Office 365 Saturday - Office 365 Security Best Practices
-
Upload
benoit-hamet -
Category
Technology
-
view
428 -
download
10
Transcript of Office 365 Saturday - Office 365 Security Best Practices
Gold Silver Bronze
Thanks for coming!
Important stuff you need to know
Toilets
Fire Escapes
Internet Access
Stick around til the end and provide feedback to win!
Digital Workplace Conference
Sofitel Sydney Wentworth
23rd to 24th August
We have some amazing things to give away today!
Wanna Twit about the day? Use either #O365Sat17 or #O365SatSyd17
Leave us feedback, not only cause it makes our events better but you win amazing prizes!
https://tinyurl.com/O365SatSyd17
Room 1 Room 2 Room 3
1:00-2:00
MS Graph Building Data and
Intelligent AppsAshish Trivedi
Extranet for partner CollaborationAlpesh Nakar
Team Sites | Teams |
Groups | Yammer –
Untangling the
Collaboration WebRuss Norton
2:05-3:05
SharePoint Framework – Build
integrated user experiencesAnupam Ranku
9 Months of Fun with SharePoint in
Azure and Office365 Colin Philips
Top 10 Adoption TipsKirsty McGrath
3:10 -4:10
What the heck is GraphAPI and
why should I care?Steven Hosking
Automate Office 365Robert Crane
TBAAdam Cogan
Room 1 Room 2 Room 3
9:00 -10:00
Introduction to SharePoint
Framework (SPFx)Sezai Komur
From Cloud Productivity to
Enterprise Business AppIgor Jericevich
SharePoint Branding for
Non-BrandersColin Gardner
10:05-11:05
Mayhem and Mischief with the
Outlook and Microsoft Graph
APIsSimon Waight
Mind blown: the Dynamite
Dynamics 365 ExperienceRoger Carran
Who said you have to be
a Power-User to create
Dynamic Forms? Ishai Sagi
11:10-12:10
Event Driven Development in
Office 365Amr Found
Office 365 Security Best PracticesBenoit Hamet
Making your first app
with Power AppsHaylee Fox
▶
▶
▶
▶
▶
▶
http://blog.hametbenoit.info
http://twitter.com/benoit_hamet
▶
▶
▶
▶
▶
▶
▶
▶
▶
When moving to cloud services, the security is a major concern
On Office 365, security is a 2 dimensional implementation:
▶ The first dimension is the Microsoft-managed service-level, including operational procedures or default policies
▶ The second dimension is the customer-managed control-level
Security and compliance is an ongoing process, not a steady state. It is constantly maintained, enhanced, and verified by highly-skilled, experienced and trained personnel
Objectives of this session is to give you some keys practices/implementation to help you stay secure on Office 365
Financial services
firms worry about
customer fraud and
advanced attacks.
47%Financial services
Business services pros
want to use managed
security services.
11%Business services
The nonprofit/
government
sector prioritizes
authentication
concerns
9%Nonprofit / government
Healthcare firms
focus on patient data
protection.
8%Healthcare
Forrester’s Inquiry Spotlight: Security And Risk, Q3 2015 To Q3 2016, Stephanie Balaouras, Claire O'Malley with Laura Koetzle, Trevor Lyness, Peggy Dostie, December 27, 2016Based: 1,731 inquiries from Q3 2015 to Q3 2016
$4 M - IDC Ponemom Institute, Cost of a Data Breach Report (2016)
63% - Verizon 2016 Data Breach Report
80% - Stratecast, December 2016
33% - VansonBourne, February 2014
Technical Objectives
• Get in reliably
• Obtain data I am assigned or can sell
• Avoid detection
Specialization
• Exploiting Stolen Data
• Selling Stolen Data
• Selling Attack Tools
• Sell Access to environments
Motivations
• Money / Profit
• Message / Activism
• Mission / Nation State
Daily Considerations
• Build or buy my tools?
• What is the target worth?
