SlideShare a Scribd company logo

5 steps to securing your identity infrastructure.pptx

Download as PPTX, PDF
M
MCont1

This document outlines a digital transformation roadmap for a "Work-from-Anywhere" initiative between January 2020 and June 2022. It involves several phases: scoping requirements and securing initial budgets for 90-day pilots of BYOD and remote work policies; evaluating learnings from the pilots to scope additional pilots; developing training and communications; and full rollout on a team-by-team basis. The document then provides strategies for securing identity infrastructure, including strengthening credentials with multi-factor authentication, reducing attack surfaces through conditional access policies, automating threat response with tools like Identity Protection, utilizing cloud intelligence from Azure AD, and empowering users with self-service access management.

Software
1 of 39
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
Securing your identity infrastructure
Digital transformation roadmap Jan 1, 2020 Scope requirements for Work-from- Anywhere transformation initiative Secure Budget for V1 Pilots 90 day pilots: BYOD, 1-day-WFH, remote meetings Evaluate learnings and scope V2 Pilots Secure Budget for V2 Pilots 120 day pilots with select teams Develop training and internal PR Complete Work-from- Anywhere rollout Begin team-by-team rollouts Jun 1, 2022
Digital transformation roadmap Jan 1, 2020 Jun 1, 2022 Apr 1, 2020 Scope requirements for Work-from- Anywhere transformation initiative Secure Budget for V1 Pilots 90 day pilots: BYOD, 1-day-WFH, remote meetings Evaluate learnings and scope V2 Pilots Secure Budget for V2 Pilots 120 day pilots with select teams Develop training and internal PR Begin team-by-team rollouts Complete Work-from- Anywhere rollout “We have seen two years’ worth of digital transformation in two months.“ Satya Nadella Microsoft CEO
Bring your own devices and IoT Explosion of cloud apps Expanding Perimeters Explosion of signal Composite apps & public restful APIs Employees, partners, customers, bots Old World vs. Current World
Zero Trust A modern approach to security which treats every access attempt as if it’s originating from an untrusted network Never Trust, Always Verify
Zero Trust principles and holistic security strategy Verify explicitly
Zero Trust across the esate Visibility, Analytics, Automation Real-time policy evaluation Organization policies Zero Trust architecture
5 steps to securing your identity infrastructure.pptx
1. Strengthen your credentials 2. Reduce your attack surface area 3. Automate threat response 4. Utilize cloud intelligence 5. Empower end users with self-service AKA.MS/SECURITYSTEPS Helping you build a strong identity foundation
Start with a strong identity foundation in the cloud
Azure Active Directory – the world’s largest cloud identity service
Secure access to all applications with single sign on HR systems Apps and data Cloud apps On-premises perimeter-based networks Azure AD App delivery controllers & networks Azure AD App Proxy Active Directory single sign-on External users
Winning strategy 1 Strengthen your credentials
230% Increase in password spray attacks this year Nearly 1 in 3 of all attacks on enterprises involve phishing attacker-driven sign-ins detected in August 2020 5.8B high-risk enterprise sign-in attempts flagged in August 2020 9M compromised accounts detected in August 2020 2M * Chart shows impact of COVID-19 themed attacks across the world by file count (as of April 7, 2020) / Source Microsoft Threat Intelligence
Verify identities with strong authentication
Good: Password + (Preview) Better: Password + (Preview) (Preview) Best Bad: Password 123456 qwerty password iloveyou Password1 Deploy the most secure, usable & cost-effective methods
5 steps to securing your identity infrastructure.pptx
Winning strategies for strengthening your credentials • Enable MFA for all your admins (if you still haven’t) • Deploy strong authentication for all users • Start your passwordless journey • Block legacy authentication
Winning strategy 2 Reduce your attack surface
Protect identities with Conditional Access and multifactor authentication Require MFA Allow access Application User and location Device Real-time risk Limit access Password reset Monitor access Signals Verify every access attempt Access apps and data
