Securely Harden Microsoft 365 with Secure Score
•Download as PPTX, PDF•
1 like•438 views
7 Ways to Harden and Secure Microsoft 365 1. Enable Secure Access for Users with Azure Active Directory MFA 2. Identify compromised identities or malicious insiders with Microsoft Defender for Identity 3. Protect and Encrypt Sensitive Data with Microsoft Information Protection 4. Manage and Protect Devices and with Secure Score for Devices 5. Prevent Unauthorized Access and Sharing with Cloud App security 6. Secure your Email and Files with Microsoft 365 Rights Management Policies and Defender for Microsoft 365 7. Use Intelligent Insights and Guidance to Strengthen Your Organizational security posture with Microsoft Secure Score Sponsored by CoreView “How do we operate as a multi-tenant environment while, from Microsoft’s perspective, on a single tenant? CoreView brought all of that to the table with the V-tenant capabilities. We can slice and dice administration into functional areas. We can have user managers, Teams managers, Teams administrators, or security administrators. All of those functions and feature sets are critical to the solution we have today”
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Securely Harden Microsoft 365 with Secure Score
Similar to Securely Harden Microsoft 365 with Secure Score (20)
More from Joel Oleson
More from Joel Oleson (20)
Recently uploaded
Recently uploaded (20)
Securely Harden Microsoft 365 with Secure Score
- 2. Agenda • Zero Trust Model • Understanding Microsoft Security Tools • Harden Microsoft 365 & introduction to Secure Score • Identity • Devices • Data • Workloads • Networks • Even more with Partners • CoreView Simplified Administration
- 3. Zero Trust – Security Strategy There is no impermeable perimeter. It’s not a matter of if, but when… ASSUME BREACH! The Zero Trust framework is the pragmatic model for today’s hostile reality that includes a mindset, operating model, and architecture tuned to the threat. • Explicit Verification of User & Device • Least Privileged Access • Automation & Intelligence Credit: Forrester – Zero Trust Framework "Every service request made by a user or machine is properly authenticated, authorized, and encrypted end-to-end."
- 4. Microsoft 365: A Path to Zero Trust and Secure Cloud Services Microsoft has identified 12 key tasks to help security teams implement the most important security capabilities as quickly as possible with remote work in mind. 1) Enable Azure multi-factor authentication (MFA) 2) Protect against threats in Office 365 3) Configure Office 365 advanced threat protection 4) Configure Azure advanced threat protection 5) Turn on Microsoft Advanced Threat Protection 6) Configure intune mobile app protection for phones and tablets 7. Configure MFA and conditional access for guests, including intune mobile app protection 8. Enroll PCs into Device Management and require compliant PCs 9. Optimize your network for cloud connectivity 10. Train Users 11. Get started with Microsoft cloud app security 12. Monitor for threats and take action
- 6. Data Files & Content Identity Accounts, Access, Authentication and Beyond Workloads SAAS, PAAS, and IAAS Clouds & Datacenters Networks From the Client to the Edge to the Service Devices Laptops, Desktops Phones everything in between Insights & Automation Visibility & Analytics Zero Trust Zero Trust Based on the Forrester – Zero Trust Framework
- 7. What’s your secure score? >Demo Secure Score
- 8. MS Security Defender Decoder Ring Old name New name -> Microsoft Secure Score securescore.Microsoft.com Microsoft Threat Protection Microsoft Defender Security Center security.microsoft.com Microsoft Defender Advanced Threat Protection Microsoft Defender for Endpoint securitycenter.microsoft.com Office 365 Advanced Threat Protection Microsoft Defender for Office 365 protection.microsoft.com Azure Advanced Threat Protection Microsoft Defender for Identity Azure Security Center Standard Edition Azure Defender for Servers Azure Security Center for IoT Azure Defender for IoT Advanced Threat Protection for SQL Azure Defender for SQL Azure Sentinel *New! -> Compliance Center compliance.Microsoft.com
- 9. 7 Keys to Hardening Microsoft 365
- 10. Data Files & Content Identity Accounts, Access, Authentication and Beyond Workloads SAAS, PAAS, and IAAS Clouds & Datacenters Networks From the Client to the Edge to the Service Devices Laptops, Desktops Phones everything in between Insights & Automation Visibility & Analytics Zero Trust Zero Trust Based on the Forrester – Zero Trust Framework
- 11. Identity Secure access with MFA Strong Passwords Block legacy Auth Password recommendations for Admins • Maintain an 8-character minimum length requirement (longer isn't necessarily better) • Don't require character composition requirements. For example, *&(^%$ • Don't require mandatory periodic password resets for user accounts • Ban common passwords, to keep the most vulnerable passwords out of your system • Enforce registration for multi-factor authentication • Enable risk-based multi-factor authentication challenges Recommendations for Users • Avoid same or similar to one you use elsewhere • Don't use a single word or common phrase • Make passwords hard to guess avoid names, birthdays of family, favorite bands, and phrases you like
