SlideShare une entreprise Scribd logo

So I DevSecOpsed Office 365

Télécharger en tant que PPTX, PDF
A
Alex Mags

1. The document discusses configuring Office 365 tenant settings for a new company, Fabrikam, that is splitting off from Contoso. 2. It describes managing Office 365 configuration as code by storing settings in JSON files and releasing changes through environments using Azure DevOps pipelines. 3. Tests are run using Pester to validate the Office 365 configuration matches the defined settings. Failures result in ServiceNow incident tickets.

Technologie
1  sur  44
@AlexMags So I DevSecOpsed Office 365 @alexmags #winops
@AlexMags Alex Magnay Twitter: @alexmags Email: alex@alexmags.com linkedin.com/in/amagnay
@AlexMags This talk • Unconventional use of Release Pipelines • Office 365 configuration as versioned code • Releasing changes through environments to prod • Testing Office 365 configuration compliance • NIST CyberSecurity Framework
@AlexMags MS-500 Microsoft 365 Security Administration Scenario: Contoso Group (CG) is a financial services organisation. Contoso is splitting off it’s investment banking division as a new company named Fabrikam Ltd Contoso Group has 70,000 users, Fabrikam has 7000 users. Objective: Prepare new foundational IT services for Fabrikam to operate independently of Contoso. Adopt a cloud first approach.
@AlexMags So much to configure!!! • AAD tenant config • AAD Privliged Identity Management • AAD Conditional Access • Office 365 Groups policies • Exchange spam policies • Exchange anti phish policies • Exchange Malware filter policy • Exchange safe attachments policies • Exchange safe links policies • Exchange org config • Exchange Authentication policies • Exchange DKIM and antispoofing • Exchange role-based access • Exchange Transport Rules • Exchange connector TLS policies • Exchange Data loss prevention policies • Sensitive information types • Office 365 audit log alerts • Data Retention policies • SharePoint tenant config • SharePoint DLP policies • SharePoint role-based access • Teams messaging policies • Teams meeting policies • Teams client policies • Teams federation • Teams role-based access • Etc…. • Etc…. • Etc….
@AlexMags
@AlexMags What’s included?
@AlexMags What’s included? https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/configuration-analyzer-for-security-policies
@AlexMags https://www.youtube.com/watch?v=6mFk3Oxdiwc
@AlexMags
@AlexMags
@AlexMags Environments & Licensing
@AlexMags
@AlexMags Azure Subscriptions Accounts Departments EA Portal Enterprise Agreement Fabricam IT Lab Test Production Research Grid Contoso IT Production
@AlexMags Subscriptions AAD Identity Accounts Invoicing EA Portal Enterprise Agreement Fabricam IT Lab domain Azure Lab O365 Lab (MPSA) Test domain Azure Test O365 Test (MPSA) Production domain Azure Prod O365 Production Azure DevOps Research Grid Contoso IT Production
@AlexMags Configuration as code
@AlexMags
@AlexMags
@AlexMags
@AlexMags
@AlexMags
@AlexMags
@AlexMags Release config to environments
@AlexMags Read tenant config and set stuff $TenantSettingsJson = get-content 'ExchangeAuthenticationPolicies.json' | ConvertFrom-Json Foreach ($policy in $TenantSettingsJson) { Write-Output "Applying Exchange authentication policies for: $($policy.identity)" # build hashtable of switches for PowerShell splatting $HashArguments = @{ AllowBasicAuthActiveSync = $policy.AllowBasicAuthActiveSync AllowBasicAuthAutodiscover =$policy.AllowBasicAuthAutodiscover AllowBasicAuthImap = $policy.AllowBasicAuthImap AllowBasicAuthMapi = $policy.AllowBasicAuthMapi AllowBasicAuthOfflineAddressBook = $policy.AllowBasicAuthOfflineAddressBook AllowBasicAuthOutlookService = $policy.AllowBasicAuthOutlookService AllowBasicAuthPop = $policy.AllowBasicAuthPop AllowBasicAuthReportingWebServices = $policy.AllowBasicAuthReportingWebServices AllowBasicAuthRpc =$policy.AllowBasicAuthRpc AllowBasicAuthSmtp = $policy.AllowBasicAuthSmtp AllowBasicAuthWebServices = $policy.AllowBasicAuthWebServices AllowBasicAuthPowershell = $policy.AllowBasicAuthPowershell } # Test if policy if exists and update it. Otherwise create new policy If (Get-AuthenticationPolicy -Identity $policy.name -ErrorAction SilentlyContinue) { Set-AuthenticationPolicy -Identity $policy.name @HashArguments -Verbose } else # create new policy { New-AuthenticationPolicy -name $policy.Name @HashArguments -Verbose } } 1. Create object from JSON 2. Loop though policies in JSON object 3. Build hash table of command switches based on object properties 4a. Execute set command with switches or 4b. Execute new command with switches
@AlexMags Release approvals • Approvals to individual or team • Approve & defer to change time • Approval Policies • Can’t approve own releases • Require additional MFA check • Release gates • Check ServiceNow change approval
@AlexMags Log messages are captured
@AlexMags Compliance as code
@AlexMags
@AlexMags
@AlexMags
@AlexMags Lab tenant config exported to JSON # Export Exchange auth policies Get-AuthenticationPolicy ` | ConvertTo-Json -Depth 10 ` | Out-File "ExchangeAuthenticationPolicies.json"
@AlexMags
@AlexMags Testing with Pester https://github.com/pester Describe 'Notepad’ { It 'Exists in Windows folder’ { 'C:Windowsnotepad.exe' | Should -Exist } } Describing Notepad [+] Exists in Windows folder 4ms
@AlexMags Testing with Pester https://github.com/pester Describe 'Notepad’ { It 'Exists in Windows folder’ { 'C:WindowsNotAtAllPad.exe' | Should -Exist ` -because "law 57 of Windows builds" } } Describing Notepad [-] Exists in Windows folder 17ms Expected path 'C:WindowsNotAtAllPad.exe' to exist, because law 57 of Windows builds, but it did not exist.
@AlexMags Test tenant config compared to JSON $TenantSettingsJson = get-content $genericJSONPath | ConvertFrom-Json $currentCompanyConfig = Get-AzureADMSGroupLifecyclePolicy -ErrorAction SilentlyContinue # Note "-because" parameters requires Pester module v4 Describe "Office365 group lifecycle policy for $($AADtenant.DisplayName)" { it "Office 365 group lifecycle policy" { $currentCompanyConfig | should -not -BeNullOrEmpty ` -Because "Office 365 group lifecycle policy ensures projects are closed down and data archived" } it "Office 365 Group lifetime" { $currentCompanyConfig.GroupLifetimeInDays | should -be $TenantSettingsJson.GroupLifetimeInDays ` -Because "Unused o365 groups should be archived after $($TenantSettingsJson.GroupLifetimeInDays)" } it "Office 365 group notification mails" { $currentCompanyConfig.AlternateNotificationEmails | should -be $TenantSettingsJson.AlternateNotificationEmails ` -Because "$($TenantSettingsJson.AlternateNotificationEmails) should be notified of unused o365 groups" } } Read JSON, get current config Assert that current config shouldn’t be blank/unset Assert that current config should match JSON
@AlexMags
@AlexMags
@AlexMags
@AlexMags
@AlexMags Incident tickets in ServiceNow • Email to special email address • ServiceNow email flow rule based on TO: address • Email becomes incident in correct assignment group • Azure DevOps notification rule logic: Only email on 1st failure after a success
@AlexMags The good • Misconfigurations detected quickly • Microsoft feature changes detected • Can demonstrate IT are in control
@AlexMags The good, the bad • Requires frequent maintenance to keep up with organisation changes • Requires frequent maintenance to keep up with Microsoft changes/new features • Maintenance requires PowerShell & DevOps skills
@AlexMags The good, the bad, the ugly • Outsourced operations teams don’t have PowerShell automation skills “we’re administrators not developers!”
@AlexMags The future? • Continuous assessment of SaaS configuration with SaaS Security Posture Management (SSPM)

