Presentation is loading. Please wait.

Presentation is loading. Please wait.

6/22/2018 11:39 PM BRK3137 Secure Office 365 like a cybersecurity pro: Top priorities for the first 30 days, 90 days and beyond Mark Simos, Matt Kemelhar.

Published byAlannah Hensley Modified over 6 years ago

Similar presentations

Presentation on theme: "6/22/2018 11:39 PM BRK3137 Secure Office 365 like a cybersecurity pro: Top priorities for the first 30 days, 90 days and beyond Mark Simos, Matt Kemelhar."— Presentation transcript:

1 6/22/ :39 PM BRK3137 Secure Office 365 like a cybersecurity pro: Top priorities for the first 30 days, 90 days and beyond Mark Simos, Matt Kemelhar Enterprise Cybersecurity Group © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Office 365 security sessions
Attacks on Office 365 BRK2150 Anatomy of an Attack: Defending Yourself in the Office 365 Cloud Office 365 Top Security Priorities and Roadmap BRK Secure Office 365 like a cybersecurity pro: Top priorities for the first 30 days, 90 days and beyond Measuring progress THR3046 Understanding your security position with Office 365 Secure Score Designing the end state (for a political campaign) BRK3091 Secure your Office 365 environment with best practices recommended for political campaigns

3 Session Outline 1. Life on the Cloud (as security) 2. The Journey
6/22/ :39 PM Session Outline 1. Life on the Cloud (as security) What is security like when fully on Office 365? What’s gone? What’s new or changed? 2. The Journey What common errors should I avoid? How do I get the most for my security investments? © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 1. Life on the Cloud (as security)
What is security like when fully on Office 365? What’s gone? What’s new or changed?

5 Always retained by customer
6/22/2018 Responsibility Zones Always retained by customer Varies by Service Type Transfers to Cloud Provider © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 Security Responsibilities
6/22/2018 Security Responsibilities Transfer to Cloud Provider Office 365 Note: You still need to manage feature configuration Security Updates / Patches Software / Feature Upgrades Server Maintenance/Troubleshooting Server Uptime ( SLA from Microsoft) Backup and Archive solution (Exchange, SharePoint, Windows Server, etc.) © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Office 365 Threats Transfer to Attacks on Denial of Service
6/22/2018 Threats Transfer to Office 365 Attacks on Operating System (OS) and OS Admins Application attacks Hardware/Firmware Denial of Service Physical Attacks © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Key Change: No Firewall
6/22/2018 Key Change: No Firewall Directly connected to internet: User services and interfaces Administrative interfaces Implications Authentication Security is Critical Multi-factor authentication Per user (UEBA) anomaly detection across full context (time, date, geolocation) Integration of security intelligence Tenant Security Configuration is critical © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Evolution of Visibility and Policy Enforcement
Mobile Device Management Policies Network Edge

10 An Evolution of Visibility and Policy Enforcement
Add logo animation stage An Evolution of Visibility and Policy Enforcement Azure Information Protection (AIP) Azure Security Center Office 365 DLP Intune MDM/MAM Cloud App Security Mobile Device Management Information Protection Cloud App Security Broker Infrastructure Office 365 Security & Compliance Threat Intelligence Network Firewall Identity Security Appliances Endpoint Windows Security Center Conditional Access As assets leave the single managed network, use policy controls focused on managing them

