SlideShare a Scribd company logo

SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupie) - Jussi Roine

Download as PPTX, PDF
DIWUG
DIWUG

Securing and maintaining a trustworthy Office 365 and Microsoft Azure deployment is not an easy task. In this session we'll take a look into how you can secure and control your cloud-based servers and services, data and users using Azure Active Directory, Azure Security Center, Privileged Identity Management and Advanced Security Management. In addition we’ll also take a look at how Operations Management Suite and Microsoft Advanced Threat Analytics can be used to provide better overall security for on-premises and hybrid deployments.

Software
1 of 45
Securing Office 365 and Microsoft Azure like a rock star (or groupie) Jussi Roine @JussiRoine
JUSSI LIVES HERE
WTF!
Agenda and takeaways Security building blocks The Big Picture Azure AD Premium External threats Internal threats How to protect Azure and Office 365 How to protect On- Premises services Licenses Wait whattt?
Security building blocks
Office 365: Core services Azure AD
Office 365: All major services Azure AD
Office 365: With extensibility Azure AD
Office 365: With Azure-related services MFA Stream OMS Azure AD
Wait, what? Hold on! Do I have to manage security on all these AND on-premises too?
A starting point: ”We are in the cloud!” This is the common, kind-of hybrid architecture model. Microsoft Azure Office 365 Site-to Site VPN Azure AD Connect ADFS Proxy On-premises
The heart of security: Azure Active Directory  The core of each Azure subscription  You can have multiple AAD tenants within the same Azure subscription  Users, groups, licenses, permissions, apps, app proxies, domains.. all here!  Managed through Azure Portal, some tiny things are still only available in the Classic Portal  It’s important to understand the difference between AAD, AD and AAD Connect (and AAD DS) Identities, management and security
Your mission Protect the identities in the cloud – it is the new perimeter!
Azure Active Directory: Free, Basic, Premium Feature AAD Free AAD Basic AAD Premium P1 AAD Premium P2 SSO support 10 apps/user 10 apps/user No limit No limit Security reports 3 (basic) 3 (basic) Advanced Advanced Self-Service password reset Application Proxy Multi-Factor Authentication Connect Health Cloud App Discovery Privileged Identity Management Identity Protection Price Free! 0.84 €/user/month 5.06 €/user/month 7.59 €/user/month A few highlighted features of AAD and a comparison between licenses (cloud users)(cloud users)
Security building blocks in Azure Role-Based Access Control Key Vault Microsoft anti-malware Rights Management/Information Protection Cloud App Discovery Security Center Infrastructure Network Security Groups (NSG) Site-to-Site VPN Point-to-Site VPN ExpressRoute Network Security Appliances Host-based & NextGen firewalls Azure Active Directory Connect Health Identity Protection Privileged Identity Management OMS Security & Audit Multi-Factor Authentication Security
Analogy to cloud security 18 Rancilio Silvia Best. Espresso. Ever. (This is what I got) Customized Rancilio Silvia (This is what you think you need) Rancilio Silvia with the Rocky grinder and steel base (This is what you should end up with)
External threats
Securing authentication for users with Multi-Factor Authentication  Enforces security beyond username and password  User must possess something – typically a mobile device  Strong authentication occurs over text message, pin, fingerprint, mobile app approval or voice call  Users must enroll through https://aka.ms/mfauserhowto  Available as Office 365 MFA, Azure MFA for Admins and Azure MFA  Certain non-browser apps do not support MFA -- users have to provision separate App Passwords (one or more) through the MyApps portal  This tends to be challenging for non-technical users Multi-Factor Authentication for on-premises with Azure MFA Server  Enables easy securing of VPNs, IIS web apps & Remote Desktop  Maybe not the most logical to set up..  Supports RADIUS so fairly easy to integrate with legacy systems ;-) Strong and secure authentication for on-premises, hybrid & the cloud
Baseline your security in Office 365 with Secure Score  A free service at https://securescore.office.com  After initial scoring you can select a new baseline  Provides a list of actions for things to fix, in order to achieve a new baseline  Max score is 432  Office 365 average is 29  I have 72!  You get to 111 just by enabling MFA for global admins Automated scan of your Office 365 subscription settings and general security
A dashboard for Azure security with Security Center  A simple way to view what’s secured and what’s not in Azure  Includes behavioral analytics and incident reporting  Standard license gives advanced threat detection & intelligence Provides an overview on security for cloud resources
Securing and monitoring Azure AD Connect, ADFS and on- premises AD configuration with Azure AD Connect Health  Monitors your AD FS, AD FS Proxy, AAD Domain Services and AAD Connect status  Can alert you when things break down – useful for many directory-related services, and especially for Azure AD Connect issues  Deploying is easy:  Install agents for AD FS, AAD Connect and AD DS servers  Verify configuration on AAD CH blade in Azure Portal  Somewhat sadly this feature requires AAD Premium license – all users must be licensed in the scope of AAD CH Agent-based service to monitor your AD domain controllers and ADFS infrastructure
Safeguarding for users who log in from weird countries with Azure AD Identity Protection  Watchdog for user sign-ins, can associate individual logins with risk factors  Automatically flags suspicious events, such as users who perform impossible travel times (typically with VPN connectivity)  Enforces additional policies based on low/high risk factors  Enforce MFA for the duration of the login  Enforce self-service password reset (which subsequently enforces MFA)  Weekly email digest of findings and things to lose your sleep over Monitoring for risk events, vulnerabilities and automatic policy changes
Getting rid of static admin roles with Azure AD Privileged Identity Management (PIM)  Instead of granting permanent admin privileges, PIM allows ad-hoc & just-in-time admin roles  Users can request for new privileges for predefined duration  Scans for fixed admin roles and changes them to temporary roles  Admin roles become non-permanent  Duration can be set from 1 hour to 72 hours  Can enforce MFA during role grant  In preview: Approval workflows for new privilege requests  Central view & management for all admins roles throughout Azure and Office 365 ”Just-in-time” administration privileges for users on request
Tracking botnet and brute force attacks  OMS provides System Center-like capabilities in the cloud  Capable of tracking hybrid deployments, including Office 365 and Azure  Gathers logs (also custom ones), configuration data, update status, availability, backup info and even Surface Hub data  Operations Management Suite (OMS) is the Swiss Army knife you need
Protecting from external threats with Office 365  Provides a 360ᴼ view on external threats against users  Insights and analysis based on evidence, act accordingly  Allows for custom policies and reactions Threat Intelligence uses evidence-based knowledge on threats
Publishing internal services securely  Enforce authentication at Azure AD, before allowing access to internal resources  Configuration is simple, and support high availability deployments  Internal services do not require changes  Dual-authentication also supports:  First on Azure AD, then in on-premises against local AD/service Azure AD Application Proxy provides a one-way HTTPS tunnel to on-premises
Demo Securing for external threats
Internal threats
Securing Edge network & cloud app usage with Advanced Security Management  Similar to OMS, but directly aimed for Office 365 workloads  Records all activities of users, including external users  Supports on-premises edge router log analysis Discover activity and incidents in Office 365
Monitoring what admins and developers are doing with Azure resources  Query against Azure backends to see operations against services  Connect with  Log Analytics (for further analysis)  Power BI (for reports)  Application Insights (for wisdom) Azure Monitor provides monitoring throughout tenants and resource groups
Finding Shadow IT within the organization with Cloud App Discovery  Works by dropping an agent on workstations  Consent can be requested; or just install silently..  Discover apps, amount of data transferred and who uses what  Based on reports, act accordingly Discover unmanaged (and managed) cloud apps in use
Active Directory surveillance & analysis with Advanced Threat Analytics (ATA)  Captures all authentication traffic to- and-from Domain Controllers  Uses Machine Learning to identify issues and unauthorized usage  Fully automatic, install & forget! Almost like SharePoint ;-)  Can connect with OMS to provide hybrid reporting in the cloud Aggressive auditing and analytics for on-premises Active Directory requests
Don’t worry, security will keep you busy
Don’t worry, security will keep you busy
Don’t worry, security will keep you busy
Don’t worry, security will keep you busy
Demo Securing for internal threats
Licenses
Onsight Enterprise Mobility + Security (EMS) Used to be known as Enterprise Mobility Suite  A bundled collection of licenses for Azure-based services  Available as E3 and E5 (Source: Microsoft)
Security-related services and licenses Advanced Threat Analytics Active Directory Azure MFA Server Advanced Security Management Threat Intelligence Secure Score Intune Azure MFA for Admins Azure AD Azure AD Premium Security Center Cloud App Discovery Privileged Identity Management Identity Protection Azure MFAConnect Health Network Security Groups Next-Gen FirewallsInformation Protection Operations Management Suite No extra license needed EMS E3/Office 365 E3 EMS E5/Office 365 E5 Additional licensing
Recommendations & recap Follow current practices and patterns: http://bit.ly/azuresecpnp Get the book! http://bit.ly/azuresecbook Get the guidance! http://bit.ly/perimeterbook Deploy the free services  Azure Security Center  Office 365 Secure Score  Azure MFA for Admins  OMS Security (AAD+O365) Go for AAD Premium  Either with EM+S or separately  Deploy ATA  Enable PIM and Identity Protection
Thanks for attending WTF!
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupie) - Jussi Roine

