Recording of monthly Need to Know webinar for October 2022 that focused on providing a deep dive into Microsoft 365 security. The session also includes Microsoft Cloud news and updates along with an open Q and A session around Microsoft 365. Video recording is available at www.ciaopsacademy.com
10. News
• Microsoft Ignite 2022 book of news
• https://news.microsoft.com/ignite-2022-book-of-news/
• Public Preview: Conditional Access filters for apps
• https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/public-preview-conditional-access-filters-
for-apps/ba-p/2365680
• What’s new with XDR at Ignite?
• https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/what-s-new-in-xdr-at-microsoft-ignite/ba-
p/3648872
• What's New in Microsoft Teams | Microsoft Ignite 2022
• https://techcommunity.microsoft.com/t5/microsoft-teams-blog/what-s-new-in-microsoft-teams-microsoft-ignite-
2022/ba-p/3614158
• What’s new in Security and Management in SharePoint, OneDrive, and Teams
– Microsoft Ignite 2022
• https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/what-s-new-in-security-and-management-in-
sharepoint-onedrive-and/ba-p/3648912
22. How long does Azure AD store the data?
How long does Azure AD store reporting data? - https://docs.microsoft.com/en-us/azure/active-directory/reports-
monitoring/reference-reports-data-retention
25. Defender for Cloud Apps Alerts
https://portal.cloudappsecurity.com/#/alerts
26. Unusual file share activity
Unusual file download
Unusual file deletion activity
Ransomware activity
Data exfiltration to unsanctioned apps
Activity by a terminated employee
Indicators of a
compromised session
Malicious use of
an end-user account
Suspicious inbox rules (delete, forward)
Malware implanted in cloud apps
Malicious OAuth application
Multiple failed login attempts to app
Threat delivery
and persistence
!
!
!
Unusual impersonated activity
Unusual administrative activity
Unusual multiple delete VM activity
Malicious use of
a privileged user
Activity from suspicious IP addresses
Activity from anonymous IP addresses
Activity from an infrequent country
Impossible travel between sessions
Logon attempt from a suspicious user agent
38. User browses to a
website
Phishing
mail
Opens
attachment
Clicks on a URL
+
Exploitation
& Installation
Command
& Control
Brute force account or
use stolen account credentials
User account
is compromised
Attacker
attempts lateral
movement
Privileged
account
compromised
Domain
compromised
Attacker accesses
sensitive data
Exfiltrate data
Protection across
Azure AD Identity Protection
Identity protection &
conditional access
Defender for Cloud Apps
Extends protection & conditional
access to other cloud apps
Azure Defender
Azure AD Identity Protection
Identity protection &
conditional access
Identity protection
Defender for Endpoint
Endpoint protection
Defender for Office
365
Malware detection, safe links,
safe attachments
Attacker collects recon
and config data
39.
40.
41.
42. Resources
• Cyber Security: The Small Business Best Practice Guide -
https://www.asbfeo.gov.au/sites/default/files/documents/ASBFEO-cyber-security-research-report.pdf
• Australian Cyber Security Centre - https://www.cyber.gov.au/
• Office 365 Security and Compliance - https://docs.microsoft.com/en-
us/office365/securitycompliance/
• Microsoft Trust Center - https://www.microsoft.com/en-us/trustcenter/security/office365-security
• Microsoft Secure Score - https://docs.microsoft.com/en-us/office365/securitycompliance/microsoft-
secure-score
• Microsoft 365 for Partners Security - https://www.microsoft.com/microsoft-365/partners/security
• What are Security defaults - https://docs.microsoft.com/en-gb/azure/active-
directory/fundamentals/concept-fundamentals-security-defaults
• Introducing conditional access for Office 365 - https://techcommunity.microsoft.com/t5/azure-
active-directory-identity/introducing-conditional-access-for-the-office-365-suite/ba-p/1131979
43. CIAOPS Resources
• Blog – http://blog.ciaops.com
• Free Office 365, Azure video tutorials – http://www.youtube.com/directorciaops
• Free documents, presentations, eBooks – http://slideshare.net/directorcia
• Office 365, Azure, Cloud podcast – http://ciaops.podbean.com
• Office 365, Azure online training courses – http://www.ciaopsacademy.com
• Office 365 and Azure community – http://www.ciaopspatron.com
• CIAOPS Github – https://github.com/directorcia
Skype for Business
admin@ciaops365.com
Email
director@ciaops.com
Facebook
https://www.facebook.com/ciaops
Twitter
@directorcia
44. Get access to the latest
information by becoming a
Patron
http://www.ciaopspatron.com