Presentation is loading. Please wait.

Presentation is loading. Please wait.

Office 365 Security Assessment Workshop

Published byAlisha Wilkerson Modified over 6 years ago

Similar presentations

Presentation on theme: "Office 365 Security Assessment Workshop"— Presentation transcript:

1 Office 365 Security Assessment Workshop
Engagement kick-off meeting <Presenter Name>

2 hidden slide Feedback We want to hear from you about how you are using the tools and assets, what works, and what does not. If you feel there is anything missing, or any other feedback that you would like to provide, please go to to provide your feedback. We need to add the feedback mechanism.

3 Required Partner Preparation
hidden slide Required Partner Preparation In order to deliver this presentation successfully you need to know the following: All slides in the deck with the “example” ribbon show examples. Don’t show the examples to the customer; they are just there to help you understand the intention of the slide. Customize the examples to match the specific engagement you are delivering, then remove the Example tag. Make sure to have the following people in the workshop: Anyone needed from your organization. Customer representatives from: Project Executive Sponsor – to represent you inside the customer Project Manager/Coordinator – to provide overall engagement project management tasks Enterprise/Security Architects – to provide architecture guidance and insights into security policies and standards Security Engineers – to provide technical guidance and insights into currently deployed security controls Office 365 Subscription/Tenant Administrator – to provide insight into existing use of Office 365 and access to the reports produced by the tools required for the 2-day on-site workshops

4 Version History hidden slide Version Changes Date 1.0 Initial Release
31st Mar 2017

5 Office 365 Security Assessment Guide
hidden slide Office 365 Security Assessment Guide Workshop Description Workshop Resources Engagement setup Engagement Kick-off Provides an overview of the 2-day on-site agenda and goals as well as an opportunity to cover Q&A and project governance. Office 365 Security Assessment-Kick-off Meeting-vX.X.pptx On-site assessment day one On-site Engagement Overview Office 365 Security Assessment-On-site Engagement Overview-vX.X.pptx Office 365 Security Overview Overview outlining Microsoft‘s approach to securing enterprise organisations. Office 365 Security Assessment-Security and Compliance in Office 365-vX.X.pptx Customer Security Strategy Customer to present goals and ambitions on their cloud security strategy. Office 365 Security Assessment-Customer Security Strategy.vX.X.pptx Review Security Questionnaire Review the completed security questionnaire. Office 365 Security Assessment-Questionnaire-vX.X.docx Office 365 Security Technical Readiness Presentation Technical readiness presentation time slot. One of following Office 365 technical readiness presentations: Office 365 Security Assessment-Understand how Microsoft protects you against Spoof, Phish, Malware, and Spam s design.X.X.pptx Office 365 Security Assessment-Gain visibility and control with Office 365 Advanced Security Management-vX.X.pptx Office 365 Security Assessment-Protect Sensitive information with Office 365 Data Loss Prevention-vX.X.pptx Office 365 Security Assessment-Acquire insights into proactively protecting against advanced threats-vX.X.pptx Office 365 Security Assessment-Advanced Data Governance-vX.X.pptx Office 365 Secure Score - actionable security analytics Overview of Office 365 Secure Score and how it relates to the security requirements and the assessment. Office 365 Secure Score - actionable security analytics-vX. X.pptx You are here Recommendation:

6 Office 365 Security Assessment Guide
hidden slide Office 365 Security Assessment Guide Hidden slide Workshop Description Workshop Resources On-site assessment day two Day Two Briefing Provides an overview of the second day agenda and goals as well as an opportunity to cover Q&A. Office 365 Security Assessment-On-site Engagement Overview-vX.X.pptx Secure Score Recommendations / Discussion Workshop to cover current O365 Secure Score and recommended security actions. Office 365 Security Assessment-Remediation Checklist Tool-vX.X.xlxs Office 365 Security Technical Readiness Presentation Technical readiness presentation time slot. One of following Office 365 technical readiness presentations: Office 365 Security Assessment-Understand how Microsoft protects you against Spoof, Phish, Malware, and Spam s design.X.X.pptx Office 365 Security Assessment-Gain visibility and control with Office 365 Advanced Security Management-vX.X.pptx Office 365 Security Assessment-Protect Sensitive information with Office 365 Data Loss Prevention-vX.X.pptx Office 365 Security Assessment-Acquire insights into proactively protecting against advanced threats-vX.X.pptx Office 365 Security Assessment-Advanced Data Governance-vX.X.pptx Office 365 Security Roadmap Workshop Workshop to create an Office 365 security roadmap based on the security requirements and the prioritization of the Office 365 Secure Score actions. Office 365 Security Assessment-Close-out Presentation-vX.X.pptx Project close-out and Next steps Close-out presentation and discussion of next steps. Recommendation:

