protect office 365 and more with ems · •app access control –pin or credentials •save...

MICROSOFT 365

Protect Office 365 and

more with EMS

Jan Ketil Skanke – Enterprise Mobility MVP

COO and Principal Cloud Architect @CloudWay

MICROSOFT 365

Jan Ketil Skanke

MVP Enterprise Mobility

Partner and Princial Cloud Architect

CloudWay

Twitter: @JankeSkanke

MICROSOFT 365

How good is your security?

MICROSOFT 365

Challenges in defense/security management

Identity-based attacks are up 300% this year

Lack of knowledge of available controls and which are most effective

Unable to benchmark against other organizations

Most enterprises report using more than 60 security solutions

Information is your most attractive target

Many different controls

Many different places to configure controls

96% of malware is automated polymorphic

Eroding coverage of controls

MICROSOFT 365 Assess your current situation

https//securescore.microsoft.com

MICROSOFT 365

Guidance to increase your security levelLearn what security features are available to reduce risk while helping you balance productivity and security

Insights into your security positionOne place to understand your security position and what features you have enabled

Score-based frameworkCalculates a security score based on current security settings and behaviours and compares it to a baseline asserted by Microsoft

Secure Score

MICROSOFT 365 Identity Secure Score

MICROSOFT 365 Enable controls through Secure Score

Get more details and enable control or take you to where you can enable

MICROSOFT 365 How scores get calculated

Nightly process collects telemetry from workloads

Ignore and 3rd party information is stored in another location

Reviewing report data is anonymized and store separately

Azure Active

Directory

Secure Score UIAPI to

Data Store

Workload Data

for Secure Score

Azure

Event Hub

Secure Score

Worker Process

Workload

Data Stores

Reporting

Actions Data

Ignore and 3rd

Party Action Data

MICROSOFT 365

Identity Based Approach

MICROSOFT 365


Device Trust

MICROSOFT 365


Device Trust

MAM vs MDM?

MICROSOFT 365


Device Trust

MAM vs MDM?

Health and Compliance?

MICROSOFT 365


Device Trust

MAM vs MDM?

Health and Compliance

Data Security

MICROSOFT 365

Identity Based Security

Identity driven approach

MFA / Conditional Access

Risk

Can we trust their device?

Who and What are accessing your data?

MICROSOFT 365

Enable self-help for more predictable

and complete end user security

Increase your awareness with

auditing and monitor security alerts

Automate threat response

Reduce your attack surface

Strengthen your credentials

Blocking legacy authentication

reduces compromise by 66%.

Implementing risk policiesreduces compromise by 96%

Attackers escape detection inside a victim’s

network for a median of 101 days. (Source: FireEye)

60% of enterprises experienced social

engineering attacks in 2016. (Source: Agari)

MFA reduces compromise by 99.99%

Getting the basics rights

https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/ig-mtrends-2018.pdf

https://www.agari.com/resources/whitepapers/email-security-social-engineering-survey/

MICROSOFT 365

“Less than 2% of tenant admins have MFA enabled”

MICROSOFT 365

Secure Privileged Access

• Create a “Break The Glass” account

• Setup MFA on “all” Privileged roles

• Use AAD Privileged Identity MGMT

• Monitor usage – Alerting

MICROSOFT 365

Secure ALL your users

Enable MFA the Right Way

Use Conditional Access

Protect ALL your apps

Trust on Device Level

Risk Based Policies

MDATP and AAD Identity Protection

MICROSOFT 365 Conditional Access

Allow Access

Block Access

Cloud Apps

On-premises

User

Conditions

Actions

Enforce MFA per

user/per app

Location (IP Range)

Device State

User Group

MICROSOFT 365

What about those Oauth Apps?

MICROSOFT 365

MICROSOFT 365

SO WHO IS ACCESSING YOUR COMPANY DATA?

MICROSOFT 365

Controlling Oath Apps with MCAS

DEMO

MICROSOFT 365

Moving to Device Trust

MICROSOFT 365 Configure Conditional Access

Require MFA for all unknown Windows devicesRequire Managed App on Mobile

Zero Trust Network: No need to trust your local network.

Enable Baseline Policy for Admins

Block Legacy Auth with Policy

MICROSOFT 365

Work-owned devices Personal devices

Trusted by virtue of domain

join or complianceTrusted if device complies

with MDM policyTrusted if device/app complies

with Intune policy

MICROSOFT 365

Utilize Microsoft Intune

Setup Configuration Policies

Setup Compliance Policies

Compliant Device

CorporateNetwork

Geo-location

MicrosoftCloud App SecurityMacOS

Android

iOS

Windows

WindowsDefender ATP

Client apps

Browser apps

Google ID

MSA

Azure AD

ADFS

RequireMFA

Allow/blockaccess

Block legacyauthentication

Forcepasswordreset

******

Limitedaccess

Controls

Employee & PartnerUsers and Roles

Trusted &Compliant Devices

Physical &Virtual Location

Client apps &Auth Method

Conditions

Machine

learning

Policies

Real timeEvaluationEngine

SessionRisk

3

40TB

Effectivepolicy

MICROSOFT 365

Conditional Access

DEMO

MICROSOFT 365

Intune App Protection for Mobile Devices

MICROSOFT 365

Why Intune App Protection for Mobile Devices

MICROSOFT 365

Without Enrollment

MICROSOFT 365

Intune App Protection Policies (APP)

Personal apps

Corporate apps

MDM policies

Comprehensive protection

• App encryption at rest

• App access control – PIN or credentials

• Save as/copy/paste restrictions

• App-level selective wipe

MDM mgmt. by Intune or third-party is optional

Might be a good solution for these scenarios:

• BYOD when MDM is not required

• Extending app access to vendors and partners

• Already have an existing MDM solution

MAM policies

MDM – optional (Intune or 3rd-party)

MICROSOFT 365

What do we need?

123

MICROSOFT 365

The Broker App(s) 2

MICROSOFT 365

Conditional Access Policies

ENFORCE MFA

ALLOW

BLOCK

MICROSOFT 365 3

ENFORCE MFA

ALLOW

BLOCK

MICROSOFT 365

security.microsoft.com

MICROSOFT 365 Intune Security Tasks

Intune Admin get tasks assigned from SecOps

Integrated with Microsoft Defender ATP

MICROSOFT 365

MICROSOFT 365

DEMO

MICROSOFT 365

Log Analytics

Export logs to Log Analytics

Store logs in Storage Account

Stream to Event Hub (forward to SIEM)

MICROSOFT 365

Logs logs logs

MICROSOFT 365

DEMO

MICROSOFT 365

Thank You

Remember to evaluate my

session

protect office 365 and more with ems · •app access control –pin or credentials •save...

Documents