Thr30117 - Securely logging to Microsoft 365
0 likes648 views
The document discusses security challenges facing organizations and introduces several Microsoft security products and services that can help address those challenges. It outlines threats like phishing, password spraying, and account takeovers that target identity. It then summarizes the capabilities of Azure Active Directory, Microsoft Cloud App Security, Azure Sentinel, Azure Information Protection, Microsoft Intune and other Microsoft security tools to provide comprehensive protection across devices, apps and data located on-premises and in the cloud. Resources for further information are also listed.
Thr30117 - Securely logging to Microsoft 365
- 6. 300% increase in identity attacks over the past year. Phishing 23M high risk enterprise sign-in attempts detected in March 2018 Password Spray 350K compromised accounts detected in April 2018 lllllllll Breach Replay 4.6Battacker-driven sign-ins detected in May 2018 lllllllll
- 7. devices datausers apps On-premises / Private cloud Firewall used to be the Security Perimeter
- 10. The challenge of securing your environment The digital estate offers a very broad surface area that is difficult to secure Bad actors are using increasingly creative and sophisticated attacks Intelligent correlation and action on signals is difficult, time-consuming, and expensive
- 11. PCs, tablets, mobile Office 365 Data Loss PreventionWindows Information Protection & BitLocker for Windows 10 Azure Information Protection Exchange Online, SharePoint Online, Skype for Business & OneDrive for Business Highly regulated Microsoft Intune MDM & MAM for Windows, iOS & Android Microsoft Cloud App Security Office 365 Advanced Data Governance Azure Information Protection Comprehensive protection of sensitive data across devices, cloud services, and on-premises Windows 10 Office 365 EM+S & Cloud Services Advanced Device Management
- 12. Unique insights, informed by trillions of signals
- 13. Where should you start?
- 15. Azure AD as the control point Active Directory
- 20. Tenant branding
- 21. ✓ Enable Multi-factor authentication for Office 365 users ✓ Secure your Office 365 environments from leaked credentials
- 26. How long does Azure AD store the data? How long does Azure AD store reporting data? - https://docs.microsoft.com/en-us/azure/active-directory/reports- monitoring/reference-reports-data-retention
- 30. Microsoft Cloud App Security What is Microsoft CAS ? A multi-mode Cloud Access Security Broker Insights into threats to identity and data Raise alerts on user or file behavior anomalies in cloud apps leveraging their API connectors In scope for this engagement (with Office 365) Ability to respond to detected threats, discover shadow IT usage and configure application monitoring and control Out of scope for this engagement Requirements Available to organizations with an Azure tenant or an Office 365 commercial subscription and who are in the multi-tenant and Office 365 U.S. Government Community cloud
- 31. Cloud App Security Alerts https://portal.cloudappsecurity.com/#/alerts
- 32. Unusual file share activity Unusual file download Unusual file deletion activity Ransomware activity Data exfiltration to unsanctioned apps Activity by a terminated employee Indicators of a compromised session Malicious use of an end-user account Suspicious inbox rules (delete, forward) Malware implanted in cloud apps Malicious OAuth application Multiple failed login attempts to app Threat delivery and persistence ! ! ! Unusual impersonated activity Unusual administrative activity Unusual multiple delete VM activity Malicious use of a privileged user Activity from suspicious IP addresses Activity from anonymous IP addresses Activity from an infrequent country Impossible travel between sessions Logon attempt from a suspicious user agent
- 34. Azure Active Directory Identity Protection What is Azure Active Directory Identity Protection? Identity threat detection system with proactive, AI-enhanced automatic protection capabilities Insights into threats to identity Detect threats to user’s identity such as compromised Azure Active Directory credentials or when someone other than the account owner is attempting to sign in using their identity In scope for this engagement Ability to automatically respond to detected threats Out of scope for this engagement Requirements Available to organizations with an Azure tenant or an Office 365 commercial subscription and who are in the multi- tenant and Office 365 U.S. Government Community clouds
- 38. Require MFA Allow access Deny access Force password reset****** Limit access Controls On-premises apps Web apps Users Devices Location Apps Conditions Policies Real time Evaluation Engine Session Risk 3 40TB Effective policy Azure AD Identity Protection + Azure AD conditional access Maximize Security. Maximize Productivity. Machine learning
- 41. Azure Sentinel What is Azure Sentinel? Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution Insights into threats Get a birds-eye view across all data ingested and detect threats using Microsoft's analytics and threat intelligence. Investigate threats with artificial intelligence and hunt for suspicious activities In scope for this engagement Ability to automatically respond to detected threats Out of scope for this engagement Requirements Available to organizations with an Azure tenant
- 42. Azure Sentinel
- 44. Resources • Cyber Security: The Small Business Best Practice Guide - https://www.asbfeo.gov.au/sites/default/files/documents/ASBFEO-cyber-security-research-report.pdf • Australian Cyber Security Centre - https://www.cyber.gov.au/ • Office 365 Security and Compliance - https://docs.microsoft.com/en- us/office365/securitycompliance/ • Microsoft Trust Center - https://www.microsoft.com/en-us/trustcenter/security/office365-security • Microsoft Secure Score - https://docs.microsoft.com/en-us/office365/securitycompliance/microsoft- secure-score • Microsoft 365 for Partners Security - https://www.microsoft.com/microsoft-365/partners/security • What are Security defaults - https://docs.microsoft.com/en-gb/azure/active- directory/fundamentals/concept-fundamentals-security-defaults • Introducing conditional access for Office 365 - https://techcommunity.microsoft.com/t5/azure-active- directory-identity/introducing-conditional-access-for-the-office-365-suite/ba-p/1131979
- 45. Email : director@ciaops.com Twitter : @directorcia