7 1 2 3 4 5 Agenda Introduction Vision and Objectives
Engagement Overview Engagement Tools Next steps and Actions 2 3 4 5

8 Kick-off Introduction
The purpose of this meeting is to: Introduce the team members and their expected responsibilities Review and agree on engagement: Goals, scope and deliverables Schedule for the 2-day on-site assessment Customer requirements and tools necessary for conducting the assessment Expectations and next steps Agree on project governance

9 Team Introductions Name Please share your name and where are you based? Role Please share your role in the company, which business unit or team you are part of, what other roles have you had? (Internal/External) Ask everyone on the meeting to present themselves. Note takers should capture this information in the provided template. Expectations Please share your expectations of the session?

10 Vision, objectives and approach

11 Security assessment opportunities
Help manage cybersecurity risk Customers cloud based technologies and productivity workloads change the cybersecurity attack surface which needs to be managed using available security controls in order to mitigate risk Customer education on productivity security features and identify gaps Provide an overview of Office 365 security controls as well as guidance + additional readiness content Identify potential security challenges Determine the current state of Office 365 security. Discuss and create a prioritized, actionable security roadmap for the customer

12 Assessment objectives
Understand cloud security objectives and requirements Gain a common understanding of cloud security objectives and requirements Office 365 security readiness Provide guidance, recommendations and best practices on how to successfully implement Office security features Create an Office 365 security roadmap Provide a prioritized and actionable Office 365 security roadmap. Map Office 365 security capabilities to customer security objectives and requirements

13 Office 365 Security Assessment Workshop
Phase 1 Kick Off Phase 2 Assessment Phase 3 Education Phase 4 Roadmap Project scope Pre-assessment questionnaire Requirements Stakeholders Review questionnaire Secure Score Identify gaps Possible Advanced Security Management proxy log import Provide up to 3 hrs. of education on security topics Utilizes sessions from Office University training events Demonstrate SaaS application use through Advanced Security Management Provide detailed roadmap as prescribed by Secure Score Identify customers security roadmap and next steps Partner opportunity to help close identified gaps

14 Out of Scope Technical designs or implementations
The roadmap includes the prioritization of additional engagements which will assist with the design and implementation of Office 365 security controls Proof of Concepts or Labs Demonstrations will be conducted within the readiness sessions, but proof of concepts and/or labs must be conducted as separate engagements Provide security assessment for hybrid and/or on-premises infrastructure This assessment workshop includes assessing of Office 365 security features as reported by the Office 365 Secure Score tool

15 Outcomes “From here to there” Workshop Outcome Where you are today?
Where do you want to go? How will we get there? What does success mean to you? Workshop Outcome Prioritized, actionable Office 365 security roadmap Identify potential constraints Identify potential disruptive events that can impact the items on the roadmap

16 Customer responsibilities
Complete questionnaire Contains questions about Office 365 usage, plans, security requirements, security objectives, industry regulations Customer responsibilities Access to teams during the assessment During the on-site phase, multiple workshops will be planned which require the attendance of stakeholders, security teams, cloud and infra teams Provide stakeholder during process A stakeholder/sponsor is required to oversee and own the process from the customer side Office 365 tenant security reports Produce necessary tenant reports such as Secure Score, and proxy logs for ASM demo.

17 Approach Secure Score Prioritize Build Roadmap Design/Deploy
Use Office 365 Secure Score to understand current security baseline Track score improvements over time Track configuration drift, using scheduled reviews Security Awareness Consulting and solution recommendation Implementation and configuration Prioritize Prioritize the security actions from Secure Score based on user impact and implementation cost Secure Score Prioritize: -User impact -Implementation cost Build Roadmap Design/Deploy Build Roadmap Build a roadmap for the implementation of the prioritized security actions Design/Deploy Design and deploy the recommended security actions in the roadmap Not in scope as part of this engagement

18 Engagement Overview

19 Engagement Workflow Three weeks from now Now Two weeks from now
On-site workshops that will cover: Security objectives and requirements Office 365 security readiness Office 365 security assessment Office 365 security roadmap Now Kick-off workshop Provide pre-assessment questionnaire Two weeks from now Completion of questionnaire Return completed questionnaire Export and transfer Secure Score data for analysis

