SlideShare una empresa de Scribd logo

Office 365 Security - Its 2am do you know whos in your office 365

Descargar como PPTX, PDF
Jack Nichelson
Jack Nichelson

You’ve entrusted all of your company’s data to Microsoft’s cloud…what could go wrong? In 2018 you’ve either moved your data to Office365, you’re thinking about it, or you’ve locked your entire business into Lotus Notes. As cloud providers eat away traditional infrastructure, IT and Security teams must either adapt to this brave new world, or be left behind. In this talk we will provide real-world examples and how to apply both traditional and new security controls/tools to secure Office 365 & Azure. We will give specific, actionable recommendations you can make to your Microsoft Office 365 and Azure tenants. Recommendations like how to prevent external threats like account takeovers, internal threats like Shadow cloud Apps, effective monitoring and processes to follow to minimize the likelihood that your company becomes the Next Big Breach. The new perimeter is identities in the cloud, so learn to protect them with Azure Active Directory.

Tecnología
1 de 31
Its 2am…Do you know who’s in your Office (365)? By Jack Nichelson and Jason Middaugh October 25, 2018 Technical Advisor: Kevin Merolla
Jack Nichelson Chief Information Security Officer MRK Technologies I defend my companies competitive advantage by helping solve business problems through technology to work faster and safer.  Executive MBA from Baldwin-Wallace University  Recognized as one of the “People Who Made a Difference in Security” by the SANS Institute and Received the CSO50 award for connecting security initiatives to business value.  Adviser for Baldwin Wallace’s, State winner Collegiate Cyber Defense Competition (CCDC) team.
Jason Middaugh Manager of Infrastructure & Security Services Cleveland-Cliffs Inc. Jason holds a bachelor’s degree in information systems/operations management from the University of Toledo, an executive master’s degree in business administration from The Ohio State University.  Holds several IT based certifications (CISSP, MCSE, VCP, CCNA, CCDA).  He is currently a member of the North East Ohio Cyber Consortium and InfraGard.  He is also a graduate of the FBI Citizens Academy and a skiing enthusiast.
In the past Microsoft only, licensed software by device for individual products. But now they offer licensing by user and as a bundle of products to better meet the needs of a modern mobile workforce. Microsoft has introduced a new software-as-a-service subscription plan called Office 365 that provides Email and Office and another plan called Microsoft 365 that includes Office 365, Windows 10, Mobility and Security. • Office Applications – The regular Office applications (Word, Excel, PowerPoint, etc.) you know and love, updated to take advantage of the collaboration and cloud file syncing features. • Office Mobile – Native mobile apps available for Windows Phone, iPhone, iPad, and various Android devices. • Office Web Apps – Online versions of Word, Excel, PowerPoint, and OneNote, available on any computer with a web browser. To put it simply, Office 365 brings the Microsoft Office suite of applications into the 21st century. Office 365 Overview
• Security related O365 Services & Licenses • As with every cloud service you are building on the foundation of your contract and licenses. Get this wrong and your hands will be tied before you start. Office 365 Licensing
• Point 1 • Point2 Enterprise Mobility + Security Licensing Don’t go to Office 365 without EMS
Office 365 Architecture This is the common, kind-of hybrid architecture model
Azure Security Overview Network Security Groups (NSG) Site-to-Site VPN Point-to-Site VPN ExpressRoute Network Security Appliances Host-based firewalls Security Center Role-Based Access Control Key Vault Microsoft anti-malware Rights Management/Information Protection Cloud App Discovery Infrastructure Securing assets Connect Health Identity Protection Privileged Identity Management OMS Security & Audit Multi-Factor Authentication Azure Active Directory
Office 365 Security Architecture 63% of Office 365 data breaches involve weak, default, or stolen passwords.
Azure Active Directory (Azure AD) is Microsoft’s multi-tenant, cloud-based directory, and identity management service. Azure AD combines core directory services, application access management, and identity protection in a single solution. The heart of security in Office 365 & Azure is Identity and Access Management controls in Azure AD. Identities, Management and Security • The core of each Azure subscription is Azure AD • You can have multiple AAD tenants within the same Azure subscription • Users, groups, licenses, permissions, apps, app proxies, domains… All controlled in Azure AD • It’s important to understand the difference between AAD, AD and AAD Connect (and AAD DS) Heart of Security: Azure Active Directory The new perimeter is identities in the cloud
We started looking at Office 365 back in 2014 When did the Journey Begin? Main drivers were to move Exchange Online and Skype for Business Why? We are now fully in the cloud for email and instant messaging/collaboration (no on-premise) Current State Cliffs is an Enterprise Cloud Suite / E3 / M365-E3 (not E5) Licensing My Journey to Office 365
Pilot, pilot, pilot! 01 02 03 We spent close to 12 months Piloting O365 Worked out all the kinks before mass migrations For Example: Conference Rooms and Voicemail while in Hybrid Configuration. Taking this approach made conversions much easier, Except for those 25-50gb mailboxes! (you currently get a 100gb mailbox with O365)
01 Started Elsewhere Account was comprised, password was being used between different sites/accounts 02Covert and Waited Waited to launch attack until user was on plane, figured that out via email and calendar 03 Payload Attacker attempted to get a fake invoice paid and wired immediately 04Extent of Compromise They were in the user’s voicemail and faked approvals from Senior Executives 05 Near-miss Internal processed stop this large transaction from happening 06Prevention IF MFA would have been in place, this attack would have never got off the ground Story On Why You Need MFA in Front of O365
Threat Vector The second you move to O365 you become a bigger target and susceptible to the “O365 logon page” phishing scam to try and harvest credentials Requirement Multi-Factor Authentication is not a question; it is a must have! Simplicity We were able to eliminate ADFS Consistency We implement the same IDP for on-premise and the cloud to have a consistent end- user experience Ease of Use In my opinion, Microsoft MFA was clunky and complex for a end-user to understand Multi-factor is a must in the cloud User name and password are not enough
Whether you know it or not, when you commit to O365 you are committing to keeping your version of Office under Mainstream Support Mainstream Support You can no longer kick the can on Office upgrades until the product gets close to the Extended Support date Rate of Change You won’t get them to say this, but Microsoft is slowly pushing everyone to the “Click to Run” / Office Pro Plus. Watch out Office plug- ins! Future Software Lifecycle Management Acceleration
Microsoft Support Dates You Need to Know Mainstream support ends: No longer supported Extended support ends: Oct. 13, 2020 Office 2010 01 Mainstream support ends: No longer supported Extended support ends: April 11, 2023 Office 2013 Mainstream support ends: Oct. 13, 2020 Office 365 System Requirements support: October 2023 Extended support ends: Oct. 14, 2025 Office 2016 Mainstream support ends: No longer supported Extended support ends: Jan. 14, 2020 Windows 7 Mainstream support ends: Oct. 13, 2020 Extended support ends: Oct. 14, 2025 Windows 10 02 03 04 05
P.S.A. Freebie – Executive Protection (please thank Phillip Samson for this!) Security First The #1 vector for Security Breaches is email/phishing attacks, this is not the area to skimp in the budget Invest in Best of Breed Microsoft product is improving but not as good as dedicated products Features Last time I checked, things like end user digests and automated integration with on-premise firewall block lists are not available with Exchange Online Protection Email Security Gateway Product
Understanding Office 365 Account Management Backups? You need to really know this, because there are no backups in O365 Restores? You cannot call up Microsoft and ask them for a restore Policies You might have to re- write or adjust IT policies Settings Settings can be adjusted on a per-product level (Exchange, Skype, SharePoint …) Example Walk through of how we keep mailboxes for 90 post termination
