Embed Size (px)
Citation preview
SECURING THE MODERN WORKPLACE WITH
MICROSOFT 365
Who am I?Karel Pelckmans
Cloud & Security Solutions Specialist @ Synergics
@karelpelck
https://www.linkedin.com/in/karelpelck/
Protect your data
Enable your users
Empowering Enterprise Mobility
Unify your environment
People-centric approach
Devices Apps Data
What is Microsoft
365?
• Office 365
• Enterprise Mobility + Security
• Windows 10
Microsoft Intune
Office 365 Threat
Intelligence
Windows Defender
Advanced Threat
Protection
Azure Active
Directory
Office 365 Advanced
Threat Protection
Microsoft Cloud
App Security
Azure Security
Center
Azure Advanced
Threat Protection
Windows 10
Identities: Validating, verifying and
protecting both user and admin
accounts
User Data: Evaluating email messages
and documents for malicious content
Endpoints: Protecting user devices and
signals from sensors
Infrastructure: Protecting servers,
virtual machines, databases and
networks across cloud and on-
premises locations
Cloud Apps: Protecting SaaS applications
and their associated data stores
1
3
2
5
4
Microsoft Threat Protection
Exchange Online
Protection
SQL ServerWindows Server
Linux
Microsoft Intelligent Security Graph
Identity and Access Management
• Prevents 95% of identity attacks
• Cloud intelligence to ensure strong passwords
• User friendly strong authentication
Azure AD Password Protection
Multi-Factor Authentication
Go Password-less with Windows Hello
Secure Authentication
Azure AD Identity Protection
Connected Intelligence Continuous Detection Actionable Insights
Observe trillions of signals
and risk events from cloud
systems
Apply artificial intelligence and human
expertise to derive accurate insights
Send alerts, self-mitigate,
and automatically remediate
threats
AI driven protection
RequireMFA
Allow/blockaccess
Block legacyauthentication
Forcepasswordreset
******
Limitedaccess
Controls
Employee & PartnerUsers and Roles
Physical &Virtual Location
Client apps &Auth Method
Conditions
Machinelearning
Policies
Real timeEvaluationEngine
SessionRisk
3
40TB
Effectivepolicy
Conditional Access
Azure AD Privileged Identity Management (PIM)
See which users are assigned privileged roles
Enable on-demand, "just in time" administrative access
Set up approval flows for privilege activation
Get alerts and view a history of administrator activation and actions
Review administrative roles and require users to provide justification to retain membership
Manage built-in Azure Resource roles,as well as custom (RBAC) roles
Intune Role Administrator
DevTest Labs User
Security Reader
Virtual Machine User Login
Contoso Expenses App Moderator
Management and auditing of admin roles across Azure and Office clouds
Office 365 Advanced Threat Protection (ATP)
What is it?Office 365 Advanced Threat Protection (ATP) helps to protect organizations from malicious attacks by:
ITUser
Enroll devices in Microsoft Intune
Actions upon device enrollment
• Deploy email, VPN, and WiFi profiles
• Deploy certificates
• Deploy and install apps
• Deploy managed app configuration policies
• Apply and enforce device configuration settings
• Collect hardware and software inventory data
Microsoft Intune
Devicesenrolled
MICROSOFT CLOUD APP SECURITY
Visibility into 15k+ cloud apps, data access & usage,
potential abuse
AZURE SECURITY CENTER INFORMATION PROTECTION
Classify & label sensitive structured data in Azure SQL, SQL
Server and other Azure repositories
OFFICE APPS
Protect sensitive information while working in Excel, Word,
PowerPoint, Outlook
AZURE ADVANCED THREAT PROTECTION
Identify advanced data related attacks and insider threats
OFFICE 365 DATA LOSS PREVENTION
Prevent data loss across Exchange Online, SharePoint Online,
OneDrive for Business
SHAREPOINT & GROUPS
Protect files in libraries and lists
OFFICE 365 ADVANCED DATA GOVERNANCE
Apply retention and deletion policies to sensitive and
important data in Office 365
ADOBE PDFs
Natively view labeled and protected PDFs on Adobe
Acrobat Reader
Comprehensive set of capabilities
WINDOWS INFORMATION PROTECTION
Separate personal vs. work data on Windows 10 devices,
prevent work data from traveling to non-work locations
OFFICE 365 MESSAGE ENCRYPTION
Send encrypted emails in Office 365 to anyone
inside or outside of the company
CONDITIONAL ACCESS
Control access to files based on policy, such as identity, machine
configuration, geo location
Discover | Class i fy | Protect | Monitor
SDK FOR PARTNER ECOSYSTEM & ISVs
Enable ISVs to consume labels, apply protection
Data Loss Prevention (DLP)
What is it?
The Data Loss Prevention (DLP) policy helps you prevent sensitive information such as credit card numbers, social security numbers or health records from inadvertently leaking outside your organization.
What you need to know
A DLP policy contains a few basic things:
Where to protect the content – locations such as Exchange Online, SharePoint Online and OneDrive for Business sites.
When and how to protect the content by enforcing rules comprised of:
▪ Conditions the content must match before the rule is enforced – for example, look only for content containing Social Security numbers that's been shared with people outside your organization.
▪ Actions that you want the rule to take automatically when content matching the conditions is found – for example, block access to the document and send both the user and compliance officer an email notification.
Azure Information Protection (AIP)
What is it?
Azure Information Protection (sometimes referred to as AIP) is a cloud-based solution that helps an organization to classify, label and protect its documents and emails. This can be done automatically by administrators who define rules and conditions.
What you need to know
AIP works by classifying data based on sensitivity. You configure policies to classify, label, and protect data, based on its sensitivity. Classification with Azure Information Protection is fully automatic, driven by users or based on recommendations.
Classification and protection of information follow the data—ensuring it remains protected regardless of where it’s stored or who it’s shared with. You can define who can access data and what they can do with it—such as allowing to view and edit files, but not print or forward.
Microsoft Cloud App Security
Discover and
assess risks
Protect your
information
Detect
threats
Control access
in real time
Identify cloud apps on your
network, gain visibility into shadow
IT, and get risk assessments and
ongoing analytics.
Get granular control over data
and use built-in or custom
policies for data sharing and
data loss prevention.
Identify high-risk usage and
detect unusual behavior using
Microsoft threat intelligence
and research.
Manage and limit cloud app
access based on conditions and
session context, including user
identity, device, and location.
10101010101010101010101010101011010
10101
Browse to
a website
Phishing
Open
attachment
Click a URL Exploitation
& InstallationCommand
& Control
User account
is compromised
Brute force account or use
stolen account credentials
Attacker attempts
lateral movement
Privileged account
compromised
Domain
compromised
Attacker accesses
sensitive data
Exfiltrate data
Azure AD Identity
ProtectionIdentity protection & conditional access
Microsoft Cloud App SecurityExtends protection & conditional
access to other cloud apps
Advanced Threat Protection (ATP)across the attack kill chain
Office 365 ATPMalware detection, safe links,
and safe attachments
Windows Defender ATPEndpoint Detection and Response
(EDR) & End-point Protection (EPP)
Azure ATPIdentity protection
Attacker collects
reconnaissance &
configuration data
www.synergics.be