Recommandé

O365Engage17 - Managing exchange online using power shell, tips & tricks
O365Engage17 - Managing exchange online using power shell, tips & tricksO365Engage17 - Managing exchange online using power shell, tips & tricks
O365Engage17 - Managing exchange online using power shell, tips & tricks
NCCOMMS
 
So I DevSecOpsed Office 365
So I DevSecOpsed Office 365So I DevSecOpsed Office 365
So I DevSecOpsed Office 365
Alex Mags
 
Detective Controls: Gain Visibility and Record Change
Detective Controls: Gain Visibility and Record ChangeDetective Controls: Gain Visibility and Record Change
Detective Controls: Gain Visibility and Record Change
Amazon Web Services
 
SPO Migration - New API
SPO Migration - New APISPO Migration - New API
SPO Migration - New API
Ashish Trivedi
 
SharePoint Saturday New York: PowerShell for Office 365
SharePoint Saturday New York: PowerShell for Office 365SharePoint Saturday New York: PowerShell for Office 365
SharePoint Saturday New York: PowerShell for Office 365
Vlad Catrinescu
 
PowerShell: Through the SharePoint Looking Glass
PowerShell: Through the SharePoint Looking GlassPowerShell: Through the SharePoint Looking Glass
PowerShell: Through the SharePoint Looking Glass
Brian Caauwe
 
Senlin deep dive 2015 05-20
Senlin deep dive 2015 05-20Senlin deep dive 2015 05-20
Senlin deep dive 2015 05-20
Qiming Teng
 
Can you keep a secret? (XP Days 2017)
Can you keep a secret? (XP Days 2017)Can you keep a secret? (XP Days 2017)
Can you keep a secret? (XP Days 2017)
Valerii Moisieienko
 

Recommandé

O365Engage17 - Managing exchange online using power shell, tips & tricks
O365Engage17 - Managing exchange online using power shell, tips & tricksO365Engage17 - Managing exchange online using power shell, tips & tricks
O365Engage17 - Managing exchange online using power shell, tips & tricks
NCCOMMS
 
So I DevSecOpsed Office 365
So I DevSecOpsed Office 365So I DevSecOpsed Office 365
So I DevSecOpsed Office 365
Alex Mags
 
Detective Controls: Gain Visibility and Record Change
Detective Controls: Gain Visibility and Record ChangeDetective Controls: Gain Visibility and Record Change
Detective Controls: Gain Visibility and Record Change
Amazon Web Services
 
SPO Migration - New API
SPO Migration - New APISPO Migration - New API
SPO Migration - New API
Ashish Trivedi
 
SharePoint Saturday New York: PowerShell for Office 365
SharePoint Saturday New York: PowerShell for Office 365SharePoint Saturday New York: PowerShell for Office 365
SharePoint Saturday New York: PowerShell for Office 365
Vlad Catrinescu
 
PowerShell: Through the SharePoint Looking Glass
PowerShell: Through the SharePoint Looking GlassPowerShell: Through the SharePoint Looking Glass
PowerShell: Through the SharePoint Looking Glass
Brian Caauwe
 
Senlin deep dive 2015 05-20
Senlin deep dive 2015 05-20Senlin deep dive 2015 05-20
Senlin deep dive 2015 05-20
Qiming Teng
 
Can you keep a secret? (XP Days 2017)
Can you keep a secret? (XP Days 2017)Can you keep a secret? (XP Days 2017)
Can you keep a secret? (XP Days 2017)
Valerii Moisieienko
 
SPSSTL - PowerShell - Through the SharePoint Looking Glass
SPSSTL - PowerShell - Through the SharePoint Looking GlassSPSSTL - PowerShell - Through the SharePoint Looking Glass
SPSSTL - PowerShell - Through the SharePoint Looking Glass
Brian Caauwe
 
SPSTC - PowerShell - Through the SharePoint Looking Glass
SPSTC - PowerShell - Through the SharePoint Looking GlassSPSTC - PowerShell - Through the SharePoint Looking Glass
SPSTC - PowerShell - Through the SharePoint Looking Glass
Brian Caauwe
 
How Netflix Is Solving Authorization Across Their Cloud
How Netflix Is Solving Authorization Across Their CloudHow Netflix Is Solving Authorization Across Their Cloud
How Netflix Is Solving Authorization Across Their Cloud
Torin Sandall
 