01 02 03 04 05 Office 365, People will start using everything! My Advice Get in and work with the early adopters of these new Microsoft products and try to identify potential issues before they become problems Rapid Change Skype is becoming Teams. We’ve had some Skype issues and continue to work on them, but Skype isn’t the greatest collaboration tool. But it was A LOT cheaper than WebEx and maybe they’ll fix it with Teams Bad News Bad because it can have undesired consequences • Teams example Good News Great because Microsoft is giving you access to new tools as soon as they become available Before you know it; someone will find they have access to Teams and Planner and Yammer and …. Before you even have had time to look at the Products
So, how secure is your Office 365? Office 365 Secure Score analyzes your Office 365 security settings and assigns a score and makes recommendations to improve your score. • Secure Score is a proactive security management service for Office 365 to help you find & fix risks. https://securescore.office.com • Secure Score will provide a list of actions for things to fix, in order to improve your security posture and baseline score. The baseline score is comprised of seven groups of different sizes for you to compare against based on your company size • You get 100 points just by enabling MFA for global admins Secure Office 365 with Secure Score
CIS Microsoft 365 Foundations Benchmark The CIS Microsoft 365 Foundations Benchmark is designed to assist organizations in establishing the foundation level of security for anyone adopting Microsoft 365. The benchmark should not be considered as an exhaustive list of all possible security configurations and architecture but as a starting point. Each organization must still evaluate their specific situation, workloads, and compliance requirements and tailor their environment accordingly. The CIS benchmark contains two levels, each with slightly different technical specifications: • Level 1—Recommended minimum security settings that should be configured on any system and should cause little or no interruption of service or reduced functionality. • Level 2—Recommended security settings for highly secure environments and could result in some reduced functionality. • https://www.microsoft.com/security/blog/2019/01/10/best-practices-for-securely- using-microsoft-365-the-cis-microsoft-365-foundations-benchmark-now-available/ Secure Office 365 with Secure Score
Azure Security Center So, how secure are your Azure Servers? Security Center is the dashboard for Azure security Azure Security Center provides unified security management and advanced threat protection across your cloud workloads. Security Center can apply security policies, limit your exposure to threats, and detect and respond to attacks. • A simple way to view what’s secured and what’s not in Azure • Includes behavioral analytics and incident reporting • Standard license gives advanced threat detection & intelligence • Centralized policy management • Continuous security assessment • Actionable recommendations • Prioritized alerts and incidents
Azure AD Connect is a tool for connecting on premises AD identity infrastructure to Microsoft Azure AD. It includes a number of technologies: • AAD Connect Sync • AAD Connect Health • ADFS (Active Directory Federation Services) • The PHS/PTA/SSSO Provisioning Connector Securing and monitoring Azure AD Connect, ADFS and on-premises AD configuration with Azure AD Connect Health. • Monitors your AD FS, AD FS Proxy, AAD Domain Services and AAD Connect status • Can alert you when things break down – useful for many directory-related services, and especially for Azure AD Connect issues • Deploying is easy: • Install agents for AD FS, AAD Connect and AD DS servers • Verify configuration on AAD CH blade in Azure Portal • This feature requires AAD Premium licenses Securing Azure AD Connect
Modern Authentication What to need to know before you turn it on • Turned on at the tenant level • You need to be running Office 2016 before go to Modern Auth • By default, Exchange and Skype for Business Online tenants are not enabled for Modern Authentication • Closes loop hole in Outlook clients where you can access a mailbox with only user name & password • You must manually enable it via PowerShell Why? Why? - Because no wants to enter their password every time they open Outlook (every user is going to cache their credentials) Modern Auth enables MFA, SAML-based third party Identity Providers with Office clients, smart card and certificate-based authentication, and removes the need for Outlook to use the basic authentication protocol.
The vast majority of security breaches take place when attackers gain access to an environment by stealing a user’s identity. Safeguarding for users who log in from weird countries with Azure AD Identity Protection by Monitoring for risk events, vulnerabilities and policy changes • Automatically flags suspicious events, such as users who perform impossible travel times. • Detect potential vulnerabilities affecting your organization’s identities • Configure automated responses to detected suspicious actions that are related to your organization’s identities • Investigate suspicious incidents and take appropriate action to resolve them to automatically flag suspicious events • Reports such as Users flagged for risk, Risk events and Vulnerabilities • Providing custom recommendations to improve overall security posture by highlighting vulnerabilities like calculating sign-in & user risk levels Azure AD Identity Protection
Cloud App Security is a great component of the Microsoft Cloud Security stack • Cloud Discovery: Discover all cloud use in your organization, including Shadow IT reporting and control and risk assessment. • Data Protection: Monitor and control your data in the cloud by gaining visibility, enforcing DLP policies, alerting and investigation. • Threat Protection: Detect anomalous use and security incidents by recording all activities of users, including external users Finding Shadow IT within the organization with Cloud App Discovery • Discover unmanaged (and managed) cloud apps in use • Works by dropping an agent on workstations • Discover apps, amount of data transferred and who uses what Microsoft Cloud App Security
Where is the True Issue? This was much easier when everything was in your Data Center • The path was from the office, across the WAN, to the Data Center and back • What if the problem is on the Internet? And not your connection, but several hops down the path? • User are complaining they cannot get their mail • Network Engineers say everything is “Good/Green” Application Selection We selected a tool the constantly monitors from all of our internet break-outs the path to many of our Cloud Applications, the path they take to get there, and the speed/latency it normally takes,. It then alerts us when anything changes, goes offline, or when the latency greatly increases New World So now you have moved to the cloud, how do you troubleshoot the path your users take to get to these services? And monitor and alert on consistent/inconsistent end user experiences? Knowledge is Power While this does not “solve or fix” the issues when it happens, it does let us know immediately so we can communicate, and we also do not have to waste a ton of time looking are our equipment to see if the problem is on our end Look to invest in Non-traditional IT monitoring tools
Microsoft Office 365 Security The new perimeter is identities in the cloud Disable POP3, IMAP and ActiveSync Shutdown Legacy Protocols Don’t go to Office 365 without MFA enabled for everyone Multi-factor Authentication Enable modern authentication for all users Modern Authentication Review Secure Score monthly and implement the recommended changes Secure Score Review cloud app security to watch with suspicious activities in Office 365 Cloud App Security Review the logs daily to check for risky logins Identity Protection Conclusions
Information Security Summit THANK YOU Jason.Middaugh@ClevelandCliffs.com Jack@Nichelson.net Jack D. Nichelson Chief Information Security Officer MRK Technologies Jason Middaugh Manager of Infrastructure & Security Cleveland-Cliffs Inc.
Information Security Summit NETWORK • No time like the present to put your soft skills • Say hi to your neighbor…how can you help each ot
• •

