office 365 security assessment delivery guide... · web viewoffice 365 security...

Office 365 Security Assessment Delivery Guide

Office 365 Security Assessment

Latest version: http://aka.ms/o365securityassessment

© 2017 Microsoft Corporation. All rights reserved. This document is provided "as-is." Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. This document does not provide you with any legal rights to any intellectual property in any Microsoft product. Office 365 customers and partners may copy, use and share these materials for planning, deployment and operation of Office 365 features.

document.docx Page 1 of 35

http://aka.ms/o365securityassessment


Table of ContentsIntroduction........................................................................................................................ 4

Version History................................................................................................................4Audience......................................................................................................................... 4Feedback......................................................................................................................... 4

Engagement Overview.......................................................................................................5Objective......................................................................................................................... 6

Recommended Skills and Experience.................................................................................6Timeline.......................................................................................................................... 7Engagement Requirements.............................................................................................7Deliverables....................................................................................................................8

Office 365 Security Assessment Engagement Preparation.................................................8Preparation for the Kick-off Meeting................................................................................8Preparation for the Readiness Presentations..................................................................8Preparation for Day One of the On-site Workshops.........................................................9Preparation for Day Two of the On-site Workshops.......................................................10

Delivering the Office 365 Security Assessment................................................................12General Delivery Tips....................................................................................................12Kick-off Meeting............................................................................................................12Day One of the On-site Workshops...............................................................................12

On-site Engagement Overview..................................................................................12Office 365 Security Technical Readiness Presentation..................................................13

Office 365 Security Overview.....................................................................................13Customer Security Strategy.......................................................................................13Review Security Questionnaire..................................................................................13Office 365 Secure Score Overview.............................................................................13Day one wrap up and Q&A.........................................................................................13

Day Two of the On-site Workshops...............................................................................13Day Two Briefing........................................................................................................13Secure Score Recommendations / Discussion............................................................13Office 365 Security Roadmap Workshop....................................................................14Project close-out and Next steps................................................................................14

Example Schedule............................................................................................................15Day One........................................................................................................................ 15Day Two........................................................................................................................ 16

Office 365 Security Assessment Assets............................................................................17Engagement Tools...........................................................................................................18

Office 365 Secure Score................................................................................................18Instructions on how to export the Secure Score data................................................19




Import the Secure Score data into the Office 356 Assessment-Remediation Checklist Tool............................................................................................................................ 21

Office 365 Advanced Security Management.................................................................24Remediation Checklist Tool...........................................................................................28

Appendix.......................................................................................................................... 30Readiness Content........................................................................................................30General......................................................................................................................... 30

Readiness Presentations............................................................................................30




IntroductionThis document contains the delivery guidance for the Office 365 Security Assessment offering. The Office 365 Security Assessment is a structured engagement which uses the Office 365 Secure Score tool to evaluate and prioritize Office 365 tenant security settings of an organization. The Office 365 Security Assessment offering has been designed to help you as a partner create and present a customized, prioritized and actionable roadmap based on the recommendations from the Office 365 Secure Score tool to your customers.The purpose of this document is to provide guidance on how to deliver the Office 365 Security Assessment, including details about the artefacts included within the offering.Important! The Office 365 Security Assessment offering should be considered as an example on how to conduct an Office 365 Security Assessment using Secure Score. The artefacts within the Office 365 assessment must be customized so that the engagement is aligned to your organization’s own value proposition, workflows, delivery methodologies, related work streams and offerings. The outcome of the Office 365 Security Assessment is intended to assist with the development a roadmap of actionable customer recommendations used to drive additional project based work or can be used to inform a repeatable lifecycle of security management tasks within a managed service offering.The Secure Score is a numerical summary of your security posture within Office 365 based on system configurations, user behaviour and other security related measurements; it is not an absolute measurement of how likely your system or data will be breached; rather, it represents the extent to which you have adopted security controls available in Office 365 which can help offset the risk of being breached. No online service is completely immune from security breaches; the Secure Score should not be interpreted as a guarantee against security breach in any manner.

Version HistoryTable 1 – Summary of Changes

Version Changes Date1.0 Initial Release 12-Apr-2017

AudienceThe document is intended to be used by the partner and should not be distributed to the customer.

FeedbackThe artefacts within this offering will be iteratively improved based on product released as well as direct feedback from delivered engagements. To provide feedback, use the feedback process available through following web site: http://aka.ms/securityassessmentfeedback



http://aka.ms/securityassessmentfeedback


Engagement OverviewThe following table provides an overview of the information categories included as part of delivering the Office 365 Security Assessment:Category DescriptionTimeline Milestone One: Up to two-hour pre-engagement kick-off meeting

Milestone Two: Two days of on-site workshopsTime and material

Estimated 24h engagement using the example schedule (expenses should be added)

Target customers

Customers who have already decided to adopt the cloud and Office 365 and have an Office 365 tenant already in place.