BRK2004_Embrace Office 365 Groups: Overview and Roadmap
BRK2004_Embrace Office 365 Groups: Overview and RoadmapBRK2004_Embrace Office 365 Groups: Overview and Roadmap
BRK2004_Embrace Office 365 Groups: Overview and Roadmap
Bruno Lopes
 
Amazon RDS for PostgreSQL: What's New and Lessons Learned - NY 2017
Amazon RDS for PostgreSQL: What's New and Lessons Learned - NY 2017Amazon RDS for PostgreSQL: What's New and Lessons Learned - NY 2017
Amazon RDS for PostgreSQL: What's New and Lessons Learned - NY 2017
Grant McAlister
 
SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...
SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...
SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...
Nik Patel
 
The 1%: Identity and Governance Patterns from the Most Advanced AWS Customers...
The 1%: Identity and Governance Patterns from the Most Advanced AWS Customers...The 1%: Identity and Governance Patterns from the Most Advanced AWS Customers...
The 1%: Identity and Governance Patterns from the Most Advanced AWS Customers...
Amazon Web Services
 
API Management: La Puerta de enlace (por Francisco Nieto)
API Management: La Puerta de enlace (por Francisco Nieto)API Management: La Puerta de enlace (por Francisco Nieto)
API Management: La Puerta de enlace (por Francisco Nieto)
Jorge Millán Cabrera
 
Chapter 8
Chapter 8Chapter 8
Chapter 8
pavan penugonda
 
Deconstructing SaaS: A Deep Dive into Building Multi-tenant Solutions on AWS ...
Deconstructing SaaS: A Deep Dive into Building Multi-tenant Solutions on AWS ...Deconstructing SaaS: A Deep Dive into Building Multi-tenant Solutions on AWS ...
Deconstructing SaaS: A Deep Dive into Building Multi-tenant Solutions on AWS ...
Amazon Web Services
 
Deep Dive on Amazon S3 & Amazon Glacier Storage Management - STG311 - re:Inve...
Deep Dive on Amazon S3 & Amazon Glacier Storage Management - STG311 - re:Inve...Deep Dive on Amazon S3 & Amazon Glacier Storage Management - STG311 - re:Inve...
Deep Dive on Amazon S3 & Amazon Glacier Storage Management - STG311 - re:Inve...
Amazon Web Services
 
STG311_Deep Dive on Amazon S3 & Amazon Glacier Storage Management
STG311_Deep Dive on Amazon S3 & Amazon Glacier Storage ManagementSTG311_Deep Dive on Amazon S3 & Amazon Glacier Storage Management
STG311_Deep Dive on Amazon S3 & Amazon Glacier Storage Management
Amazon Web Services
 
FSV302_An Architecture for Trade Capture and Regulatory Reporting
FSV302_An Architecture for Trade Capture and Regulatory ReportingFSV302_An Architecture for Trade Capture and Regulatory Reporting
FSV302_An Architecture for Trade Capture and Regulatory Reporting
Amazon Web Services
 
TechDays 2013 Jari Kallonen: What's New WebForms 4.5
TechDays 2013 Jari Kallonen: What's New WebForms 4.5TechDays 2013 Jari Kallonen: What's New WebForms 4.5
TechDays 2013 Jari Kallonen: What's New WebForms 4.5
Tieturi Oy
 
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Amazon Web Services
 
SRV312_Taking Serverless to the Edge
SRV312_Taking Serverless to the EdgeSRV312_Taking Serverless to the Edge
SRV312_Taking Serverless to the Edge
Amazon Web Services
 
EnablingPowerfulAndPersonalizedSearchExperienceUsingElastic7.15
EnablingPowerfulAndPersonalizedSearchExperienceUsingElastic7.15EnablingPowerfulAndPersonalizedSearchExperienceUsingElastic7.15
EnablingPowerfulAndPersonalizedSearchExperienceUsingElastic7.15
Shotaro Suzuki
 