11 DEMO: Cloud App Security

12 Threats change a bit… Notable trends: Identity Attacks
6/22/2018 Threats change a bit… Notable trends: Identity Attacks Password Spray Brute Force Password Re-use App/Data Layer attacks Social engineering Delegation and forwarding rule attacks PowerShell scripts in attacks (2FA, monitoring?) For more, see BRK2150 Anatomy of an Attack: Defending Yourself in the Office 365 Cloud © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Other Key Changes PowerShell for administration
6/22/2018 Other Key Changes PowerShell for administration Cloud + Browser Authentication Model (changes protocols, logs, auth flows, etc. ) Consistent Logs are conducive to off the shelf analytics (e.g. a CASB like MCAS) Regular release of features and changes (configurable, but not customizable) Implications Always Current Features Security must regularly review updates Office 365 Roadmap | O365 Update Series on YouTube © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Security Logs Key Log Locations
Azure AD – Account Authentication/Management Office 365 Security and Compliance Center – O365 App Usage SIEM integration – See reference slide There is a delay for some logs (30-60 minutes) Enabling Logs in Exchange Admin and Non-Owner Logging are on by default Owner Logging (me sending ) must be enabled Secure Score can launch script to enable this Cloud App Security needs this for anomaly detection

15 DEMO: Secure Score eDiscovery Log Locations

16 2. The Journey What common errors should I avoid?
How do I get the most for my security investments?

17 Avoid Common errors Privilege Hygiene Tenant Key strategic element(s)
6/22/ :39 PM Avoid Common errors Observed to increase risk of security incidents Privilege Hygiene Missing key protections for administrative accounts (see 30 day plan) Includes accounts with powerful permissions (eDiscovery, HR/Compliance account) Multiple people sharing a single account/password Granting broad permissions to data (SharePoint/OneDrive) Tenant Logging not enabled (hampers incident investigation) Weak password policies in on-premises AD (Federated Identity) Unused Security Capabilities (Advanced Threat Protection, Cloud App Security, etc.) Key strategic element(s) Identify business critical data within O365 SecureScore to measure risk exposure and progress Avoiding cloud features (e.g. avoiding password sync = not having leaked credential protection) © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 30 days – Powerful Quick Wins
6/22/ :39 PM 30 days – Powerful Quick Wins <30 Follow “Tenant setup and configuration” to configure security, Exchange and SharePoint tenant settings, MCAS, and other settings Regularly Review Alerts (Cloud App Security, Threat Dashboard) and Secure Score. Security Management Threat Protection Information Protection Identity and Access Management Federated Account security Password length/age/ complexity Account lockout (if desired) Enable Azure AD Identity protection See Identity Tenant / All Users Admins Separate Admin Account Enforce Multi-Factor Authentication, Windows 10 hardware assurances Enable Cloud App Security © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 DEMO: Conditional Access
Windows 10 Compliant Device for Admins (Requires Intune)

20 90 days – Enhance Protections
6/22/ :39 PM 90 days – Enhance Protections <90 Secure Score - Plan Your Next Actions (block forwarding, etc.) Threat Intelligence - Conduct Attack Simulation Review sharing risks in Cloud App Security “Investigation” tab Security Management Threat Protection Information Protection Enable Azure Information Protection Configure Conditional Access Rules Identity and Access Management Enable and Enforce Multi-factor Authentication for all users Tenant / All Users Admins Privileged Access Workstation Configure Azure AD PIM Configure SIEM to collect logs – ADFS, Office 365, MCAS Adapt from examples on Continue to regularly review alerts in Cloud App Security, Threat Dashboard, & Secure Score Status.  © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 …And Beyond >>> Security Management Threat Protection
Secure Score – Continue Planning Next Actions eDiscovery - Integrate into legal and threat response processes Security Management Threat Protection Information Protection Build Advanced AIP and Office 365 DLP policies Identity and Access Management Admins SPA roadmap for on premises AD Tenant / All Users See Information Protection Integrate Cloud App Security into insider threat program Discover Shadow IT SaaS usage using Cloud App Security Continue to regularly review alerts in Cloud App Security, Threat Dashboard, & Secure Score Status. 

