Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Ignite 2016 10/1/ :41 PM BRK3249

Published byBuck Rich Modified over 6 years ago

Similar presentations

Presentation on theme: "Microsoft Ignite 2016 10/1/ :41 PM BRK3249"— Presentation transcript:

1 Microsoft Ignite 2016 10/1/ :41 PM BRK3249 Gain visibility and control with Office 365 Advanced Security Management Yair Cohen Sr Program Manager Anthony (A.J.) Smith Sr Product Marketing Manager © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Change is Constant Evolving threat landscape
Industry regulations and standards Peoples work expectations

3 10/1/ :41 PM Security Challenges 73% of enterprises indicated security as a top challenge holding back SaaS adoption 80%+ of employees admit to using non- approved SaaS apps in their jobs 140+ The median number of days that attackers reside within a victim’s network before detection 87% Of senior managers admit to regularly uploading work files to a personal or cloud account 75%+ of all network intrusions are due to compromised user credentials © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Discovery and Insights
Advanced Security Management Enhanced visibility and control for Office 365 Identify high-risk and abnormal usage, security incidents, and threats Threat Detection Shape your Office 365 environment with granular security controls and policies Enhanced Control Gain enhanced visibility and context into your Office 365 usage and shadow IT – no agents required. Discovery and Insights

5 Portal and Alerts Demo Microsoft Ignite 2016 10/1/2017 11:41 PM
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 Before Getting Started
TechReady 23 10/1/ :41 PM Before Getting Started Office 365 Advanced Security Management is powered by Microsoft Cloud App Security Office 365 E5 or ASM Add-on License for the tenant License purchase required for all users Office 365 Global Admin or Security Administrator Security Administrator role only available via PowerShell, will be in Office 365 UI soon! After the admin opt-in (One time action) System uses audit data from the Office 365 Management Activity API + other sources (e.g. threat feeds) Data is stored in a Microsoft Cloud App Security tenant hosted in Azure © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Advanced Security Management Alerts First Run Experience
Microsoft Ignite 2016 10/1/ :41 PM Advanced Security Management Alerts First Run Experience © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Anomaly and Activity Alerts
Microsoft Ignite 2016 10/1/ :41 PM Anomaly and Activity Alerts © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 So Much Data …. So Little Time ….
TechReady 23 10/1/ :41 PM So Much Data …. So Little Time …. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 How Alerting Works Microsoft Cloud App Security Azure
Intelligence feeds e.g. Location, registered ISP Management Activity API Event enrichment Audit Data Service Microsoft Threat Intelligence Center Big data and machine learning based alerts engine Anomaly detection Activity policy evaluation e.g. Risky IP addresses Customer settings e.g. IP Address Ranges Users Admins Microsoft Admins Users/Groups Alert investigation & notification You have mail! SMS SIEM connector (Coming Q4) Advanced Security Management Portal

11 Anomaly Detection Architecture
Alert engine inputs Alert Investigation & Notification Anomaly Detection Engine Risks: Location User-Agent Admin user? Anonymous proxy? Time since last activity ISP Session Risk Session #1 39 71 100 68 84 97 Session #2 56 50 34 80 Session #3 5 2 26 49 Session #4 59 85 48 29 Session #N 76 40 14 User activities Geo-location DB Threshold Microsoft threat Intelligence feed SIEM Connector (Coming soon) Session-based: Recent user activities across apps, devices and locations are combined to create a user session Risk score: Risk factors are calculated for each session and combined to calculate the total session risk score Alert trigger: sessions above risk threshold trigger an alert (top k sessions) containing risk breakdown & related activities User feedback: anomaly engine is customized by turning on/off risk factors for specific users/groups

12 Tuning Anomaly Detection Policies
TechReady 23 10/1/ :41 PM Tuning Anomaly Detection Policies Set Alert threshold and alert notifications Turn On/Off risk factors Define activity filters if needed Note: Initial 7-day learning period for anomalous behavior alerts. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Creating Activity Policies
TechReady 23 10/1/ :41 PM Creating Activity Policies Templates for common activities Rich activity filters Data Enrichment – Define IP Address Ranges Repeated activity, Single Event Can create from Activity Search Automated Governance Action: e.g. Suspend User © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Alert Notification Email SMS Text Default organization alert settings
Microsoft Ignite 2016 10/1/ :41 PM Alert Notification Make sure the address can receive mail from external recipients (Alert sender: You can provide up to 10 recipients per alert SMS Text International Format e.g You can provide up to 3 phone numbers per alert Default organization alert settings Daily alert limits © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Alert Management Remediate – Suspend User Investigate Resolve
TechReady 23 10/1/ :41 PM Alert Management Remediate – Suspend User Action recorded: Governance Log Undo action: Governance Log or Office 365 Portal Dismiss Provide feedback (reason for dismissal) Investigate Activity Log Advanced Filters Export Results Create new policy from search Resolve © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Productivity App Discovery
Microsoft Ignite 2016 10/1/ :41 PM Productivity App Discovery © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 Productivity App Discovery
10/1/ :41 PM Productivity App Discovery View into your Office 365 usage See what shadow IT is happening Nothing to install © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 Productivity App Discovery Demo
Microsoft Ignite 2016 10/1/ :41 PM Productivity App Discovery Demo © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Productivity App Discovery Details
TechReady 23 10/1/ :41 PM Productivity App Discovery Details Selected app categories Collaboration – Office 365 (for logs with no URLs information), SharePoint Cloud storage – OneDrive Webmail – Exchange Online Social Network – Yammer Online Meeting – Skype for Business  Snapshot data Each upload (up to 20 log files) treated as a separate report/dashboard Mail notifications upon report generation Data is exportable (to CSV) © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 Productivity App Discovery Architecture
Tech Ready 15 10/1/2017 Productivity App Discovery Architecture Azure Microsoft Cloud App Security On-Premise Network Log parser Network logs manually uploaded Log analysis (SaaS DB) SaaS DB Discovery aggregations Tenant DB Discovery dashboard Web proxy Firewall Cloud apps © 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 Log Format Compatibility
Network traffic logs include a notification/ disclaimer that explains if there is missing data in the chosen format.