Recomendados

Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 Overview
David J Rosenthal
 
M365 launch event introduction - 090518
M365 launch event introduction - 090518M365 launch event introduction - 090518
M365 launch event introduction - 090518
Jonathan Stuckey
 
Microsoft 365 Security and Compliance
Microsoft 365 Security and ComplianceMicrosoft 365 Security and Compliance
Microsoft 365 Security and Compliance
David J Rosenthal
 
Microsoft 365
Microsoft 365Microsoft 365
Microsoft 365
Jeannette Browning
 
Management of all the devices using Microsoft 365 Business
Management of all the devices using Microsoft 365 BusinessManagement of all the devices using Microsoft 365 Business
Management of all the devices using Microsoft 365 Business
Robert Crane
 
M365 e3 and identity and threat protection and compliance new skus
M365 e3 and identity and threat protection and compliance new skusM365 e3 and identity and threat protection and compliance new skus
M365 e3 and identity and threat protection and compliance new skus
SpencerLuke2
 
Office 365 Security Best Practices
Office 365 Security Best PracticesOffice 365 Security Best Practices
Office 365 Security Best Practices
Community IT Innovators
 
A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365
David J Rosenthal
 

Recomendados

Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 Overview
David J Rosenthal
 
M365 launch event introduction - 090518
M365 launch event introduction - 090518M365 launch event introduction - 090518
M365 launch event introduction - 090518
Jonathan Stuckey
 
Microsoft 365 Security and Compliance
Microsoft 365 Security and ComplianceMicrosoft 365 Security and Compliance
Microsoft 365 Security and Compliance
David J Rosenthal
 
Microsoft 365
Microsoft 365Microsoft 365
Microsoft 365
Jeannette Browning
 
Management of all the devices using Microsoft 365 Business
Management of all the devices using Microsoft 365 BusinessManagement of all the devices using Microsoft 365 Business
Management of all the devices using Microsoft 365 Business
Robert Crane
 
M365 e3 and identity and threat protection and compliance new skus
M365 e3 and identity and threat protection and compliance new skusM365 e3 and identity and threat protection and compliance new skus
M365 e3 and identity and threat protection and compliance new skus
SpencerLuke2
 
Office 365 Security Best Practices
Office 365 Security Best PracticesOffice 365 Security Best Practices
Office 365 Security Best Practices
Community IT Innovators
 
A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365A Secure Journey to Cloud with Microsoft 365
A Secure Journey to Cloud with Microsoft 365
David J Rosenthal
 
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
Morgan Simonsen
 
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 PlansMicrosoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
David J Rosenthal
 
What is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy itWhat is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy it
Peter De Tender
 
Agile IT EMS webinar series, session 1
Agile IT EMS webinar series, session 1Agile IT EMS webinar series, session 1
Agile IT EMS webinar series, session 1
AgileIT
 
I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...
I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...
I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...
Jürgen Ambrosi
 
Being more secure using Microsoft 365 Business
Being more secure using Microsoft 365 BusinessBeing more secure using Microsoft 365 Business
Being more secure using Microsoft 365 Business
Robert Crane
 
MMS 2015: What is ems and how to configure it
MMS 2015: What is ems and how to configure itMMS 2015: What is ems and how to configure it
MMS 2015: What is ems and how to configure it
Peter Daalmans
 