Partner resource requirements

Security Consultant/ArchitectProject or Engagement Manager

Customer resource requirements

CSO/CISO, CEO/CFO, CIO/CTO, Enterprise/Security Architects, Security Operations

Engagement scope

The standard scope of the engagement is:- Gain a mutual understanding of cloud security objectives and

requirements- Provide guidance, recommendations and best practices on

how to successfully implement Office 365 security features- Provide a prioritized and actionable Office 365 security

roadmap. Map Office 365 security capabilities to customer security objectives and requirements

Engagement deliverables

The deliverables of the engagement are:- Kick-off Presentation, overview of the engagement

covering vision and objectives, requirements and next steps and actions

- Pre-Assessment Questionnaire, a questionnaire containing questions on cloud usage/adoption, security requirements and objectives, regulations and frameworks

- Recommendations and Roadmap Report, a presentation containing a prioritized list of Office 365 security recommendations based on Office 365 Secure Score




ObjectiveThe engagement has following objectives:

Recommended Skills and ExperienceThe following table describes the recommended skill set and experience for the resourcing delivering the Office 365 Security Assessment IP:Role Recommended resource skill setsDelivery Management(Project/Engagement Manager)

Basic understanding of cybersecurity Basic understanding of Office 365 Experience managing security engagements

Security Resource(Security Architect/Consultant)

Strong cybersecurity background and knowledge Good understanding of Office 365 and the

security components of Office 365 Have prior design and implementation experience

of the Office 365 Advanced Security products including:

o Exchange Online Protectiono Exchange Advanced Threat Protectiono Advanced Security Managemento Threat Intelligenceo Advanced Data Governanceo Azure Active Directory and multifactor

authentication for Office 365


Gain an understanding of the customers business requirements and how they drive security objectives and requirements

Understand cloud security objectives and

requirements

Provide guidance, recommendations and best practices on how to successfully implement Office 365 security features

Office 365 security readiness

Provide a prioritized and actionable Office 365 security roadmap based on customer security objectives and requirements

Create an Office 365 security roadmap



TimelineThe Office 365 Security Assessment typically consists of an up to a two-hour remote kick-off meeting followed by the 2-day on-site assessment workshops as per following suggested engagement timeline:

Engagement RequirementsThis engagement requires that the customer has already acquired a production Office 365 tenant. Scheduling an initial assessment before moving production users and data into the Office 365 tenant is recommended, if possible, for the following reason. Completing an initial assessment would ensure that the Office 365 tenant has the customer’s required security configuration before adding users and data. Doing so may reduce the risk of a breach prior by implementation of the security controls informed by the actions indicated from outcome of Microsoft Secure Score. Additional assessments should be proposed within a lifecycle of managed security services and scheduled to be run on a continuous basis to ensure that the Office 365 tenant is meeting the customer’s desired security state and to catch any configuration drift.The following Office 365 components are used as part of the engagement:Component Description License RequirementsOffice 365 Secure Score The main tool used as part of

the security assessment. Secure Score analyzes Office 365 security based on security settings across the tenant and assigns a score which can be tracked over time. The tool is used as part of the engagement to create a prioritized and actionable roadmap.

Office 365 Secure Score is available to organizations with an Office 365 commercial subscription and who are in the multi-tenant and Office 365 U.S. Government Community clouds.

Office 365 Advanced Security Management

As an optional component, the assessment can use the Office 365 Advanced Security Management tool and its Discovery & Insights features to

The Office 365 Advanced Security Management tool is available in Office 365 Enterprise E5 or as an add-on subscription to Office 365. A 30-day trial can be used as part of this


Week One

Kick-off meetingProvide pre-assessment questionnaireProvide instructions on how to export Office 365 Secure Score data

Week Two and Three

Customer to complete/return questionnaireCustomer to export and send Secure Score dataAnalyse questionnaire and Secure Score data

Week Four

On-site workshops covering:Security objectives and requirementsOffice 365 security readinessOffice 365 security assessmentOffice 365 security roadmap



provide the customer with additional visibility into 3rd party SaaS application usage, also known as Shadow IT.

assessment. Note that the customer must have a supported firewall or proxy device to import usage data into Advanced Security Management. If the customer does not have a supported device, we recommend using your own demo tenant to demonstrate the Advanced Security Management functionality.

DeliverablesThe following deliverables are part of the Office 365 Security Assessment: Deliverable, Work Product Description Delivery DateKick-off Presentation Overview of the engagement

covering objectives, requirements, and next steps

Kick-off meeting

Pre-Assessment Questionnaire A questionnaire on cloud usage/adoption, security requirements and objectives, regulations, and frameworks

After the kick-off presentation

Recommendations and Roadmap Report

A prioritized list of Office 365 security recommendations based on Office 365 Secure Score results.