Recommended

SPSNL17 - Secure Collaboration: Start classifying, labeling, and protecting y...
SPSNL17 - Secure Collaboration: Start classifying, labeling, and protecting y...SPSNL17 - Secure Collaboration: Start classifying, labeling, and protecting y...
SPSNL17 - Secure Collaboration: Start classifying, labeling, and protecting y...DIWUG
 
Securing your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureSecuring your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureVignesh Ganesan I Microsoft MVP
 
Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeThuan Ng
 
Protect Identities and Access to resources with Azure Active Directory
Protect Identities and Access to resources with Azure Active Directory Protect Identities and Access to resources with Azure Active Directory
Protect Identities and Access to resources with Azure Active Directory Vignesh Ganesan I Microsoft MVP
 
O365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav LulicO365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav LulicNCCOMMS
 
Azure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD DeploymentAzure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD DeploymentAnthony Clendenen
 
NIC 2017 Did you like Azure RMS? You will like Azure Information Protection e...
NIC 2017 Did you like Azure RMS? You will like Azure Information Protection e...NIC 2017 Did you like Azure RMS? You will like Azure Information Protection e...
NIC 2017 Did you like Azure RMS? You will like Azure Information Protection e...Morgan Simonsen
 
Cloud Based Rights Management with Azure RMS
Cloud Based Rights Management with Azure RMSCloud Based Rights Management with Azure RMS
Cloud Based Rights Management with Azure RMSMorgan Simonsen
 

Recommended

SPSNL17 - Secure Collaboration: Start classifying, labeling, and protecting y...
SPSNL17 - Secure Collaboration: Start classifying, labeling, and protecting y...SPSNL17 - Secure Collaboration: Start classifying, labeling, and protecting y...
SPSNL17 - Secure Collaboration: Start classifying, labeling, and protecting y...DIWUG
 
Securing your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureSecuring your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureVignesh Ganesan I Microsoft MVP
 
Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeThuan Ng
 
Protect Identities and Access to resources with Azure Active Directory
Protect Identities and Access to resources with Azure Active Directory Protect Identities and Access to resources with Azure Active Directory
Protect Identities and Access to resources with Azure Active Directory Vignesh Ganesan I Microsoft MVP
 
O365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav LulicO365Con18 - Compliance Manager - Tomislav Lulic
O365Con18 - Compliance Manager - Tomislav LulicNCCOMMS
 
Azure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD DeploymentAzure Global Bootcamp 2017 Azure AD Deployment
Azure Global Bootcamp 2017 Azure AD DeploymentAnthony Clendenen
 
NIC 2017 Did you like Azure RMS? You will like Azure Information Protection e...
NIC 2017 Did you like Azure RMS? You will like Azure Information Protection e...NIC 2017 Did you like Azure RMS? You will like Azure Information Protection e...
NIC 2017 Did you like Azure RMS? You will like Azure Information Protection e...Morgan Simonsen
 
Cloud Based Rights Management with Azure RMS
Cloud Based Rights Management with Azure RMSCloud Based Rights Management with Azure RMS
Cloud Based Rights Management with Azure RMSMorgan Simonsen
 
O365Con18 - Exploring Conditional Access to content stored in Office 365 - Pa...
O365Con18 - Exploring Conditional Access to content stored in Office 365 - Pa...O365Con18 - Exploring Conditional Access to content stored in Office 365 - Pa...
O365Con18 - Exploring Conditional Access to content stored in Office 365 - Pa...NCCOMMS
 
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...NCCOMMS
 
Building solutions with SPFx that work across SharePoint and Teams
Building solutions with SPFx that work across SharePoint and TeamsBuilding solutions with SPFx that work across SharePoint and Teams
Building solutions with SPFx that work across SharePoint and TeamsVignesh Ganesan I Microsoft MVP
 
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...Peter Selch Dahl
 
What's new in Security and Compliance in SharePoint , OneDrive for Business &...
What's new in Security and Compliance in SharePoint , OneDrive for Business &...What's new in Security and Compliance in SharePoint , OneDrive for Business &...
What's new in Security and Compliance in SharePoint , OneDrive for Business &...Vignesh Ganesan I Microsoft MVP
 
Certifications for Azure Developers
Certifications for Azure DevelopersCertifications for Azure Developers
Certifications for Azure DevelopersKrunal Trivedi
 
ECS19 - Bram De Jager - Design a secure collaboration solution with Azure In...
ECS19 - Bram De Jager - Design a secure collaboration solution with Azure In...ECS19 - Bram De Jager - Design a secure collaboration solution with Azure In...
ECS19 - Bram De Jager - Design a secure collaboration solution with Azure In...European Collaboration Summit
 
O365Con18 - Deep Dive into Microsoft 365 - Jussi Roine
O365Con18 - Deep Dive into Microsoft 365 - Jussi RoineO365Con18 - Deep Dive into Microsoft 365 - Jussi Roine
O365Con18 - Deep Dive into Microsoft 365 - Jussi RoineNCCOMMS
 
Modern Workplace Deep Dive infographic
Modern Workplace Deep Dive infographicModern Workplace Deep Dive infographic
Modern Workplace Deep Dive infographicAmmar Hasayen
 
