The document discusses security challenges facing organizations and introduces several Microsoft security products and services that can help address those challenges. It outlines threats like phishing, password spraying, and account takeovers that target identity. It then summarizes the capabilities of Azure Active Directory, Microsoft Cloud App Security, Azure Sentinel, Azure Information Protection, Microsoft Intune and other Microsoft security tools to provide comprehensive protection across devices, apps and data located on-premises and in the cloud. Resources for further information are also listed.
6. 300%
increase in identity attacks
over the past year.
Phishing
23M
high risk enterprise sign-in
attempts detected in March 2018
Password
Spray
350K
compromised accounts
detected in April 2018
lllllllll
Breach
Replay
4.6Battacker-driven sign-ins
detected in May 2018
lllllllll
10. The challenge of securing your environment
The digital estate offers
a very broad surface
area that is difficult to
secure
Bad actors are using
increasingly creative
and sophisticated
attacks
Intelligent correlation
and action on signals is
difficult, time-consuming,
and expensive
11. PCs, tablets, mobile
Office 365 Data Loss PreventionWindows Information Protection
& BitLocker for Windows 10
Azure Information Protection
Exchange Online,
SharePoint Online,
Skype for Business &
OneDrive for Business
Highly
regulated
Microsoft Intune MDM & MAM
for Windows, iOS & Android Microsoft Cloud App Security
Office 365 Advanced Data Governance
Azure
Information
Protection
Comprehensive protection of sensitive data across devices, cloud services, and on-premises
Windows 10 Office 365 EM+S & Cloud
Services
Advanced Device
Management
21. ✓ Enable Multi-factor authentication
for Office 365 users
✓ Secure your Office 365
environments from leaked
credentials
22.
23.
24.
25.
26. How long does Azure AD store the data?
How long does Azure AD store reporting data? - https://docs.microsoft.com/en-us/azure/active-directory/reports-
monitoring/reference-reports-data-retention
30. Microsoft Cloud App
Security
What is Microsoft CAS ?
A multi-mode Cloud Access Security Broker
Insights into threats to identity and data
Raise alerts on user or file behavior anomalies in cloud apps
leveraging their API connectors
In scope for this engagement (with Office 365)
Ability to respond to detected threats, discover shadow IT
usage and configure application monitoring and control
Out of scope for this engagement
Requirements
Available to organizations with an Azure tenant or an Office 365
commercial subscription and who are in the multi-tenant and Office
365 U.S. Government Community cloud
32. Unusual file share activity
Unusual file download
Unusual file deletion activity
Ransomware activity
Data exfiltration to unsanctioned apps
Activity by a terminated employee
Indicators of a
compromised session
Malicious use of
an end-user account
Suspicious inbox rules (delete, forward)
Malware implanted in cloud apps
Malicious OAuth application
Multiple failed login attempts to app
Threat delivery
and persistence
!
!
!
Unusual impersonated activity
Unusual administrative activity
Unusual multiple delete VM activity
Malicious use of
a privileged user
Activity from suspicious IP addresses
Activity from anonymous IP addresses
Activity from an infrequent country
Impossible travel between sessions
Logon attempt from a suspicious user agent
33.
34. Azure Active Directory
Identity Protection
What is Azure Active Directory Identity Protection?
Identity threat detection system with proactive, AI-enhanced
automatic protection capabilities
Insights into threats to identity
Detect threats to user’s identity such as compromised Azure
Active Directory credentials or when someone other than the
account owner is attempting to sign in using their identity
In scope for this engagement
Ability to automatically respond to detected threats
Out of scope for this engagement
Requirements
Available to organizations with an Azure tenant or
an Office 365 commercial subscription and who are in the multi-
tenant and Office 365 U.S. Government Community clouds
35.
36.
37.
38. Require MFA
Allow access
Deny access
Force
password reset******
Limit access
Controls
On-premises apps
Web apps
Users
Devices
Location
Apps
Conditions
Policies
Real time
Evaluation
Engine
Session
Risk
3
40TB
Effective
policy
Azure AD Identity Protection + Azure AD conditional access
Maximize Security. Maximize Productivity.
Machine
learning
39.
40.
41. Azure Sentinel
What is Azure Sentinel?
Microsoft Azure Sentinel is a scalable, cloud-native, security
information event management (SIEM) and security
orchestration automated response (SOAR) solution
Insights into threats
Get a birds-eye view across all data ingested and detect threats
using Microsoft's analytics and threat intelligence. Investigate
threats with artificial intelligence and hunt for suspicious activities
In scope for this engagement
Ability to automatically respond to detected threats
Out of scope for this engagement
Requirements
Available to organizations with an Azure tenant
44. Resources
• Cyber Security: The Small Business Best Practice Guide -
https://www.asbfeo.gov.au/sites/default/files/documents/ASBFEO-cyber-security-research-report.pdf
• Australian Cyber Security Centre - https://www.cyber.gov.au/
• Office 365 Security and Compliance - https://docs.microsoft.com/en-
us/office365/securitycompliance/
• Microsoft Trust Center - https://www.microsoft.com/en-us/trustcenter/security/office365-security
• Microsoft Secure Score - https://docs.microsoft.com/en-us/office365/securitycompliance/microsoft-
secure-score
• Microsoft 365 for Partners Security - https://www.microsoft.com/microsoft-365/partners/security
• What are Security defaults - https://docs.microsoft.com/en-gb/azure/active-
directory/fundamentals/concept-fundamentals-security-defaults
• Introducing conditional access for Office 365 - https://techcommunity.microsoft.com/t5/azure-active-
directory-identity/introducing-conditional-access-for-the-office-365-suite/ba-p/1131979