Working with MS Endpoint Manager
Working with MS Endpoint ManagerWorking with MS Endpoint Manager
Working with MS Endpoint Manager
George Grammatikos
 
Productivity and Security with Microsoft 365 and the Modern Desktop
Productivity and Security with Microsoft 365 and the Modern DesktopProductivity and Security with Microsoft 365 and the Modern Desktop
Productivity and Security with Microsoft 365 and the Modern Desktop
David J Rosenthal
 
How to plan your Modern Workplace Project - SPS Denver October 2018
How to plan your Modern Workplace Project - SPS Denver October 2018How to plan your Modern Workplace Project - SPS Denver October 2018
How to plan your Modern Workplace Project - SPS Denver October 2018
Ammar Hasayen
 
Securing your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureSecuring your Azure Identity Infrastructure
Securing your Azure Identity Infrastructure
Vignesh Ganesan I Microsoft MVP
 
Concurrency Modern Workplace 2017
Concurrency Modern Workplace 2017Concurrency Modern Workplace 2017
Concurrency Modern Workplace 2017
Jake Borzym
 
2020-03-05 Secure IT day 2020 Abalon - comment protéger votre environnement ...
2020-03-05 Secure IT day 2020 Abalon - comment protéger votre environnement ...2020-03-05 Secure IT day 2020 Abalon - comment protéger votre environnement ...
2020-03-05 Secure IT day 2020 Abalon - comment protéger votre environnement ...
Patrick Guimonet
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
David J Rosenthal
 
Office 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat teamOffice 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat team
AntonioMaio2
 
A beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maioA beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maio
AntonioMaio2
 
Focusing on security with Microsoft 365 Business
Focusing on security with Microsoft 365 BusinessFocusing on security with Microsoft 365 Business
Focusing on security with Microsoft 365 Business
Robert Crane
 
Microsoft 365 Tenant Administration: Understanding Microsoft 365 Administrati...
Microsoft 365 Tenant Administration: Understanding Microsoft 365 Administrati...Microsoft 365 Tenant Administration: Understanding Microsoft 365 Administrati...
Microsoft 365 Tenant Administration: Understanding Microsoft 365 Administrati...
Joel Oleson
 
M365 reinvinting digital environment for modern workplace nv
M365 reinvinting digital environment for modern workplace nvM365 reinvinting digital environment for modern workplace nv
M365 reinvinting digital environment for modern workplace nv
Ahmad Almarzouk
 
Secure Productive Enterprise from Microsoft and Atidan
Secure Productive Enterprise from Microsoft and AtidanSecure Productive Enterprise from Microsoft and Atidan
Secure Productive Enterprise from Microsoft and Atidan
David J Rosenthal
 
Office 365 smb guidelines for pure bookkeeping (slideshare)
Office 365 smb guidelines for pure bookkeeping (slideshare)Office 365 smb guidelines for pure bookkeeping (slideshare)
Office 365 smb guidelines for pure bookkeeping (slideshare)
DavidNicholls52
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure Score
Joel Oleson
 

Más contenido relacionado

La actualidad más candente

NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
Morgan Simonsen
 
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 PlansMicrosoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
David J Rosenthal
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
David J Rosenthal
 
Office 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat teamOffice 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat team
AntonioMaio2
 
A beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maioA beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maio
AntonioMaio2
 
Microsoft 365 Tenant Administration: Understanding Microsoft 365 Administrati...
Microsoft 365 Tenant Administration: Understanding Microsoft 365 Administrati...Microsoft 365 Tenant Administration: Understanding Microsoft 365 Administrati...
Microsoft 365 Tenant Administration: Understanding Microsoft 365 Administrati...
Joel Oleson
 

La actualidad más candente (20)

NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
 
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 PlansMicrosoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
 
What is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy itWhat is Microsoft Enterprise Mobility Suite and how to deploy it
What is Microsoft Enterprise Mobility Suite and how to deploy it
 
Agile IT EMS webinar series, session 1
Agile IT EMS webinar series, session 1Agile IT EMS webinar series, session 1
Agile IT EMS webinar series, session 1
 
I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...
I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...
I nuovi strumenti di comunicazione e collaborazione di Office 365 e la loro i...
 
Being more secure using Microsoft 365 Business
Being more secure using Microsoft 365 BusinessBeing more secure using Microsoft 365 Business
Being more secure using Microsoft 365 Business
 
MMS 2015: What is ems and how to configure it
MMS 2015: What is ems and how to configure itMMS 2015: What is ems and how to configure it
MMS 2015: What is ems and how to configure it
 
Working with MS Endpoint Manager
Working with MS Endpoint ManagerWorking with MS Endpoint Manager
Working with MS Endpoint Manager
 
Productivity and Security with Microsoft 365 and the Modern Desktop
Productivity and Security with Microsoft 365 and the Modern DesktopProductivity and Security with Microsoft 365 and the Modern Desktop
Productivity and Security with Microsoft 365 and the Modern Desktop
 
How to plan your Modern Workplace Project - SPS Denver October 2018
How to plan your Modern Workplace Project - SPS Denver October 2018How to plan your Modern Workplace Project - SPS Denver October 2018
How to plan your Modern Workplace Project - SPS Denver October 2018
 
Securing your Azure Identity Infrastructure
Securing your Azure Identity InfrastructureSecuring your Azure Identity Infrastructure
Securing your Azure Identity Infrastructure
 
Concurrency Modern Workplace 2017
Concurrency Modern Workplace 2017Concurrency Modern Workplace 2017
Concurrency Modern Workplace 2017
 