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...Scott Hoag
 
Securing Governing and Protecting Your Office 365 Investments
Securing Governing and Protecting Your Office 365 InvestmentsSecuring Governing and Protecting Your Office 365 Investments
Securing Governing and Protecting Your Office 365 InvestmentsChris Bortlik
 
Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)WinWire Technologies Inc
 
Azure AD with Office 365 and Beyond!
Azure AD with Office 365 and Beyond!Azure AD with Office 365 and Beyond!
Azure AD with Office 365 and Beyond!Ravikumar Sathyamurthy
 
Azure information protection
Azure information protectionAzure information protection
Azure information protectionKjetil Lund-Paulsen
 
2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD 2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD Peter Selch Dahl
 
Windows Advance Threats - BSides Amman 2019
Windows Advance Threats - BSides Amman 2019Windows Advance Threats - BSides Amman 2019
Windows Advance Threats - BSides Amman 2019Ammar Hasayen
 
Azure Active Directory - An Introduction for Developers
Azure Active Directory - An Introduction for DevelopersAzure Active Directory - An Introduction for Developers
Azure Active Directory - An Introduction for DevelopersJohn Garland
 
March 2022 CIAOPS Need to Know Webinar
March 2022 CIAOPS Need to Know WebinarMarch 2022 CIAOPS Need to Know Webinar
March 2022 CIAOPS Need to Know WebinarRobert Crane
 
Working securely with Microsoft Teams - Techorama 2021
Working securely with Microsoft Teams - Techorama 2021Working securely with Microsoft Teams - Techorama 2021
Working securely with Microsoft Teams - Techorama 2021Albert Hoitingh
 
Keynote #Enterprise - L'ouverture du Cloud Microsoft, transformation open sou...
Keynote #Enterprise - L'ouverture du Cloud Microsoft, transformation open sou...Keynote #Enterprise - L'ouverture du Cloud Microsoft, transformation open sou...
Keynote #Enterprise - L'ouverture du Cloud Microsoft, transformation open sou...Paris Open Source Summit
 
TOON Stephen Galsworthy
TOON Stephen GalsworthyTOON Stephen Galsworthy
TOON Stephen GalsworthyBigDataExpo
 
Agile Operations Keynote: Redefine the Role of IT Operations With Digital Tra...
Agile Operations Keynote: Redefine the Role of IT Operations With Digital Tra...Agile Operations Keynote: Redefine the Role of IT Operations With Digital Tra...
Agile Operations Keynote: Redefine the Role of IT Operations With Digital Tra...CA Technologies
 

More Related Content

What's hot

O365Con18 - Exploring Conditional Access to content stored in Office 365 - Pa...
O365Con18 - Exploring Conditional Access to content stored in Office 365 - Pa...O365Con18 - Exploring Conditional Access to content stored in Office 365 - Pa...
O365Con18 - Exploring Conditional Access to content stored in Office 365 - Pa...NCCOMMS
 
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...NCCOMMS
 
Building solutions with SPFx that work across SharePoint and Teams
Building solutions with SPFx that work across SharePoint and TeamsBuilding solutions with SPFx that work across SharePoint and Teams
Building solutions with SPFx that work across SharePoint and TeamsVignesh Ganesan I Microsoft MVP
 
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...Peter Selch Dahl
 
What's new in Security and Compliance in SharePoint , OneDrive for Business &...
What's new in Security and Compliance in SharePoint , OneDrive for Business &...What's new in Security and Compliance in SharePoint , OneDrive for Business &...
What's new in Security and Compliance in SharePoint , OneDrive for Business &...Vignesh Ganesan I Microsoft MVP
 
Certifications for Azure Developers
Certifications for Azure DevelopersCertifications for Azure Developers
Certifications for Azure DevelopersKrunal Trivedi
 
ECS19 - Bram De Jager - Design a secure collaboration solution with Azure In...
ECS19 - Bram De Jager - Design a secure collaboration solution with Azure In...ECS19 - Bram De Jager - Design a secure collaboration solution with Azure In...
ECS19 - Bram De Jager - Design a secure collaboration solution with Azure In...European Collaboration Summit
 
O365Con18 - Deep Dive into Microsoft 365 - Jussi Roine
O365Con18 - Deep Dive into Microsoft 365 - Jussi RoineO365Con18 - Deep Dive into Microsoft 365 - Jussi Roine
O365Con18 - Deep Dive into Microsoft 365 - Jussi RoineNCCOMMS
 
Modern Workplace Deep Dive infographic
Modern Workplace Deep Dive infographicModern Workplace Deep Dive infographic
Modern Workplace Deep Dive infographicAmmar Hasayen
 
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...Scott Hoag
 
Securing Governing and Protecting Your Office 365 Investments
Securing Governing and Protecting Your Office 365 InvestmentsSecuring Governing and Protecting Your Office 365 Investments
Securing Governing and Protecting Your Office 365 InvestmentsChris Bortlik
 
Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)WinWire Technologies Inc
 
2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD 2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD Peter Selch Dahl
 
Windows Advance Threats - BSides Amman 2019
Windows Advance Threats - BSides Amman 2019Windows Advance Threats - BSides Amman 2019
Windows Advance Threats - BSides Amman 2019Ammar Hasayen
 
Azure Active Directory - An Introduction for Developers
Azure Active Directory - An Introduction for DevelopersAzure Active Directory - An Introduction for Developers
Azure Active Directory - An Introduction for DevelopersJohn Garland
 
March 2022 CIAOPS Need to Know Webinar
March 2022 CIAOPS Need to Know WebinarMarch 2022 CIAOPS Need to Know Webinar
March 2022 CIAOPS Need to Know WebinarRobert Crane
 
Working securely with Microsoft Teams - Techorama 2021
Working securely with Microsoft Teams - Techorama 2021Working securely with Microsoft Teams - Techorama 2021
Working securely with Microsoft Teams - Techorama 2021Albert Hoitingh
 

What's hot (19)

O365Con18 - Exploring Conditional Access to content stored in Office 365 - Pa...
O365Con18 - Exploring Conditional Access to content stored in Office 365 - Pa...O365Con18 - Exploring Conditional Access to content stored in Office 365 - Pa...
O365Con18 - Exploring Conditional Access to content stored in Office 365 - Pa...
 
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
 
Building solutions with SPFx that work across SharePoint and Teams
Building solutions with SPFx that work across SharePoint and TeamsBuilding solutions with SPFx that work across SharePoint and Teams
Building solutions with SPFx that work across SharePoint and Teams
 
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
CoLabora March 2022 - Improve security posture by implementing new Azure AD ...
 
What's new in Security and Compliance in SharePoint , OneDrive for Business &...
What's new in Security and Compliance in SharePoint , OneDrive for Business &...What's new in Security and Compliance in SharePoint , OneDrive for Business &...
What's new in Security and Compliance in SharePoint , OneDrive for Business &...
 
Certifications for Azure Developers
Certifications for Azure DevelopersCertifications for Azure Developers
Certifications for Azure Developers
 
ECS19 - Bram De Jager - Design a secure collaboration solution with Azure In...
ECS19 - Bram De Jager - Design a secure collaboration solution with Azure In...ECS19 - Bram De Jager - Design a secure collaboration solution with Azure In...
ECS19 - Bram De Jager - Design a secure collaboration solution with Azure In...
 
