Getting access to your information in Microsoft 365 starts with logging in but is it secure as it could be? Understanding security options at the point of entry like MFA, Legacy Authentication and Conditional Access on all devices is critical to keeping information protected as it is not only you that is trying to log into your account these days! Learn what security technologies you can add at login and the best practices approaches to configuring and monitoring these. Security starts at the doorway to Microsoft 365 and simple configurations can greatly reduce your risks of unauthorised access. Come and learn what can be done.
10. The challenge of securing your environment
The digital estate offers
a very broad surface
area that is difficult to
secure
Bad actors are using
increasingly creative
and sophisticated
attacks
Intelligent correlation
and action on signals is
difficult, time-consuming,
and expensive
11. PCs, tablets, mobile
Office 365 Data Loss PreventionWindows Information Protection
& BitLocker for Windows 10
Azure Information Protection
Exchange Online,
SharePoint Online,
Skype for Business &
OneDrive for Business
Highly
regulated
Microsoft Intune MDM & MAM
for Windows, iOS & Android Microsoft Cloud App Security
Office 365 Advanced Data Governance
Azure
Information
Protection
Comprehensive protection of sensitive data across devices, cloud services, and on-premises
Windows 10 Office 365 EM+S & Cloud
Services
Advanced Device
Management
34. Unusual file share activity
Unusual file download
Unusual file deletion activity
Ransomware activity
Data exfiltration to unsanctioned apps
Activity by a terminated employee
Indicators of a
compromised session
Malicious use of
an end-user account
Suspicious inbox rules (delete, forward)
Malware implanted in cloud apps
Malicious OAuth application
Multiple failed login attempts to app
Threat delivery
and persistence
!
!
!
Unusual impersonated activity
Unusual administrative activity
Unusual multiple delete VM activity
Malicious use of
a privileged user
Activity from suspicious IP addresses
Activity from anonymous IP addresses
Activity from an infrequent country
Impossible travel between sessions
Logon attempt from a suspicious user agent
49. • Privileged role membership only granted for a limited amount of time
Privileged Identity Management
• Roles can be configured to require staff to perform MFA prior to elevation of privilege
• Roles can be granted automatically or after review by one or more approvers
• All role requests for and role approvals are automatically recorded in logs or by email
• Almost all roles should be managed by PIM, with a “break glass” permanent account for critical
roles just in case
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60. Conditional Access + Identity Protection
Corporate
Network
Geo-location
Microsoft
Cloud App SecurityMacOS
Android
iOS
Windows
Windows
Defender ATP
Client apps
Browser apps
Google ID
MSA
Azure AD
ADFS
Require
MFA
Allow/block
access
Block legacy
authentication
Force
password
reset******
Limited
access
Controls
Employee & Partner
Users and Roles
Trusted &
Compliant Devices
Physical &
Virtual Location
Client apps &
Auth Method
Conditions
Machine
learning
Policies
Real time
Evaluation
Engine
Session
Risk
3
171TB
Effective
policy
82. User browses to a
website
Phishing
mail
Opens
attachment
Clicks on a URL
+
Exploitation
& Installation
Command
& Control
Brute force account or
use stolen account credentials
User account
is compromised
Attacker
attempts lateral
movement
Privileged
account
compromised
Domain
compromised
Attacker accesses
sensitive data
Exfiltrate data
Protection across
Azure AD Identity Protection
Identity protection &
conditional access
Cloud App Security
Extends protection & conditional
access to other cloud apps
Azure ATP
Azure AD Identity Protection
Identity protection &
conditional access
Identity protection
Windows Defender
ATP
Endpoint protection
Office 365 ATP
Malware detection, safe links,
safe attachments
Attacker collects recon
and config data
83.
84.
85.
86. Resources
• Cyber Security: The Small Business Best Practice Guide -
https://www.asbfeo.gov.au/sites/default/files/documents/ASBFEO-cyber-security-research-report.pdf
• Australian Cyber Security Centre - https://www.cyber.gov.au/
• Office 365 Security and Compliance - https://docs.microsoft.com/en-
us/office365/securitycompliance/
• Microsoft Trust Center - https://www.microsoft.com/en-us/trustcenter/security/office365-security
• Microsoft Secure Score - https://docs.microsoft.com/en-us/office365/securitycompliance/microsoft-
secure-score
• Microsoft 365 for Partners Security - https://www.microsoft.com/microsoft-365/partners/security
• What are Security defaults - https://docs.microsoft.com/en-gb/azure/active-
directory/fundamentals/concept-fundamentals-security-defaults
• Introducing conditional access for Office 365 - https://techcommunity.microsoft.com/t5/azure-
active-directory-identity/introducing-conditional-access-for-the-office-365-suite/ba-p/1131979