October 2022 CIAOPS Need to Know Webinar
•
0 recomendaciones•481 vistas
Recording of monthly Need to Know webinar for October 2022 that focused on providing a deep dive into Microsoft 365 security. The session also includes Microsoft Cloud news and updates along with an open Q and A session around Microsoft 365. Video recording is available at www.ciaopsacademy.com
Recomendados
Recomendados
Más contenido relacionado
Similar a October 2022 CIAOPS Need to Know Webinar
Similar a October 2022 CIAOPS Need to Know Webinar (20)
Más de Robert Crane
Más de Robert Crane (20)
Último
Último (20)
October 2022 CIAOPS Need to Know Webinar
- 1. Need to Know Microsoft 365 Webinar October 2022 @directorcia http://about.me/ciaops
- 2. Web cast has started Web cast is being recorded If you can’t hear anything check your speaker settings
- 3. For questions after the event: Email : director@ciaops.com Twitter : @directorcia
- 5. Webinar recordings at: www.ciaopsacademy.com Free access for CIAOPS patrons
- 6. Please: - Turn off your mobile - Turn off your email - Have somewhere to take notes
- 8. Agenda -Microsoft 365 Update -Microsoft 365 Security -Q & A
- 10. News • Microsoft Ignite 2022 book of news • https://news.microsoft.com/ignite-2022-book-of-news/ • Public Preview: Conditional Access filters for apps • https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/public-preview-conditional-access-filters- for-apps/ba-p/2365680 • What’s new with XDR at Ignite? • https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/what-s-new-in-xdr-at-microsoft-ignite/ba- p/3648872 • What's New in Microsoft Teams | Microsoft Ignite 2022 • https://techcommunity.microsoft.com/t5/microsoft-teams-blog/what-s-new-in-microsoft-teams-microsoft-ignite- 2022/ba-p/3614158 • What’s new in Security and Management in SharePoint, OneDrive, and Teams – Microsoft Ignite 2022 • https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/what-s-new-in-security-and-management-in- sharepoint-onedrive-and/ba-p/3648912
- 17. Tenant branding
- 22. How long does Azure AD store the data? How long does Azure AD store reporting data? - https://docs.microsoft.com/en-us/azure/active-directory/reports- monitoring/reference-reports-data-retention
- 25. Defender for Cloud Apps Alerts https://portal.cloudappsecurity.com/#/alerts
- 26. Unusual file share activity Unusual file download Unusual file deletion activity Ransomware activity Data exfiltration to unsanctioned apps Activity by a terminated employee Indicators of a compromised session Malicious use of an end-user account Suspicious inbox rules (delete, forward) Malware implanted in cloud apps Malicious OAuth application Multiple failed login attempts to app Threat delivery and persistence ! ! ! Unusual impersonated activity Unusual administrative activity Unusual multiple delete VM activity Malicious use of a privileged user Activity from suspicious IP addresses Activity from anonymous IP addresses Activity from an infrequent country Impossible travel between sessions Logon attempt from a suspicious user agent
- 29. Conditional Access + Identity Protection Corporate Network Geo-location Microsoft Cloud App Security MacOS Android iOS Windows Windows Defender ATP Client apps Browser apps Google ID MSA Azure AD ADFS Require MFA Allow/block access Block legacy authentication Force password reset ****** Limited access Controls Employee & Partner Users and Roles Trusted & Compliant Devices Physical & Virtual Location Client apps & Auth Method Conditions Machine learning Policies Real time Evaluation Engine Session Risk 3 171TB Effective policy
- 36. Stories from DART: Taking the ware out of ransomware
- 38. User browses to a website Phishing mail Opens attachment Clicks on a URL + Exploitation & Installation Command & Control Brute force account or use stolen account credentials User account is compromised Attacker attempts lateral movement Privileged account compromised Domain compromised Attacker accesses sensitive data Exfiltrate data Protection across Azure AD Identity Protection Identity protection & conditional access Defender for Cloud Apps Extends protection & conditional access to other cloud apps Azure Defender Azure AD Identity Protection Identity protection & conditional access Identity protection Defender for Endpoint Endpoint protection Defender for Office 365 Malware detection, safe links, safe attachments Attacker collects recon and config data
- 42. Resources • Cyber Security: The Small Business Best Practice Guide - https://www.asbfeo.gov.au/sites/default/files/documents/ASBFEO-cyber-security-research-report.pdf • Australian Cyber Security Centre - https://www.cyber.gov.au/ • Office 365 Security and Compliance - https://docs.microsoft.com/en- us/office365/securitycompliance/ • Microsoft Trust Center - https://www.microsoft.com/en-us/trustcenter/security/office365-security • Microsoft Secure Score - https://docs.microsoft.com/en-us/office365/securitycompliance/microsoft- secure-score • Microsoft 365 for Partners Security - https://www.microsoft.com/microsoft-365/partners/security • What are Security defaults - https://docs.microsoft.com/en-gb/azure/active- directory/fundamentals/concept-fundamentals-security-defaults • Introducing conditional access for Office 365 - https://techcommunity.microsoft.com/t5/azure- active-directory-identity/introducing-conditional-access-for-the-office-365-suite/ba-p/1131979
- 43. CIAOPS Resources • Blog – http://blog.ciaops.com • Free Office 365, Azure video tutorials – http://www.youtube.com/directorciaops • Free documents, presentations, eBooks – http://slideshare.net/directorcia • Office 365, Azure, Cloud podcast – http://ciaops.podbean.com • Office 365, Azure online training courses – http://www.ciaopsacademy.com • Office 365 and Azure community – http://www.ciaopspatron.com • CIAOPS Github – https://github.com/directorcia Skype for Business admin@ciaops365.com Email director@ciaops.com Facebook https://www.facebook.com/ciaops Twitter @directorcia
- 44. Get access to the latest information by becoming a Patron http://www.ciaopspatron.com
- 46. That’s all folks! Thanks for attending