Office 365 includes some security features, however those may not be enough. Join Orin Thomas and Quest's Todd Mera as they discuss what you can do to reduce the risk of an Office 365 security breach.
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Reducing the Chance of an Office 365 Security Breach
1. Reducing the Chance of an
Office 365 Security Breach
Orin Thomas
@orinthomas
orin@windowsitpro.com
2. In This Session …
• Responsibilities
• Threats
• Hybrid AD security risks
• Backup and recovery
• Policy enforcement
• Auditing
• Overcoming breach
• Improving security
3. What Your Responsibility Is
• Even when you move files off premises into
the cloud, it doesn’t mean that Microsoft is
responsible for everything to do with those
files
– You need to back them up
– You need to ensure that only appropriate people
have access to those files
4. What Your Responsibility Is
• It’s very important to understand what Office
365 is responsible for and can do and what it
cannot do:
– Can’t stop users getting phishing email
– Can’t stop ransomware
– Can’t stop malicious insiders
6. Hybrid AD Security Risks
• Compromised on-premises account gives
access to O365 data
• Poor on-premises account management
practices lead to access to Office 365
7. Backup and Recovery
• Data stored in Office 365 must be backed up in
case it is deleted or becomes corrupted
• Settings need to be regularly exported so that they
can be restored if unauthorized or ill-informed
changes are made
• What steps would you need to take to recover if
your O365 sub was deleted tomorrow?
8. Policy Enforcement
Allow you to control how things happen in
deployment through policy
• DLP policies
• Supervisory review policies
• Device security policies
9. Auditing
• To know what happened, you need to have
records
• Audit data recording
• Enable mailbox auditing
• Review audit data
10. Overcoming Breach
• Determine source of breach
• Remediate cause of breach
• Improve security practices
– Enable MFA for users
– Remove Global Admin rights from multiple users
11. Reducing the Chance of a Breach
• SecureScore.Office.Com
• Enable MFA for all users
• Enable audit data recording
• Review sign-ins after
multiple failures report on a
weekly basis
• Review sign-ins from
unknown geographies report
weekly
• Review role changes weekly
• Enable IRM services
• Audit user data
• Review mailbox forwarding
rules weekly
• Review malware detection
report weekly
• Review account provisioning
activity report weekly
13. Quest Hybrid Active Directory
Security
Todd Mera, Systems Consultant
todd.mera@quest.com
14. Confidential14 Confidential14
• Office 365 requires an Azure
AD instance
• Azure AD provides the
Directory Service for Office
365 applications
• Azure AD integrates with On-
premise AD creating a Hybrid
Directory environment
Hybrid Environment: Azure Active Directory (AAD)
16. 1. Attacker targets workstations en masse
2. User running as local admin is
compromised, attacker harvests credentials
3. Attacker uses credentials for lateral
movement or privilege escalation
4. Attacker acquires domain admin
credentials
5. Attacker exercises full control of data
and systems in the environment
18. Confidential18 Confidential18
Know Your Users
• Who are your users?
• What can they do?
• What are they doing?
• Do they have the right access?
Hybrid Active Directory Security
19. Who Are They And What Can They Do?
Privileged Accounts, do you know who they are?
Helpdesk
User Accounts
Service
Accounts
Admin Accounts
20. What Are They Doing?
It’s 9pm, do you know what your Privileged Accounts are
up to?
• Auditing - Detect and Alert
21. Is Access to Resource Appropriate?
Can you tell how long a user has been with the company by how
many groups they belong to?
Application / Data Owners
Create Users/Groups Create
Groups
Reset Pwrds, Unlock Accounts
Computers
Domain Controllers
APAC
EMEA
North America
AD Architect
New York
Mexico City
Sr. Administrator
OU Admins / Help Desk
Create OUs
Create Objects
Join Computers
Access
Management
Assign Assistants
Exchange Admins
Create/Remove Mailboxes
Move Mailbox
Update Addresses
AD / AD LDS
Cross-platformUpdate personal Information
Update Phone #
User Profile Editor
Applications
User Profile Editor
Day-to-Day Admin
App/Data Owners
Mailbox Admin
Service Desk
Databases
Directories
Platforms
22. GPOs – The Good: Powerful, The Bad: Powerful
Change Management and Security
• Version comparisons
Side-by-side GPO version
comparisons at various
intervals.
• Protected settings policies
Define a list of GPO settings
with predetermined values that
must exist and cannot be
modified.
23. GPOs – The Good: Powerful, The Bad: Powerful
Change Management and Security
• Support change
management
best practices
and
• Enable effective
approval
processes
24. Recovery Manager for Active Directory Forest Edition
Recover Quickly When Things Go Wrong
25. Confidential25
Quest Hybrid Active Directory Security Solution
Continually
assess
Detect
and alert
Remediate
and mitigate
Investigate
and recover
Active
Directory
Unified AD
Fine-Grained
Provisioning
UNIX
Servers
SP2K
PROD
AZUREAD
O365
INDIA
ASIAPAC
EMEA
US
Aqusiition
AD.
SAAS Apps.
Exchange
SQL
File Servers
On Prem. Apps
AAD Connect