2020-03-05 Secure IT day 2020 Abalon - comment protéger votre environnement ...
2020-03-05 Secure IT day 2020 Abalon - comment protéger votre environnement ...2020-03-05 Secure IT day 2020 Abalon - comment protéger votre environnement ...
2020-03-05 Secure IT day 2020 Abalon - comment protéger votre environnement ...
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Office 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat teamOffice 365 Security - MacGyver, Ninja or Swat team
Office 365 Security - MacGyver, Ninja or Swat team
 
A beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maioA beginners guide to administering office 365 with power shell antonio maio
A beginners guide to administering office 365 with power shell antonio maio
 
Focusing on security with Microsoft 365 Business
Focusing on security with Microsoft 365 BusinessFocusing on security with Microsoft 365 Business
Focusing on security with Microsoft 365 Business
 
Microsoft 365 Tenant Administration: Understanding Microsoft 365 Administrati...
Microsoft 365 Tenant Administration: Understanding Microsoft 365 Administrati...Microsoft 365 Tenant Administration: Understanding Microsoft 365 Administrati...
Microsoft 365 Tenant Administration: Understanding Microsoft 365 Administrati...
 
M365 reinvinting digital environment for modern workplace nv
M365 reinvinting digital environment for modern workplace nvM365 reinvinting digital environment for modern workplace nv
M365 reinvinting digital environment for modern workplace nv
 
Secure Productive Enterprise from Microsoft and Atidan
Secure Productive Enterprise from Microsoft and AtidanSecure Productive Enterprise from Microsoft and Atidan
Secure Productive Enterprise from Microsoft and Atidan
 

Similar a Office 365 Security - Its 2am do you know whos in your office 365

Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure Score
Joel Oleson
 
Myths about moving to the _Final
Myths about moving to the _FinalMyths about moving to the _Final
Myths about moving to the _Final
Laura Winkenbach
 
SharePoint_IRMS_Conference.pdf
SharePoint_IRMS_Conference.pdfSharePoint_IRMS_Conference.pdf
SharePoint_IRMS_Conference.pdf
ssusera76ea9
 

Similar a Office 365 Security - Its 2am do you know whos in your office 365 (20)

Office 365 smb guidelines for pure bookkeeping (slideshare)
Office 365 smb guidelines for pure bookkeeping (slideshare)Office 365 smb guidelines for pure bookkeeping (slideshare)
Office 365 smb guidelines for pure bookkeeping (slideshare)
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure Score
 
7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender
 
Pitching Microsoft 365
Pitching Microsoft 365Pitching Microsoft 365
Pitching Microsoft 365
 
Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASB
 
Novaquantum advanced security for Microsoft 365
Novaquantum advanced security for Microsoft 365Novaquantum advanced security for Microsoft 365
Novaquantum advanced security for Microsoft 365
 
Utilizing Microsoft 365 Security for Remote Work
Utilizing Microsoft 365 Security for Remote Work Utilizing Microsoft 365 Security for Remote Work
Utilizing Microsoft 365 Security for Remote Work
 
Microsoft 365 | Modern workplace
Microsoft 365 | Modern workplaceMicrosoft 365 | Modern workplace
Microsoft 365 | Modern workplace
 
What is Office 365? A Simple Answer
What is Office 365? A Simple AnswerWhat is Office 365? A Simple Answer
What is Office 365? A Simple Answer
 
Microsoft Security Advice ISSA Slides.pptx
Microsoft Security Advice ISSA Slides.pptxMicrosoft Security Advice ISSA Slides.pptx
Microsoft Security Advice ISSA Slides.pptx
 
Ways In Which Office 365 Can Help You To Grow Your Business in 2022.pdf
Ways In Which Office 365 Can Help You To Grow Your Business in 2022.pdfWays In Which Office 365 Can Help You To Grow Your Business in 2022.pdf
Ways In Which Office 365 Can Help You To Grow Your Business in 2022.pdf
 
Securing Office 365
Securing Office 365Securing Office 365
Securing Office 365
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
 
Presentation-PracticalGuideToHavingACustomerConversationOnSecurity (1).pptx
Presentation-PracticalGuideToHavingACustomerConversationOnSecurity (1).pptxPresentation-PracticalGuideToHavingACustomerConversationOnSecurity (1).pptx
Presentation-PracticalGuideToHavingACustomerConversationOnSecurity (1).pptx
 
Rencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
Rencore Webinar: Securing Office 365 and Microsoft Azure like a RockstarRencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
Rencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and Compliance
 
Myths about moving to the _Final
Myths about moving to the _FinalMyths about moving to the _Final
Myths about moving to the _Final
 
SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...
SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...
SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...
 
SharePoint_IRMS_Conference.pdf
SharePoint_IRMS_Conference.pdfSharePoint_IRMS_Conference.pdf
SharePoint_IRMS_Conference.pdf
 
May 2018 Office 365 Need to Know Webinar
May 2018 Office 365 Need to Know WebinarMay 2018 Office 365 Need to Know Webinar
May 2018 Office 365 Need to Know Webinar
 

Más de Jack Nichelson

A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfA Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
Jack Nichelson
 
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptxA Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
Jack Nichelson
 
A Clear Path to NIST & CMMC Compliance_ISSA.pptx
A Clear Path to NIST & CMMC Compliance_ISSA.pptxA Clear Path to NIST & CMMC Compliance_ISSA.pptx
A Clear Path to NIST & CMMC Compliance_ISSA.pptx
Jack Nichelson
 
Moving Mountains Through Measurement
Moving Mountains Through MeasurementMoving Mountains Through Measurement
Moving Mountains Through Measurement
Jack Nichelson
 
10 Critical Habits of Effective Security Managers
10 Critical Habits of Effective Security Managers10 Critical Habits of Effective Security Managers
10 Critical Habits of Effective Security Managers
Jack Nichelson
 
Information Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesInformation Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your Vulnerabilities
Jack Nichelson
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the Beefeaters
Jack Nichelson
 

Más de Jack Nichelson (11)

A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfA Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
 
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptxA Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
 
