This presentation was used for SharePoint Saturday Cologne 2019. During the session the many security options for Office 365 and Microsoft 365 were explained and the differences explained.
4. Albert Hoitingh
Solution Architect
Motion10
Microsoft MVP Enterprise Mobility
Microsoft Certified Security Administrator Associate
International speaker
Blog: https://Alberthoitingh.com
Twitter: @Alberthoitingh
Mail: Albert.Hoitingh@Motion10.com
5. Today’s topics
So many options… Let’s compare Try it out! New developments
Ok, let’s go . . .
IT session No CISO session
(sorry)
6. Securing Privileged Access
Office 365 Security
Rapid Cyberattacks
(Wannacrypt/Petya)
https://aka.ms/MCRA Video Recording Strategies
Office 365
Dynamics 365
+Monitor
Azure Sentinel – Cloud Native SIEM and SOAR (Preview)
SQL Encryption &
Data Masking
Data Loss Protection
Data Governance
eDiscovery
7. So many options…
• Office 365 E3
• Office 365 E5
• Microsoft 365 E3
• Microsoft 365 E5
• Stand alone plans
• Add-on plans
8. Let’s compare…
Office 365 E3
• Basic level of security
• No automatic detection or actions
• Office 365 AzureIP (IRM, Message
encryption)
• eDiscovery
Microsoft 365 E3
• Azure AD P1
• AzureIP P1
• Advanced data governance
• Intune
• Microsoft Advanced Threat Analytics
Office 365 E5
• Office 365 ATP
• Customer lockbox
• Adv. Data governance
• Office 365 cloud app security
Microsoft 365 E5
• Azure AD P2
• AzureIP P2
• Cloud App Security
• Office 365 | Windows Defender |
Azure ATP
• Adv. eDiscovery, customer lockbox,
Office 365 PIM
• Microsoft Cloud App Security
• Customer Lockbox
Microsoft 365 E3 – Windows 10
• Windows Hello
• Credential Guard
• Windows Defender Antivirus
• Windows Information Protection
• BitLocker
Microsoft 365 E5 – Windows 10
• Windows Defender Advanced Threat Protection
9. Let’s compare…
Office 365 E3
• Basic level of security
• No automatic detection or actions
• Office 365 AzureIP (IRM, Message
encryption)
• eDiscovery
Microsoft 365 E3
• Azure AD P1
• AzureIP P1
• Advanced data governance
• Intune
• Microsoft Advanced Threat Analytics
Office 365 E5
• Office 365 ATP
• Customer lockbox
• Adv. Data governance
• Office 365 cloud app security
Microsoft 365 E5
• Azure AD P2
• AzureIP P2
• Cloud App Security
• Office 365 | Windows Defender |
Azure ATP
• Adv. eDiscovery, customer lockbox,
Office 365 PIM
• Microsoft Cloud App Security
• Customer Lockbox
10. So Office 365 E3 leaves me with?
• Limited conditional access options
• Limited identity protection options
• Manual classification
• Limited information protection options
• The option to go for add-on licenses or Microsoft 365
11. What if I need more?
Automatic detection of sensitive
content (data governance)
• Office 365 E5
• Microsoft 365 E5
• Advanced compliance add-on for E3
Risk-based conditional access
• Azure AD P2 (Add-on or Microsoft 365
E5)
Identity protection or PIM
• Azure AD P2 (Add-on or Microsoft 365
E5) CISO
12. Let’s take a look!
• A trial environment
• Microsoft 365 E5
• Four main subjects
1. Data governance
2. Information Protection
3. Access protection (MFA)
4. Threat Management
14. Data governance
• Retaining information
• Removing information
• Data classification
• Office E5 vs E3
• Automatic classification
• Fileplans
• Event based retention
• Disposition dashboards
15. Information protection
• Microsoft 365
• Azure Information Protection
• Sensitivity labels
• Microsoft E5 vs E3
• Automatic classification
• AzureIP Scanner
• Hold your own key
16. Access protection
• Office 365 MFA
• Azure AD P1 Conditional Access
• Azure AD P2 Risk-based
conditional Access
• Office E5 vs E3
• Both support MFA
• For additional options look at Azure
AD P1/P2 or Microsoft 365
17. Threat management
• Office 365 ATP
• Safe attachments, Safe links
• Anti-spam
• Attack simulator
• Office E5 vs E3
• Only available in Office 365 E5,
Micosoft 365 E5 or as add-on
18. Wrapping up
New admin centers (Microsoft 365)
More information
• https://www.microsoft.com/en-us/microsoft-365/compare-all-microsoft-365-
plans
• https://docs.microsoft.com/en-us/office365/servicedescriptions/office-
365-platform-service-description/office-365-securitycompliance-center
21. So Office 365 E3 leaves me with?
• Limited conditional access options
• Limited identity protection options
• Manual classification
• Limited information protection options
• The option to go for add-on licenses or Microsoft 365
22. So Office 365 E3 leaves me with?
• Out of the box MFA
• A customizable login-screen
• Extensive sharing options
• Information Rights Management & Message Encryption
• Data governance labels en retention
• Very extensive auditlog and alerting
• Very extensive mailrules (Exchange) – block forwarding
• Data loss prevention
• Out of the box MDM for SharePoint and OneDrive apps
23. Thanks for your time!
Blog: https://Alberthoitingh.com
Twitter: @Alberthoitingh
Mail: Albert.Hoitingh@Motion10.com