# admins with highest levels of privileges over time Risks with Privileged Access Number of permissions Time Admin #1 Admin #2 Admin #3
Secure and compliant by default, governed by the principle of Zero Standing Access, with Just-in-Time & Just-Enough-Access What you want - Least Privileged Access Number of permissions Time Admin #1 Admin #2 Admin #3 Password Admin 1 hr Security Admin 2 hrs Global Admin .5hr Admin #1 Password Admin 1 hr Admin #3 Global Admin .5 hr
Access reviewed & revised Job changes Ongoing auditing & reporting Access rights provisioned Requests additional access User onboarded Azure AD entitlement management
Winning strategies for reducing your attack surface • Enable timebound just-in-time (JIT) access via Privileged Identity Management if you haven’t • Block invalid authentication points via Conditional Access • Perform lifecycle management via Entitlement Management • Periodically recertify privileged users via Access Reviews • Require admins to elevate permissions when needed for sensitive apps
Winning strategy 3 Automate threat response
Identity Protection intelligently detects and responds to compromise Continuously improving to prevent attack Automatedremediation Policy enforcement Improved machine learning MoreMicrosoft ecosystem innovation Extended threat intelligence Risk assessment Investigation Real time session risk Microsoft Graph API and Security Graph, Logic apps MCAS, Azure ATP
Azure AD · Identity Protection · Risk types Users with leaked credentials Sign-ins from anonymous IP addresses Impossible travel to atypical locations Sign-ins from infected devices Sign-ins from IP addresses with suspicious activity Sign-ins from unfamiliar locations New risk alerts are added as new threats emerge ?
Winning strategies for automating threat response • Require MFA or block risky sign-ins via Conditional Access • Enforce secured password change or block risky users via Conditional Access
Winning strategy 4 Utilize cloud intelligence
Actionable insights in Azure AD Identity Protection Privileged Identity Management Workbook analytics:  CA insights  Legacy authentication workbook  Access package activity
Azure Sentinel integration
Winning strategies for utilizing cloud intelligence • Watch for alerts emails - Privileged Identity Management activation and Identity Protection • Check your identity secure score • Monitor your Azure AD audit and sign-in logs • Strengthen your Conditional Access policies and Privileged Identity Management via insight reporting • Create dashboards with Azure AD workbooks
Winning strategy 5 Empower end users with self-service
Improve productivity with self-service tools Single sign-on (SSO) Self-serve password reset Application launching portal
My sign-ins · Users can report unusual sign-ins Looks unfamiliar? This wasn’t me Security info
Provide oversight for which users have access to what resources Prompts users to ensure their access is limited to the resources they need Applies to employees and guest users
Winning strategies for end user self- service • Empower users with self-service password reset and group / application access • Maintain access compliance with Azure AD access reviews • Create access packages via Entitlement Management • Train users how to self-report risky sign-ins and verify their Security contact information
5 winning strategies Enable self-help for more predictable and complete end user security Increase your awareness with auditing and monitor security alerts Automate threat response Reduce your attack surface Strengthen your credentials Blocking legacy authentication reduces compromise by 67%. Implementing risk policies reduces compromise by 96% Attackers escape detection inside a victim’s network for a median of 101 days. (Source: FireEye) 60% of enterprises experienced social engineering attacks in 2016. (Source: Agari) MFA reduces compromise by 99.99%
Thank you

More Related Content

PPTX
Zero trust deck 2020
Guido Marchetti
 
PPTX
ciso-workshop-3-identity-protection.pptx
elyas44
 
PDF
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
Dean Iacovelli
 
PDF
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Jürgen Ambrosi
 
PPTX
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
FredBrandonAuthorMCP
 
PPTX
3 Modern Security - Secure identities to reach zero trust with AAD
Andrew Bettany
 
PPTX
Identity-Driven Security with Forsyte I.T. Solutions - Demos and Discovery
Forsyte I.T. Solutions
 