- 13. Tiered Config: Identity, Devices & Protection https://docs.microsoft.com/en-us/microsoft-365/solutions/productivity-illustrations
- 14. Data Files & Content Identity Accounts, Access, Authentication and Beyond Workloads SAAS, PAAS, and IAAS Clouds & Datacenters Networks From the Client to the Edge to the Service Devices Laptops, Desktops Phones everything in between Insights & Automation Visibility & Analytics Zero Trust Zero Trust Based on the Forrester – Zero Trust Framework
- 15. Microsoft Information Protection: Protect your sensitive information—anytime, anywhere https://azure.microsoft.com/en-us/services/information-protection/
- 16. Demo Data Loss Prevention for Microsoft Teams
- 17. 7 Keys to Hardening Microsoft 365
- 18. Data Files & Content Identity Accounts, Access, Authentication and Beyond Workloads SAAS, PAAS, and IAAS Clouds & Datacenters Networks From the Client to the Edge to the Service Devices Laptops, Desktops Phones everything in between Insights & Automation Visibility & Analytics Zero Trust Zero Trust Based on the Forrester – Zero Trust Framework
- 20. Data Files & Content Identity Accounts, Access, Authentication and Beyond Workloads Exchange, Teams, SharePoint, OneDrive Networks From the Client to the Edge to the Service Devices Laptops, Desktops Phones everything in between Insights & Automation Visibility & Analytics Zero Trust Zero Trust Based on the Forrester – Zero Trust Framework
- 21. Capability Description Archive Any content stored in any Teams related workload needs to be preserved immutably Compliance Content search Any content stored in any workload can be search through rich filtering capabilities and be exported to a specific container for compliance and litigation support. eDiscovery – Messaging/Files Rich in-place eDiscovery capabilities including case management, preservation, search, analysis and export to help our customers simplify the eDiscovery process to quickly identify relevant data while decreasing cost and risk. Legal hold When any team or individual is put on In-Place Hold or litigation hold, the hold is placed on both the primary and the archive messages (No edits or deletes). Auditing and reporting All Team activities and business events must be captured and available for customer search and export. Conditional Access and Intune MAM Ensure that access to Microsoft Teams is restricted to devices that are compliant with IT Admin or Corporate Organization set policies and security rules both for the Teams Apps and the services it uses under the hood. Includes MAC Support for Conditional Access as well. Moderator support The ability to have a moderator (owner of team) of a Team delete data from any user in the team that is inappropriate and mute users in a team/channel. Windows Information Protection Windows Information Protection (WIP), previously known as enterprise data protection (EDP), helps to protect against this potential data leakage without otherwise interfering with the employee experience. WIP also helps to protect enterprise apps like MS Teams. Allowed List of Apps An Admin can control the list of 3P apps (bots, connectors, tabs) that can be used by end users within a tenant. Retention / Preservation Help organizations reduce the liabilities associated with messaging. The Customer can configure their tenant to retain data for a fixed period of time or retain it with unlimited storage for different Teams workloads. eDiscovery – Calling/Meetings Rich in-place eDiscovery capabilities including case management, preservation, search, analysis and export to help our customers simplify the eDiscovery process to quickly identify relevant data while decreasing cost and risk. Data loss prevention (DLP) Identify any sensitive data stored being transferred within or outside of Customer Organization in Teams to intercept and prevent leakage for Files and Chat/Channel Messages. Advanced Threat Protection Support for safe files and safe links in Microsoft Teams to protect your organization from malicious attacks with the power of Office 365 Advanced threat protection Business Information Barriers Prevent exchanges or communication that could lead to conflicts of interest. (a.k.a. Ethical walls) Conversation/Chat Supervision Supervision policies in Office 365 allow you to capture employee communications for examination by designated reviewers. You can define specific policies that capture internal and external email, Microsoft Teams, or 3rd-party communications in your organization. AvailableTodaySecurity & Compliance Capabilities
- 22. Protect Against Messenger Threats In Office 365 All Office 365 / Microsoft 365 plans include a variety of threat protection features. • Anti-malware protection • Anti-phishing protection • Anti-spam protection • Safe links • Safe attachments • Threat Trackers • Threat Explorers • Attack Simulators • Real Time Attack detection Office 365 Message Encryption (OME) is an online service that's built on Microsoft Azure Rights Management BitLocker and Distributed Key Manager (DKM) for Encryption Protect against threats in Office 365 Office 365 includes a variety of threat protection features. Here's a quick-start guide you can use as a checklist to make sure your threat protection features are set up for your organization.
