SlideShare une entreprise Scribd logo

How to get deeper administration insights into your tenant

Robert Crane
Robert Crane

Microsoft Cloud App Security is a powerful reporting and alerting tool that provides deep analytics into your Microsoft 365 tenant. Combined with other agents it can be a central place to bring all your reporting and alerting together and even incorporate information from endpoints, servers and firewalls. Come and learn why Microsoft Cloud App Security provides administrators power beyond their wildest dreams when it comes to managing Microsoft 365.

Internet
1  sur  48
Télécharger pour lire hors ligne
#M365May @M365May M365May.com THANK YOU TO OUR SPONSORSTHANK YOU TO OUR SPONSORS
#M365May @M365May M365May.com ROBERT CRANE MEGAN & LORYAN STRANT | STRANT CONSULTING HOW TO GET DEEPER ADMINISTRATION INSIGHTS INTO YOUR TENANT @directorcia http://about.me/ciaops
Detect ProtectClassify Monitor C L O U DD E V I C E S O N P R E M I S E S Comprehensive protection of sensitive data throughout the lifecycle – across devices, apps, cloud services and on-premises Microsoft’s approach to information protection
User browses to a website Phishing mail Opens attachment Clicks on a URL + Exploitation & Installation Command & Control Brute force account or use stolen account credentials User account is compromised Attacker attempts lateral movement Privileged account compromised Domain compromised Attacker accesses sensitive data Exfiltrate data Protection across Azure AD Identity Protection Identity protection & conditional access Cloud App Security Extends protection & conditional access to other cloud apps Azure ATP Azure AD Identity Protection Identity protection & conditional access Identity protection Windows Defender ATP Endpoint protection Office 365 ATP Malware detection, safe links, safe attachments Attacker collects recon and config data
Phishinglllllllll Password Spraylllllllll Breach Replay attacker-driven sign-ins detected in October 20191.7B high-risk enterprise sign-in attempts flagged in October 2019901K compromised enterprise accounts detected in October 2019 162K Phishinglllllllll Password Spraylllllllll Breach Replay of hacking breaches leverage stolen or weak passwords 81% Verizon 2017 Data Breach Investigation Report 300% increase in identity attacks over the past year. 2017: 10M/day 2018: 100M/day 2019: 300M/day 2.5% definitively password spray; 1.6% definitively breach replay; 95.9% indeterminate
devices datausers apps On-premises / Private cloud Firewall used to be the Security Perimeter
$$ Office 365 On- premises
Unique insights, informed by trillions of signals
Azure AD as the control point Active Directory
Logs
https://protection.office.com/unifiedauditlog
https://protection.office.com/unifiedauditlog
How long does Azure AD store the data? https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/reference-reports-data-retention
Alerts
Protection Alerts https://protection.office.com/alertpolicies
Activity Alerts https://protection.office.com/managealerts
#M365May @M365May M365May.com COMPETITION WEEK 1 REGISTERED PARTICIPANTS - SCAN THE QR CODE TO ENTER THE PRIZE DRAW COMPETITION AND PRIZE RULES m365may.com/competition-rules
Monitor
Microsoft Cloud App Security What is Microsoft CAS ? A multi-mode Cloud Access Security Broker Insights into threats to identity and data Raise alerts on user or file behavior anomalies in cloud apps leveraging their API connectors In scope for this engagement (with Office 365) Ability to respond to detected threats, discover shadow IT usage and configure application monitoring and control Out of scope for this engagement Requirements Available to organizations with an Azure tenant or an Office 365 commercial subscription and who are in the multi-tenant and Office 365 U.S. Government Community cloud
Malicious Insider Protect against disgruntled employees before they cause damage Ransomware Identify ransomware using sophisticated behavioral analytics technology Rogue Application Identify rouge applications that access your data Compromised Accounts Combat advanced attackers that leverage compromise user credentials Malware Detect malware in cloud storage as soon as it’s uploaded Data exfiltration Detect unusual flow of data outside of your organization
Blast Off
Unusual file share activity Unusual file download Unusual file deletion activity Ransomware activity Data exfiltration to unsanctioned apps Activity by a terminated employee Indicators of a compromised session Malicious use of an end-user account Suspicious inbox rules (delete, forward) Malware implanted in cloud apps Malicious OAuth application Multiple failed login attempts to app Threat delivery and persistence ! ! ! Unusual impersonated activity Unusual administrative activity Unusual multiple delete VM activity Malicious use of a privileged user Activity from suspicious IP addresses Activity from anonymous IP addresses Activity from an infrequent country Impossible travel between sessions Logon attempt from a suspicious user agent
Demo
https://docs.microsoft.com/en-us/azure/sentinel/overview
Conclusions
Resources • Cloud App Discovery/Security - https://blog.ciaops.com/2019/05/31/cloud-app-discovery-security/ • Quickstart: Get started with Microsoft Cloud App Security - https://docs.microsoft.com/en- gb/cloud-app-security/getting-started-with-cloud-app-security • Office 365 Security and Compliance - https://docs.microsoft.com/en- us/office365/securitycompliance/ • Set up Cloud Discovery - https://docs.microsoft.com/en-gb/cloud-app-security/set-up-cloud- discovery • Microsoft Cloud App Security overview - https://docs.microsoft.com/en-us/cloud-app- security/what-is-cloud-app-security • Microsoft 365 licensing guidance for security & compliance - https://docs.microsoft.com/en- us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services- licensing-guidance/microsoft-365-security-compliance-licensing-guidance • Microsoft Cloud App Security documentation - https://docs.microsoft.com/en-us/cloud-app- security/
Email : director@ciaops.com Twitter : @directorcia
#M365May @M365May M365May.com THANK YOU TO OUR SPONSORSTHANK YOU TO OUR SPONSORS
How to get deeper administration insights into your tenant