After the 2-day on-site workshops

Office 365 Security Assessment Engagement PreparationThis section includes additional details to allow the delivery resources to prepare for the engagement. It is important that all involved delivery resources go through this section in detail before delivering the engagement.

Preparation for the Kick-off MeetingThe kick-off meeting will brief the customer on the Office 365 Security Assessment and cover the engagement vision and objectives, an engagement overview, the required tools and next steps and actions. To be prepared to deliver the kick-off meeting presentation we recommend following preparation tasks:

Prepare the kick-off meeting PowerPoint presentationo Review the content marked as “Example”, make modifications if required,

and then remove the “Example” banner from the slideso Modify the engagement scheduleo Modify the project governance section to match your project delivery

methodologies Review the kick-off meeting presentation content Review and modify the Office 365 Security Assessment Questionnaire as required.

This needs to be delivered to the customer after the kick-off meeting Review any relevant Office 365 and/or security engagements that have previously

been delivered to the customer Confirm that all customer stakeholders will attend the meeting Review the “Security Assessment using Office 365 Secure Score” recorded

presentation available within the Readiness Content section




Preparation for the Readiness PresentationsThe example schedule allows you to present three out of five readiness presentations that are part of the Office 365 Security Assessment IP. The questionnaire provides guidance on what topics the customer is interested in. Confirm the three readiness presentations as part of the kick-off meeting or during the first session in the 2-day on-site workshops.The following Office 365 Advanced Security readiness presentations have been included as part of the Office 365 Advanced Security Assessment IP: Protect customers against Spoof Phish Malware and Spam Gain visibility and control with Office 365 Advanced Security Management Protect Sensitive information with Office 365 Data Loss Prevention Acquire insights into proactively protecting against advanced threats Advanced Data GovernanceThe resource delivering the readiness presentations must have a good understanding of the readiness content and have prior design and implementation experience of the Office 365 Advanced Security products.Recommended training content for the readiness presentations can be found in the Readiness Content section appendix of this document.

Preparation for Day One of the On-site WorkshopsDay one of the on-site workshops focuses on establishing a mutual understanding of the Office 365 security capabilities, the customer’s security strategy, cybersecurity posture and how the Office 365 Secure Score tool is leveraged as part of the assessment. To prepared to deliver the workshops during day one of the assessment we recommend following preparation tasks:

Review the completed customer questionnaire, note missing answers and/or any items that you think needs additional discussion during the Security Questionnaire Review workshop during day one

Review and customize the workshop content delivered during day one. The example schedule is available in the




section within this document Read and/or view the recommended training content within the Readiness Content

appendix of this document Use the remediation checklist tool to insert the security actions that the customer

exported from Office 365 Secure Score

Preparation for Day Two of the On-site WorkshopsDay two of the on-site workshops focuses on prioritizing security actions from the Office 365 Secure Score tool, additional technical readiness and preparing the roadmap as part of the engagement close-out presentation. We suggest you perform the following pre-work to ensure a successful execution:

Review notes or actions captured during day one of the on-site workshops Update project governance items as required

Review and customize the workshop content delivered during day two. The example schedule is available in the




section within this documento Update the project close-out meeting to include your own security related

offerings and services where appropriate. Align the outcome and deliverables to the recommendations from Office 365 Secure Score and consider a combination of individual engagements and managed services

Review the recommended training content within the Readiness Content appendix of this document




Delivering the Office 365 Security AssessmentThe objective of the engagement is to present customers with a customized, prioritized and actionable roadmap based on the recommendations from Office 365 Secure Score. Propose follow on engagements, including managed services, as part of the close-out presentation. For example, delivering on-going security assessments provides an opportunity to introduce the customer to a managed security service and ensures that the customer implements the recommendations from the security assessment.This section includes guidance on delivering the various components of the Office 365 Security Assessment.

General Delivery Tips Good security principals cover people, process and technology solutions. This

specific engagement addresses Office 365 security technology solutions delivered as a project service; however, there is an opportunity to present the security roadmap as lifecycle of managed services that your organization can deliver.

This engagement does not cover on-premises or hybrid scenarios. It specifically covers Office 365 and the security actions originating from the Office 365 Secure Score tool. It’s important to discuss the importance of end-to-end security which includes securing any on-premises or hybrid infrastructure.

Implementation of all Office 365 Secure Score actions will not mean that the customer is completely secure. The goal of the engagement is to improve the security posture in Office 365.

There is no such thing as perfect security. Security is a continuous journey towards reducing risk and raising the complexity and cost of breach and compromise.