PPTX
Securing your Azure Identity Infrastructure
Vignesh Ganesan I Microsoft MVP
 
Zero trust deck 2020
Guido Marchetti
 
ciso-workshop-3-identity-protection.pptx
elyas44
 
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
Dean Iacovelli
 
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Jürgen Ambrosi
 
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
FredBrandonAuthorMCP
 
3 Modern Security - Secure identities to reach zero trust with AAD
Andrew Bettany
 
Identity-Driven Security with Forsyte I.T. Solutions - Demos and Discovery
Forsyte I.T. Solutions
 
Securing your Azure Identity Infrastructure
Vignesh Ganesan I Microsoft MVP
 

Similar to 5 steps to securing your identity infrastructure.pptx (20)

PPTX
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
Morgan Simonsen
 
PPTX
20171207 we are moving to the cloud what about security
Arjan Cornelissen
 
PPTX
20180120 spsbre - we are moving to the cloud what about security
Arjan Cornelissen
 
PDF
Securely logging to Microsoft 365
Robert Crane
 
PPTX
Azure Fundamentals Part 3
CCG
 
PPTX
Get ahead of cybersecurity with MS Enterprise Mobility + Security
Kjetil Lund-Paulsen
 
PDF
Microsoft 365 Security and Compliance
David J Rosenthal
 
PDF
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
 
PPTX
Identity and Security in the Cloud
Richard Diver
 
PDF
The hacker playbook: How to think and act like a cybercriminal to reduce risk...
Paula Januszkiewicz
 
PPTX
MS. Cybersecurity Reference Architecture
angelohammond
 
PDF
December 2019 Microsoft 365 Need to Know Webinar
Robert Crane
 
PDF
Microsoft 365 Security Overview
Robert Crane
 
PPTX
EMS Diagram Click Through Web
Eric Inch
 
PDF
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
David J Rosenthal
 
PDF
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
NCCOMMS
 
PDF
Learn how to protect against and recover from data breaches in Office 365
AntonioMaio2
 
PPTX
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
Scott Hoag
 
PDF
MSFT Cloud Architecture Information Protection
Kesavan Munuswamy
 
PPTX
Presentation for information security & hacking
faizanmalik255119
 
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
Morgan Simonsen
 
20171207 we are moving to the cloud what about security
Arjan Cornelissen
 
20180120 spsbre - we are moving to the cloud what about security
Arjan Cornelissen
 
Securely logging to Microsoft 365
Robert Crane
 
Azure Fundamentals Part 3
CCG
 
Get ahead of cybersecurity with MS Enterprise Mobility + Security
Kjetil Lund-Paulsen
 
Microsoft 365 Security and Compliance
David J Rosenthal
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
 
Identity and Security in the Cloud
Richard Diver
 
The hacker playbook: How to think and act like a cybercriminal to reduce risk...
Paula Januszkiewicz
 
MS. Cybersecurity Reference Architecture
angelohammond
 
December 2019 Microsoft 365 Need to Know Webinar
Robert Crane
 
Microsoft 365 Security Overview
Robert Crane
 
EMS Diagram Click Through Web
Eric Inch
 
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
David J Rosenthal
 
O365Con18 - A Lap Around Monitoring, Auditing and Securing Microsoft Azure - ...
NCCOMMS
 
Learn how to protect against and recover from data breaches in Office 365
AntonioMaio2
 
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
Scott Hoag
 
MSFT Cloud Architecture Information Protection
Kesavan Munuswamy
 
Presentation for information security & hacking
faizanmalik255119
 
Ad

Recently uploaded (20)

PPTX
Reimagine Home Health with the Power of Agentic AI​
AutomationEdge Technologies
 
PPTX
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
PDF
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
PDF
Adobe Premiere Pro 2025 (v24.5.0.057) Crack free
ghrom2211g
 
PPT
Introduction Database Management System for Course Database
ReinertYosua
 
PPTX
history of c programming in notes for students .pptx
Vijayakumari829030
 
PDF
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
PPTX
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
PDF
EN-Survey-Report-SAP-LeanIX-EA-Insights-2025.pdf
deepakkhaitan3
 