O365Con18 - Deep Dive into Microsoft 365 - Jussi Roine
O365Con18 - Deep Dive into Microsoft 365 - Jussi RoineO365Con18 - Deep Dive into Microsoft 365 - Jussi Roine
O365Con18 - Deep Dive into Microsoft 365 - Jussi Roine
 
Modern Workplace Deep Dive infographic
Modern Workplace Deep Dive infographicModern Workplace Deep Dive infographic
Modern Workplace Deep Dive infographic
 
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
 
Securing Governing and Protecting Your Office 365 Investments
Securing Governing and Protecting Your Office 365 InvestmentsSecuring Governing and Protecting Your Office 365 Investments
Securing Governing and Protecting Your Office 365 Investments
 
Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)Secure Your Cloud Environment with Azure Active Directory (AD)
Secure Your Cloud Environment with Azure Active Directory (AD)
 
Azure AD with Office 365 and Beyond!
Azure AD with Office 365 and Beyond!Azure AD with Office 365 and Beyond!
Azure AD with Office 365 and Beyond!
 
Azure information protection
Azure information protectionAzure information protection
Azure information protection
 
2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD 2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD
 
Windows Advance Threats - BSides Amman 2019
Windows Advance Threats - BSides Amman 2019Windows Advance Threats - BSides Amman 2019
Windows Advance Threats - BSides Amman 2019
 
Azure Active Directory - An Introduction for Developers
Azure Active Directory - An Introduction for DevelopersAzure Active Directory - An Introduction for Developers
Azure Active Directory - An Introduction for Developers
 
March 2022 CIAOPS Need to Know Webinar
March 2022 CIAOPS Need to Know WebinarMarch 2022 CIAOPS Need to Know Webinar
March 2022 CIAOPS Need to Know Webinar
 
Working securely with Microsoft Teams - Techorama 2021
Working securely with Microsoft Teams - Techorama 2021Working securely with Microsoft Teams - Techorama 2021
Working securely with Microsoft Teams - Techorama 2021
 

Viewers also liked

Keynote #Enterprise - L'ouverture du Cloud Microsoft, transformation open sou...
Keynote #Enterprise - L'ouverture du Cloud Microsoft, transformation open sou...Keynote #Enterprise - L'ouverture du Cloud Microsoft, transformation open sou...
Keynote #Enterprise - L'ouverture du Cloud Microsoft, transformation open sou...Paris Open Source Summit
 
TOON Stephen Galsworthy
TOON Stephen GalsworthyTOON Stephen Galsworthy
TOON Stephen GalsworthyBigDataExpo
 
Agile Operations Keynote: Redefine the Role of IT Operations With Digital Tra...
Agile Operations Keynote: Redefine the Role of IT Operations With Digital Tra...Agile Operations Keynote: Redefine the Role of IT Operations With Digital Tra...
Agile Operations Keynote: Redefine the Role of IT Operations With Digital Tra...CA Technologies
 
A modern, flexible approach to Hadoop implementation incorporating innovation...
A modern, flexible approach to Hadoop implementation incorporating innovation...A modern, flexible approach to Hadoop implementation incorporating innovation...
A modern, flexible approach to Hadoop implementation incorporating innovation...DataWorks Summit
 
Next Generation Data Center Strategies
Next Generation Data Center StrategiesNext Generation Data Center Strategies
Next Generation Data Center StrategiesVenkat Nambiyur
 
Cyberbullying in the Middle Years
Cyberbullying in the Middle YearsCyberbullying in the Middle Years
Cyberbullying in the Middle Yearselketeaches
 
Security at Scale with AWS - AWS Summit Cape Town 2017
Security at Scale with AWS - AWS Summit Cape Town 2017 Security at Scale with AWS - AWS Summit Cape Town 2017
Security at Scale with AWS - AWS Summit Cape Town 2017 Amazon Web Services
 
Freek bomhof tno
Freek bomhof tnoFreek bomhof tno
Freek bomhof tnoBigDataExpo
 
Solr At Scale For Time-Oriented Data: Presented by Brett Hoerner, Rocana
Solr At Scale For Time-Oriented Data: Presented by Brett Hoerner, RocanaSolr At Scale For Time-Oriented Data: Presented by Brett Hoerner, Rocana
Solr At Scale For Time-Oriented Data: Presented by Brett Hoerner, RocanaLucidworks
 
2017-10-03 Session aOS - Back from Ignite - MS Experiences
2017-10-03 Session aOS - Back from Ignite - MS Experiences2017-10-03 Session aOS - Back from Ignite - MS Experiences
2017-10-03 Session aOS - Back from Ignite - MS ExperiencesPatrick Guimonet
 
Introducing the Big Data Ecosystem with Caserta Concepts & Talend
Introducing the Big Data Ecosystem with Caserta Concepts & TalendIntroducing the Big Data Ecosystem with Caserta Concepts & Talend
Introducing the Big Data Ecosystem with Caserta Concepts & TalendCaserta
 
Poor mans spy vs spy using open source tools to detect attackers
Poor mans spy vs spy using open source tools to detect attackersPoor mans spy vs spy using open source tools to detect attackers
Poor mans spy vs spy using open source tools to detect attackersDerek Banks
 
Workshop 2: Building a streaming data platform on AWS
Workshop 2: Building a streaming data platform on AWSWorkshop 2: Building a streaming data platform on AWS
Workshop 2: Building a streaming data platform on AWSAmazon Web Services
 
Nano Server First Step
Nano Server First StepNano Server First Step
Nano Server First StepKazuki Takai
 
Graylog for open stack 3 steps to know why
Graylog for open stack 3 steps to know whyGraylog for open stack 3 steps to know why
Graylog for open stack 3 steps to know whyMạnh Đinh
 
You're the New CDO, Now What?
You're the New CDO, Now What?You're the New CDO, Now What?
You're the New CDO, Now What?Caserta
 
NUON Rens Weijers
NUON Rens WeijersNUON Rens Weijers
NUON Rens WeijersBigDataExpo
 

Viewers also liked (20)

Keynote #Enterprise - L'ouverture du Cloud Microsoft, transformation open sou...
Keynote #Enterprise - L'ouverture du Cloud Microsoft, transformation open sou...Keynote #Enterprise - L'ouverture du Cloud Microsoft, transformation open sou...
Keynote #Enterprise - L'ouverture du Cloud Microsoft, transformation open sou...
 
TOON Stephen Galsworthy
TOON Stephen GalsworthyTOON Stephen Galsworthy
TOON Stephen Galsworthy
 
Agile Operations Keynote: Redefine the Role of IT Operations With Digital Tra...
Agile Operations Keynote: Redefine the Role of IT Operations With Digital Tra...Agile Operations Keynote: Redefine the Role of IT Operations With Digital Tra...
Agile Operations Keynote: Redefine the Role of IT Operations With Digital Tra...
 
A modern, flexible approach to Hadoop implementation incorporating innovation...
A modern, flexible approach to Hadoop implementation incorporating innovation...A modern, flexible approach to Hadoop implementation incorporating innovation...
A modern, flexible approach to Hadoop implementation incorporating innovation...
 