22 References

23 Integrating with your SIEM
Powered by the Intelligent Security Graph Integrating with your SIEM Azure AD Identity Protection Azure Active Directory Azure Security Center Threat Protection Threat Detection EDR - Windows Defender ATP Security Appliances Connect to your existing SIEM tool and processes Azure Log Integration Azure SQL Threat Detection Office 365 ATP Gateway Anti-malware Cloud App Security Log Integration Audit Logs Alerts Office 365 ROADMAP SIEM Maximize Visibility Internal External Reduce manual steps (and errors) Automate Integrate (with SIEM) Maximize human analyst impact Deep expertise and intelligence Continuous Learning Office 365 Threat Intelligence ATA

24 SIEM Integration Reference
Windows Defender ATP Advanced Threat Analytics Azure Log Integration (includes Azure AD) Appliances – Alerts only Azure SQL – Audit logs Azure AD – Audit Logs ASC – Alerts only Office 365 Cloud App Security Operations Management Suite (OMS)

25 Licensing Security focus drives recommendation for E5 plans
6/22/ :39 PM Licensing Security focus drives recommendation for E5 plans Office 365 E5 Enterprise Mobility + Security (EMS) E5 Azure Active Directory P2 for B2B accounts Advanced Threat Protection for drives the recommendation for E5 for all users with a mailbox. Advanced Data Governance capabilities are used to automate protection for data loss prevention. Risk-based conditional access and Cloud App Security drive the recommendation for EMS E5. Included with EMS E5. Risk-based conditional access can be used with B2B accounts. Every Azure AD paid license includes rights to 5 B2B collaboration users (5:1 model). Compare all Enterprise Mobility + Security Plans Compare all Office 365 for Business Plans © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 Please evaluate this session
Tech Ready 15 6/22/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27

Download ppt "6/22/2018 11:39 PM BRK3137 Secure Office 365 like a cybersecurity pro: Top priorities for the first 30 days, 90 days and beyond Mark Simos, Matt Kemelhar."

Similar presentations

Microsoft Ignite 2016 10/1/ :41 PM BRK3249

Microsoft Ignite /1/ :41 PM BRK3249
Success through People with LinkedIn and O365

Success through People with LinkedIn and O365
Deployment Planning Services

Deployment Planning Services
Secure Hyperconnectivity with TeamViewer and Windows technologies

Secure Hyperconnectivity with TeamViewer and Windows technologies
Deploy and get started with Microsoft Advanced Threat Analytics

Deploy and get started with Microsoft Advanced Threat Analytics
Enterprise Security in Practice

Enterprise Security in Practice
5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.

5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.
5/22/2018 1:39 AM BRK2156 Power BI Report Server: Self-service BI and enterprise reporting on-premises Christopher Finlan Senior Program Manager © Microsoft.

5/22/2018 1:39 AM BRK2156 Power BI Report Server: Self-service BI and enterprise reporting on-premises Christopher Finlan Senior Program Manager © Microsoft.
Microsoft Virtual Academy

Microsoft Virtual Academy
How Microsoft uses Windows Defender ATP–Welcome to a SecOps world!

How Microsoft uses Windows Defender ATP–Welcome to a SecOps world!
Azure on Steroids: Full Automation with PowerShell

Azure on Steroids: Full Automation with PowerShell
5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.

5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.
Cloud Security IS Application-Centric Security

Cloud Security IS Application-Centric Security
Microsoft Operations Management Suite Insight and Analytics

Microsoft Operations Management Suite Insight and Analytics
Azure Information Protection Strategy and Roadmap

Azure Information Protection Strategy and Roadmap
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
Developing Hybrid Apps on Microsoft Azure Stack

Developing Hybrid Apps on Microsoft Azure Stack
6/17/2018 10:27 AM BRK3341 Unlock extensibility by connecting your service to PowerApps and Microsoft Flow Theresa (Tessa) Palmer–Sr. Program Manager Sunay.

6/17/ :27 AM BRK3341 Unlock extensibility by connecting your service to PowerApps and Microsoft Flow Theresa (Tessa) Palmer–Sr. Program Manager Sunay.
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.
Office 365 Groups Governance and Compliance

Office 365 Groups Governance and Compliance

Similar presentations

Ads by Google