20 Office 365 Security Assessment Agenda, Day 1
Example Office 365 Security Assessment Agenda, Day 1 Workshop Description Outcome Customer attendees Time Scheduled time, room On-site Engagement Overview Provides an overview of the 2-day on-site agenda and goals as well as an opportunity to cover Q&A and project governance. Agreed plan and schedule for the 2-day on-site assessment. All project team 60 minutes <Time>, <Room> Office 365 Security Overview Overview outlining Microsoft‘s approach to securing enterprise organisations. Sets the stage and provides a high-level overview of Office 365 security features. Customer Security Strategy Customer to present goals and ambitions on their cloud security strategy. Provides a common understanding of the customer cloud security strategy. Lunch Review Security Questionnaire Review the completed security questionnaire. Prioritized list of security requirements. Office 365 Security Technical Readiness Presentation Technical readiness presentation time slot. Technical readiness provided to customer team. Security Engineers Security Architects Office 365 Secure Score - Actionable Security Analytics Overview of Office 365 Secure Score and how it relates to the security requirements. Technical readiness on O365 Secure Score. Day one wrap up and Q&A 20 minutes

21 Office 365 Security Assessment Agenda, Day 2
Example Workshop Description Outcome Customer attendees Time Scheduled time, room Day Two Briefing Provides an overview of the second day agenda and goals as well as an opportunity to cover Q&A. Agreed schedule for day two. All project team 30 minutes <Time>, <Room> Secure Score Recommendations / Discussion Workshop to cover current O365 Secure Score and recommended security actions. Prioritization of O365 Secure Score security actions. 120 minutes Office 365 Security Technical Readiness Presentation or Shadow IT Analysis Workshop Technical readiness presentation time slot. Or, Shadow IT Analysis Workshop using Office 365 Advanced Security Management. Technical readiness provided to customer team. or Understanding of current usage of Shadow IT. Security Engineers Security Architect 60 minutes Lunch Technical readiness presentation time slot. Office 365 Security Roadmap Workshop Workshop to create an Office 365 security roadmap based on the security requirements and the prioritization of the Office 365 Secure Score actions. Defined high-level security roadmap based on Office 365 Secure Score security actions. Project close-out and Next steps Close-out presentation and discussion of next steps. Provide an engagement summary and clear steps with tangible outcomes.

22 Customer Team - Workshop Attendees
Example Customer Team - Workshop Attendees Role Description Title Contact information Project Executive Sponsor Executive sponsor who is responsible for driving the strategic vision for the organization Responsible for making key strategic decisions Ultimate authority and accountability for the project and delivery on project objectives Helps resolve issues escalated by project team Sponsors communication within the company about project goals and deliverables Provides guidance and clarity regarding overall security strategy, standards and policies for the organization Project Manager Coordinates partner and working teams engaged in the project Schedules all meetings with appropriate resources Is the central point for dissemination of the engagement deliverables Records and manages project issues, including escalations Liaises with, and provides updates to, project executive sponsors Ensures that the on-site requirements are met in time for the 2-day on-site workshops Enterprise, Security and/or Infrastructure Architects Responsible for security strategy defined by the organization Analyses and chooses security products for the organization that meets business goals Accountable for creating and maintaining the security architecture Responsible for operation of security products Provides insights into current and planned security guidelines, requirements and standards for the organization Security Engineers, technical resources Responsible the deployment, operations and maintenance of security solutions Provides technical knowledge on how existing security controls have been implemented Provides insight in to existing use of Office 365 Update team member titles and names during the workshop.

23 Partner Team - Workshop Attendees
Example Partner Team - Workshop Attendees Role Description Title Contact information Project / Engagement Manager Develops and maintains project timeline Coordinates partner and working teams engaged in the project Manages project deliverables Records and manages project issues, including escalations Liaises with, and provides updates to, customer Project Manager Security Architects / Consultants Prepares the workshop materials and delivers the 2-day security assessment workshops Accountable for creating the engagement deliverables Update team member titles and names prior to the workshop.

24 Risk/Issue description
Example Project Governance Risk and issues management Covering business, technology and project execution Describe the escalation path Change management Describe the change management workflow Success Criteria Discuss and agree on what a successful engagement would look like Date recorded Risk/Issue description Probability Impact Mitigation plan Cover overall project governance and make sure to document risks/issues as well as success criteria for the engagement.

25 Project Deliverables and Work Products
Example Project Deliverables and Work Products Deliverable, Work Product Description Delivery Date Kick-off Presentation Overview of the engagement covering vision and objectives, requirements and next steps and actions After the kick-off presentation Pre-Assessment Questionnaire A questionnaire containing questions on cloud usage/adoption, security requirements and objectives, regulations and frameworks Recommendations and Roadmap Report A document containing a prioritized list of Office 365 security recommendations based on Office 365 Secure Score After the 2-day on-site workshops

