WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
Power Saturday 2019 E1 - Office 365 security
1. Security for the productive enterprise
in a mobile-first cloud-first world
Khalid Hussain
MCT | Cloud Solution Architect | Microsoft | AWS | GCP @ Bechtle AG
Microsoft 365 Security and Compliance
7. Microsoft 365 Security and Compliance
Digital transformation
Protect at the front door
Protect your data, anywhere
Detect and remediate attacks
Agenda
8. of employees say mobile business
apps change how they work
80%
of employees use non-approved
SaaS apps for work
41%
85%
of enterprise organizations keep
sensitive information in the cloud
On-premises
11. THE PROBLEM
The security you need integrated
with the productivity tools you want
Productivity
Secure
On-premises
OR
Security
It’s a delicate balance
12. Information
Rights
Management
Mobile Device
& Application
Management
Cloud Access
Security
Broker
SIEM
Data Loss
Prevention
User &
Entity
Behavioral
Analytics
Mobile
Data Loss
Prevention
Threat
Detection
Identity
governance
Single-
sign on
Cloud
Data Loss
Prevention
Conditional
access
Discovery
Cloud
visibility
Secure
collaboration
Cloud
anomaly
detection
Identity & Access
Management
13. Identity & Access
Management
Mobile Device
& Application
Management
Data Loss
Prevention
User &
Entity
Behavioral
Analytics
Cloud Access
Security
Broker
Information
Rights
Management
Protect at the
front door
Detect &
remediate attacks
Protect your
data anywhere
Cloud Access Security Broker
Mobile Device &
App Management
Identity & Access
Management
User & Entity
Behavioral Analytics
Data Loss Prevention
Cloud Access Security Broker
15. Mobile device &
app management
Information
protection
Identity and access
management
Threat
protection
Holistic and innovative solutions for protection across users, devices, apps and data
Protect at the
front door
Detect &
remediate attacks
Protect your
data anywhere
16. Microsoft 365 Security and Compliance
Protect at the
front door
Detect &
remediate attacks
Protect your
data anywhere
17. Protect at the
front door
Detect &
remediate attacks
Protect your
data anywhere
Microsoft 365 Security and Compliance
18. of hacking breaches
leverage stolen and/or
weak passwords
81%
Microsoft 365 Security and
Compliance
Protect at the
front door
Verizon 2017 Data Breach Investigation Report
33. Who is accessing? What is their role?
Is the account compromised?
Where is the user based? From where is
the user signing in? Is the IP anonymous?
Which app is being accessed?
What is the business impact?
Is the device healthy? Is it managed?
Has it been in a botnet?
What data is being accessed?
Is it classified? Is it allowed off premises?
35. IF
Privileged user?
Credentials found in public?
Accessing sensitive app?
Unmanaged device?
Malware detected?
IP detected in Botnet?
Impossible travel?
Anonymous client?
High
Medium
Low
User risk
10TB
per day
THEN
Require MFA
Allow access
Deny access
Force password reset******
Limit access
High
Medium
Low
Session risk
36. Enforce on-demand,just-in-time administrative access when needed
Use Alert, Audit Reports and Access Review
Domain
User
Global
Administrator
Discover, restrict, and monitor privileged identities
Domain
User
Administrator
privileges expire after
a specified interval
37. USER
Role: Sales Account Rep
Group: London Users
Client: Mobile
Config: Corp Proxy
Location: London, UK
Last Sign-in: 5 hrs ago
CONDITIONAL
ACCESS RISK
Health:Fully patched
Config:Managed
Last seen: London, UK
High
Medium
Low Allow access
TRAVEL EXPENSE
APP
38. USER
Role: VP Marketing
Group: Executive Users
Client: Mobile
Config: Corp Proxy
Location: London, UK
Last Sign-in: 5 hrs ago
CONDITIONAL
ACCESS RISK
Health:Fully patched
Config:Managed
Last seen: London, UK
High
Medium
Low Require MFA
CONFIDENTIAL
SALES APP
CONDITIONAL
ACCESS POLICY
User is a member of
a sensitive group.
Application is classified
High Business Impact.
39. USER
Role: Sales Account Representative
Group: London Users
Client: Mobile
Config: Corp Proxy
Location: London, UK
Last Sign-in: 5 hrs ago
SALES APP
CONDITIONAL
ACCESS RISK
Health: Unknown
Client: Browser
Config: Anonymous
Last seen: Asia
High
Medium
Low
Anonymous IP
Unfamiliar sign-in location for this user
Block access
Force password
reset
41. Protect at the
front door
Detect &
remediate attacks
Protect your
data anywhere
Microsoft 365 Security and Compliance
42. Microsoft 365 Security and
Compliance
Protect your
data anywhere
of workers have
accidentally shared
sensitive data to
the wrong person
58%
Stroz Friedberg
44. Who is accessing? What is their role?
Is the account compromised?
Where is the user based? From where is
the user signing in? Is the IP anonymous?
Which app is being accessed?
What is the business impact?
Is the device healthy? Is it managed?