- 23. Demo Security Management for Microsoft Teams Cloud App Security
- 24. Data Files & Content Identity Accounts, Access, Authentication and Beyond Workloads SAAS, PAAS, and IAAS Clouds & Datacenters Networks From the Client to the Edge to the Service Devices Laptops, Desktops Phones everything in between Insights & Automation Visibility & Analytics Zero Trust Zero Trust Based on the Forrester – Zero Trust Framework
- 27. Security Capabilities & Licensing Utilizing our enterprise plans, Microsoft recommends you complete the tasks listed in the following table that apply to your service plan. If, instead of purchasing a Microsoft 365 enterprise plan, you are combining subscriptions, note the following: • Microsoft 365 E3 includes Enterprise Mobility + Security (EMS) E3 and Azure AD P1 • Microsoft 365 E5 includes EMS E5 and Azure AD P2 Microsoft’s 12 Steps for Zero Trust All Office 365 Enterprise Plans Microsoft 365 E3 Microsoft 365 E5 1. Enable Azure Multi-factor Authentication (MFA) 2. Protect Against Workload Threats In Office 365 3. Configure Defender for Office 365 (Advanced Threat Protection) 4. Configure Defender for Azure (Advanced Threat Protection) (ATP) 5. Enable Notifications for Microsoft Defender Security Center 6. Configure EndPoint with Intune Mobile App Protection For Phones And Tablets 7. Configure MFA And Conditional Access For Guests, Including Intune Mobile App Protection 8. Enroll Pcs Into Device Management And Require Compliant Pcs 9. Optimize Your Network For Cloud Connectivity 10. Train Users 11. Get Started With Microsoft Cloud App Security 12. Monitor For Threats And Take Action
- 28. Harden Microsoft 365 and Azure Networks and Infrastructure (Azure Defender) Azure Resource Protection (Azure Defender for Servers) Extended Detection Response (IoT, Multi-cloud, SQL) Secure Hybrid Workloads Workloads (Microsoft Defender for Office 365) Threat Protection Safe links, Safe Documents, Safe Attachments Anti-spam, Anti-malware & Anti-phishing Apps (Cloud App Security) API & App Log collection Reverse proxy, Control & Visibility Identify and combat cyberthreats Devices (Microsoft Defender for Endpoint) Endpoint behavioral sensors Cloud security analytics Threat intelligence Data (Microsoft Information Protection) Identify & Classify Apply & Monitor Policies Encrypt Sensitive Data Identity (Azure Active Directory, Microsoft Defender for Identity) Secure access with MFA Strong Passwords Block legacy Auth Microsoft 365 Defender (includes Exchange Online Protection and ATP 1 & 2), Azure Active Directory, Microsoft Defender for Endpoint (includes InTune & Secure Score for Devices), Microsoft Information Protection, Microsoft Defender for Identity, and Cloud App Security, Azure Defender, Azure Sentinel Microsoft Defender Portal (Microsoft 365 Defender) Advanced Hunting Incident Correlation Rule Based Detection
- 29. Resources: Microsoft 365 includes several ways to monitor status and take appropriate actions. Your best starting point is the Microsoft 365 Security Center, where you can view your organization's Microsoft Secure Score, and any alerts or entities that require your attention. Get Started: • Get Started With The Microsoft 365 Security Center • Monitor And View Reports • See The Security Portals In Microsoft 365 Get Started With Cloud App Security Now: • QuickStart: Get started with Cloud App Security • Get instantaneous behavioral analytics and anomaly detection • Learn more about Microsoft Cloud App Security • Review new features and capabilities • See basic setup instructions
- 30. Microsoft Security + Partner Solutions
- 31. Are you getting everything you need from Microsoft in Security & Administration? • No, I’m evaluating Security tools • No, I’m evaluating Admin/Management tools • I’m overwhelmed. Too much! Wish I had a tool to simplify all this • Yes
- 33. SaaS, Mastered CoreView is a SaaS management platform that protects, manages, and optimizes Microsoft 365 and other SaaS environments by augmenting and extending Microsoft Admin Center Protect Manage Optimize
- 34. SaaS, Mastered
- 35. SaaS, Mastered • Limits Admin scope and delegates appropriate functions for M365 least privilege access • Enriches and retains audit data, enhancing e-discovery • Enforces identity and access configurations based on security recommendations • Automates workflows, including deprovisioning of access • Classifies and tags sensitive info Protect Manage Optimize