Recommandé

Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365
Robert Crane
 
Securely logging to Microsoft 365
Securely logging to Microsoft 365Securely logging to Microsoft 365
Securely logging to Microsoft 365
Robert Crane
 
December 2019 Microsoft 365 Need to Know Webinar
December 2019 Microsoft 365 Need to Know WebinarDecember 2019 Microsoft 365 Need to Know Webinar
December 2019 Microsoft 365 Need to Know Webinar
Robert Crane
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and Compliance
David J Rosenthal
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
Microsoft
 
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRIdentity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Jürgen Ambrosi
 
An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)
Robert Crane
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat Protection
Bitglass
 

Recommandé

Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365Thr30117 - Securely logging to Microsoft 365
Thr30117 - Securely logging to Microsoft 365
Robert Crane
 
Securely logging to Microsoft 365
Securely logging to Microsoft 365Securely logging to Microsoft 365
Securely logging to Microsoft 365
Robert Crane
 
December 2019 Microsoft 365 Need to Know Webinar
December 2019 Microsoft 365 Need to Know WebinarDecember 2019 Microsoft 365 Need to Know Webinar
December 2019 Microsoft 365 Need to Know Webinar
Robert Crane
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and Compliance
David J Rosenthal
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
Microsoft
 
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRIdentity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Jürgen Ambrosi
 
An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)
Robert Crane
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat Protection
Bitglass
 
Microsoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionMicrosoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat Protection
David J Rosenthal
 
Office 365 Security Best Practices
Office 365 Security Best PracticesOffice 365 Security Best Practices
Office 365 Security Best Practices
Community IT Innovators
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS Security
CloudLock
 
How to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksHow to protect your corporate from advanced attacks
How to protect your corporate from advanced attacks
Microsoft
 
Microsoft Cloud App Security
Microsoft Cloud App SecurityMicrosoft Cloud App Security
Microsoft Cloud App Security
Microsoft
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security Center
Microsoft
 
Be A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLock
Be A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLockBe A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLock
Be A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLock
CloudLock
 
Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...
Microsoft Österreich
 
Codeless Security for the Apps You Buy & Build on AWS
Codeless Security for the Apps You Buy & Build on AWSCodeless Security for the Apps You Buy & Build on AWS
Codeless Security for the Apps You Buy & Build on AWS
CloudLock
 