PPTX
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
PDF
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
PDF
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
PDF
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
PDF
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
PDF
System and Network Administraation Chapter 3
jaramharo
 
PDF
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
PPTX
Transform Your Business with a Software ERP System
Canada Software Company
 
PPTX
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
PDF
Digital Systems & Binary Numbers (comprehensive )
fyfhqfhtv2
 
Reimagine Home Health with the Power of Agentic AI​
AutomationEdge Technologies
 
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
Adobe Premiere Pro 2025 (v24.5.0.057) Crack free
ghrom2211g
 
Introduction Database Management System for Course Database
ReinertYosua
 
history of c programming in notes for students .pptx
Vijayakumari829030
 
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
EN-Survey-Report-SAP-LeanIX-EA-Insights-2025.pdf
deepakkhaitan3
 
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
System and Network Administraation Chapter 3
jaramharo
 
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
Transform Your Business with a Software ERP System
Canada Software Company
 
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
Digital Systems & Binary Numbers (comprehensive )
fyfhqfhtv2
 
Ad

5 steps to securing your identity infrastructure.pptx

  • 1. Securing your identity infrastructure
  • 2. Digital transformation roadmap Jan 1, 2020 Scope requirements for Work-from- Anywhere transformation initiative Secure Budget for V1 Pilots 90 day pilots: BYOD, 1-day-WFH, remote meetings Evaluate learnings and scope V2 Pilots Secure Budget for V2 Pilots 120 day pilots with select teams Develop training and internal PR Complete Work-from- Anywhere rollout Begin team-by-team rollouts Jun 1, 2022
  • 3. Digital transformation roadmap Jan 1, 2020 Jun 1, 2022 Apr 1, 2020 Scope requirements for Work-from- Anywhere transformation initiative Secure Budget for V1 Pilots 90 day pilots: BYOD, 1-day-WFH, remote meetings Evaluate learnings and scope V2 Pilots Secure Budget for V2 Pilots 120 day pilots with select teams Develop training and internal PR Begin team-by-team rollouts Complete Work-from- Anywhere rollout “We have seen two years’ worth of digital transformation in two months.“ Satya Nadella Microsoft CEO
  • 4. Bring your own devices and IoT Explosion of cloud apps Expanding Perimeters Explosion of signal Composite apps & public restful APIs Employees, partners, customers, bots Old World vs. Current World
  • 5. Zero Trust A modern approach to security which treats every access attempt as if it’s originating from an untrusted network Never Trust, Always Verify
  • 6. Zero Trust principles and holistic security strategy Verify explicitly
  • 7. Zero Trust across the esate Visibility, Analytics, Automation Real-time policy evaluation Organization policies Zero Trust architecture
  • 9. 1. Strengthen your credentials 2. Reduce your attack surface area 3. Automate threat response 4. Utilize cloud intelligence 5. Empower end users with self-service AKA.MS/SECURITYSTEPS Helping you build a strong identity foundation
  • 10. Start with a strong identity foundation in the cloud
  • 11. Azure Active Directory – the world’s largest cloud identity service
  • 12. Secure access to all applications with single sign on HR systems Apps and data Cloud apps On-premises perimeter-based networks Azure AD App delivery controllers & networks Azure AD App Proxy Active Directory single sign-on External users
  • 13. Winning strategy 1 Strengthen your credentials
  • 14. 230% Increase in password spray attacks this year Nearly 1 in 3 of all attacks on enterprises involve phishing attacker-driven sign-ins detected in August 2020 5.8B high-risk enterprise sign-in attempts flagged in August 2020 9M compromised accounts detected in August 2020 2M * Chart shows impact of COVID-19 themed attacks across the world by file count (as of April 7, 2020) / Source Microsoft Threat Intelligence
  • 15. Verify identities with strong authentication
  • 16. Good: Password + (Preview) Better: Password + (Preview) (Preview) Best Bad: Password 123456 qwerty password iloveyou Password1 Deploy the most secure, usable & cost-effective methods
