Getting access to your information in Microsoft 365 starts with logging in but is it secure as it could be? Understanding security options at the point of entry like MFA, Legacy Authentication and Conditional Access on all devices is critical to keeping information protected as it is not only you that is trying to log into your account these days! Learn what security technologies you can add at login and the best practices approaches to configuring and monitoring these. Security starts  at the doorway to Microsoft 365 and simple configurations can greatly reduce your risks of unauthorised access. Come and learn what can be done.

3. The Security Dilemma

4. Defence in Depth

6. Phishinglllllllll
Password
Spraylllllllll
Breach
Replay
attacker-driven sign-ins
detected in October 20191.7B
high-risk enterprise sign-in
attempts flagged in October 2019901K
compromised enterprise
accounts detected in
October 2019
162K
Phishinglllllllll
Password
Spraylllllllll
Breach
Replay
of hacking breaches leverage
stolen or weak passwords
81% Verizon 2017 Data Breach
Investigation Report
300%
increase in identity attacks
over the past year.
2017: 10M/day 2018: 100M/day 2019: 300M/day
2.5% definitively password spray; 1.6% definitively breach replay; 95.9% indeterminate

7. devices datausers apps
On-premises /
Private cloud
Firewall used to be the
Security Perimeter

9. $$
Office 365
On-
premises

10. The challenge of securing your environment
The digital estate offers
a very broad surface
area that is difficult to
secure
Bad actors are using
increasingly creative
and sophisticated
attacks
Intelligent correlation
and action on signals is
difficult, time-consuming,
and expensive

11. PCs, tablets, mobile
Office 365 Data Loss PreventionWindows Information Protection
& BitLocker for Windows 10
Azure Information Protection
Exchange Online,
SharePoint Online,
Skype for Business &
OneDrive for Business
Highly
regulated
Microsoft Intune MDM & MAM
for Windows, iOS & Android Microsoft Cloud App Security
Office 365 Advanced Data Governance
Azure
Information
Protection
Comprehensive protection of sensitive data across devices, cloud services, and on-premises
Windows 10 Office 365 EM+S & Cloud
Services
Advanced Device
Management

12. Unique insights, informed by trillions of signals

13. Where should you start?

17. Azure AD as the control point
Active Directory

19. https://protection.office.com/insightdashboard

20. https://securescore.office.com

22. Tenant branding

23. https://docs.microsoft.com/en-us/microsoft-365/admin/setup/customize-sign-in-page?view=o365-worldwide

24. ✓ Enable Multi-factor authentication
for Office 365 users
✓ Secure your Office 365
environments from leaked
credentials
https://account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx

25. MFA and Password-less
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-phone

27. https://protection.office.com/unifiedauditlog

28. https://protection.office.com/unifiedauditlog

29. How long does Azure AD store the data?
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/reference-reports-data-retention

31. Protection Alerts
https://protection.office.com/alertpolicies

32. Activity Alerts
https://protection.office.com/managealerts

33. Cloud App Security Alerts
https://portal.cloudappsecurity.com/#/alerts

34. Unusual file share activity
Unusual file download
Unusual file deletion activity
Ransomware activity
Data exfiltration to unsanctioned apps
Activity by a terminated employee
Indicators of a
compromised session
Malicious use of
an end-user account
Suspicious inbox rules (delete, forward)
Malware implanted in cloud apps
Malicious OAuth application
Multiple failed login attempts to app
Threat delivery
and persistence
!
!
!
Unusual impersonated activity
Unusual administrative activity
Unusual multiple delete VM activity
Malicious use of
a privileged user
Activity from suspicious IP addresses
Activity from anonymous IP addresses
Activity from an infrequent country
Impossible travel between sessions
Logon attempt from a suspicious user agent

35. https://securitycenter.windows.com/

36. https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection

45. MicrosoftTeams-image (1)

48. https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

49. • Privileged role membership only granted for a limited amount of time
Privileged Identity Management
• Roles can be configured to require staff to perform MFA prior to elevation of privilege
• Roles can be granted automatically or after review by one or more approvers
• All role requests for and role approvals are automatically recorded in logs or by email
• Almost all roles should be managed by PIM, with a “break glass” permanent account for critical
roles just in case

60. Conditional Access + Identity Protection
Corporate
Network
Geo-location
Microsoft
Cloud App SecurityMacOS
Android
iOS
Windows
Windows
Defender ATP
Client apps
Browser apps
Google ID
MSA
Azure AD
ADFS
Require
MFA
Allow/block
access
Block legacy
authentication
Force
password
reset******
Limited
access
Controls
Employee & Partner
Users and Roles
Trusted &
Compliant Devices
Physical &
Virtual Location
Client apps &
Auth Method
Conditions
Machine
learning
Policies
Real time
Evaluation
Engine
Session
Risk
3
171TB
Effective
policy

61. https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview

70. Azure Sentinel
https://docs.microsoft.com/en-us/azure/sentinel/overview

80. • https://aka.ms/PasswordSprayBestPractices

82. User browses to a
website
Phishing
mail
Opens
attachment
Clicks on a URL
+
Exploitation
& Installation
Command
& Control
Brute force account or
use stolen account credentials
User account
is compromised
Attacker
attempts lateral
movement
Privileged
account
compromised
Domain
compromised
Attacker accesses
sensitive data
Exfiltrate data
Protection across
Azure AD Identity Protection
Identity protection &
conditional access
Cloud App Security
Extends protection & conditional
access to other cloud apps
Azure ATP
Azure AD Identity Protection
Identity protection &
conditional access
Identity protection
Windows Defender
ATP
Endpoint protection
Office 365 ATP
Malware detection, safe links,
safe attachments
Attacker collects recon
and config data

86. Resources
• Cyber Security: The Small Business Best Practice Guide -
https://www.asbfeo.gov.au/sites/default/files/documents/ASBFEO-cyber-security-research-report.pdf
• Australian Cyber Security Centre - https://www.cyber.gov.au/
• Office 365 Security and Compliance - https://docs.microsoft.com/en-
us/office365/securitycompliance/
• Microsoft Trust Center - https://www.microsoft.com/en-us/trustcenter/security/office365-security
• Microsoft Secure Score - https://docs.microsoft.com/en-us/office365/securitycompliance/microsoft-
secure-score
• Microsoft 365 for Partners Security - https://www.microsoft.com/microsoft-365/partners/security
• What are Security defaults - https://docs.microsoft.com/en-gb/azure/active-
directory/fundamentals/concept-fundamentals-security-defaults
• Introducing conditional access for Office 365 - https://techcommunity.microsoft.com/t5/azure-
active-directory-identity/introducing-conditional-access-for-the-office-365-suite/ba-p/1131979

87. Email : director@ciaops.com
Twitter : @directorcia