Microsoft 365 Intro...Office Advanced Threat Protection Safe Attachments is a feature in Microsoft...
Transcript of Microsoft 365 Intro...Office Advanced Threat Protection Safe Attachments is a feature in Microsoft...
Microsoft 365 Intro
The Microsoft 365 Family
Microsoft 365 Enterprise E3/E5
Microsoft 365 Business Microsoft 365 F1
Windows 10
Office 365
Security and
Management
Windows 10
Enterprise E3/E5
Office 365 E3/E5
EMS E3/E5
Office 365 Business
Premium
Features from EMS +
Windows 10 Enterprise
Windows 10 ProWindows 10
Enterprise E3
Office 365 F1
EMS E3
The Microsoft 365 Family
FeaturesOffice 365
BP
Microsoft 365
Business
Microsoft 365
E3
Microsoft 365
E5
Maximum number of users 300 300 unlimited unlimited
Office Apps Install Office on up to 5 PCs/Macs + 5 tablets + 5 smartphones per user (Word, Excel, PowerPoint, OneNote,
Access), Office OnlineBusiness Business ProPlus ProPlus
Email & Calendar Outlook, Exchange Online 50GB 50GB unlimited unlimited
Chat-based
Workspace, MeetingsMicrosoft Teams, Skype For Business ⚫ ⚫ ⚫ ⚫
File Storage OneDrive for Business 1 TB 1 TB unlimited unlimited
Social, Video, Sites Yammer, SharePoint Online, Planner ⚫ ⚫ ⚫ ⚫
Stream ⚫ ⚫
Business Apps Scheduling Apps – Booking, StaffHub ⚫ ⚫ ⚫ ⚫
Business Apps – Outlook Customer Manager ⚫ ⚫
Threat Protection Microsoft Advanced Threat Analytics, Device Guard, Credential Guard, App Locker, Enterprise Data Protection, ⚫ ⚫
Office 365 Advanced Threat Protection ⚫ ⚫
Windows Defender Advanced Threat Protection ⚫
Office 365 Threat Intelligence ⚫
Identity & Access
Management
Azure Active Directory - SSPR Cloud Identities, MFA, SSO >10 Apps ⚫ ⚫ ⚫
Azure Active Directory - Conditional Access, SSPR Hybrid Identities, Cloud App Discovery, AAD Connect Health ⚫ ⚫
Credential Guard and Direct Access ⚫ ⚫
Azure Active Directory Plan 2 ⚫
Device & App
Management
Microsoft Intune, Windows AutoPilot ⚫ ⚫ ⚫
Microsoft Desktop Optimization Package, VDA ⚫ ⚫
Information
Protection
Unlimited Exchange Archiving, Office 365 Data Loss Prevention, Azure Information Protection Plan 1 ⚫ ⚫ ⚫
Azure Information Protection Plan 2, Microsoft Cloud App Security, O365 Cloud App Security ⚫
On-Prem CAL Rights ECAL Suite (Exchange, SharePoint, Skype, Windows, SCCM, Win. Rights Management) ⚫ ⚫
Compliance Litigation Hold, eDiscovery, Compliance Manager, Data Subject Requests ⚫ ⚫ ⚫
Advanced eDiscovery, Customer Lockbox, Advanced Data Governance ⚫
Analytics Power BI Pro, MyAnalytics ⚫
Voice PSTN Conferencing, Cloud PBX ⚫
Scenario: Cutting the edge
Office Advanced Threat Protection
Safe Attachments is a feature in
Microsoft 365 ATP that opens
every attachment of a supported
file type in a special hypervisor
environment, checks to see if the
attachment is malicious, and
then takes appropriate action
Safe Attachments will analyze
attachments that are common
targets for malicious content
Comparing Windows 7 and Windows 10
Windows 7:
Released in 2009
Security features protect you from threats of 2009
Extended support ends January14, 2020
Windows 10:
Released in 2015
Two new builds yearly
New security features in every build
Examples: using SAMR with end user permissions and plain-text passwords in
memory
Windows 10 Virtualization-Based Security
Kernel
Windows Platform Services
Apps
Kernel
SystemContainer
Tru
stle
t#
1
Tru
stle
t#
2
Tru
stle
t#
3
Hypervisor
Device Hardware
Windows Operating System
Hyper-VHyper-V
Windows Defender Credential Guard
Kernel
Windows Platform Services
Apps
Kernel
SystemContainer
Cre
den
tial
Gu
ard
Hypervisor
Device Hardware
Windows Operating System
Hyper-VHyper-V
Configuring Windows Defender Credential Guard
Microsoft Advanced Threat Analytics (ATA) overview
Architecture of ATA
Planning for deployment of ATA
• The ATA System:
• Windows Server 2003 FFL or newer
• The ATA Center:
• Windows Server 2012 R2 or newer
• a domain-joined or a workgroup computer
• ATA Gateways:
• Windows Server 2012 R2 or newer
• a domain-joined or a workgroup computer
• At least two network adapters
• Management
• Capture
• ATA Lightweight Gateways:
• An ATA Gateway installed directly on a domain controller
Planning for deployment of ATA
• Download and install the ATA Center (silently or by using
Microsoft ATA installation wizard).