Sudan tanıtımı
Sudan tanıtımıSudan tanıtımı
Sudan tanıtımı
 
Next Generation Data Center Strategies
Next Generation Data Center StrategiesNext Generation Data Center Strategies
Next Generation Data Center Strategies
 
Cyberbullying in the Middle Years
Cyberbullying in the Middle YearsCyberbullying in the Middle Years
Cyberbullying in the Middle Years
 
Security at Scale with AWS - AWS Summit Cape Town 2017
Security at Scale with AWS - AWS Summit Cape Town 2017 Security at Scale with AWS - AWS Summit Cape Town 2017
Security at Scale with AWS - AWS Summit Cape Town 2017
 
Freek bomhof tno
Freek bomhof tnoFreek bomhof tno
Freek bomhof tno
 
Solr At Scale For Time-Oriented Data: Presented by Brett Hoerner, Rocana
Solr At Scale For Time-Oriented Data: Presented by Brett Hoerner, RocanaSolr At Scale For Time-Oriented Data: Presented by Brett Hoerner, Rocana
Solr At Scale For Time-Oriented Data: Presented by Brett Hoerner, Rocana
 
Cloud Foundry Summit 2017
Cloud Foundry Summit 2017Cloud Foundry Summit 2017
Cloud Foundry Summit 2017
 
2017-10-03 Session aOS - Back from Ignite - MS Experiences
2017-10-03 Session aOS - Back from Ignite - MS Experiences2017-10-03 Session aOS - Back from Ignite - MS Experiences
2017-10-03 Session aOS - Back from Ignite - MS Experiences
 
Introducing the Big Data Ecosystem with Caserta Concepts & Talend
Introducing the Big Data Ecosystem with Caserta Concepts & TalendIntroducing the Big Data Ecosystem with Caserta Concepts & Talend
Introducing the Big Data Ecosystem with Caserta Concepts & Talend
 
Poor mans spy vs spy using open source tools to detect attackers
Poor mans spy vs spy using open source tools to detect attackersPoor mans spy vs spy using open source tools to detect attackers
Poor mans spy vs spy using open source tools to detect attackers
 
Workshop 2: Building a streaming data platform on AWS
Workshop 2: Building a streaming data platform on AWSWorkshop 2: Building a streaming data platform on AWS
Workshop 2: Building a streaming data platform on AWS
 
Nano Server First Step
Nano Server First StepNano Server First Step
Nano Server First Step
 
Graylog for open stack 3 steps to know why
Graylog for open stack 3 steps to know whyGraylog for open stack 3 steps to know why
Graylog for open stack 3 steps to know why
 
Click or clunk
Click or clunkClick or clunk
Click or clunk
 
You're the New CDO, Now What?
You're the New CDO, Now What?You're the New CDO, Now What?
You're the New CDO, Now What?
 
NUON Rens Weijers
NUON Rens WeijersNUON Rens Weijers
NUON Rens Weijers
 

Similar to SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupie) - Jussi Roine

I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...SPS Paris
 
Rencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
Rencore Webinar: Securing Office 365 and Microsoft Azure like a RockstarRencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
Rencore Webinar: Securing Office 365 and Microsoft Azure like a RockstarRencore
 
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRIdentity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRJürgen Ambrosi
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKPeter Selch Dahl
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A ServiceOlav Tvedt
 
3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AADAndrew Bettany
 
SCU Berlín | Cloud identity for maximum productivity
SCU Berlín | Cloud identity for maximum productivity SCU Berlín | Cloud identity for maximum productivity
SCU Berlín | Cloud identity for maximum productivityDiana Carolina Torres Viasus
 
Power of the Cloud - Introduction to Microsoft Azure Security
Power of the Cloud - Introduction to Microsoft Azure SecurityPower of the Cloud - Introduction to Microsoft Azure Security
Power of the Cloud - Introduction to Microsoft Azure SecurityAdin Ermie
 
Protect your data in / with the Cloud
Protect your data in / with the CloudProtect your data in / with the Cloud
Protect your data in / with the CloudGWAVA
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreJoel Oleson
 
Mobility & security Microsoft SPE5 By Bipeen Sinha
Mobility & security Microsoft SPE5 By Bipeen SinhaMobility & security Microsoft SPE5 By Bipeen Sinha
Mobility & security Microsoft SPE5 By Bipeen SinhaBipeen Sinha
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and ComplianceKarina Matos
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud SecurityAlert Logic
 
MS Cloud Identity and Access Infographic 2015 (1)
MS Cloud Identity and Access Infographic 2015 (1)MS Cloud Identity and Access Infographic 2015 (1)
MS Cloud Identity and Access Infographic 2015 (1)Luís Serra Libório
 
Make IT Pro's great again: Microsoft Azure for the SharePoint professional
Make IT Pro's great again: Microsoft Azure for the SharePoint professionalMake IT Pro's great again: Microsoft Azure for the SharePoint professional
Make IT Pro's great again: Microsoft Azure for the SharePoint professionalBIWUG
 
Azure Incident Response Cheat Sheet.pdf
Azure Incident Response Cheat Sheet.pdfAzure Incident Response Cheat Sheet.pdf
Azure Incident Response Cheat Sheet.pdfChristopher Doman
 
03_Azure Security Center_GAB2019
03_Azure Security Center_GAB201903_Azure Security Center_GAB2019
03_Azure Security Center_GAB2019Kumton Suttiraksiri
 

Similar to SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupie) - Jussi Roine (20)

I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
 
Rencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
Rencore Webinar: Securing Office 365 and Microsoft Azure like a RockstarRencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
Rencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
 
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRIdentity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
 
3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD
 
SCU Berlín | Cloud identity for maximum productivity
SCU Berlín | Cloud identity for maximum productivity SCU Berlín | Cloud identity for maximum productivity
SCU Berlín | Cloud identity for maximum productivity
 
Power of the Cloud - Introduction to Microsoft Azure Security
Power of the Cloud - Introduction to Microsoft Azure SecurityPower of the Cloud - Introduction to Microsoft Azure Security
Power of the Cloud - Introduction to Microsoft Azure Security
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Protect your data in / with the Cloud
Protect your data in / with the CloudProtect your data in / with the Cloud
Protect your data in / with the Cloud
 
AzureAAD
AzureAADAzureAAD
AzureAAD
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure Score
 
Mobility & security Microsoft SPE5 By Bipeen Sinha
Mobility & security Microsoft SPE5 By Bipeen SinhaMobility & security Microsoft SPE5 By Bipeen Sinha
Mobility & security Microsoft SPE5 By Bipeen Sinha
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud Security
 
MS Cloud Identity and Access Infographic 2015 (1)
MS Cloud Identity and Access Infographic 2015 (1)MS Cloud Identity and Access Infographic 2015 (1)
MS Cloud Identity and Access Infographic 2015 (1)
 
Azure Cloud Services
Azure Cloud ServicesAzure Cloud Services
Azure Cloud Services
 
Make IT Pro's great again: Microsoft Azure for the SharePoint professional
Make IT Pro's great again: Microsoft Azure for the SharePoint professionalMake IT Pro's great again: Microsoft Azure for the SharePoint professional
Make IT Pro's great again: Microsoft Azure for the SharePoint professional
 