Microsoft Threat Protection
Microsoft Threat ProtectionMicrosoft Threat Protection
Microsoft Threat Protection
Thierry DEMAN
 
Microsoft EMS Enterprise Mobility and Security Architecture Poster
Microsoft EMS Enterprise Mobility and Security Architecture PosterMicrosoft EMS Enterprise Mobility and Security Architecture Poster
Microsoft EMS Enterprise Mobility and Security Architecture Poster
Ammar Hasayen
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity story
Microsoft Österreich
 
Protect your business with identity and access management in the cloud
Protect your business with identity and access management in the cloudProtect your business with identity and access management in the cloud
Protect your business with identity and access management in the cloud
Microsoft
 
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonImportance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Adam Levithan
 
Emma Aubert | Information Protection
Emma Aubert | Information ProtectionEmma Aubert | Information Protection
Emma Aubert | Information Protection
Microsoft Österreich
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
Birendra Negi ☁️
 
Thread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 Security
Thread Legal
 
Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASB
Ammar Hasayen
 
20181213 - wazug protecting your data with azure ad
20181213 - wazug protecting your data with azure ad20181213 - wazug protecting your data with azure ad
20181213 - wazug protecting your data with azure ad
Arjan Cornelissen
 
Securing Governing and Protecting Your Office 365 Investments
Securing Governing and Protecting Your Office 365 InvestmentsSecuring Governing and Protecting Your Office 365 Investments
Securing Governing and Protecting Your Office 365 Investments
Chris Bortlik
 
Microsoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMSMicrosoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMS
David J Rosenthal
 
Power Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 securityPower Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 security
PowerSaturdayParis
 

Contenu connexe

Tendances

Tendances (20)

Microsoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionMicrosoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat Protection
 
Office 365 Security Best Practices
Office 365 Security Best PracticesOffice 365 Security Best Practices
Office 365 Security Best Practices
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS Security
 
How to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksHow to protect your corporate from advanced attacks
How to protect your corporate from advanced attacks
 
Microsoft Cloud App Security
Microsoft Cloud App SecurityMicrosoft Cloud App Security
Microsoft Cloud App Security
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security Center
 
Be A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLock
Be A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLockBe A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLock
Be A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLock
 
Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...Stefan van der Wiele | Protect users identities and control access to valuabl...
Stefan van der Wiele | Protect users identities and control access to valuabl...
 
Codeless Security for the Apps You Buy & Build on AWS
Codeless Security for the Apps You Buy & Build on AWSCodeless Security for the Apps You Buy & Build on AWS
Codeless Security for the Apps You Buy & Build on AWS
 
Microsoft Threat Protection
Microsoft Threat ProtectionMicrosoft Threat Protection
Microsoft Threat Protection
 
Microsoft EMS Enterprise Mobility and Security Architecture Poster
Microsoft EMS Enterprise Mobility and Security Architecture PosterMicrosoft EMS Enterprise Mobility and Security Architecture Poster
Microsoft EMS Enterprise Mobility and Security Architecture Poster
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity story
 
Protect your business with identity and access management in the cloud
Protect your business with identity and access management in the cloudProtect your business with identity and access management in the cloud
Protect your business with identity and access management in the cloud
 
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonImportance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
 
Emma Aubert | Information Protection
Emma Aubert | Information ProtectionEmma Aubert | Information Protection
Emma Aubert | Information Protection
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
 
Thread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 SecurityThread Legal and Microsoft 365 Security
Thread Legal and Microsoft 365 Security
 
Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASB
 
20181213 - wazug protecting your data with azure ad
20181213 - wazug protecting your data with azure ad20181213 - wazug protecting your data with azure ad
20181213 - wazug protecting your data with azure ad
 
Securing Governing and Protecting Your Office 365 Investments
Securing Governing and Protecting Your Office 365 InvestmentsSecuring Governing and Protecting Your Office 365 Investments
Securing Governing and Protecting Your Office 365 Investments
 