A Clear Path to NIST & CMMC Compliance_ISSA.pptx
A Clear Path to NIST & CMMC Compliance_ISSA.pptxA Clear Path to NIST & CMMC Compliance_ISSA.pptx
A Clear Path to NIST & CMMC Compliance_ISSA.pptx
 
Creating a results oriented culture
Creating a results oriented cultureCreating a results oriented culture
Creating a results oriented culture
 
The kickstarter to measuring what matters Evanta CISO 2017
The kickstarter to measuring what matters Evanta CISO 2017The kickstarter to measuring what matters Evanta CISO 2017
The kickstarter to measuring what matters Evanta CISO 2017
 
Creating a Results Oriented Culture
Creating a Results Oriented CultureCreating a Results Oriented Culture
Creating a Results Oriented Culture
 
Moving Mountains Through Measurement
Moving Mountains Through MeasurementMoving Mountains Through Measurement
Moving Mountains Through Measurement
 
10 Critical Habits of Effective Security Managers
10 Critical Habits of Effective Security Managers10 Critical Habits of Effective Security Managers
10 Critical Habits of Effective Security Managers
 
Information Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsInformation Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security Metrics
 
Information Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your VulnerabilitiesInformation Security - Back to Basics - Own Your Vulnerabilities
Information Security - Back to Basics - Own Your Vulnerabilities
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the Beefeaters
 