- 36. SaaS, Mastered Protect • Allows delegation of appropriate M365 Admin functions • Automates workflows, including Hybrid agent to synchronize on-prem AD and Exchange with Azure AD and Exchange Online • Controls M365 and other SaaS with actionable analytics Manage Optimize
- 37. SaaS, Mastered Protect Manage • Manages M365 licenses and SaaS usage/payments intelligently • Responsibly manages license costs with knowledge of Microsoft and SaaS services actually being used • Drives adoption of desired applications with knowledge of what is actually being used, and then perform targeted email campaigns to encourage adoption and drive users to context-sensitive How-To video instruction Optimize
- 38. How CoreView Helps with Secure Score
- 39. CoreView Secure Score Dashboard
- 40. SaaS, Mastered Office 365 Health Check It’s Easy to Get Started: • Login to Microsoft and consent to CoreView utilizing Microsoft API to review your tenant • (While there, we suggest reviewing who else has access!) • CoreView will review your O365 account data against recommendations • No passwords required • No requirement to remove MFA Complementary checkup on your security settings compared to general recommendations https://www.coreview.com/office-365-health-check-report/
- 41. Thank you! Least privilege access to M365 and other SaaS Enhanced e-discovery with enriched data Security policies Automated workflows Document classification Protect Delegated administration for segregation of duties Automated workflows Actionable analytics Manage License management and chargebacks License consumption optimization Workload adoption and proficiency Optimize
- 42. Next Steps! • Find more on CoreView.com bit.ly/hardeninginfographic • Download slides at slideshare.net/joeloleson • Join us for the next webinar in this series in January! • Join CoreView tomorrow for “8 Ways People are Your Biggest Threats to Office 365 Security” bit.ly/coreviewwebinar Joel Oleson Joel@joel365.com Linkedin.com/in/joeloleson
Editor's Notes
- All Office 365 plans include a variety of threat protection features. Bumping up protection for these features takes just a few minutes. Anti-malware protection Protection from malicious URLs and files Anti-phishing protection Anti-spam protection See Protect against threats in Office 365 for guidance you can use as a starting point.
- https://techcommunit Microsoft Teams is a powerful hub for teamwork, whether you’re working at the office, on the road, or from home. It enables your team to work seamlessly together, integrating chat, calling, meetings, business process, task management and file collaboration. Communities, on the other hand, connect with people across teams, and across the organization, to share knowledge and experience. In the past, Yammer and Teams were separate experiences, adding friction by requiring people to bounce back and forth between applications. Today, you can add an important Yammer community to your team. Click “+” to add a tab, pick Yammer, and configure the community you want to display. For example, you can add a crisis response tab to your team, allowing you to follow and engage with conversations in the community without leaving your hub for teamwork. Very soon, Microsoft will be releasing the new Yammer app for Teams, which will bring the new Yammer experience, in full fidelity, into Teams. This will give Teams customers a more powerful hub for teamwork that integrates their investments in Yammer. Stay tuned for more as we near the release of the Yammer app for Teams. y.microsoft.com/t5/yammer-blog/keeping-employees-informed-and-engaged-during-difficult-times/ba-p/1216032
- Thanks for meeting today, really appreciate you taking the time. Let's talk a little bit about what CoreView is, and then get into seeing if it's a fit to help solve your problems.
- Turning to what we actually do, here’s how to think about CoreView. We’re a SaaS management platform that extends and augments Microsoft Admin Center, and other SaaS admin consoles, and we add value on top of them. We certainly make it easier to manage things. The big thing is, we add new functionality to do things you just can’t do in any other way, so you can solve really thorny, persistent problems. And that’s across 3 areas: protecting your environment, managing it much more effectively on a day-to-day basis, and optimizing customer’s investment in M365 & SaaS. Thus, it means both getting people to use the right stuff, so you get the maximum value out of what you’ve already paid for, and not paying for stuff you don’t use.