The engagement is based on the recommended security actions from Office 365 Secure Score. It is important that the technical readiness resources have good knowledge on how to use Office 365 Secure Score as well as a solid understanding of what each security action does and the impact it might have on the customer environment. Use the readiness content to learn about Office 365 Secure Score and make sure to analyze each security action in a lab environment.

During the workshops, you may increase customer value by incorporating specific information and scenarios that the customer has shown an interest in. For example, use the answers from the questionnaire to potentially expand into additional Office 365 products or specific functionality that the customer would like to implement or know more about.

The assessment will allow you access to customer stakeholders and technical resources. Make sure you use the time to establish yourself and your organization as trusted advisors for Office 365 security.

Kick-off MeetingThe project/engagement manager typically delivers the kick-off presentation and should provide an overall engagement overview, introduction to the team, engagement scope, and the project governance approach. The technical resources should join the kick-off presentation to support the project/engagement manager with some of the technical components of the kick-off meeting.

Day One of the On-site WorkshopsThis section contains guidance for each of the workshops delivered as part of day one of the Office 365 Security Assessment.

Make sure to capture notes during the day. Review the notes after the first day to modify the schedule and/or content for day two as necessary.




On-site Engagement OverviewThe first session provides an overview of the 2-day on-site agenda, goals, and an opportunity to cover Q&A and project governance. It’s also recommended to finalise the three technical readiness presentations delivered during the on-site workshops.

Discuss and agree on the engagement success criteria. What does the customer expect to get out of the engagement?

Finalize the technical readiness presentations Finalize the schedule for the on-site workshops Discuss and agree on project governance items Finalize workshop attendance for each workshop. It is critical to get the right

audience to participate in each workshop

Office 365 Security Technical Readiness PresentationThis is the first technical readiness presentation time slot.

If possible, add value by weaving in related stories from your own experience with the product

Office 365 Security OverviewThis session provides an overview of the approach Microsoft has taken to secure enterprise organisations in Office 365.

Add value by weaving in related stories from your own experience with the product if possible

Customer Security StrategyThis session allows the customer to present their goals and ambitions on their cloud security strategy.

Use the customer security strategy presentation to guide the customer on topics for the session

Listen to the customer and take notes. Pay attention to concerns/topics that you can address as either individual consulting engagements and/or managed services. Add these solutions to the close-out presentation and the roadmap which you will present at the end of the engagement

Review Security QuestionnaireReview the completed security questionnaire with the customer. The completed questionnaire should have been reviewed before the on-site workshops to allow you to cover any missing answers, ask for additional details and/or add additional questions.Office 365 Secure Score OverviewThis session provides an overview of Office 365 Secure Score and how it relates to the security requirements.

Demonstrate the functionality of secure score using your own lab environment as well as the remediation checklist tool which is included as part of the Office 365 Security Assessment

Day one wrap up and Q&AThe wrap up session will allow you to provide a recap of the day.

Allow enough time for Q&A

Day Two of the On-site WorkshopsThis section contains guidance for each of the workshops delivered as part of day two of the Office 365 Security Assessment.




Day Two BriefingThe first session of day two of the on-site workshops provides an overview of the second day agenda and goals as well as an opportunity to cover Q&A.

Discuss progress of day one and allow time for Q&A Discuss and agree on project governance items Discuss the outcomes from day one and intended outcomes from day two

Secure Score Recommendations / DiscussionThis session uses the remediation checklist tool to analyze and prioritize the security actions from Office 365 Secure Score.

Use the remediation checklist tool to work through each security action from Office 365 Secure Score. For each security action:

o Explain what the Security Action does and if required, demonstrate the functionality using a demo Office 365 tenant

o Work with the customer to prioritize the security action and add additional comments in the remediation checklist tool

Office 365 Security Technical Readiness PresentationThis is the second technical readiness presentation time slot.


Office 365 Security Technical Readiness PresentationThis is the third technical readiness presentation time slot.


Office 365 Security Roadmap WorkshopCreate an Office 365 security roadmap based on the security requirements and the prioritization of the Office 365 Secure Score actions.

Use the list of the prioritized Office 365 Secure Score actions to update the roadmap within the close-out presentation

Consider the potential for risk, difficultly of implementation, and impact ratings suggested by each Office 365 Secure Score action. Discuss the implications with your customer in depth as you prioritize and build the roadmap of actions. Consider time frames to fully implement and a lifecycle of managed services opportunities for your organization.

Project close-out and Next stepsThe close-out presentation is the last session of the on-site workshops and allow you to present the customized, prioritized and actionable roadmap as well as cover recommended next steps, actions and Q&A.




Example ScheduleDay One

Workshop Description OutcomeCustomer attendees

TimeScheduled time, room

On-site Engagement Overview

Provides an overview of the 2-day on-site agenda, goals and an opportunity to cover Q&A and project governance.

