Power Saturday 2019 E1 - Office 365 security

Security for the productive enterprise
in a mobile-first cloud-first world
Khalid Hussain
MCT | Cloud Solution Architect | Microsoft | AWS | GCP @ Bechtle AG
Microsoft 365 Security and Compliance

On-premises /
Private cloud
devices datausers apps
THE WORLD BEFORE
MOBILITY & CLOUD

On-premises /
Private cloud
CLOUD APPS & SAAS SERVICES

On-premises /
Private cloud
MOBILE AND PERSONAL DEVICES

On-premises /
Private cloud
ORGANIZATION & SOCIAL IDENTITIES

Digital transformation
Protect at the front door
Protect your data, anywhere
Detect and remediate attacks
Agenda

of employees say mobile business
apps change how they work
80%
of employees use non-approved
SaaS apps for work
41%
85%
of enterprise organizations keep
sensitive information in the cloud
On-premises

Devices AppsIdentity Data
On-premises

THE PROBLEM
The security you need integrated
with the productivity tools you want
Productivity
Secure
On-premises
OR
Security
It’s a delicate balance

Information
Rights
Management
Mobile Device
& Application
Management
Cloud Access
Security
Broker
SIEM
Data Loss
Prevention
User &
Entity
Behavioral
Analytics
Mobile
Data Loss
Prevention
Threat
Detection
Identity
governance
Single-
sign on
Cloud
Data Loss
Prevention
Conditional
access
Discovery
Cloud
visibility
Secure
collaboration
Cloud
anomaly
detection
Identity & Access
Management

Identity & Access
Management
Mobile Device
& Application
Management
Data Loss
Prevention
User &
Entity
Behavioral
Analytics
Cloud Access
Security
Broker
Information
Rights
Management
Protect at the
front door
Detect &
remediate attacks
Protect your
data anywhere
Cloud Access Security Broker
Mobile Device &
App Management
Identity & Access
Management
User & Entity
Behavioral Analytics
Data Loss Prevention
Cloud Access Security Broker

Protect at the
front door
Detect &
remediate attacks
Protect your
data anywhere

Mobile device &
app management
Information
protection
Identity and access
management
Threat
protection
Holistic and innovative solutions for protection across users, devices, apps and data
Protect at the
front door
Detect &
remediate attacks
Protect your
data anywhere

Protect at the
front door
Detect &
remediate attacks
Protect your
data anywhere

of hacking breaches
leverage stolen and/or
weak passwords
81%
Microsoft 365 Security and
Compliance
Protect at the
front door
Verizon 2017 Data Breach Investigation Report

To: gopi@contoso.com
Check out this URL.

Who is accessing? What is their role?
Is the account compromised?
Where is the user based? From where is
the user signing in? Is the IP anonymous?
Which app is being accessed?
What is the business impact?
Is the device healthy? Is it managed?
Has it been in a botnet?
What data is being accessed?
Is it classified? Is it allowed off premises?

Bing
Xbox Live
OneDrive
Microsoft Digital
Crimes Unit
Microsoft Cyber Defense
Operations Center
Azure
Microsoft
Accounts
Skype Enterprise Mobility
+ Security
Azure Active Directory

IF
Privileged user?
Credentials found in public?
Accessing sensitive app?
Unmanaged device?
Malware detected?
IP detected in Botnet?
Impossible travel?
Anonymous client?
High
Medium
Low
User risk
10TB
per day
THEN
Require MFA
Allow access
Deny access
Force password reset******
Limit access
High
Medium
Low
Session risk

Enforce on-demand,just-in-time administrative access when needed
Use Alert, Audit Reports and Access Review
Domain
User
Global
Administrator
Discover, restrict, and monitor privileged identities
Domain
User
Administrator
privileges expire after
a specified interval

USER
Role: Sales Account Rep
Group: London Users
Client: Mobile
Config: Corp Proxy
Location: London, UK
Last Sign-in: 5 hrs ago
CONDITIONAL
ACCESS RISK
Health:Fully patched
Config:Managed
Last seen: London, UK
High
Medium
Low Allow access
TRAVEL EXPENSE
APP

USER
Role: VP Marketing
Group: Executive Users
Client: Mobile
Config: Corp Proxy
CONDITIONAL
ACCESS RISK
Health:Fully patched
Config:Managed
Last seen: London, UK
High
Medium
Low Require MFA
CONFIDENTIAL
SALES APP
CONDITIONAL
ACCESS POLICY
User is a member of
a sensitive group.
Application is classified
High Business Impact.

USER
Role: Sales Account Representative
Group: London Users
Client: Mobile
Config: Corp Proxy
SALES APP
CONDITIONAL
ACCESS RISK
Health: Unknown
Client: Browser
Config: Anonymous
Last seen: Asia
High
Medium
Low
Anonymous IP
Unfamiliar sign-in location for this user
Block access
Force password
reset

Compliance
Protect at the
front door
Demo

Compliance
Protect your
data anywhere
of workers have
accidentally shared
sensitive data to
the wrong person
58%
Stroz Friedberg

How much control do
you have over data?
OUT OF YOUR CONTROL

How do I protect corporate
files on mobile devices?
How do I protect the data
that’s shared externally?
How do I discover and
protect data in SaaS apps?
How do I protect sensitive data
on premises and in the cloud?