Similaire à How to get deeper administration insights into your tenant

NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
Morgan Simonsen
 
Identity-Driven Security with Forsyte I.T. Solutions - Demos and Discovery
Identity-Driven Security with Forsyte I.T. Solutions - Demos and DiscoveryIdentity-Driven Security with Forsyte I.T. Solutions - Demos and Discovery
Identity-Driven Security with Forsyte I.T. Solutions - Demos and Discovery
Forsyte I.T. Solutions
 
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Karim Vaes
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
 

Similaire à How to get deeper administration insights into your tenant (20)

Microsoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMSMicrosoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMS
 
Power Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 securityPower Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 security
 
Secure remote work
Secure remote workSecure remote work
Secure remote work
 
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
 
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + SecurityGet Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
Get Ahead of Cyber Attacks with Microsoft Enterprise Mobility + Security
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview
 
Get ahead of cybersecurity with MS Enterprise Mobility + Security
Get ahead of cybersecurity with MS Enterprise Mobility + Security Get ahead of cybersecurity with MS Enterprise Mobility + Security
Get ahead of cybersecurity with MS Enterprise Mobility + Security
 
Cloud security monitoring
Cloud security monitoringCloud security monitoring
Cloud security monitoring
 
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
 
Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365Securing your Organization with Microsoft 365
Securing your Organization with Microsoft 365
 
The 15 best cloud security practices
The 15 best cloud security practices The 15 best cloud security practices
The 15 best cloud security practices
 
Microsoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsMicrosoft Avanced Threat Analytics
Microsoft Avanced Threat Analytics
 
Identity-Driven Security with Forsyte I.T. Solutions - Demos and Discovery
Identity-Driven Security with Forsyte I.T. Solutions - Demos and DiscoveryIdentity-Driven Security with Forsyte I.T. Solutions - Demos and Discovery
Identity-Driven Security with Forsyte I.T. Solutions - Demos and Discovery
 
Security and Compliance with SharePoint and Office 365
Security and Compliance with SharePoint and Office 365Security and Compliance with SharePoint and Office 365
Security and Compliance with SharePoint and Office 365
 
Msft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacksMsft cloud architecture_security_commonattacks
Msft cloud architecture_security_commonattacks
 
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam Levithan
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
 
Information protection & classification
Information protection & classificationInformation protection & classification
Information protection & classification
 

Plus de Robert Crane

Plus de Robert Crane (20)

202310
202310202310
202310
 
September 2023 CIAOPS Need to Know Webinar
September 2023 CIAOPS Need to Know WebinarSeptember 2023 CIAOPS Need to Know Webinar
September 2023 CIAOPS Need to Know Webinar
 
August 2023 CIAOPS Need to Know Webinar
August 2023 CIAOPS Need to Know WebinarAugust 2023 CIAOPS Need to Know Webinar
August 2023 CIAOPS Need to Know Webinar
 
July 2023 CIAOPS Need to Know Webinar
July 2023 CIAOPS Need to Know WebinarJuly 2023 CIAOPS Need to Know Webinar
July 2023 CIAOPS Need to Know Webinar
 
June 2023 CIAOPS Need to Know Webinar
June 2023 CIAOPS Need to Know WebinarJune 2023 CIAOPS Need to Know Webinar
June 2023 CIAOPS Need to Know Webinar
 
May 2023 CIAOPS Need to Know Webinar
May 2023 CIAOPS Need to Know WebinarMay 2023 CIAOPS Need to Know Webinar
May 2023 CIAOPS Need to Know Webinar
 
April 2023 CIAOPS Need to Know Webinar
April 2023 CIAOPS Need to Know WebinarApril 2023 CIAOPS Need to Know Webinar
April 2023 CIAOPS Need to Know Webinar
 
March 2023 CIAOPS Need to Know Webinar
March 2023 CIAOPS Need to Know WebinarMarch 2023 CIAOPS Need to Know Webinar
March 2023 CIAOPS Need to Know Webinar
 
January 2023 CIAOPS Need to Know Webinar
January 2023 CIAOPS Need to Know WebinarJanuary 2023 CIAOPS Need to Know Webinar
January 2023 CIAOPS Need to Know Webinar
 