Azure Incident Response Cheat Sheet.pdf
Azure Incident Response Cheat Sheet.pdfAzure Incident Response Cheat Sheet.pdf
Azure Incident Response Cheat Sheet.pdf
 
03_Azure Security Center_GAB2019
03_Azure Security Center_GAB201903_Azure Security Center_GAB2019
03_Azure Security Center_GAB2019
 

More from DIWUG

SPSNL17 - Integratie van Microsoft Teams met het Bot Framework - Michael Homp...
SPSNL17 - Integratie van Microsoft Teams met het Bot Framework - Michael Homp...SPSNL17 - Integratie van Microsoft Teams met het Bot Framework - Michael Homp...
SPSNL17 - Integratie van Microsoft Teams met het Bot Framework - Michael Homp...DIWUG
 
SPSNL17 - Be more effective with the PnP Provisioning Engine - Erwin van Hunen
SPSNL17 - Be more effective with the PnP Provisioning Engine - Erwin van HunenSPSNL17 - Be more effective with the PnP Provisioning Engine - Erwin van Hunen
SPSNL17 - Be more effective with the PnP Provisioning Engine - Erwin van HunenDIWUG
 
SPSNL17 - Custom SharePoint integration for Dynamics365 - Martijn Eikelenboom
SPSNL17 - Custom SharePoint integration for Dynamics365 - Martijn EikelenboomSPSNL17 - Custom SharePoint integration for Dynamics365 - Martijn Eikelenboom
SPSNL17 - Custom SharePoint integration for Dynamics365 - Martijn EikelenboomDIWUG
 
SPSNL17 - Content publishing and communication strategies for Office 365 and ...
SPSNL17 - Content publishing and communication strategies for Office 365 and ...SPSNL17 - Content publishing and communication strategies for Office 365 and ...
SPSNL17 - Content publishing and communication strategies for Office 365 and ...DIWUG
 
SPSNL17 - How to solve Azure AD Connect sync issues - Arjan Cornelissen
SPSNL17 - How to solve Azure AD Connect sync issues - Arjan CornelissenSPSNL17 - How to solve Azure AD Connect sync issues - Arjan Cornelissen
SPSNL17 - How to solve Azure AD Connect sync issues - Arjan CornelissenDIWUG
 
SPSNL17 - Introductie HoloLens - Augmented Reality in 2017 - Michiel Hamers
SPSNL17 - Introductie HoloLens - Augmented Reality in 2017 - Michiel HamersSPSNL17 - Introductie HoloLens - Augmented Reality in 2017 - Michiel Hamers
SPSNL17 - Introductie HoloLens - Augmented Reality in 2017 - Michiel HamersDIWUG
 
SPSNL17 - Adoption, I love it when a plan comes together - Katharina Schroeder
SPSNL17 - Adoption, I love it when a plan comes together - Katharina SchroederSPSNL17 - Adoption, I love it when a plan comes together - Katharina Schroeder
SPSNL17 - Adoption, I love it when a plan comes together - Katharina SchroederDIWUG
 
SPSNL17 - Getting notified by SharePoint with the webhook functionality - Eli...
SPSNL17 - Getting notified by SharePoint with the webhook functionality - Eli...SPSNL17 - Getting notified by SharePoint with the webhook functionality - Eli...
SPSNL17 - Getting notified by SharePoint with the webhook functionality - Eli...DIWUG
 
SPSNL17 - Implementing SharePoint hybrid search, start to finish - Thomas Voc...
SPSNL17 - Implementing SharePoint hybrid search, start to finish - Thomas Voc...SPSNL17 - Implementing SharePoint hybrid search, start to finish - Thomas Voc...
SPSNL17 - Implementing SharePoint hybrid search, start to finish - Thomas Voc...DIWUG
 
SPSNL17 - Getting started with SharePoint development for the reluctant IT Pr...
SPSNL17 - Getting started with SharePoint development for the reluctant IT Pr...SPSNL17 - Getting started with SharePoint development for the reluctant IT Pr...
SPSNL17 - Getting started with SharePoint development for the reluctant IT Pr...DIWUG
 
SPSNL17 - Delivering the promise of Software as a Service with Hybrid solutio...
SPSNL17 - Delivering the promise of Software as a Service with Hybrid solutio...SPSNL17 - Delivering the promise of Software as a Service with Hybrid solutio...
SPSNL17 - Delivering the promise of Software as a Service with Hybrid solutio...DIWUG
 
SPSNL17 - Deep-dive building SharePoint Framework solutions - Albert-Jan Scho...
SPSNL17 - Deep-dive building SharePoint Framework solutions - Albert-Jan Scho...SPSNL17 - Deep-dive building SharePoint Framework solutions - Albert-Jan Scho...
SPSNL17 - Deep-dive building SharePoint Framework solutions - Albert-Jan Scho...DIWUG
 
SPSNL17 - The business & end-user guide into the new and modern SharePoint! -...
SPSNL17 - The business & end-user guide into the new and modern SharePoint! -...SPSNL17 - The business & end-user guide into the new and modern SharePoint! -...
SPSNL17 - The business & end-user guide into the new and modern SharePoint! -...DIWUG
 

More from DIWUG (13)

SPSNL17 - Integratie van Microsoft Teams met het Bot Framework - Michael Homp...
SPSNL17 - Integratie van Microsoft Teams met het Bot Framework - Michael Homp...SPSNL17 - Integratie van Microsoft Teams met het Bot Framework - Michael Homp...
SPSNL17 - Integratie van Microsoft Teams met het Bot Framework - Michael Homp...
 
SPSNL17 - Be more effective with the PnP Provisioning Engine - Erwin van Hunen
SPSNL17 - Be more effective with the PnP Provisioning Engine - Erwin van HunenSPSNL17 - Be more effective with the PnP Provisioning Engine - Erwin van Hunen
SPSNL17 - Be more effective with the PnP Provisioning Engine - Erwin van Hunen
 
SPSNL17 - Custom SharePoint integration for Dynamics365 - Martijn Eikelenboom
SPSNL17 - Custom SharePoint integration for Dynamics365 - Martijn EikelenboomSPSNL17 - Custom SharePoint integration for Dynamics365 - Martijn Eikelenboom
SPSNL17 - Custom SharePoint integration for Dynamics365 - Martijn Eikelenboom
 
SPSNL17 - Content publishing and communication strategies for Office 365 and ...
SPSNL17 - Content publishing and communication strategies for Office 365 and ...SPSNL17 - Content publishing and communication strategies for Office 365 and ...
SPSNL17 - Content publishing and communication strategies for Office 365 and ...
 