  • 18. Winning strategies for strengthening your credentials • Enable MFA for all your admins (if you still haven’t) • Deploy strong authentication for all users • Start your passwordless journey • Block legacy authentication
  • 19. Winning strategy 2 Reduce your attack surface
  • 20. Protect identities with Conditional Access and multifactor authentication Require MFA Allow access Application User and location Device Real-time risk Limit access Password reset Monitor access Signals Verify every access attempt Access apps and data
  • 21. # admins with highest levels of privileges over time Risks with Privileged Access Number of permissions Time Admin #1 Admin #2 Admin #3
  • 22. Secure and compliant by default, governed by the principle of Zero Standing Access, with Just-in-Time & Just-Enough-Access What you want - Least Privileged Access Number of permissions Time Admin #1 Admin #2 Admin #3 Password Admin 1 hr Security Admin 2 hrs Global Admin .5hr Admin #1 Password Admin 1 hr Admin #3 Global Admin .5 hr
  • 23. Access reviewed & revised Job changes Ongoing auditing & reporting Access rights provisioned Requests additional access User onboarded Azure AD entitlement management
  • 24. Winning strategies for reducing your attack surface • Enable timebound just-in-time (JIT) access via Privileged Identity Management if you haven’t • Block invalid authentication points via Conditional Access • Perform lifecycle management via Entitlement Management • Periodically recertify privileged users via Access Reviews • Require admins to elevate permissions when needed for sensitive apps
  • 25. Winning strategy 3 Automate threat response
  • 26. Identity Protection intelligently detects and responds to compromise Continuously improving to prevent attack Automatedremediation Policy enforcement Improved machine learning MoreMicrosoft ecosystem innovation Extended threat intelligence Risk assessment Investigation Real time session risk Microsoft Graph API and Security Graph, Logic apps MCAS, Azure ATP
  • 27. Azure AD · Identity Protection · Risk types Users with leaked credentials Sign-ins from anonymous IP addresses Impossible travel to atypical locations Sign-ins from infected devices Sign-ins from IP addresses with suspicious activity Sign-ins from unfamiliar locations New risk alerts are added as new threats emerge ?
  • 28. Winning strategies for automating threat response • Require MFA or block risky sign-ins via Conditional Access • Enforce secured password change or block risky users via Conditional Access
  • 29. Winning strategy 4 Utilize cloud intelligence
  • 30. Actionable insights in Azure AD Identity Protection Privileged Identity Management Workbook analytics:  CA insights  Legacy authentication workbook  Access package activity
  • 32. Winning strategies for utilizing cloud intelligence • Watch for alerts emails - Privileged Identity Management activation and Identity Protection • Check your identity secure score • Monitor your Azure AD audit and sign-in logs • Strengthen your Conditional Access policies and Privileged Identity Management via insight reporting • Create dashboards with Azure AD workbooks
  • 33. Winning strategy 5 Empower end users with self-service
  • 34. Improve productivity with self-service tools Single sign-on (SSO) Self-serve password reset Application launching portal
  • 35. My sign-ins · Users can report unusual sign-ins Looks unfamiliar? This wasn’t me Security info
  • 36. Provide oversight for which users have access to what resources Prompts users to ensure their access is limited to the resources they need Applies to employees and guest users
  • 37. Winning strategies for end user self- service • Empower users with self-service password reset and group / application access • Maintain access compliance with Azure AD access reviews • Create access packages via Entitlement Management • Train users how to self-report risky sign-ins and verify their Security contact information
  • 38. 5 winning strategies Enable self-help for more predictable and complete end user security Increase your awareness with auditing and monitor security alerts Automate threat response Reduce your attack surface Strengthen your credentials Blocking legacy authentication reduces compromise by 67%. Implementing risk policies reduces compromise by 96% Attackers escape detection inside a victim’s network for a median of 101 days. (Source: FireEye) 60% of enterprises experienced social engineering attacks in 2016. (Source: Agari) MFA reduces compromise by 99.99%