Detective Controls: Gain Visibility and Record Change:
Detective Controls: Gain Visibility and Record Change: Detective Controls: Gain Visibility and Record Change:
Detective Controls: Gain Visibility and Record Change:
Amazon Web Services
 
Incident Response on AWS - A Practical Look.pdf
Incident Response on AWS - A Practical Look.pdfIncident Response on AWS - A Practical Look.pdf
Incident Response on AWS - A Practical Look.pdf
Amazon Web Services
 
IoT Heaps 6
IoT Heaps 6IoT Heaps 6
IoT Heaps 6
SushrutaMishra1
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
ChristopherTHyatt
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
The Digital Insurer
 

Contenu connexe

Similaire à So I DevSecOpsed Office 365

How Netflix Is Solving Authorization Across Their Cloud
How Netflix Is Solving Authorization Across Their CloudHow Netflix Is Solving Authorization Across Their Cloud
How Netflix Is Solving Authorization Across Their Cloud
Torin Sandall
 
Amazon RDS for PostgreSQL: What's New and Lessons Learned - NY 2017
Amazon RDS for PostgreSQL: What's New and Lessons Learned - NY 2017Amazon RDS for PostgreSQL: What's New and Lessons Learned - NY 2017
Amazon RDS for PostgreSQL: What's New and Lessons Learned - NY 2017
Grant McAlister
 
Deconstructing SaaS: A Deep Dive into Building Multi-tenant Solutions on AWS ...
Deconstructing SaaS: A Deep Dive into Building Multi-tenant Solutions on AWS ...Deconstructing SaaS: A Deep Dive into Building Multi-tenant Solutions on AWS ...
Deconstructing SaaS: A Deep Dive into Building Multi-tenant Solutions on AWS ...
Amazon Web Services
 
Deep Dive on Amazon S3 & Amazon Glacier Storage Management - STG311 - re:Inve...
Deep Dive on Amazon S3 & Amazon Glacier Storage Management - STG311 - re:Inve...Deep Dive on Amazon S3 & Amazon Glacier Storage Management - STG311 - re:Inve...
Deep Dive on Amazon S3 & Amazon Glacier Storage Management - STG311 - re:Inve...
Amazon Web Services
 
FSV302_An Architecture for Trade Capture and Regulatory Reporting
FSV302_An Architecture for Trade Capture and Regulatory ReportingFSV302_An Architecture for Trade Capture and Regulatory Reporting
FSV302_An Architecture for Trade Capture and Regulatory Reporting
Amazon Web Services
 
TechDays 2013 Jari Kallonen: What's New WebForms 4.5
TechDays 2013 Jari Kallonen: What's New WebForms 4.5TechDays 2013 Jari Kallonen: What's New WebForms 4.5
TechDays 2013 Jari Kallonen: What's New WebForms 4.5
Tieturi Oy
 
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Amazon Web Services
 
SRV312_Taking Serverless to the Edge
SRV312_Taking Serverless to the EdgeSRV312_Taking Serverless to the Edge
SRV312_Taking Serverless to the Edge
Amazon Web Services
 

Similaire à So I DevSecOpsed Office 365 (20)

SPSSTL - PowerShell - Through the SharePoint Looking Glass
SPSSTL - PowerShell - Through the SharePoint Looking GlassSPSSTL - PowerShell - Through the SharePoint Looking Glass
SPSSTL - PowerShell - Through the SharePoint Looking Glass
 
SPSTC - PowerShell - Through the SharePoint Looking Glass
SPSTC - PowerShell - Through the SharePoint Looking GlassSPSTC - PowerShell - Through the SharePoint Looking Glass
SPSTC - PowerShell - Through the SharePoint Looking Glass
 
How Netflix Is Solving Authorization Across Their Cloud
How Netflix Is Solving Authorization Across Their CloudHow Netflix Is Solving Authorization Across Their Cloud
How Netflix Is Solving Authorization Across Their Cloud
 
BRK2004_Embrace Office 365 Groups: Overview and Roadmap
BRK2004_Embrace Office 365 Groups: Overview and RoadmapBRK2004_Embrace Office 365 Groups: Overview and Roadmap
BRK2004_Embrace Office 365 Groups: Overview and Roadmap
 
Amazon RDS for PostgreSQL: What's New and Lessons Learned - NY 2017
Amazon RDS for PostgreSQL: What's New and Lessons Learned - NY 2017Amazon RDS for PostgreSQL: What's New and Lessons Learned - NY 2017
Amazon RDS for PostgreSQL: What's New and Lessons Learned - NY 2017
 
SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...
SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...
SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...
 