SPSNL17 - How to solve Azure AD Connect sync issues - Arjan Cornelissen
SPSNL17 - How to solve Azure AD Connect sync issues - Arjan CornelissenSPSNL17 - How to solve Azure AD Connect sync issues - Arjan Cornelissen
SPSNL17 - How to solve Azure AD Connect sync issues - Arjan Cornelissen
 
SPSNL17 - Introductie HoloLens - Augmented Reality in 2017 - Michiel Hamers
SPSNL17 - Introductie HoloLens - Augmented Reality in 2017 - Michiel HamersSPSNL17 - Introductie HoloLens - Augmented Reality in 2017 - Michiel Hamers
SPSNL17 - Introductie HoloLens - Augmented Reality in 2017 - Michiel Hamers
 
SPSNL17 - Adoption, I love it when a plan comes together - Katharina Schroeder
SPSNL17 - Adoption, I love it when a plan comes together - Katharina SchroederSPSNL17 - Adoption, I love it when a plan comes together - Katharina Schroeder
SPSNL17 - Adoption, I love it when a plan comes together - Katharina Schroeder
 
SPSNL17 - Getting notified by SharePoint with the webhook functionality - Eli...
SPSNL17 - Getting notified by SharePoint with the webhook functionality - Eli...SPSNL17 - Getting notified by SharePoint with the webhook functionality - Eli...
SPSNL17 - Getting notified by SharePoint with the webhook functionality - Eli...
 
SPSNL17 - Implementing SharePoint hybrid search, start to finish - Thomas Voc...
SPSNL17 - Implementing SharePoint hybrid search, start to finish - Thomas Voc...SPSNL17 - Implementing SharePoint hybrid search, start to finish - Thomas Voc...
SPSNL17 - Implementing SharePoint hybrid search, start to finish - Thomas Voc...
 
SPSNL17 - Getting started with SharePoint development for the reluctant IT Pr...
SPSNL17 - Getting started with SharePoint development for the reluctant IT Pr...SPSNL17 - Getting started with SharePoint development for the reluctant IT Pr...
SPSNL17 - Getting started with SharePoint development for the reluctant IT Pr...
 
SPSNL17 - Delivering the promise of Software as a Service with Hybrid solutio...
SPSNL17 - Delivering the promise of Software as a Service with Hybrid solutio...SPSNL17 - Delivering the promise of Software as a Service with Hybrid solutio...
SPSNL17 - Delivering the promise of Software as a Service with Hybrid solutio...
 
SPSNL17 - Deep-dive building SharePoint Framework solutions - Albert-Jan Scho...
SPSNL17 - Deep-dive building SharePoint Framework solutions - Albert-Jan Scho...SPSNL17 - Deep-dive building SharePoint Framework solutions - Albert-Jan Scho...
SPSNL17 - Deep-dive building SharePoint Framework solutions - Albert-Jan Scho...
 
SPSNL17 - The business & end-user guide into the new and modern SharePoint! -...
SPSNL17 - The business & end-user guide into the new and modern SharePoint! -...SPSNL17 - The business & end-user guide into the new and modern SharePoint! -...
SPSNL17 - The business & end-user guide into the new and modern SharePoint! -...
 

Recently uploaded

Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfExploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfkalichargn70th171
 
Osi security architecture in network.pptx
Osi security architecture in network.pptxOsi security architecture in network.pptx
Osi security architecture in network.pptxVinzoCenzo
 
SoftTeco - Software Development Company Profile
SoftTeco - Software Development Company ProfileSoftTeco - Software Development Company Profile
SoftTeco - Software Development Company Profileakrivarotava
 
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsStrategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsJean Silva
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLionel Briand
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxAndreas Kunz
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalLionel Briand
 
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...OnePlan Solutions
 
Patterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencePatterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencessuser9e7c64
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Rob Geurden
 
SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?Alexandre Beguel
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf31events.com
 
Introduction to Firebase Workshop Slides
Introduction to Firebase Workshop SlidesIntroduction to Firebase Workshop Slides
Introduction to Firebase Workshop Slidesvaideheekore1
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsSafe Software
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxRTS corp
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogueitservices996
 
VictoriaMetrics Anomaly Detection Updates: Q1 2024
VictoriaMetrics Anomaly Detection Updates: Q1 2024VictoriaMetrics Anomaly Detection Updates: Q1 2024
VictoriaMetrics Anomaly Detection Updates: Q1 2024VictoriaMetrics
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxRTS corp
 

Recently uploaded (20)

Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfExploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
 
Osi security architecture in network.pptx
Osi security architecture in network.pptxOsi security architecture in network.pptx
Osi security architecture in network.pptx
 
SoftTeco - Software Development Company Profile
SoftTeco - Software Development Company ProfileSoftTeco - Software Development Company Profile
SoftTeco - Software Development Company Profile
 
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsStrategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero results
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and Repair
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
 
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
 
Patterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencePatterns for automating API delivery. API conference
Patterns for automating API delivery. API conference
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...
 
SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf
 
Introduction to Firebase Workshop Slides
Introduction to Firebase Workshop SlidesIntroduction to Firebase Workshop Slides
Introduction to Firebase Workshop Slides
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogue
 
VictoriaMetrics Anomaly Detection Updates: Q1 2024
VictoriaMetrics Anomaly Detection Updates: Q1 2024VictoriaMetrics Anomaly Detection Updates: Q1 2024
VictoriaMetrics Anomaly Detection Updates: Q1 2024
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
 

SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupie) - Jussi Roine

  • 1. Securing Office 365 and Microsoft Azure like a rock star (or groupie) Jussi Roine @JussiRoine
  • 2.
  • 5. Agenda and takeaways Security building blocks The Big Picture Azure AD Premium External threats Internal threats How to protect Azure and Office 365 How to protect On- Premises services Licenses Wait whattt?
  • 7. Office 365: Core services Azure AD
  • 8. Office 365: All major services Azure AD
  • 9. Office 365: With extensibility Azure AD
  • 10. Office 365: With Azure-related services MFA Stream OMS Azure AD
  • 11.
  • 12. Wait, what? Hold on! Do I have to manage security on all these AND on-premises too?
  • 13. A starting point: ”We are in the cloud!” This is the common, kind-of hybrid architecture model. Microsoft Azure Office 365 Site-to Site VPN Azure AD Connect ADFS Proxy On-premises
  • 14. The heart of security: Azure Active Directory  The core of each Azure subscription  You can have multiple AAD tenants within the same Azure subscription  Users, groups, licenses, permissions, apps, app proxies, domains.. all here!  Managed through Azure Portal, some tiny things are still only available in the Classic Portal  It’s important to understand the difference between AAD, AD and AAD Connect (and AAD DS) Identities, management and security
  • 15. Your mission Protect the identities in the cloud – it is the new perimeter!
  • 16. Azure Active Directory: Free, Basic, Premium Feature AAD Free AAD Basic AAD Premium P1 AAD Premium P2 SSO support 10 apps/user 10 apps/user No limit No limit Security reports 3 (basic) 3 (basic) Advanced Advanced Self-Service password reset Application Proxy Multi-Factor Authentication Connect Health Cloud App Discovery Privileged Identity Management Identity Protection Price Free! 0.84 €/user/month 5.06 €/user/month 7.59 €/user/month A few highlighted features of AAD and a comparison between licenses (cloud users)(cloud users)
  • 17. Security building blocks in Azure Role-Based Access Control Key Vault Microsoft anti-malware Rights Management/Information Protection Cloud App Discovery Security Center Infrastructure Network Security Groups (NSG) Site-to-Site VPN Point-to-Site VPN ExpressRoute Network Security Appliances Host-based & NextGen firewalls Azure Active Directory Connect Health Identity Protection Privileged Identity Management OMS Security & Audit Multi-Factor Authentication Security
  • 18. Analogy to cloud security 18 Rancilio Silvia Best. Espresso. Ever. (This is what I got) Customized Rancilio Silvia (This is what you think you need) Rancilio Silvia with the Rocky grinder and steel base (This is what you should end up with)
  • 20. Securing authentication for users with Multi-Factor Authentication  Enforces security beyond username and password  User must possess something – typically a mobile device  Strong authentication occurs over text message, pin, fingerprint, mobile app approval or voice call  Users must enroll through https://aka.ms/mfauserhowto  Available as Office 365 MFA, Azure MFA for Admins and Azure MFA  Certain non-browser apps do not support MFA -- users have to provision separate App Passwords (one or more) through the MyApps portal  This tends to be challenging for non-technical users Multi-Factor Authentication for on-premises with Azure MFA Server  Enables easy securing of VPNs, IIS web apps & Remote Desktop  Maybe not the most logical to set up..  Supports RADIUS so fairly easy to integrate with legacy systems ;-) Strong and secure authentication for on-premises, hybrid & the cloud
  • 21. Baseline your security in Office 365 with Secure Score  A free service at https://securescore.office.com  After initial scoring you can select a new baseline  Provides a list of actions for things to fix, in order to achieve a new baseline  Max score is 432  Office 365 average is 29  I have 72!  You get to 111 just by enabling MFA for global admins Automated scan of your Office 365 subscription settings and general security
  • 22. A dashboard for Azure security with Security Center  A simple way to view what’s secured and what’s not in Azure  Includes behavioral analytics and incident reporting  Standard license gives advanced threat detection & intelligence Provides an overview on security for cloud resources
  • 23. Securing and monitoring Azure AD Connect, ADFS and on- premises AD configuration with Azure AD Connect Health  Monitors your AD FS, AD FS Proxy, AAD Domain Services and AAD Connect status  Can alert you when things break down – useful for many directory-related services, and especially for Azure AD Connect issues  Deploying is easy:  Install agents for AD FS, AAD Connect and AD DS servers  Verify configuration on AAD CH blade in Azure Portal  Somewhat sadly this feature requires AAD Premium license – all users must be licensed in the scope of AAD CH Agent-based service to monitor your AD domain controllers and ADFS infrastructure
  • 24. Safeguarding for users who log in from weird countries with Azure AD Identity Protection  Watchdog for user sign-ins, can associate individual logins with risk factors  Automatically flags suspicious events, such as users who perform impossible travel times (typically with VPN connectivity)  Enforces additional policies based on low/high risk factors  Enforce MFA for the duration of the login  Enforce self-service password reset (which subsequently enforces MFA)  Weekly email digest of findings and things to lose your sleep over Monitoring for risk events, vulnerabilities and automatic policy changes
  • 25. Getting rid of static admin roles with Azure AD Privileged Identity Management (PIM)  Instead of granting permanent admin privileges, PIM allows ad-hoc & just-in-time admin roles  Users can request for new privileges for predefined duration  Scans for fixed admin roles and changes them to temporary roles  Admin roles become non-permanent  Duration can be set from 1 hour to 72 hours  Can enforce MFA during role grant  In preview: Approval workflows for new privilege requests  Central view & management for all admins roles throughout Azure and Office 365 ”Just-in-time” administration privileges for users on request
  • 26. Tracking botnet and brute force attacks  OMS provides System Center-like capabilities in the cloud  Capable of tracking hybrid deployments, including Office 365 and Azure  Gathers logs (also custom ones), configuration data, update status, availability, backup info and even Surface Hub data  Operations Management Suite (OMS) is the Swiss Army knife you need
  • 27. Protecting from external threats with Office 365  Provides a 360ᴼ view on external threats against users  Insights and analysis based on evidence, act accordingly  Allows for custom policies and reactions Threat Intelligence uses evidence-based knowledge on threats
  • 28. Publishing internal services securely  Enforce authentication at Azure AD, before allowing access to internal resources  Configuration is simple, and support high availability deployments  Internal services do not require changes  Dual-authentication also supports:  First on Azure AD, then in on-premises against local AD/service Azure AD Application Proxy provides a one-way HTTPS tunnel to on-premises
  • 31. Securing Edge network & cloud app usage with Advanced Security Management  Similar to OMS, but directly aimed for Office 365 workloads  Records all activities of users, including external users  Supports on-premises edge router log analysis Discover activity and incidents in Office 365
  • 32. Monitoring what admins and developers are doing with Azure resources  Query against Azure backends to see operations against services  Connect with  Log Analytics (for further analysis)  Power BI (for reports)  Application Insights (for wisdom) Azure Monitor provides monitoring throughout tenants and resource groups
  • 33. Finding Shadow IT within the organization with Cloud App Discovery  Works by dropping an agent on workstations  Consent can be requested; or just install silently..  Discover apps, amount of data transferred and who uses what  Based on reports, act accordingly Discover unmanaged (and managed) cloud apps in use
  • 34. Active Directory surveillance & analysis with Advanced Threat Analytics (ATA)  Captures all authentication traffic to- and-from Domain Controllers  Uses Machine Learning to identify issues and unauthorized usage  Fully automatic, install & forget! Almost like SharePoint ;-)  Can connect with OMS to provide hybrid reporting in the cloud Aggressive auditing and analytics for on-premises Active Directory requests
  • 35. Don’t worry, security will keep you busy
  • 36. Don’t worry, security will keep you busy
  • 37. Don’t worry, security will keep you busy
  • 38. Don’t worry, security will keep you busy
  • 41. Onsight Enterprise Mobility + Security (EMS) Used to be known as Enterprise Mobility Suite  A bundled collection of licenses for Azure-based services  Available as E3 and E5 (Source: Microsoft)
  • 42. Security-related services and licenses Advanced Threat Analytics Active Directory Azure MFA Server Advanced Security Management Threat Intelligence Secure Score Intune Azure MFA for Admins Azure AD Azure AD Premium Security Center Cloud App Discovery Privileged Identity Management Identity Protection Azure MFAConnect Health Network Security Groups Next-Gen FirewallsInformation Protection Operations Management Suite No extra license needed EMS E3/Office 365 E3 EMS E5/Office 365 E5 Additional licensing
  • 43. Recommendations & recap Follow current practices and patterns: http://bit.ly/azuresecpnp Get the book! http://bit.ly/azuresecbook Get the guidance! http://bit.ly/perimeterbook Deploy the free services  Azure Security Center  Office 365 Secure Score  Azure MFA for Admins  OMS Security (AAD+O365) Go for AAD Premium  Either with EM+S or separately  Deploy ATA  Enable PIM and Identity Protection

Editor's Notes

  1. Joonas
  2. Joonas
  3. Joonas
  4. Joonas
  5. Joonas
  6. Joonas
  7. Joonas
  8. Joonas
  9. Joonas
  10. Joonas
  11. Joonas
  12. Joonas
  13. Joonas
  14. Joonas
  15. Joonas
  16. Joonas
  17. Joonas
  18. Joonas
  19. Joonas
  20. Joonas
  21. Joonas
  22. Joonas
  23. Joonas