Último

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 

Último (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

Office 365 Security - Its 2am do you know whos in your office 365

  • 1. Its 2am…Do you know who’s in your Office (365)? By Jack Nichelson and Jason Middaugh October 25, 2018 Technical Advisor: Kevin Merolla
  • 2. Jack Nichelson Chief Information Security Officer MRK Technologies I defend my companies competitive advantage by helping solve business problems through technology to work faster and safer.  Executive MBA from Baldwin-Wallace University  Recognized as one of the “People Who Made a Difference in Security” by the SANS Institute and Received the CSO50 award for connecting security initiatives to business value.  Adviser for Baldwin Wallace’s, State winner Collegiate Cyber Defense Competition (CCDC) team.
  • 3. Jason Middaugh Manager of Infrastructure & Security Services Cleveland-Cliffs Inc. Jason holds a bachelor’s degree in information systems/operations management from the University of Toledo, an executive master’s degree in business administration from The Ohio State University.  Holds several IT based certifications (CISSP, MCSE, VCP, CCNA, CCDA).  He is currently a member of the North East Ohio Cyber Consortium and InfraGard.  He is also a graduate of the FBI Citizens Academy and a skiing enthusiast.
  • 4. In the past Microsoft only, licensed software by device for individual products. But now they offer licensing by user and as a bundle of products to better meet the needs of a modern mobile workforce. Microsoft has introduced a new software-as-a-service subscription plan called Office 365 that provides Email and Office and another plan called Microsoft 365 that includes Office 365, Windows 10, Mobility and Security. • Office Applications – The regular Office applications (Word, Excel, PowerPoint, etc.) you know and love, updated to take advantage of the collaboration and cloud file syncing features. • Office Mobile – Native mobile apps available for Windows Phone, iPhone, iPad, and various Android devices. • Office Web Apps – Online versions of Word, Excel, PowerPoint, and OneNote, available on any computer with a web browser. To put it simply, Office 365 brings the Microsoft Office suite of applications into the 21st century. Office 365 Overview
  • 5. • Security related O365 Services & Licenses • As with every cloud service you are building on the foundation of your contract and licenses. Get this wrong and your hands will be tied before you start. Office 365 Licensing
  • 6. • Point 1 • Point2 Enterprise Mobility + Security Licensing Don’t go to Office 365 without EMS
  • 7. Office 365 Architecture This is the common, kind-of hybrid architecture model
  • 8. Azure Security Overview Network Security Groups (NSG) Site-to-Site VPN Point-to-Site VPN ExpressRoute Network Security Appliances Host-based firewalls Security Center Role-Based Access Control Key Vault Microsoft anti-malware Rights Management/Information Protection Cloud App Discovery Infrastructure Securing assets Connect Health Identity Protection Privileged Identity Management OMS Security & Audit Multi-Factor Authentication Azure Active Directory
  • 9. Office 365 Security Architecture 63% of Office 365 data breaches involve weak, default, or stolen passwords.
  • 10. Azure Active Directory (Azure AD) is Microsoft’s multi-tenant, cloud-based directory, and identity management service. Azure AD combines core directory services, application access management, and identity protection in a single solution. The heart of security in Office 365 & Azure is Identity and Access Management controls in Azure AD. Identities, Management and Security • The core of each Azure subscription is Azure AD • You can have multiple AAD tenants within the same Azure subscription • Users, groups, licenses, permissions, apps, app proxies, domains… All controlled in Azure AD • It’s important to understand the difference between AAD, AD and AAD Connect (and AAD DS) Heart of Security: Azure Active Directory The new perimeter is identities in the cloud
  • 11. We started looking at Office 365 back in 2014 When did the Journey Begin? Main drivers were to move Exchange Online and Skype for Business Why? We are now fully in the cloud for email and instant messaging/collaboration (no on-premise) Current State Cliffs is an Enterprise Cloud Suite / E3 / M365-E3 (not E5) Licensing My Journey to Office 365
  • 12. Pilot, pilot, pilot! 01 02 03 We spent close to 12 months Piloting O365 Worked out all the kinks before mass migrations For Example: Conference Rooms and Voicemail while in Hybrid Configuration. Taking this approach made conversions much easier, Except for those 25-50gb mailboxes! (you currently get a 100gb mailbox with O365)
  • 13. 01 Started Elsewhere Account was comprised, password was being used between different sites/accounts 02Covert and Waited Waited to launch attack until user was on plane, figured that out via email and calendar 03 Payload Attacker attempted to get a fake invoice paid and wired immediately 04Extent of Compromise They were in the user’s voicemail and faked approvals from Senior Executives 05 Near-miss Internal processed stop this large transaction from happening 06Prevention IF MFA would have been in place, this attack would have never got off the ground Story On Why You Need MFA in Front of O365
  • 14. Threat Vector The second you move to O365 you become a bigger target and susceptible to the “O365 logon page” phishing scam to try and harvest credentials Requirement Multi-Factor Authentication is not a question; it is a must have! Simplicity We were able to eliminate ADFS Consistency We implement the same IDP for on-premise and the cloud to have a consistent end- user experience Ease of Use In my opinion, Microsoft MFA was clunky and complex for a end-user to understand Multi-factor is a must in the cloud User name and password are not enough
  • 15. Whether you know it or not, when you commit to O365 you are committing to keeping your version of Office under Mainstream Support Mainstream Support You can no longer kick the can on Office upgrades until the product gets close to the Extended Support date Rate of Change You won’t get them to say this, but Microsoft is slowly pushing everyone to the “Click to Run” / Office Pro Plus. Watch out Office plug- ins! Future Software Lifecycle Management Acceleration
  • 16. Microsoft Support Dates You Need to Know Mainstream support ends: No longer supported Extended support ends: Oct. 13, 2020 Office 2010 01 Mainstream support ends: No longer supported Extended support ends: April 11, 2023 Office 2013 Mainstream support ends: Oct. 13, 2020 Office 365 System Requirements support: October 2023 Extended support ends: Oct. 14, 2025 Office 2016 Mainstream support ends: No longer supported Extended support ends: Jan. 14, 2020 Windows 7 Mainstream support ends: Oct. 13, 2020 Extended support ends: Oct. 14, 2025 Windows 10 02 03 04 05
  • 17. P.S.A. Freebie – Executive Protection (please thank Phillip Samson for this!) Security First The #1 vector for Security Breaches is email/phishing attacks, this is not the area to skimp in the budget Invest in Best of Breed Microsoft product is improving but not as good as dedicated products Features Last time I checked, things like end user digests and automated integration with on-premise firewall block lists are not available with Exchange Online Protection Email Security Gateway Product
  • 18. Understanding Office 365 Account Management Backups? You need to really know this, because there are no backups in O365 Restores? You cannot call up Microsoft and ask them for a restore Policies You might have to re- write or adjust IT policies Settings Settings can be adjusted on a per-product level (Exchange, Skype, SharePoint …) Example Walk through of how we keep mailboxes for 90 post termination
  • 19. 01 02 03 04 05 Office 365, People will start using everything! My Advice Get in and work with the early adopters of these new Microsoft products and try to identify potential issues before they become problems Rapid Change Skype is becoming Teams. We’ve had some Skype issues and continue to work on them, but Skype isn’t the greatest collaboration tool. But it was A LOT cheaper than WebEx and maybe they’ll fix it with Teams Bad News Bad because it can have undesired consequences • Teams example Good News Great because Microsoft is giving you access to new tools as soon as they become available Before you know it; someone will find they have access to Teams and Planner and Yammer and …. Before you even have had time to look at the Products
  • 20. So, how secure is your Office 365? Office 365 Secure Score analyzes your Office 365 security settings and assigns a score and makes recommendations to improve your score. • Secure Score is a proactive security management service for Office 365 to help you find & fix risks. https://securescore.office.com • Secure Score will provide a list of actions for things to fix, in order to improve your security posture and baseline score. The baseline score is comprised of seven groups of different sizes for you to compare against based on your company size • You get 100 points just by enabling MFA for global admins Secure Office 365 with Secure Score
  • 21. CIS Microsoft 365 Foundations Benchmark The CIS Microsoft 365 Foundations Benchmark is designed to assist organizations in establishing the foundation level of security for anyone adopting Microsoft 365. The benchmark should not be considered as an exhaustive list of all possible security configurations and architecture but as a starting point. Each organization must still evaluate their specific situation, workloads, and compliance requirements and tailor their environment accordingly. The CIS benchmark contains two levels, each with slightly different technical specifications: • Level 1—Recommended minimum security settings that should be configured on any system and should cause little or no interruption of service or reduced functionality. • Level 2—Recommended security settings for highly secure environments and could result in some reduced functionality. • https://www.microsoft.com/security/blog/2019/01/10/best-practices-for-securely- using-microsoft-365-the-cis-microsoft-365-foundations-benchmark-now-available/ Secure Office 365 with Secure Score
  • 22. Azure Security Center So, how secure are your Azure Servers? Security Center is the dashboard for Azure security Azure Security Center provides unified security management and advanced threat protection across your cloud workloads. Security Center can apply security policies, limit your exposure to threats, and detect and respond to attacks. • A simple way to view what’s secured and what’s not in Azure • Includes behavioral analytics and incident reporting • Standard license gives advanced threat detection & intelligence • Centralized policy management • Continuous security assessment • Actionable recommendations • Prioritized alerts and incidents
  • 23. Azure AD Connect is a tool for connecting on premises AD identity infrastructure to Microsoft Azure AD. It includes a number of technologies: • AAD Connect Sync • AAD Connect Health • ADFS (Active Directory Federation Services) • The PHS/PTA/SSSO Provisioning Connector Securing and monitoring Azure AD Connect, ADFS and on-premises AD configuration with Azure AD Connect Health. • Monitors your AD FS, AD FS Proxy, AAD Domain Services and AAD Connect status • Can alert you when things break down – useful for many directory-related services, and especially for Azure AD Connect issues • Deploying is easy: • Install agents for AD FS, AAD Connect and AD DS servers • Verify configuration on AAD CH blade in Azure Portal • This feature requires AAD Premium licenses Securing Azure AD Connect
  • 24. Modern Authentication What to need to know before you turn it on • Turned on at the tenant level • You need to be running Office 2016 before go to Modern Auth • By default, Exchange and Skype for Business Online tenants are not enabled for Modern Authentication • Closes loop hole in Outlook clients where you can access a mailbox with only user name & password • You must manually enable it via PowerShell Why? Why? - Because no wants to enter their password every time they open Outlook (every user is going to cache their credentials) Modern Auth enables MFA, SAML-based third party Identity Providers with Office clients, smart card and certificate-based authentication, and removes the need for Outlook to use the basic authentication protocol.
  • 25. The vast majority of security breaches take place when attackers gain access to an environment by stealing a user’s identity. Safeguarding for users who log in from weird countries with Azure AD Identity Protection by Monitoring for risk events, vulnerabilities and policy changes • Automatically flags suspicious events, such as users who perform impossible travel times. • Detect potential vulnerabilities affecting your organization’s identities • Configure automated responses to detected suspicious actions that are related to your organization’s identities • Investigate suspicious incidents and take appropriate action to resolve them to automatically flag suspicious events • Reports such as Users flagged for risk, Risk events and Vulnerabilities • Providing custom recommendations to improve overall security posture by highlighting vulnerabilities like calculating sign-in & user risk levels Azure AD Identity Protection
  • 26. Cloud App Security is a great component of the Microsoft Cloud Security stack • Cloud Discovery: Discover all cloud use in your organization, including Shadow IT reporting and control and risk assessment. • Data Protection: Monitor and control your data in the cloud by gaining visibility, enforcing DLP policies, alerting and investigation. • Threat Protection: Detect anomalous use and security incidents by recording all activities of users, including external users Finding Shadow IT within the organization with Cloud App Discovery • Discover unmanaged (and managed) cloud apps in use • Works by dropping an agent on workstations • Discover apps, amount of data transferred and who uses what Microsoft Cloud App Security
  • 27. Where is the True Issue? This was much easier when everything was in your Data Center • The path was from the office, across the WAN, to the Data Center and back • What if the problem is on the Internet? And not your connection, but several hops down the path? • User are complaining they cannot get their mail • Network Engineers say everything is “Good/Green” Application Selection We selected a tool the constantly monitors from all of our internet break-outs the path to many of our Cloud Applications, the path they take to get there, and the speed/latency it normally takes,. It then alerts us when anything changes, goes offline, or when the latency greatly increases New World So now you have moved to the cloud, how do you troubleshoot the path your users take to get to these services? And monitor and alert on consistent/inconsistent end user experiences? Knowledge is Power While this does not “solve or fix” the issues when it happens, it does let us know immediately so we can communicate, and we also do not have to waste a ton of time looking are our equipment to see if the problem is on our end Look to invest in Non-traditional IT monitoring tools
  • 28. Microsoft Office 365 Security The new perimeter is identities in the cloud Disable POP3, IMAP and ActiveSync Shutdown Legacy Protocols Don’t go to Office 365 without MFA enabled for everyone Multi-factor Authentication Enable modern authentication for all users Modern Authentication Review Secure Score monthly and implement the recommended changes Secure Score Review cloud app security to watch with suspicious activities in Office 365 Cloud App Security Review the logs daily to check for risky logins Identity Protection Conclusions
  • 29. Information Security Summit THANK YOU Jason.Middaugh@ClevelandCliffs.com Jack@Nichelson.net Jack D. Nichelson Chief Information Security Officer MRK Technologies Jason Middaugh Manager of Infrastructure & Security Cleveland-Cliffs Inc.
  • 30. Information Security Summit NETWORK • No time like the present to put your soft skills • Say hi to your neighbor…how can you help each ot