The 1%: Identity and Governance Patterns from the Most Advanced AWS Customers...
The 1%: Identity and Governance Patterns from the Most Advanced AWS Customers...The 1%: Identity and Governance Patterns from the Most Advanced AWS Customers...
The 1%: Identity and Governance Patterns from the Most Advanced AWS Customers...
 
API Management: La Puerta de enlace (por Francisco Nieto)
API Management: La Puerta de enlace (por Francisco Nieto)API Management: La Puerta de enlace (por Francisco Nieto)
API Management: La Puerta de enlace (por Francisco Nieto)
 
Chapter 8
Chapter 8Chapter 8
Chapter 8
 
Deconstructing SaaS: A Deep Dive into Building Multi-tenant Solutions on AWS ...
Deconstructing SaaS: A Deep Dive into Building Multi-tenant Solutions on AWS ...Deconstructing SaaS: A Deep Dive into Building Multi-tenant Solutions on AWS ...
Deconstructing SaaS: A Deep Dive into Building Multi-tenant Solutions on AWS ...
 
Deep Dive on Amazon S3 & Amazon Glacier Storage Management - STG311 - re:Inve...
Deep Dive on Amazon S3 & Amazon Glacier Storage Management - STG311 - re:Inve...Deep Dive on Amazon S3 & Amazon Glacier Storage Management - STG311 - re:Inve...
Deep Dive on Amazon S3 & Amazon Glacier Storage Management - STG311 - re:Inve...
 
STG311_Deep Dive on Amazon S3 & Amazon Glacier Storage Management
STG311_Deep Dive on Amazon S3 & Amazon Glacier Storage ManagementSTG311_Deep Dive on Amazon S3 & Amazon Glacier Storage Management
STG311_Deep Dive on Amazon S3 & Amazon Glacier Storage Management
 
FSV302_An Architecture for Trade Capture and Regulatory Reporting
FSV302_An Architecture for Trade Capture and Regulatory ReportingFSV302_An Architecture for Trade Capture and Regulatory Reporting
FSV302_An Architecture for Trade Capture and Regulatory Reporting
 
TechDays 2013 Jari Kallonen: What's New WebForms 4.5
TechDays 2013 Jari Kallonen: What's New WebForms 4.5TechDays 2013 Jari Kallonen: What's New WebForms 4.5
TechDays 2013 Jari Kallonen: What's New WebForms 4.5
 
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
 
SRV312_Taking Serverless to the Edge
SRV312_Taking Serverless to the EdgeSRV312_Taking Serverless to the Edge
SRV312_Taking Serverless to the Edge
 
EnablingPowerfulAndPersonalizedSearchExperienceUsingElastic7.15
EnablingPowerfulAndPersonalizedSearchExperienceUsingElastic7.15EnablingPowerfulAndPersonalizedSearchExperienceUsingElastic7.15
EnablingPowerfulAndPersonalizedSearchExperienceUsingElastic7.15
 
Detective Controls: Gain Visibility and Record Change:
Detective Controls: Gain Visibility and Record Change: Detective Controls: Gain Visibility and Record Change:
Detective Controls: Gain Visibility and Record Change:
 
Incident Response on AWS - A Practical Look.pdf
Incident Response on AWS - A Practical Look.pdfIncident Response on AWS - A Practical Look.pdf
Incident Response on AWS - A Practical Look.pdf
 
IoT Heaps 6
IoT Heaps 6IoT Heaps 6
IoT Heaps 6
 

Dernier

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 

Dernier (20)

Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

So I DevSecOpsed Office 365

  • 1. @AlexMags So I DevSecOpsed Office 365 @alexmags #winops
  • 2. @AlexMags Alex Magnay Twitter: @alexmags Email: alex@alexmags.com linkedin.com/in/amagnay
  • 3. @AlexMags This talk • Unconventional use of Release Pipelines • Office 365 configuration as versioned code • Releasing changes through environments to prod • Testing Office 365 configuration compliance • NIST CyberSecurity Framework
  • 4. @AlexMags MS-500 Microsoft 365 Security Administration Scenario: Contoso Group (CG) is a financial services organisation. Contoso is splitting off it’s investment banking division as a new company named Fabrikam Ltd Contoso Group has 70,000 users, Fabrikam has 7000 users. Objective: Prepare new foundational IT services for Fabrikam to operate independently of Contoso. Adopt a cloud first approach.
  • 5. @AlexMags So much to configure!!! • AAD tenant config • AAD Privliged Identity Management • AAD Conditional Access • Office 365 Groups policies • Exchange spam policies • Exchange anti phish policies • Exchange Malware filter policy • Exchange safe attachments policies • Exchange safe links policies • Exchange org config • Exchange Authentication policies • Exchange DKIM and antispoofing • Exchange role-based access • Exchange Transport Rules • Exchange connector TLS policies • Exchange Data loss prevention policies • Sensitive information types • Office 365 audit log alerts • Data Retention policies • SharePoint tenant config • SharePoint DLP policies • SharePoint role-based access • Teams messaging policies • Teams meeting policies • Teams client policies • Teams federation • Teams role-based access • Etc…. • Etc…. • Etc….
  • 15. @AlexMags Subscriptions AAD Identity Accounts Invoicing EA Portal Enterprise Agreement Fabricam IT Lab domain Azure Lab O365 Lab (MPSA) Test domain Azure Test O365 Test (MPSA) Production domain Azure Prod O365 Production Azure DevOps Research Grid Contoso IT Production
  • 24. @AlexMags Read tenant config and set stuff $TenantSettingsJson = get-content 'ExchangeAuthenticationPolicies.json' | ConvertFrom-Json Foreach ($policy in $TenantSettingsJson) { Write-Output "Applying Exchange authentication policies for: $($policy.identity)" # build hashtable of switches for PowerShell splatting $HashArguments = @{ AllowBasicAuthActiveSync = $policy.AllowBasicAuthActiveSync AllowBasicAuthAutodiscover =$policy.AllowBasicAuthAutodiscover AllowBasicAuthImap = $policy.AllowBasicAuthImap AllowBasicAuthMapi = $policy.AllowBasicAuthMapi AllowBasicAuthOfflineAddressBook = $policy.AllowBasicAuthOfflineAddressBook AllowBasicAuthOutlookService = $policy.AllowBasicAuthOutlookService AllowBasicAuthPop = $policy.AllowBasicAuthPop AllowBasicAuthReportingWebServices = $policy.AllowBasicAuthReportingWebServices AllowBasicAuthRpc =$policy.AllowBasicAuthRpc AllowBasicAuthSmtp = $policy.AllowBasicAuthSmtp AllowBasicAuthWebServices = $policy.AllowBasicAuthWebServices AllowBasicAuthPowershell = $policy.AllowBasicAuthPowershell } # Test if policy if exists and update it. Otherwise create new policy If (Get-AuthenticationPolicy -Identity $policy.name -ErrorAction SilentlyContinue) { Set-AuthenticationPolicy -Identity $policy.name @HashArguments -Verbose } else # create new policy { New-AuthenticationPolicy -name $policy.Name @HashArguments -Verbose } } 1. Create object from JSON 2. Loop though policies in JSON object 3. Build hash table of command switches based on object properties 4a. Execute set command with switches or 4b. Execute new command with switches
  • 25. @AlexMags Release approvals • Approvals to individual or team • Approve & defer to change time • Approval Policies • Can’t approve own releases • Require additional MFA check • Release gates • Check ServiceNow change approval
  • 31. @AlexMags Lab tenant config exported to JSON # Export Exchange auth policies Get-AuthenticationPolicy ` | ConvertTo-Json -Depth 10 ` | Out-File "ExchangeAuthenticationPolicies.json"
  • 33. @AlexMags Testing with Pester https://github.com/pester Describe 'Notepad’ { It 'Exists in Windows folder’ { 'C:Windowsnotepad.exe' | Should -Exist } } Describing Notepad [+] Exists in Windows folder 4ms
  • 34. @AlexMags Testing with Pester https://github.com/pester Describe 'Notepad’ { It 'Exists in Windows folder’ { 'C:WindowsNotAtAllPad.exe' | Should -Exist ` -because "law 57 of Windows builds" } } Describing Notepad [-] Exists in Windows folder 17ms Expected path 'C:WindowsNotAtAllPad.exe' to exist, because law 57 of Windows builds, but it did not exist.
  • 35. @AlexMags Test tenant config compared to JSON $TenantSettingsJson = get-content $genericJSONPath | ConvertFrom-Json $currentCompanyConfig = Get-AzureADMSGroupLifecyclePolicy -ErrorAction SilentlyContinue # Note "-because" parameters requires Pester module v4 Describe "Office365 group lifecycle policy for $($AADtenant.DisplayName)" { it "Office 365 group lifecycle policy" { $currentCompanyConfig | should -not -BeNullOrEmpty ` -Because "Office 365 group lifecycle policy ensures projects are closed down and data archived" } it "Office 365 Group lifetime" { $currentCompanyConfig.GroupLifetimeInDays | should -be $TenantSettingsJson.GroupLifetimeInDays ` -Because "Unused o365 groups should be archived after $($TenantSettingsJson.GroupLifetimeInDays)" } it "Office 365 group notification mails" { $currentCompanyConfig.AlternateNotificationEmails | should -be $TenantSettingsJson.AlternateNotificationEmails ` -Because "$($TenantSettingsJson.AlternateNotificationEmails) should be notified of unused o365 groups" } } Read JSON, get current config Assert that current config shouldn’t be blank/unset Assert that current config should match JSON
  • 40. @AlexMags Incident tickets in ServiceNow • Email to special email address • ServiceNow email flow rule based on TO: address • Email becomes incident in correct assignment group • Azure DevOps notification rule logic: Only email on 1st failure after a success
  • 41. @AlexMags The good • Misconfigurations detected quickly • Microsoft feature changes detected • Can demonstrate IT are in control
  • 42. @AlexMags The good, the bad • Requires frequent maintenance to keep up with organisation changes • Requires frequent maintenance to keep up with Microsoft changes/new features • Maintenance requires PowerShell & DevOps skills
  • 43. @AlexMags The good, the bad, the ugly • Outsourced operations teams don’t have PowerShell automation skills “we’re administrators not developers!”
  • 44. @AlexMags The future? • Continuous assessment of SaaS configuration with SaaS Security Posture Management (SSPM)

