Slides from CIAOPS March 2021 webinar that provided Microsoft 365 news update, open Q & A as well as a focus session on security. Video recording is available at www.ciaopsacademy.com
10. News
• Microsoft Ignite recordings are available -
• https://myignite.microsoft.com/
• Analyzing attacks taking advantage of the Exchange Server vulnerabilities -
• https://www.microsoft.com/security/blog/2021/03/25/analyzing-attacks-taking-advantage-of-the-exchange-
server-vulnerabilities/
• Add Viva Connections for Microsoft Teams desktop -
• https://docs.microsoft.com/en-us/SharePoint/viva-connections?branch=new-viva-connections
• Best practices for migrating to SharePoint and OneDrive -
• https://techcommunity.microsoft.com/t5/microsoft-onedrive-blog/best-practices-for-migrating-to-sharepoint-and-
onedrive/ba-p/2221548
• Host webinars in Microsoft Teams | Deep dive on new presenter and
attendee experiences - https://www.youtube.com/watch?v=Q7ptat6LoVc&feature=emb_logo
• SharePoint's 20th birthday party - https://www.sharepointbirthday.com/
13. Notifiable Data Breaches (NDB) scheme in Australia
• Starting on 22nd February 2018
• Australian organisations are required to notify any
individuals likely to be at risk of serious harm by a data
breach.
• Examples of a data breach include when:
o a device containing customers’ personal
information is lost or stolen
o a database containing personal information is
hacked
o personal information is mistakenly provided to the
wrong person.
• For more information visit https://oaic.gov.au
25. What Is The Issue Enabling MFA?
https://www.coreview.com/resources/whitepaper/microsoft-365-app-security-governance-shadow-it-report/
26. Getting to a world without passwords
Microsoft Authenticator FIDO2 Security Keys
Windows Hello
27. User browses to a
website
Phishing
mail
Opens
attachment
Clicks on a URL
+
Exploitation
& Installation
Command
& Control
Brute force account or
use stolen account credentials
User account
is compromised
Attacker
attempts lateral
movement
Privileged
account
compromised
Domain
compromised
Attacker accesses
sensitive data
Exfiltrate data
Protection across
Azure AD Identity Protection
Identity protection &
conditional access
Cloud App Security
Extends protection & conditional
access to other cloud apps
Azure Defender
Azure AD Identity Protection
Identity protection &
conditional access
Identity protection
Defender for Endpoint
Endpoint protection
Defender for Office 365
Malware detection, safe links,
safe attachments
Attacker collects recon
and config data
32. Take aways
•Security is more important that it has ever been
•Start with the basics and build
•Simple things like MFA make a huge difference
•Understand what you have and what you can add
•Be careful of alert overload
•Test your security regularly
•Follow best practices
33. Resources
• Cyber Security: The Small Business Best Practice Guide -
https://www.asbfeo.gov.au/sites/default/files/documents/ASBFEO-cyber-security-research-report.pdf
• Australian Cyber Security Centre - https://www.cyber.gov.au/
• Office 365 Security and Compliance - https://docs.microsoft.com/en-
us/office365/securitycompliance/
• Your Pa$$word doesn’t matter - https://techcommunity.microsoft.com/t5/azure-active-directory-
identity/your-pa-word-doesn-t-matter/ba-p/731984
• Microsoft Trust Center - https://www.microsoft.com/en-us/trustcenter/security/office365-security
• Microsoft Secure Score - https://docs.microsoft.com/en-us/office365/securitycompliance/microsoft-
secure-score
• Microsoft 365 for Partners Security - https://www.microsoft.com/microsoft-365/partners/security
• CIAOPS Github – https://github.com/directorcia
• CIAOPS Best Practice slinks - https://github.com/directorcia/Office365/blob/master/best-practices.txt
34. CIAOPS Resources
• Blog – http://blog.ciaops.com
• Free SharePoint Training via email – http://bit.ly/cia-gs-spo
• Free Office 365, Azure Administration newsletter – http://bit.ly/cia-o365-tech
• Free Office 365, Azure video tutorials – http://www.youtube.com/directorciaops
• Free documents, presentations, eBooks – http://slideshare.net/directorcia
• Office 365, Azure, Cloud podcast – http://ciaops.podbean.com
• Office 365, Azure online training courses – http://www.ciaopsacademy.com
• Office 365 and Azure community – http://www.ciaopspatron.com
Twitter
@directorcia
Facebook
https://www.facebook.com/ciaops
Email
director@ciaops.com
Teams
admin@ciaops365.com
35. Get access to the latest
information by becoming a
Patron
http://www.ciaopspatron.com