Has it been in a botnet?
What data is being accessed?
Is it classified? Is it allowed off premises?
45. How do I protect corporate
files on mobile devices?
How do I protect the data
that’s shared externally?
How do I discover and
protect data in SaaS apps?
How do I protect sensitive data
on premises and in the cloud?
46. OUT OF YOUR CONTROL
Classification, labeling, and
protection for sensitive data
on-premises and in the cloud
Data protection
on mobile devices
Data visibility and
protection in cloud
and SaaS applications
47. Protect sensitive data on-premises and in the cloud
Classification
and labeling
Classify data based on
sensitivity and add labels—
manually or automatically.
Protection
Encrypt your sensitive
data and define usage
rights or add visual
markings when
needed.
Monitoring
Use detailed tracking
and reporting to see
what’s happening with
your shared data and
maintain control over it.
48. Gain visibility and control over data in cloud apps
Cloud discovery
Discover cloud apps used in your
organization, get a risk assessment
and alerts on risky usage.
Data visibility
Gain deep visibility into where
data travels by investigating all
activities, files and accounts for
managed apps.
Data control
Monitor and protect personal and
sensitive data stored in cloud apps
using granular policies.
49. Role: Finance
Group: Contoso Finance
Office: London, UK
INTERNAL
Azure information
protection
Identifies document tagged
INTERNAL being shared publicly
Move to
quarantine
Restricted
to owner
USER
Uploaded to
public share
Admin notified
about problem.
CLOUD APP
SECURITY PORTAL
50. Advanced device
management
Enforce device encryption,
password/PIN requirements,
jailbreak/root detection, etc.
Device security configuration
Restrict access to specific
applications or URL
addresses on mobile
devices and PCs.
Restrict apps and URLs
Managed apps
Personal appsPersonal apps
MDM (3rd party or Intune) optional
Managed apps
Corporate
data
Personal
data
Multi-identity policy
Control company data after
it has been accessed, and
separate it from personal
data.
Data control / separation
51. USER
User is prompted
to create a PIN
User edits
document stored
in OneDrive for
Business
User saves
document to…
User adds
business account
to OneDrive app
Intune configures
app protection policy
OneDrive
for Business
Allow
access
• Copy/Paste/SaveAs controls
• PIN required
• Encrypt storage
53. Protect at the
front door
Detect &
remediate attacks
Protect your
data anywhere
Microsoft 365 Security and Compliance
54. Detect &
remediate attacks
Microsoft 365 Security and
Compliance
PhishMe 2016
of cyberattacks and
the resulting data
breach begin with a
spear phishing email
91%
56. How do I detect attackers moving
laterally in my environment?
How do I detect Pass-the-Hash?
Pass-the-Ticket?
How do I detect compromised
credentials?
Aren’t rules-based security solutions
enough?
How can I remediate in real-time?
Automatically?
57. On-premises abnormal behavior
and advanced threat detection
Identity-based attack
and threat detection
Anomaly detection
for cloud apps
!
!
!
58. Monitors behaviors of users and other entities
by using multiple data-sources
Profiles behavior and detects anomalies
by using machine learning algorithms
Evaluates the activity of users and other entities
to detect advanced attacks
Credit card companies monitor cardholders’ behavior.
By observing purchases, behavioral analytics learn what behavior is typical for each buyer.
If there is any abnormal activity, they will notify the cardholder to verify charge.
$$$
$
3 hours
59.
60.
61.
62. USER
Anonymous user behavior
Unfamiliar sign-in location
ATTACKER
Phishing attack
User account
is compromised
#
Attacker attempts
lateral movement
Attacker
accesses
sensitive data
Privileged
account
compromised
Anonymous user behavior
Lateral movement attacks
Escalation of privileges
Account impersonation
Data exfiltration
Attacker steals
sensitive data
Cloud data &
SaaS apps
Zero-day /
brute-force attack
64. Apps
Risk
MICROSOFT INTUNE
Make sure your devices are
compliant and secure, while
protecting data at the
application level
AZURE ACTIVE
DIRECTORY
Ensure only authorized
users are granted access
to personal data using
risk-based conditional
access
MICROSOFT CLOUD
APP SECURITY
Gain deep visibility, strong
controls and enhanced
threat protection for data
stored in cloud apps
AZURE INFORMATION
PROTECTION
Classify, label, protect and
audit data for persistent
security throughout the
complete data lifecycle
MICROSOFT ADVANCED
THREAT ANALYTICS
Detect breaches before they
cause damage by identifying
abnormal behavior, known
malicious attacks and security
issues
!
Device
!
Access
granted
to data
CONDITIONAL
ACCESS
Classify
LabelAudit
Protect
!
!
Location
65. Mobile device &
app management
Information
protection
Holistic and innovative solutions for protection across users, devices, apps and data
Azure Active Directory
Premium
Microsoft
Intune
Azure Information
Protection
Microsoft Cloud
App Security
Microsoft Advanced
Threat Analytics
Identity and access
management
Threat
protection