Agreed plan and schedule for the 2-day on-site assessment.

All project team

60 minutes

<Time>, <Room>

Office 365 Security Overview

Microsoft‘s approach to securing enterprise organizations.

Provides a high-level overview of Office 365 security features.

All project team

60 minutes

<Time>, <Room>

Customer Security Strategy

Customer presents goals and ambitions on their cloud security strategy.

Provides a mutual understanding of the customer cloud security strategy.

All project team

60 minutes

<Time>, <Room>

Lunch 60 minutes

Review Security Questionnaire

Review the completed security questionnaire.

Prioritized list of security requirements.

All project team

60 minutes

<Time>, <Room>

Office 365 Security Technical Readiness Presentation

Technical readiness presentation time slot.

Technical readiness provided to customer team.

Security EngineersSecurity Architects

60 minutes

<Time>, <Room>

Office 365 Secure Score Overview

Overview of Office 365 Secure Score and how it relates to the security requirements.

Technical readiness on Office 365 Secure Score.

Security EngineersSecurity Architects

60 minutes

<Time>, <Room>




Day one wrap up and Q&A 20 minutes




Day Two

Workshop Description OutcomeCustomer attendees

TimeScheduled time, room

Day Two Briefing

Overview of the second day agenda, goals, and an opportunity to cover Q&A.

Agreed upon schedule for day two.

All project team

30 minutes

<Time>, <Room>

Secure Score Recommendations / Discussion

Workshop covering current Office 365 Secure Score and recommended security actions.

Prioritization of Office 365 Secure Score security actions.

All project team

120 minutes

<Time>, <Room>

Office 365 Security Technical Readiness Presentationor Shadow IT Analysis Workshop

Technical readiness presentation time slot. Or, Shadow IT Analysis Workshop using Office 365 Advanced Security Management.

Technical readiness provided to customer team.orUnderstanding of current usage of Shadow IT.

Security EngineersSecurity Architect

60 minutes

<Time>, <Room>

Lunch 60 minutes

Office 365 Security Technical Readiness Presentation

Technical readiness presentation time slot.

Technical readiness provided to customer team.


60 minutes

<Time>, <Room>

Office 365 Security Roadmap Workshop

Workshop to create an Office 365 security roadmap based on the security requirements and the prioritization of the Office 365 Secure Score actions.

Defined high-level security roadmap based on Office 365 Secure Score security actions.


60 minutes

<Time>, <Room>




Project close-out and Next steps

Close-out presentation and discussion of next steps.

Provide an engagement summary and clear steps with tangible outcomes.

All project team

60 minutes

<Time>, <Room>

Office 365 Security Assessment AssetsThe following assets are available as part of the Office 365 Security Assessment IP:Artefact Description TypeOffice 365 Security Assessment-Delivery Guide

Guidance on how to deliver the Office 365 Security Assessment IP.

This document.

Word document

Office 365 Security Assessment-Kick-off Meeting

Engagement kick-off presentation giving the customer an overview of the engagements.

PowerPoint presentation

Office 365 Security Assessment-On-site Engagement Overview

Overview of the 2-day on-site workshops and project governance items.


Office 365 Security Assessment-Security and Compliance in Office 365

Microsoft vision for security and compliance in Office 365.


Office 365 Security Assessment-Customer Security Strategy

Recommended discovery topics which needs to be covered by the customer.


Office 365 Security Assessment-Questionnaire

Security questionnaire to be given to the customer after the kick-off presentation covering Office 365 and security objectives.

Word document

Office 365 Security Assessment-Protect customers against Spoof Phish Malware and Spam

Presentation covering how to protect against email based threats.


Office 365 Security Assessment-Gain visibility and control with Office 365 Advanced Security Management

Presentation covering Office 365 Advanced Security Management.


Office 365 Security Assessment-Protect Sensitive information with Office 365 Data Loss Prevention

Presentation covering Office 365 Data Loss Prevention.


Office 365 Security Assessment-Acquire insights into proactively protecting against advanced threats

Presentation covering Office 365 Threat Intelligence.


Office 365 Security Assessment-Data

Presentation covering Office 365 Advanced Data





Governance Governance.Office 365 Security Assessment-Security Assessment using Office 365 Secure Score

Overview on how to use the Office 365 Secure Tool as part of a security assessment.


Engagement ToolsThis section is for use by the partner technical specialists to learn how to use the tools as part of the Office 365 Security Assessment.