OUT OF YOUR CONTROL
Classification, labeling, and
protection for sensitive data
on-premises and in the cloud
Data protection
on mobile devices
Data visibility and
protection in cloud
and SaaS applications

Protect sensitive data on-premises and in the cloud
Classification
and labeling
Classify data based on
sensitivity and add labels—
manually or automatically.
Protection
Encrypt your sensitive
data and define usage
rights or add visual
markings when
needed.
Monitoring
Use detailed tracking
and reporting to see
what’s happening with
your shared data and
maintain control over it.

Gain visibility and control over data in cloud apps
Cloud discovery
Discover cloud apps used in your
organization, get a risk assessment
and alerts on risky usage.
Data visibility
Gain deep visibility into where
data travels by investigating all
activities, files and accounts for
managed apps.
Data control
Monitor and protect personal and
sensitive data stored in cloud apps
using granular policies.

Role: Finance
Group: Contoso Finance
Office: London, UK
INTERNAL
Azure information
protection
Identifies document tagged
INTERNAL being shared publicly
Move to
quarantine
Restricted
to owner
USER
Uploaded to
public share
Admin notified
about problem.
CLOUD APP
SECURITY PORTAL

Advanced device
management
Enforce device encryption,
password/PIN requirements,
jailbreak/root detection, etc.
Device security configuration
Restrict access to specific
applications or URL
addresses on mobile
devices and PCs.
Restrict apps and URLs
Managed apps
Personal appsPersonal apps
MDM (3rd party or Intune) optional
Managed apps
Corporate
data
Personal
data
Multi-identity policy
Control company data after
it has been accessed, and
separate it from personal
data.
Data control / separation

USER
User is prompted
to create a PIN
User edits
document stored
in OneDrive for
Business
User saves
document to…
User adds
business account
to OneDrive app
Intune configures
app protection policy
OneDrive
for Business
Allow
access
• Copy/Paste/SaveAs controls
• PIN required
• Encrypt storage

Compliance
Protect your
data anywhere
Demo

Detect &
remediate attacks
Compliance
PhishMe 2016
of cyberattacks and
the resulting data
breach begin with a
spear phishing email
91%

How quickly are you
able to detect attacks?

How do I detect attackers moving
laterally in my environment?
How do I detect Pass-the-Hash?
Pass-the-Ticket?
How do I detect compromised
credentials?
Aren’t rules-based security solutions
enough?
How can I remediate in real-time?
Automatically?

On-premises abnormal behavior
and advanced threat detection
Identity-based attack
and threat detection
Anomaly detection
for cloud apps
!
!
!

Monitors behaviors of users and other entities
by using multiple data-sources
Profiles behavior and detects anomalies
by using machine learning algorithms
Evaluates the activity of users and other entities
to detect advanced attacks
Credit card companies monitor cardholders’ behavior.
By observing purchases, behavioral analytics learn what behavior is typical for each buyer.
If there is any abnormal activity, they will notify the cardholder to verify charge.
$$$
$
3 hours

USER
Anonymous user behavior
Unfamiliar sign-in location
ATTACKER
Phishing attack
User account
is compromised
#
Attacker attempts
lateral movement
Attacker
accesses
sensitive data
Privileged
account
compromised
Anonymous user behavior
Lateral movement attacks
Escalation of privileges
Account impersonation
Data exfiltration
Attacker steals
sensitive data
Cloud data &
SaaS apps
Zero-day /
brute-force attack

Detect &
remediate attacks
Compliance
Demo

Apps
Risk
MICROSOFT INTUNE
Make sure your devices are
compliant and secure, while
protecting data at the
application level
AZURE ACTIVE
DIRECTORY
Ensure only authorized
users are granted access
to personal data using
risk-based conditional
access
MICROSOFT CLOUD
APP SECURITY
Gain deep visibility, strong
controls and enhanced
threat protection for data
stored in cloud apps
AZURE INFORMATION
PROTECTION
Classify, label, protect and
audit data for persistent
security throughout the
complete data lifecycle
MICROSOFT ADVANCED
THREAT ANALYTICS
Detect breaches before they
cause damage by identifying
abnormal behavior, known
malicious attacks and security
issues
!
Device
!
Access
granted
to data
CONDITIONAL
ACCESS
Classify
LabelAudit
Protect
!
!
Location

Mobile device &
app management
Information
protection
Holistic and innovative solutions for protection across users, devices, apps and data
Azure Active Directory
Premium
Microsoft
Intune
Azure Information
Protection
Microsoft Cloud
App Security
Microsoft Advanced
Threat Analytics
Identity and access
management
Threat
protection

Power Saturday 2019 E1 - Office 365 security

Power Saturday 2019 E1 - Office 365 security

More Related Content

What's hot

Similar to Power Saturday 2019 E1 - Office 365 security

More from PowerSaturdayParis

Recently uploaded

Power Saturday 2019 E1 - Office 365 security