Notas del editor

  1. They love to change / rename the same products So how many people are O365 customers today? How many people are looking at O365? Who says there is no way I am ever moving my email off-premise? I think that this presentation has a little something no matter where they are in their journey, well maybe not that last group
  2. Since we have put MFA in place, we have eliminated this attack vector
  3. Version of Office – need to be under Main stream Support or Microsoft can cut you off!      Office 2019 will only be available with an .exe, will not auto-update
  4. We strongly recommend using a third-party gateway
  5. (Thousandeyes)
  6. So don’t try and fight the cloud, embrace it, and hopefully my journey has taught you a few things to consider in your journey  
  7. Title: Its 2am…Do you know who’s in your Office (365)? Abstract: You’ve entrusted all of your company’s data to Microsoft’s cloud…what could go wrong? In 2018 you’ve either moved your data to Office365, you’re thinking about it, or you’ve locked your entire business into Lotus Notes. As cloud providers eat away traditional infrastructure, IT and Security teams must either adapt to this brave new world, or be left behind. In this talk we will provide real-world examples and how to apply both traditional and new security controls/tools to secure Office 365 & Azure. We will give specific, actionable recommendations you can make to your Microsoft Office 365 and Azure tenants. Recommendations like how to prevent external threats like account takeovers, internal threats like Shadow cloud Apps, effective monitoring and processes to follow to minimize the likelihood that your company becomes the Next Big Breach. The new perimeter is identities in the cloud, so learn to protect them with Azure Active Directory. Talk Outline: The Big Picture - Office 365 review of its most common parts and different security controls. Office 365 Licensing – As with every cloud service you are building on the foundation of your contract and licenses. Get this wrong and your hands will be tied before you start. Overview of Azure Active Directory – The heart of security in Office 365 & Azure is Identity and Access Management. The new perimeter is identities in the cloud, so learn to protect them with Azure Active Directory. Preventing External Threats – Recommendation like: Securing Authentication, Azure AD ID Protection, Privileged ID Management, Baseline with SecureScore.office.com, Azure Security Center, Operations Management Suite, Azure AD Application Proxy. Preventing Internal Threats – How to discover Shadow IT like unmanaged cloud apps, Cloud App Security, Advanced Threat Analytics, Compliance Manager, Azure Key Vault. Monitoring & Auditing – Azure Monitoring throughout tenants and resource groups, Azure AD Connect, Common Risk Events, Vulnerabilities, and Policy changes. Q&A