Office 365 Secure ScoreOffice 365 Secure Score is a security analytics tool which calculates your tenant’s security score based on existing security settings and behaviors compares them to a baseline asserted by Microsoft. It’s a single tool which allows organizations to better understand their current security posture and based on features that have been enabled within their Office 365 tenant. In addition, the Secure Score tool will allow you to quickly determine and prioritize security actions which can be implemented to reduce risk and will allow organizations to improve and track their Office 365 security posture over time.Note that Secure Score does not account for all possible security controls and is limited to security controls within Office 365. Additional security controls will be added to the Secure Score tool over time and this fact should be discussed with your customer as you propose the detect, protect, respond security lifecycle of managed services your organization may provide.To assist with the prioritization of the security action recommendations provided by Secure Score you will use the “Office 365 Security Assessment-Remediation Checklist Tool-vX.X.xlsx” excel spreadsheet. Instruct the customer to use following instructions to export the security actions and controls to CSV so that you can copy & paste the recommended security actions in to the “Office 365 Security Assessment-Remediation Checklist Tool-vX.X.xlsx” excel spreadsheet.




Instructions on how to export the Secure Score dataAfter you have conducted the kick-off meeting, the customer needs to export the Secure Score data and send it to you for analysis. You can either walk through the process over an online meeting or send below instructions to the customer.Ask the customer to:

1. Open the Office 365 Secure Score tool: https://securescore.office.com . Note that the customer must sign in using their Office 365 tenant admin login credentials.

2. Verify that they have a calculated Secure Score showing in the Secure Score tool.3. Select the Score Analyzer tab.



https://securescore.office.com/


4. Select the Export button and select to export the “CSV – Action List” as well as the “CSV – Control List”. Choose to save the two files to the local computer.

5. Ask the customer to send or share the exported CSV files to you, using a secure method of transfer such as OneDrive.




Import the Secure Score data into the Office 356 Assessment-Remediation Checklist ToolOnce you receive the exported files from the customer use following procedure to import the Secure Score data into the Office 356 Assessment-Remediation Checklist Tool:

1. Open the “CSV – Action List” excel file and copy and paste all content from row two and below in to the ActionList tab on cell A2 within the “Office 365 Security Assessment-Remediation Checklist Tool-vX.X.xlsx” excel spreadsheet.

2. Open the “CSV – Control List” excel file and copy and paste all content from row two and below in to the ControlList tab on cell A2 within the “Office 365 Security Assessment-Remediation Checklist Tool-vX.X.xlsx” excel spreadsheet.

3. In the “Office 365 Security Assessment-Remediation Checklist Tool-vX.X.xlsx” excel spreadsheet, select the Data menu in Excel and select Refresh All. This will update the data model used in the pivot table.




4. Go to the Results tab to view the Secure Score security actions sorted under User Impact and Implementation Cost.




5. Work through each Secure Score security action and provide a priority based on what you know about your customer’s current and desired security posture. For example: Quick Win 1-3 months, 3-6 months and 6 months and beyond. Additional instructions on how to use the remediation checklist tool can be found in the Remediation Checklist ToolError: Reference source not found section.




Office 365 Advanced Security ManagementThe Office 365 Advanced Security Management tool provides following features:

Threat detection - Identify high-risk and abnormal usage, security incidents, and threats

Enhanced control - Shape your Office 365 environment with granular security controls and policies

Discovery & insights - Gain enhanced visibility and context into your Office 365 usage and shadow IT

The Office 365 Assessment uses the Discovery & Insights features to provide the customer with additional visibility of the use of Shadow IT within their organization as part of the “Office 365 Security Assessment-Gain visibility and control with Office 365 Advanced Security Management-vX.X.pptx” readiness session. The Office 365 Assessment does not make use of any other Advanced Security Management functionality including threat detection and or enhanced control features.Important! If the customer does not have a license for Office 365 Advanced Security Management, they can sign up for a free 30-day trial from the Office 365 Admin center, Billing, Purchase services section as per below screenshot. This will allow the customer to import their specific firewall or proxy log to allow you to demonstrate their current usage of Shadow IT during the “Office 365 Security Assessment-Gain visibility and control with Office 365 Advanced Security Management-vX.X.pptx” readiness session. Note that the specific firewall or proxy must be supported by the Advanced Security Management tool as per: https://support.office.com/en-us/article/Create-app-discovery-reports-in-Advanced-Security-Management-3e68e691-1fc4-4d3e-a2c0-d3134eb64055?ui=en-US&rs=en-US&ad=US In case it’s not possible to use the Office 365 Advanced Security Management tool connected to the customer’s Office 365 tenant, or it’s not possible to import the firewall or proxy logs, you should prepare a demo tenant and use a provided sample log file to be used during the “Office 365 Security Assessment-Gain visibility and control with Office 365 Advanced Security Management-vX.X.pptx” readiness session.



https://support.office.com/en-us/article/Create-app-discovery-reports-in-Advanced-Security-Management-3e68e691-1fc4-4d3e-a2c0-d3134eb64055?ui=en-US&rs=en-US&ad=US




Use following instructions to assist the customer with the import of customer firewall or proxy logs if using customer specific data or a sample log if using a dedicated demo tenant.