26 Engagement Tools

27 Office 365 Secure Score Score-based framework
Calculates a security score based on current security settings and behaviours in Office 365 and compares it to a baseline asserted by Microsoft Insights into your security position One place to understand your security position and what features you have enabled Guidance to increase your security level Learn what security features are available to reduce risk while helping you balance productivity and security Office 365 Secure Score is now generally available to organizations with an Office 365 commercial subscription and who are in the multi-tenant and Office 365 U.S. Government Community clouds. Available to organizations with an Office 365 commercial subscription and who are in the multi-tenant and Office 365 U.S. Government Community clouds Requirements Available to organizations with an Office 365 commercial subscription and who are in the multi-tenant and Office U.S. Government Community clouds Available here:

28 Optional: SaaS Application Usage
Office 365 usage Discovery and insight into Office 365 usage Discover shadow IT usage Discover ~ 1000 productivity cloud applications Validate compliance of cloud application usage ASM Supports a limited set of Firewall/Proxy Devices available here: Requirements Dependent upon having a supported firewall/proxy logs ASM is available as an Office Enterprise E5 or 30-day trial

29 Next Steps and Actions

30 Plan next steps Date and owner for finishing pre-assessment questionnaire Must be completed before the on-site engagement Contains questions on cloud usage/adoption, security requirements and objectives, regulations and frameworks Questionnaire will be provided after this meeting Date and owner for Office 365 Secure Score data export Must be completed before the on-site engagement Instructions will be provided after this meeting During this slide you need to agree with the customer: When questionnaire needs to be returned Who is responsible for returning completed questionnaire When Secure Score data export needs to be sent Dates for on-site activities Who is responsible for providing access to teams Who is responsible for booking meeting rooms and/or meeting equipment such as projector, whiteboard, catering Date for the two day of on-site activities Multiple workshops provided during the two day assessment Needs access to key stakeholders (listed) resources to complete the workshop as planned Access to Office 365 security reports must be provided during the two day on-site engagement

31 Q&A

32

Download ppt "Office 365 Security Assessment Workshop"

Similar presentations

<<replace with Customer Logo>>

<<replace with Customer Logo>>
IS&T Project Management: How to Engage the Customer September 27, 2005.

IS&T Project Management: How to Engage the Customer September 27, 2005.
Delivering a Planning Services Engagement Software Assurance Planning Services.

Delivering a Planning Services Engagement Software Assurance Planning Services.
> Blueprint Kickoff >. Introductions Customer Vision & Success Criteria Apigee Accelerator Overview Blueprint Schedule Roles & Responsibilities Communications.

> Blueprint Kickoff >. Introductions Customer Vision & Success Criteria Apigee Accelerator Overview Blueprint Schedule Roles & Responsibilities Communications.
Release & Deployment ITIL Version 3

Release & Deployment ITIL Version 3
QAD's Customer Engagement Dan Blake Consultancy Development Director, QAD QAD Explore 2012.

QAD's Customer Engagement Dan Blake Consultancy Development Director, QAD QAD Explore 2012.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 1 KTN106 – KTN Account Team / Partner Presentation_ v1.1.ppt KTN Preparation for Account.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 1 KTN106 – KTN Account Team / Partner Presentation_ v1.1.ppt KTN Preparation for Account.
Organize to improve Data Quality Data Quality?. © 2012 GS1 To fully exploit and utilize the data available, a strategic approach to data governance at.

Organize to improve Data Quality Data Quality?. © 2012 GS1 To fully exploit and utilize the data available, a strategic approach to data governance at.
Microsoft Office Project 2003: Selling EPM in your Organization Matt Wilson Business Solutions Specialist LMR Solutions.

Microsoft Office Project 2003: Selling EPM in your Organization Matt Wilson Business Solutions Specialist LMR Solutions.
IS&T Project Reviews September 9, 2004. Project Review Overview Facilitative approach that actively engages a number of key project staff and senior IS&T.

IS&T Project Reviews September 9, Project Review Overview Facilitative approach that actively engages a number of key project staff and senior IS&T.
Planning Engagement Kickoff

Planning Engagement Kickoff
Azure Stack Foundation

Azure Stack Foundation
Example Presentation: Alignment, Launch & Adoption

Example Presentation: Alignment, Launch & Adoption
Instructional slide to Partner: REMOVE BEFORE PRESENTING TO CUSTOMER

Instructional slide to Partner: REMOVE BEFORE PRESENTING TO CUSTOMER
Security Development Lifecycle (SDL) Overview

Security Development Lifecycle (SDL) Overview
Interset Support Overview March 2017

Interset Support Overview March 2017
Sample Fit-Gap Kick-off

Sample Fit-Gap Kick-off
Deployment Planning Services

Deployment Planning Services
Roles and Responsibilities

Roles and Responsibilities
Office 365 Security Assessment Workshop

Office 365 Security Assessment Workshop

Similar presentations

Ads by Google