December 2022 CIAOPS Need to Know Webinar
December 2022 CIAOPS Need to Know WebinarDecember 2022 CIAOPS Need to Know Webinar
December 2022 CIAOPS Need to Know Webinar
 
November 2022 CIAOPS Need to Know Webinar
November 2022 CIAOPS Need to Know WebinarNovember 2022 CIAOPS Need to Know Webinar
November 2022 CIAOPS Need to Know Webinar
 
October 2022 CIAOPS Need to Know Webinar
October 2022 CIAOPS Need to Know WebinarOctober 2022 CIAOPS Need to Know Webinar
October 2022 CIAOPS Need to Know Webinar
 
September 2022 CIAOPS Need to Know Webinar
September 2022 CIAOPS Need to Know WebinarSeptember 2022 CIAOPS Need to Know Webinar
September 2022 CIAOPS Need to Know Webinar
 
August 2022 CIAOPS Need to Know Webinar
August 2022 CIAOPS Need to Know WebinarAugust 2022 CIAOPS Need to Know Webinar
August 2022 CIAOPS Need to Know Webinar
 
July 2022 CIAOPS Need to Know Webinar
July 2022 CIAOPS Need to Know WebinarJuly 2022 CIAOPS Need to Know Webinar
July 2022 CIAOPS Need to Know Webinar
 
June 2022 CIAOPS Need to Know Webinar
June 2022 CIAOPS Need to Know WebinarJune 2022 CIAOPS Need to Know Webinar
June 2022 CIAOPS Need to Know Webinar
 
May 2022 CIAOPS Need to Know Webinar
May 2022 CIAOPS Need to Know WebinarMay 2022 CIAOPS Need to Know Webinar
May 2022 CIAOPS Need to Know Webinar
 
April 2022 CIAOPS Need to Know Webinar
April 2022 CIAOPS Need to Know WebinarApril 2022 CIAOPS Need to Know Webinar
April 2022 CIAOPS Need to Know Webinar
 
An introduction to Defender for Business
An introduction to Defender for BusinessAn introduction to Defender for Business
An introduction to Defender for Business
 
March 2022 CIAOPS Need to Know Webinar
March 2022 CIAOPS Need to Know WebinarMarch 2022 CIAOPS Need to Know Webinar
March 2022 CIAOPS Need to Know Webinar
 

Dernier

VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
kojalkojal131
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
SUHANI PANDEY
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Escorts Call Girls
 
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft DatingDubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
kojalkojal131
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Chandigarh Call girls 9053900678 Call girls in Chandigarh
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Delhi Call girls
 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
SUHANI PANDEY
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
roncy bisnoi
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
SUHANI PANDEY
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
singhpriety023
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
soniya singh
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
tanu pandey
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
Neha Pandey
 

Dernier (20)

VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
 
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft DatingDubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 