1. Open the Office 365 Security & Compliance center, and select Go to Advanced Security Management under Alerts, Manage Advanced Alerts.

2. Select Create New Report from the Discover menu.




3. Type the name of the report, and select the data source. Note, if you are not using customer specific data, select “Blue Coat ProxySG -Access log (W3C)” as data source for a workaround. After selecting the Data source, select “View and Verify…”.




4. If using customer specific data, verify the log format together with the customer. If using sample data using a dedicated demo tenant, select “Download sample log” to download a sample log. Select close.


3

1

2



5. Under “Choose traffic logs”, select browse and select either the customer specific log or the extracted sample log.

6. Select Create to generate the report. Note that it can be a time-consuming process to import the logs dependent on the size of the file being imported. For this reason, make sure to initiate the import process well in advance of the workshops. For example, the import of the sample “Blue Coat ProxySG -Access log (W3C)” usually takes around 30 minutes.




Remediation Checklist ToolThe primary tool to help you verify current Secure Score security actions and prioritize these into an actionable roadmap is the “Office 365 Security Assessment-Remediation Checklist Tool-vX.X.xlsx” excel spreadsheet.

Use following instructions to make use of the tool:Import the Secure Score data exported by the customer into the tool. See the




1. This section is for use by the partner technical specialists to learn how to use the tools as part of the Office 365 Security Assessment. section for details on how to export the data from Secure Score and insert this into the remediation checklist tool.

2. As part of the workshops, work together with the customer to understand and prioritize the security actions.

3. Copy the prioritized set of security actions as well as the charts in to the “Office 365 Security Assessment-Close-out Presentation-vX.X.pptx” presentation which will be delivered at the end of the engagement.

The remediation checklist tools have following Excel tabs:Excel Tab DescriptionInstructions Quick instructions on how to use the tool.ControlList Control list data copied from the “CSV – Control List” CSV file exported

from Secure Score.ActionList Action list data copied from the “CSV – Action List” CSV file exported

from Secure Score.Results Use the results tab to analyze and prioritize security actions as part of

the workshops. The prioritized list of security actions needs to be copied to the “Office 365 Security Assessment-Close-out Presentation-vX.X.pptx” presentation.

Charts The Charts tab contain basic charts, showing an overview of the Secure Score results. The charts need to be copied to the “Office 365 Security Assessment-Close-out Presentation-vX.X.pptx” presentation.

The results tab is where you view and prioritize security actions. You can filter the security actions based on following categories:

Status – Complete or incomplete Threats – Type of threat License – What license is required to implement the security action

You will see several columns within the Results tab. Note that all content except the Priority and Comment columns will be automatically filled in after you have inserted the secure score data received from the customer and refreshed the data within the excel spreadsheet. Column DescriptionUser Impact Impact of implemented security control on users:

Low – little to no user productivity impact Moderate – some user productivity impact

Implementation Cost

Approximate cost and complexity of implementing the security action:

Low – Features that can typically be turned on without additional licenses

Moderate – Features that are complex to turn on and/or require additional licenses

Security Action Name

Name of security action.

Security Action Description

Description of security action.

Security Action URL

URL to allow configuration of security action.

Security Action Category

Can be Data, Account or Device.

Baseline Baseline score for the security action. Can be between 1-50. Higher




is better.Priority Use this field to prioritize the security action. For example:

Quick Wins (1-3 months) 3-6 months 6 months and beyond

Comment Provide additional details if required.




AppendixReadiness ContentThis appendix contains recommended learning material that each delivery resource should go through before delivering the Office 365 Security Assessment.

General Explore and get familiar with the content in the Office 365 Trust Center Explore and get familiar with the content in the Microsoft Secure site Explore and get familiar with the content in the Secure Productive Enterprise site Explore and get familiar with the content in the Microsoft Cloud Service Trust

Portal Explore and get familiar with the Office Drumbeat content Get familiar with the Plan for Office 365 security and information protection

capabilities poster Read the Office 365 - Architecture and Procedure documents Read the Controlling Access to Office 365 and Protecting Content on Devices

document Read Microsoft Office 365 Mapping of Cloud Security Alliance Cloud Control Matrix

3.0.1 document Get the latest Microsoft security updates from the Microsoft Secure Blog Create a demo environment and explore the Office 365 Advanced Security

features as well as Office 365 Secure Score. Partners can create Office 365 demo tenants at http://demos.microsoft.com/

