1) The document discusses security features available in Microsoft cloud services like Azure, Office 365, and Enterprise Mobility Suite.
2) It describes identity and access management, multi-factor authentication, conditional access, encryption options for data at rest and in motion, and advanced threat protection for email.
3) The last section asks if an on-premise datacenter could support features like high availability, unified device management, rights management, encryption, advanced threat protection and compliance capabilities that are included in an Office 365 subscription.
8. Multi Factor Authentication (MFA)
Cloud - Aber "Sicher"8 Dec 2015
Extra Authentication Factor
– Automated Call / Token (SMS)
Authenticator App
– For Cloud Services
– Also for On-Premise
– Rules can be Applied
– Administrators and Users
10. Comprehensive Reports & Notifications
Cloud - Aber "Sicher"10 Dec 2015
• Microsoft Threat Intelligence
• Credentials found in Dark web
• Botnet activity
• Authentication Context Analysis
12. Azure RMS
Cloud - Aber "Sicher"
Encrypts and protects
Documents and Mails
Access through
Authorization by Azure AD
Policies
• Edit
• Copy
• Print
• Retention Time
Also with External Users
Dec 201512
13. Azure RMS
Cloud - Aber "Sicher"
uses encryption, identity, and
authorization policies to secure
Mails and Files
protected both within and outside
your organization
protection remains with the data
Encryption:
– 2048-bit RSA asymmetric key with
SHA- 256 hash algorithm
– AES 128-bit symmetric (CBC
mode with PKCS#7 padding)
Azure RMS
Dec 201513
14. Azure RMS
Cloud - Aber "Sicher"
Keys are Stored in Azure Keyvault
– Geo-location specific
– Stored in HSM module
Full Audit und Logging of Key usage
BYOK support available Azure RMS
Dec 201514
15. Azure RMS – Bring your Own Key (BYOK)
Cloud - Aber "Sicher"Dec 201515
16. Enterprise Mobility Suite
Cloud - Aber "Sicher"16 Dec 2015
Identity Management
Authentication & Authorization
MFA
Conditional Access
Unified Mobile Device Management
Access Management
Apps Deployment
Selective Wipe
Microsoft Azure
Active Directory Premium
Microsoft Intune
Microsoft Azure
Rights Management
+
+
Document Level Security
Encryption
Policies
Secure Access
17. Enterprise Mobility Suite
Cloud - Aber "Sicher"17 Dec 2015
Microsoft Azure
Active Directory Premium
Microsoft Intune
Microsoft Azure
Rights Management
+
+
18. Office 365 Security
Cloud - Aber "Sicher"18 Dec 2015
Data Retention Policies / Legal Hold
Encryption
Data Loss Prevention (DLP)
Exchange Online
Advance Threat Protection
(essential RMS & MDM Features)
21. Office 365 Message Encyption (OME)
Cloud - Aber "Sicher"
apply encryption on emails that
originate from Office 365
inside or outside Office 365
External users can decrypt the
received email by either:
– an Office 365 account
(from their company)
– a Microsoft account
– a one-time passcode
Azure RMS used for encryption
Office 365
Message Encryption
Dec 201521
22. S/MIME
Cloud - Aber "Sicher"
standard for
– public key encryption
– digital signing of MIME data
Public / Private Key Infrastructure
Works with Outlook, Outlook Web
App, and ExchangeActiveSync
clients (mobile)
S/MIME
Dec 201522
23. Encryption
Cloud - Aber "Sicher"23 Dec 2015
• AES265 encryption at Rest and in
Motion
• Two types of encryption for
Data at Rest:
• Disk encryption
(using Bitlocker)
• File encryption
Each file is encrypted with its
own key
• Data in Motion
• SSL (TLS 1.0 & 1.2)
• New cipher suite order
• Discovered vulnerabilities are taken
serious:
• SSLv3 Support withdrawn
• RC4 cipher support withdrawn
24. Encryption of Files in OneDrive & SharePoint
Cloud - Aber "Sicher"24 Dec 2015
Encrypted Files and File Chunks
stored randomly accross
Encrypted Storage Containers
Keys of the
Container &
Content DB
Keys of the Files and
File Chunks
Keys and content are stored in 3 different locations, so you need authorization
in all 3 areas to reveal data
25. Data Lost Prevention (DLP)
Cloud - Aber "Sicher"25 Dec 2015
Prevents Sensitive Data From
Leaving Organization
Provides an Alert when data such as
Social Security & Credit Card
Number is emailed
Alerts can be customized by Admin
to catch Intellectual Property from
being emailed out
• Email, OneDrive & Office
• For Based On Policies
• File Content Patterns
• Built-in templates based on common
regulations
• Import DLP policy templates from
security partners or build your own
26. Exchange Online Advance Threat Protection
Cloud - Aber "Sicher"26 Dec 2015
• Multiple Anti Malware
Engines
• URL Link
• Rich Reporting &
Tracing
28. Does your Datacenter Support these features?
Cloud - Aber "Sicher"28 Dec 2015
• HighAvailability & Geo Redundancy
of your data
• Full Featured Identity and Access
management Cross Premises and
with 3rd Party
• MFA and Conditional access
• Enhanced Security Reports and
Notifications (Threat Intelligenz)
• Unified Device Management
• Rights Management on Document Level
wherever stored
• E-Mail & Multi Level File Encryption
• Retention time, Archiving and Legal Hold
• Advanced Threat Protection
And most of it is already in an Office365 Subscription
included !!!