22 App Permissions Microsoft Ignite 2016 10/1/2017 11:41 PM
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 10/1/ :41 PM App Permissions Users grant apps permission to Office IT has limited visibility Revoke app permissions across organization © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 App Permissions Demo Microsoft Ignite 2016 10/1/2017 11:41 PM
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 Discovery and Insights
Advanced Security Management Enhanced visibility and control for Office 365 Identify high-risk and abnormal usage, security incidents, and threats Threat Detection Shape your Office 365 environment with granular security controls and policies Enhanced Control Gain enhanced visibility and context into your Office 365 usage and shadow IT – no agents required. Discovery and Insights

26 Microsoft Cloud App Security
Microsoft Ignite 2016 10/1/ :41 PM Microsoft Cloud App Security © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 Introducing Microsoft Cloud App Security
Enterprise-grade security for your cloud apps Cloud-delivered service bringing visibility and control to cloud apps Committed to support third-party cloud apps Based on the Adallom acquisition Available as: standalone and in EM+S E5 (Oct 1, 2016)

28 Complete framework to secure your cloud apps
Microsoft Ignite 2016 10/1/ :41 PM Complete framework to secure your cloud apps Coming soon Cloud discovery Information protection Threat protection In-session control Discover all cloud usage in your organization Monitor and control your data in the cloud Detect usage anomalies and security incidents Control and limit user access based on session context DISCOVER INVESTIGATE CONTROL PROTECT © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 10/1/ :41 PM Related Sessions BRK Monitor and investigate actions taken on your data with Office 365 Auditing and Insights BRK Get visibility, data control and threat protection with Microsoft Cloud App Security BRK Learn how to deploy and manage Microsoft Cloud App Security © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 Questions Microsoft Ignite 2016 10/1/2017 11:41 PM
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

31 Please evaluate this session
10/1/ :41 PM Please evaluate this session Your feedback is important to us! From your PC or Tablet visit MyIgnite at From your phone download and use the Ignite Mobile App by scanning the QR code above or visiting © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

32 10/1/ :41 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Microsoft Ignite 2016 10/1/ :41 PM BRK3249"

Similar presentations

Office 365 Advanced Security Management

Office 365 Advanced Security Management
Success through People with LinkedIn and O365

Success through People with LinkedIn and O365
Deployment Planning Services

Deployment Planning Services
Cloud App Security vs. O365 Advanced Security Management

Cloud App Security vs. O365 Advanced Security Management
Manage Office 365 more effectively: what’s new in Office 365 admin?

Manage Office 365 more effectively: what’s new in Office 365 admin?
9/12/2018 6:21 PM BRK2203 Protect and control your sensitive emails with new Office 365 Message Encryption capabilities Praveen Vijayaraghavan Principal.

9/12/2018 6:21 PM BRK2203 Protect and control your sensitive s with new Office 365 Message Encryption capabilities Praveen Vijayaraghavan Principal.
Leverage the O365 Task Ecosystem with Microsoft To-Do and Planner

Leverage the O365 Task Ecosystem with Microsoft To-Do and Planner
Secure Hyperconnectivity with TeamViewer and Windows technologies

Secure Hyperconnectivity with TeamViewer and Windows technologies
Demystifying the Office 365 profile experience

Demystifying the Office 365 profile experience
Creating Enterprise Grade BI Models with Azure Analysis Services

Creating Enterprise Grade BI Models with Azure Analysis Services
How Microsoft uses Windows Defender ATP–Welcome to a SecOps world!

How Microsoft uses Windows Defender ATP–Welcome to a SecOps world!
5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.

5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.
Use any Amazon S3 application with Azure Blob Storage

Use any Amazon S3 application with Azure Blob Storage
Microsoft 2016 6/4/2018 8:21 AM BRK3082 Build solutions and apps with Microsoft OneDrive API and Microsoft Graph API Ryan Gregg Principal Program Manger,

Microsoft /4/2018 8:21 AM BRK3082 Build solutions and apps with Microsoft OneDrive API and Microsoft Graph API Ryan Gregg Principal Program Manger,
Azure Information Protection Strategy and Roadmap

Azure Information Protection Strategy and Roadmap
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
Windows 10 and the cloud: Why the future needs hybrid solutions

Windows 10 and the cloud: Why the future needs hybrid solutions
6/17/2018 10:27 AM BRK3341 Unlock extensibility by connecting your service to PowerApps and Microsoft Flow Theresa (Tessa) Palmer–Sr. Program Manager Sunay.

6/17/ :27 AM BRK3341 Unlock extensibility by connecting your service to PowerApps and Microsoft Flow Theresa (Tessa) Palmer–Sr. Program Manager Sunay.
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.
Office 365 Groups Governance and Compliance

Office 365 Groups Governance and Compliance

Similar presentations

Ads by Google