Notes de l'éditeur

  1. Background infrastructure engineering teams investment banking, asset management High availability, high security, regulatory compliance. Come off Office365 deployment. Sprinked DevOps on it
  2. On prem vs IaaS Terrafrom Why youre here. WHAT it is Terraform workflow HOW to use it Demo Terraform for Dev, Sec, and Ops News Warning: Fetish for excruciating PowerPoint transitions.
  3. Green field. Whole stack. New domain. New tenant
  4. All the configuration needs to be tracked, maintained
  5. Office365 Security Portal
  6. Graph API you can export this list of improvement actions and see if any flipped from completed to not completed?
  7. Graph API you can export this list of improvement actions and see if any flipped from completed to not completed?
  8. Most accessible intro to release pipelines. Esp OPS guys
  9. When you’ve been configuring Conditional Access by hand, and locked yourself and the entire company out, you know it. http://www.jklossner.com/humannature
  10. EA (250 users minimum) MPSA (points, # users vary on E3 or E5)
  11. LOGICALLY
  12. Admins subject to CA policy
  13. VSTS Packer
  14. Vault for your project
  15. Azure DevOps scheduler
  16. The account provided gives the code context Onmicrosoft.com
  17. Additional approval required to deploy prod
  18. Additional approval required to deploy prod
  19. PESTER
  20. Config exported to JSON
  21. Assert things that should be true and you want to know if they’re not
  22. Assert things that should be true and you want to know if they’re not
  23. Test current config compared to JSON