Readiness PresentationsTo prepare you to deliver the included readiness presentation we recommend getting familiar with below content:Partner University – Covers all readiness content:All Partner University recordings are available at the Partner University site. These recordings include all readiness presentations that you can deliver as part of the Security Assessment offering.Office 365 Secure Score:

Introducing the Office 365 Secure Score Learn about Office 365 Secure Score: actionable security analytics An introduction to Office 365 Secure score New Office 365 capabilities help you proactively manage security and compliance

riskAdvanced Threat Analytics:

Learn how Microsoft Advanced Threat Analytics combats persistent threats Plan and deploy Microsoft Advanced Threat Analytics the right way

Advanced Security Management: Overview of Advanced Security Management in Office 365 Get started with Advanced Security Management Gain visibility and control with Office 365 Advanced Security Management

Advanced Threat Protection: Introducing Office 365 Advanced Threat Protection Advanced threat protection for safe attachments and safe links



https://technet.microsoft.com/en-us/library/mt148491(v=exchg.150).aspx

https://blogs.office.com/2015/04/08/introducing-exchange-online-advanced-threat-protection/

https://myignite.microsoft.com/videos/39789

https://support.office.com/en-us/article/Get-started-with-Advanced-Security-Management-d9ee4d67-f2b3-42b4-9c9e-c4529904990a

https://support.office.com/en-us/article/Overview-of-Advanced-Security-Management-in-Office-365-81f0ee9a-9645-45ab-ba56-de9cbccab475?ui=en-US&rs=en-US&ad=US&fromAR=1



https://blogs.office.com/2017/02/10/new-office-365-capabilities-helps-you-proactively-manage-security-and-compliance-risk/

https://blogs.office.com/2017/02/10/new-office-365-capabilities-helps-you-proactively-manage-security-and-compliance-risk/

https://youtu.be/h__nxWlm5Nc


https://support.office.com/en-us/article/Introducing-the-Office-365-Secure-Score-c9e7160f-2c34-4bd0-a548-5ddcc862eaef?ui=en-US&rs=en-US&ad=US

https://partneruniversity.microsoft.com/

http://demos.microsoft.com/

https://blogs.microsoft.com/microsoftsecure/

https://www.microsoft.com/en-us/download/details.aspx?id=50726



https://microsoft.sharepoint.com/teams/OfficeOnRamp/wiki/Pages/Office-365-Trust---Architecture-and-Procedure-documents.aspx

https://support.office.com/en-us/article/Plan-for-Office-365-security-and-information-protection-capabilities-3d4ac4a1-3920-4ff9-918f-011f3ce60408?ui=en-US&rs=en-US&ad=US

https://support.office.com/en-us/article/Plan-for-Office-365-security-and-information-protection-capabilities-3d4ac4a1-3920-4ff9-918f-011f3ce60408?ui=en-US&rs=en-US&ad=US

https://training.drumbeat.office.com/drumbeat/Home/

https://trustportal.office.com/Client/GetOtherReports

https://trustportal.office.com/Client/GetOtherReports

https://www.microsoft.com/en-us/secure-productive-enterprise/default.aspx

https://www.microsoft.com/en-us/security/default.aspx

https://products.office.com/en-us/business/office-365-trust-center-welcome


Learn about advancements in Office 365 Advanced Threat Protection Data Loss Prevention:

Protect your sensitive information with Office 365 Data Loss Prevention Customize and tune Microsoft Office 365 Data Loss Prevention

Customer Lockbox: Announcing Customer Lockbox for Office 365 Office 365 Customer Lockbox Requests

Advanced eDiscovery: Office 365 Advanced eDiscovery Video: Office 365 Advanced eDiscovery Reduce costs and challenges with Office 365 eDiscovery and Analytics

Advanced Data Governance: Advanced Data Governance overview Take control of your data with intelligent data governance in Office 365 Applying intelligence to security and compliance in Office 365

Threat Intelligence: Applying intelligence to security and compliance in Office 365



https://blogs.office.com/2016/09/26/applying-intelligence-to-security-and-compliance-in-office-365/

https://blogs.office.com/2016/09/26/applying-intelligence-to-security-and-compliance-in-office-365/


https://youtu.be/dL5DF7LN07s


https://channel9.msdn.com/Shows/Mechanics/Office-365-Advanced-eDiscovery

https://support.office.com/en-us/article/Office-365-Advanced-eDiscovery-fd53438a-a760-45f6-9df4-861b50161ae4

https://support.office.com/en-us/article/Office-365-Customer-Lockbox-Requests-36f9cdd1-e64c-421b-a7e4-4a54d16440a2?ui=en-US&rs=en-US&ad=US&fromAR=1

https://blogs.office.com/2015/04/21/announcing-customer-lockbox-for-office-365/




office 365 security assessment delivery guide... · web viewoffice 365 security...

Documents