How to get deeper administration insights into your tenant

  • 1. #M365May @M365May M365May.com THANK YOU TO OUR SPONSORSTHANK YOU TO OUR SPONSORS
  • 2. #M365May @M365May M365May.com ROBERT CRANE MEGAN & LORYAN STRANT | STRANT CONSULTING HOW TO GET DEEPER ADMINISTRATION INSIGHTS INTO YOUR TENANT @directorcia http://about.me/ciaops
  • 3. Detect ProtectClassify Monitor C L O U DD E V I C E S O N P R E M I S E S Comprehensive protection of sensitive data throughout the lifecycle – across devices, apps, cloud services and on-premises Microsoft’s approach to information protection
  • 4. User browses to a website Phishing mail Opens attachment Clicks on a URL + Exploitation & Installation Command & Control Brute force account or use stolen account credentials User account is compromised Attacker attempts lateral movement Privileged account compromised Domain compromised Attacker accesses sensitive data Exfiltrate data Protection across Azure AD Identity Protection Identity protection & conditional access Cloud App Security Extends protection & conditional access to other cloud apps Azure ATP Azure AD Identity Protection Identity protection & conditional access Identity protection Windows Defender ATP Endpoint protection Office 365 ATP Malware detection, safe links, safe attachments Attacker collects recon and config data
  • 5. Phishinglllllllll Password Spraylllllllll Breach Replay attacker-driven sign-ins detected in October 20191.7B high-risk enterprise sign-in attempts flagged in October 2019901K compromised enterprise accounts detected in October 2019 162K Phishinglllllllll Password Spraylllllllll Breach Replay of hacking breaches leverage stolen or weak passwords 81% Verizon 2017 Data Breach Investigation Report 300% increase in identity attacks over the past year. 2017: 10M/day 2018: 100M/day 2019: 300M/day 2.5% definitively password spray; 1.6% definitively breach replay; 95.9% indeterminate
  • 6. devices datausers apps On-premises / Private cloud Firewall used to be the Security Perimeter
  • 7.
  • 9. Unique insights, informed by trillions of signals
  • 10.
  • 11.
  • 12. Azure AD as the control point Active Directory
  • 13. Logs
  • 16. How long does Azure AD store the data? https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/reference-reports-data-retention
  • 20. #M365May @M365May M365May.com COMPETITION WEEK 1 REGISTERED PARTICIPANTS - SCAN THE QR CODE TO ENTER THE PRIZE DRAW COMPETITION AND PRIZE RULES m365may.com/competition-rules
  • 22. Microsoft Cloud App Security What is Microsoft CAS ? A multi-mode Cloud Access Security Broker Insights into threats to identity and data Raise alerts on user or file behavior anomalies in cloud apps leveraging their API connectors In scope for this engagement (with Office 365) Ability to respond to detected threats, discover shadow IT usage and configure application monitoring and control Out of scope for this engagement Requirements Available to organizations with an Azure tenant or an Office 365 commercial subscription and who are in the multi-tenant and Office 365 U.S. Government Community cloud
  • 23. Malicious Insider Protect against disgruntled employees before they cause damage Ransomware Identify ransomware using sophisticated behavioral analytics technology Rogue Application Identify rouge applications that access your data Compromised Accounts Combat advanced attackers that leverage compromise user credentials Malware Detect malware in cloud storage as soon as it’s uploaded Data exfiltration Detect unusual flow of data outside of your organization
  • 24.
  • 25.
  • 26.
  • 27.
  • 29.
  • 30.
  • 31.
  • 32. Unusual file share activity Unusual file download Unusual file deletion activity Ransomware activity Data exfiltration to unsanctioned apps Activity by a terminated employee Indicators of a compromised session Malicious use of an end-user account Suspicious inbox rules (delete, forward) Malware implanted in cloud apps Malicious OAuth application Multiple failed login attempts to app Threat delivery and persistence ! ! ! Unusual impersonated activity Unusual administrative activity Unusual multiple delete VM activity Malicious use of a privileged user Activity from suspicious IP addresses Activity from anonymous IP addresses Activity from an infrequent country Impossible travel between sessions Logon attempt from a suspicious user agent
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39. Demo
  • 41.
  • 42.
  • 44.
  • 45. Resources • Cloud App Discovery/Security - https://blog.ciaops.com/2019/05/31/cloud-app-discovery-security/ • Quickstart: Get started with Microsoft Cloud App Security - https://docs.microsoft.com/en- gb/cloud-app-security/getting-started-with-cloud-app-security • Office 365 Security and Compliance - https://docs.microsoft.com/en- us/office365/securitycompliance/ • Set up Cloud Discovery - https://docs.microsoft.com/en-gb/cloud-app-security/set-up-cloud- discovery • Microsoft Cloud App Security overview - https://docs.microsoft.com/en-us/cloud-app- security/what-is-cloud-app-security • Microsoft 365 licensing guidance for security & compliance - https://docs.microsoft.com/en- us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services- licensing-guidance/microsoft-365-security-compliance-licensing-guidance • Microsoft Cloud App Security documentation - https://docs.microsoft.com/en-us/cloud-app- security/
  • 47. #M365May @M365May M365May.com THANK YOU TO OUR SPONSORSTHANK YOU TO OUR SPONSORS