Presentation from IAMCP QPM Au and NZ in May 2021

1. Microsoft Security
May 2021
@directorcia
http://about.me/ciaops

2. The Security Dilemma

3. https://www.amazon.ca/Nico-Cigarettes-Pregnant-
Photo-Print/dp/B01N64C16J
Some
things
have
changed

4. Some
things
haven’t
changed

5. Challenges with SecOps
1“The Cost of Insecure Endpoints” Ponemon Institute© Research Report 2Verizon Data Breach Investigations Report 2020 3Nick McQuire, VP Enterprise Research CCS Insight. 4The Road to Security Operations Maturity,
Siemplify, 2019
Over 80%
of data breaches involve use of
stolen credentials or brute force2
$1.37M
Average that an organization spends
annually in time wasted responding
to erroneous malware alerts1
70
Security products from 35 vendors
Is the average for companies with
over 1,000 employees3
Only 20%
of SecOps professionals feel their
organization’s capabilities are mature4

6. Lack of expertise
Not enough resources
Less familiar
Overwhelmed
?
?
62% SMBs lack the skills in-house
to deal with security issues.3
62%
90% SMBs would consider hiring a new
managed services provider (MSP) if they
offered the right cybersecurity solution
89%
Why should partners care? Security creates recurring revenue opptunity
89% of SMB customers see cyber
security as the top priority in their orgs
3 Underserved and Unprepared: The State of SMB Cyber Security in 2019
90%

8. Microsoft
surpasses $10
billion in
security
business
revenue, more
than 40
percent year-
over-year
growth
https://www.microsoft.com/securi
ty/blog/2021/01/27/microsoft-
surpasses-10-billion-in-security-
business-revenue-more-than-40-
percent-year-over-year-growth/

9. PCs, tablets, mobile
Office 365 Data Loss Prevention
Windows Information Protection
& BitLocker for Windows 10
Azure Information Protection
Exchange Online,
SharePoint Online,
Skype for Business &
OneDrive for Business
Highly
regulated
Microsoft Intune MDM & MAM
for Windows, iOS & Android Microsoft Cloud App Security
Office 365 Advanced Data Governance
Azure
Information
Protection
Comprehensive protection of sensitive data across devices, cloud services, and on-premises
Windows 10 Office 365 EM+S & Cloud
Services
Advanced Device
Management

11. Unique insights, informed by trillions of signals

12. Microsoft Threat Intelligence
BuiltondiversesignalsourcesandAI

13. Where should you start?

20. What Is The Issue Enabling MFA?
https://www.coreview.com/resources/whitepaper/microsoft-365-app-security-governance-shadow-it-report/

21. Getting to a world without passwords
Microsoft Authenticator FIDO2 Security Keys
Windows Hello

22. Require MFA
Allow access
Deny access
Force
password reset
******
Limit access
Controls
On-premises apps
Web apps
Users
Devices
Location
Apps
Conditions
Policies
Real time
Evaluation
Engine
Session
Risk
3
40TB
Effective
policy
Azure AD Identity Protection + Azure AD conditional access
Maximize Security. Maximize Productivity.
Machine
learning

24. Conditional Access GPS-based named locations now in public
preview
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/conditional-access-gps-based-named-locations-
now-in-public/ba-p/2365687

25. Forrester names
Microsoft a Leader in
the 2021 Enterprise
Email Security Wave
https://www.microsoft.com/security/blog/2021/05/06/forr
ester-names-microsoft-a-leader-in-the-2021-enterprise-
email-security-wave/

26. Multi-Layered protection stack

29. https://security.microsoft.com/auditlogsearch

30. Protection Alerts
https://protection.office.com/alertpolicies

31. https://security.microsoft.com/

32. Microsoft Cloud App
Security
What is Microsoft CAS ?
A multi-mode Cloud Access Security Broker
Insights into threats to identity and data
Raise alerts on user or file behavior anomalies in cloud apps
leveraging their API connectors
In scope for this engagement (with Office 365)
Ability to respond to detected threats, discover shadow IT
usage and configure application monitoring and control
Out of scope for this engagement
Requirements
Available to organizations with an Azure tenant or an Office 365
commercial subscription and who are in the multi-tenant and Office
365 U.S. Government Community cloud

33. Unusual file share activity
Unusual file download
Unusual file deletion activity
Ransomware activity
Data exfiltration to unsanctioned apps
Activity by a terminated employee
Indicators of a
compromised session
Malicious use of
an end-user account
Suspicious inbox rules (delete, forward)
Malware implanted in cloud apps
Malicious OAuth application
Multiple failed login attempts to app
Threat delivery
and persistence
!
!
!
Unusual impersonated activity
Unusual administrative activity
Unusual multiple delete VM activity
Malicious use of
a privileged user
Activity from suspicious IP addresses
Activity from anonymous IP addresses
Activity from an infrequent country
Impossible travel between sessions
Logon attempt from a suspicious user agent

34. Gartner names
Microsoft a Leader in
the 2021 Endpoint
Protection Platforms
Magic Quadrant
https://www.microsoft.com/security/blog/2021/05/11/gart
ner-names-microsoft-a-leader-in-the-2021-endpoint-
protection-platforms-magic-quadrant/

36. Azure Sentinel
What is Azure Sentinel?
Microsoft Azure Sentinel is a scalable, cloud-native, security
information event management (SIEM) and security
orchestration automated response (SOAR) solution
Insights into threats
Get a birds-eye view across all data ingested and detect threats
using Microsoft's analytics and threat intelligence. Investigate
threats with artificial intelligence and hunt for suspicious activities
In scope for this engagement
Ability to automatically respond to detected threats
Out of scope for this engagement
Requirements
Available to organizations with an Azure tenant

37. Azure Sentinel

38. ….and there isn’t enough time to mention
• Device Guard
• Exploit Guard
• Application Guard
• Credential Guard
• App Locker
• Attack Surface Reduction
• Bitlocker
• Security Baselines
• Azure Information Protection
• Azure Identity Protection
• And a whole lot more

39. Take aways
• Microsoft Security is a Leader in five Magic Quadrants-
https://www.microsoft.com/en-au/security/business/security-leaders-gartner-magic-
quadrant
• Many are not implementing protections Microsoft include with Microsoft
365 and Windows
• Look to all the different ‘scoring’ (i.e., Secure Score) as a place to start
• Don’t just think of Microsoft 365 when it comes to security
• Microsoft provides integration across its security services
• Microsoft provides automation across its security services
• ALL production accounts, user AND administrator MUST have MFA!
• Use machine intelligence and AI to make your life easier

40. Resources
• Cyber Security: The Small Business Best Practice Guide -
https://www.asbfeo.gov.au/sites/default/files/documents/ASBFEO-cyber-security-research-report.pdf
• Australian Cyber Security Centre - https://www.cyber.gov.au/
• Office 365 Security and Compliance - https://docs.microsoft.com/en-
us/office365/securitycompliance/
• Microsoft Trust Center - https://www.microsoft.com/en-us/trustcenter/security/office365-security
• Microsoft Secure Score - https://docs.microsoft.com/en-us/office365/securitycompliance/microsoft-
secure-score
• Microsoft 365 for Partners Security - https://www.microsoft.com/microsoft-365/partners/security
• What are Security defaults - https://docs.microsoft.com/en-gb/azure/active-
directory/fundamentals/concept-fundamentals-security-defaults
• Introducing conditional access for Office 365 - https://techcommunity.microsoft.com/t5/azure-
active-directory-identity/introducing-conditional-access-for-the-office-365-suite/ba-p/1131979

41. Email : director@ciaops.com
Twitter : @directorcia