
4. Increase your awareness of auditing and
monitoring.
5. Enable more predictable and complete end-user
security with self-help.
Use Conditional Access – Trusted
Devices
1. Only trusted Devices and Users get access to
enterprise data and applications
2. Different rules can invoke MORE or less security
and risk protections (next slide)

31. Make Our New Systems MORE Secure!
• Less Data And Content Means Less “Attack Surface”
• Far Easier To Defend LESS Data – Also Well Defined (Labeled)
• Data Classification and Access Tracking FAR Easier
• Retire OLD Servers / PCs – New OSes Far MORE Secure
• Azure/Server 2019+ and Windows 10 Better Built/Better
Defended
• Microsoft Delivers Updates, Enhancements Regularly (ready or
not!)
• Lots of Tools – Microsoft 365 E5 = O365-EMS-Windows
10E
• Licensed All 3 Tools For Improved / Interlocked Security

32. Shifted Our Data Gravity!
OLD System: Most Data “Inside the Data Center”
Mainframe, Email, Files and most resources accessed via VPN
Private MPLS from Plants / Remote sites – VPN for partners
NEW System: Most Data Shifts to MS, SaaS Apps in
Cloud
Email, Files and most resources accessed via Azure-AD /
Directly
Azure-AD Single Sign On to SaaS Applications
Private MPLS from Plants Goes to Cloud - VPN for Small #

33. Key Takeaways! Secure Your Estate!
Secure Score Guidance!
Logging Turned On / Checking
MFA / W10 for Admin Access,
Expand to ALL Access
Enforce STRONG Credentials &
Leaked Credential Protection
Baseline Policy Conditional
Access