• From the ATA console, connect to your AD forest.
• Download the ATA Gateway setup package.
• Use Microsoft ATA Gateway Setup to install an ATA Gateway.
• Configure the port mirroring and network adapters of the ATA
Gateway.
• Configure the ATA Gateway event collection.
• Optionally, set up the VPN integration.
• Optionally, configure IP address exclusions and Honeytoken
users.
Azure Advanced Threat Protection
Windows Defender ATP Overview
Windows Defender Advanced Threat Protection
Planning for deployment of Windows Defender ATP
• Windows Defender ATP is included in the Microsoft Volume
Licensing offers:
• Windows 10 Enterprise E5
• Windows 10 Education E5
• Microsoft 365 E5 (M365 E5), which includes Windows 10
Enterprise E5
• Endpoints must be running:
• Windows 10 Enterprise, Education, Pro
• Windows 7 Pro, Ent, Ult
• Windows 8.1 Pro, Ent
• Windows Server 2012 R2, 2016
• Linux with supported anti-virus
Deploying Windows Defender ATP
• Check license state from the Office 365 admin center or via
the Azure portal
• From the Windows Defender Security Center portal at
https://securitycenter.windows.com/, run the onboarding
wizard.
• Wait for a dedicated cloud instance of the Windows
Defender ATP portal to be created.
• Onboard Windows 10 endpoints.
• Optionally, run a detection test. The test should trigger a
detection and a corresponding Windows Defender ATP
alert.
• After onboarding endpoints and a successful detection test
you can start using Windows Defender ATP.
Scenario: Don’t pay ransom
Office Advanced Threat Protection
Safe Links is a feature in ATP that
protects users from malicious URLs
that are commonly used in phishing
attacks to extract sensitive
information from a user
When a user clicks a link in a
message or document, Safe Links
checks to see if the link is malicious
by redirecting the URL to a secure
server in the Microsoft 365
environment that checks the URL
against a block list of known
malicious web sites
Safe Links
Windows Defender Exploit Guard
Windows Defender Exploit Guard includes:
Exploit Protection
Attack Surface Reduction rules
Network Protection
Controlled Folder Access
Windows Defender
Default free antivirus
Getting better every Windows 10 build
Surprise! Windows Defender Doesn't Suck in Latest AV Tests
https://www.tomsguide.com/us/windows-defender-av-test,news-25524.html)
Turns into a passive mode when third-party AV is installed
Managed by System Center Configuration Manager or Group Policy
Antivirus is not a silver bullet
OneDrive for Business
Cloud storage with any Office 365/Microsoft 365 subscription
1TB for every Business user, unlimited for Enterprise
Sync with client
Windows Security integration
Versioning
Recovery from the earlier version in case of encryption
Windows Defender Application Guard
Scenario: Leakage prevention
Bitlocker
Bitlocker
Included in Windows 10 Pro
BitLocker To Go allows encryption of removable media such as USB thumb
drives
Turn on BitLocker backup in AD DS
Microsoft BitLocker Administration and Monitoring simplifies the following
BitLocker management tasks
Backup your data
Managing Devices with MDM
Mobile device management (MDM) is an industry standard for managing
mobile devices, such as smart phones, tablets, laptops, and desktop
computers
MDM is implemented by using MDM authority and MDM clients
Microsoft offers two MDM authority solutions:
• Intune
• MDM for Office 365
MDM authority such as Intune, provides the following capabilities:
• Device enrollment
• Configuring devices
• Monitoring and reporting
• Application Management
• Selective delete data
Comparing MDM for Office 365 and Intune
Microsoft Cloud App Security and Office 365 Cloud App Security
Azure Information Protection
When it comes to Data Governance, it's not only about
protecting data against any kind of loss, but also about
identifying and classifying the data stored in your organization
Microsoft addresses these needs through Azure Information
Protection (AIP)