- So the first question you have is, well, how does it actually work? This picture shows you the key functional elements of the CoreView system, and how they interact with your M365 tenant. And it works not just in the Azure cloud, but also in a hybrid environment, like yours, by synchronizing on-premises AD and Exchange. As you can see, CoreView collects data from many sources. Then we process it, enrich it, store it, present it, and most importantly, allow you to act on it. That means you don't get just the hundreds of detailed reports to SEE what's going on, but also get to FIX everything that might be wrong. There is common functionality that works across each of those Protect, Manage and Optimize wheelhouses, First, with virtual tenants, you split your environment up into logical segments. With role-based access control, operators are only allowed to do a very small set of actions on users and objects that fall within their scope of responsibility, which is tied to those virtual tenants. You can control to a very fine level who can do what limited set of actions on a limited set of items. That action can be manual or automated with workflows. We collect and enrich a ton of data, that is otherwise really time-consuming – and brittle – if you do it on your own. We have the tools to show you what matters about that data. So you see the most important things. And then you can take action on them. And then knowing what users are using what, we can help you increase adoption of desired tools with adoption campaigns to only the users that need the help, not all users. So we will get into those elements, but the most important thing isn’t the underlying technology, it’s what people DO with it. Let’s look at that next.
- Starting with the goal of protecting your environment from security issues, there are 5 really popular ways that customers use CoreView. Limiting what some admins can do, so you can delegate those limited rights to selected people, is a huge one. And it is so much better than what Microsoft can do, because Microsoft groups various rights and permissions into predefined roles. That's clumsy and limited. But CoreView lets you select VERY granular rights and permissions on a per-user basis, so it's elegant, easy to use, and much more powerful. CoreView takes data from many sources and enriches it with attributes from AD – so you have a name and a device tied to an action, not just an IP address, for example. You'll see many customized recommendations to secure your environment, based on frameworks from CIS – the Center for Internet Security – and NIST. We can profile identity and access management configurations And what good is all that configuration work if the wrong people still have access, like after they leave the organization? Why not automate the deprovisioning process, to ensure former employees, contractors, etc., no longer have access? Another very powerful thing you can do is point CoreView at your content, and have it automatically classify and tag what info is in there – in office docs, emails, any repository! – so you comply with regulations and policies. Now let's turn to another area.
- Management of M365 environments has become more complex: More employees, contractors, partners – now all remote with lots of personal devices More applications and restful APIs between them No longer behind the corporate firewall on the corporate network, now that perimeters have disappeared And obviously the explosion of traffic, including video impacting the volume of traffic, and logs! CoreView enables you to separate and divide and then simplify the administration of M365 environments, as it allows you to slice & dice the Global Admin role. First by the *scope* of what can be administered, using virtual tenants. And second by using RBAC to delegate the functions you operators to have – at a very granular level. And then automate the workflows – like provisioning and deprovisioning users and processes – and synchronize those changes across hybrid environments – Azure AD as well as AD and Exchange on-prem. Finally, the reporting is just amazing. It's extensive, and unlike home-grown stuff driven by PowerShell and PowerBI, it work at scale, and it works all the time. And now, on to the third area.
- Since you're spending a lot on your M365 and SaaS tools, why not get the most out of your investment? That's what we mean by optimize. CoreView allows you manage M365 & SaaS licenses – identify what's in use and set up license pools to allocate them by department, geo, whatever. That allows you to view allocations and all expenses per license pool, which is great for chargebacks. And you’ll want to mange license costs, based on knowing what is actually being used, like which services of E3 and E5 licenses are being used versus what license is currently assigned. CoreView makes it extremely easy to get a handle on what you're using, and what you should be paying. Once you know what people are using, there's bound to be software that is not the company standard. So you can set up Adoption campaigns – which are email campaigns specifically for the users who aren’t using the desired tools. That way they will start using them. And the emails can even point to a library of How-To videos that show the users exactly how to do what they need to do in each application. They're quick snippets of useful info – without pushing them to YouTube, where searching for help might result in a long, unrelated video that then rolls into a series of distractions like cat videos!
- To start a Health Check, and see a detailed report of your settings compared against recommended settings, all you need to do is: Log into Microsoft.com with your tenant admin account and consent to CoreView being able to use the Microsoft API CoreView will then review your account data against recommendations. As I said, no need to provide CoreView any login credentials, or for you to remove any MFA requirements. When you go in to do this, this message is displayed: In order to request your Office 365 Health Check, you will need to login as Tenant Admin on Microsoft side and grant consent to CoreView. We will never ask for your password; the authentication process is performed by Microsoft. Fill out the request form below, we will immediately begin ingesting your Office 365 account data, and we will notify you when the report is ready.
- Again, thanks for your time. We are really looking forward to following up with _______ and _______, and seeing what the Health Check turns up!