• Try the easy things first
Stats:
• 82% of Successful
cyberattacks are from
Cybercriminals via:
• Phishing
• Network Scans
• Strategic web site
compromise
• 11% are from insiders
• 7% are nation statesSecureWorks 2016 via eWeek
Good to know:
• Attacks aren’t random
• Likely has attacked before
• Very expensive to react to –preventative much better than reactive
▶ Know you risks
▶ Know your user’s behaviour
▶ Know your environment
▶ Know you data
▶ Know your legal/financial requirements
▶ Confidentially
▶ Privacy
▶ Regulatory
▶ Review / Audit
▶Never ending story
Apps and Data
SaaS
Malware Protection Center Cyber Hunting Teams Security Response Center
DeviceInfrastructure
CERTs
Identity
INTELLIGENT SECURITY GRAPH
Cyber Defense
Operations Center
Digital Crimes Unit
Antivirus NetworkIndustry Partners
PaaS IaaS
Office 365 includes tools to discover your environment
▶ Office 365 Secure Score
▶ Helps to assess your security configuration
▶ Provides actions/recommendations
▶ Proactive vs reactive
▶ Compliance Center
▶ Provides regulatory documentation
▶ Security and regulations standards implemented
▶ Cloud App Security (EMS E5) / Advanced Security Management (E5)
▶ Discovers application used by user
▶ Cloud identity management is similar to On Premises identity management▶ Provisioning / Management / Termination
▶ Integrates with your On Premises directory▶ Use latest version of Azure AD Connect▶ Authenticate with your On Premises credentials (ADFS /
Password synch / Pass Through)▶ Grant permissions using groups not to individuals
▶ Enable self-service (password reset)▶ Identity sensitive users / roles▶ Enable MFA▶ Automate Office 365 role assignment / approval workflow▶ Separate “day to day” and admin accounts
One small mistake can
lead to attacker control
Attackers Can
• Steal any data
• Modify
documents
• Impersonate
users
• Disrupt business
operations
Active Directory and Administrators control all the assets
Your users’ productivity and security is more challenged than ever by different types of attacks.
80 Billion
Inbound Messages to Office365 in 1 month –only 31% core business
mails
55 Billion
Spam and Bulk mails that could have crowded users’
mailboxes
Malware 600%
Volume of malware targeting O365 has
increased 600% in the past year
▶ Exchange Online Protection
▶ Spam protection
▶ Spoofing protection (SPF / DKIM / DMARC)
▶ ‘light’ malware protection
▶ Advanced Threats Protection
▶URL rewriting
▶ Attachments analysis
▶ SharePoint Online / OneDrive
▶Device Access
▶ Free for individuals (recipient only)
▶ Azure Right Management Services (RMS) included with Office 365 E plans
▶ Can be automatically applied to SharePoint library and Exchange mails
▶ Azure Information Protection included with Azure Premium / EMS
▶ Allows tagging
▶ Both can protects data by embedding authorization
Netskope Cloud Report, Summer 2015
▶ 17.9% of files violate DLP Policy
▶ 22.2% are shared publicly
▶ Almost all data leakage occurs inadvertently
▶Define labels
▶ Create DLP rules
▶ Built in
▶ Custom
▶ Retention ensures conservation of data
▶ Applies to Exchange and SharePoint (including Office 365 groups)
▶Not only used for compliance but can be used for recovery
▶ 2 options▶ Access Control Policy (ADFS)▶ Conditional Access (Azure AD Premium)
▶ Access Control Policy▶ On Premises configuration▶ Built in and custom conditions▶ Not only applies to Office 365
▶ Conditional Access▶ Azure AD configuration / Intune▶ Can work in conjunction with Azure AD Identity Protection
(Azure Premium P2)▶ Conditions: group membership, location, device platform
and state
▶ First to discover
▶ Identity existing usage/gap
▶ Continuous activities review
▶ Identify potential malicious activities
▶ Validate/Review configuration (DLP)
▶ All activities are audited
▶ Security is specific to you
▶ Common patterns to everybody
▶Meet your specific needs
▶Manage your identity
▶ Be as ‘end-user’ friendly as possible
▶ Automation
▶ Self service
▶ Communicate / Instruct
▶ No exceptions
▶ There is always exception, but the less the better
▶ Restrict privileges
▶ Lower permissions as possible
▶ Elevate security requirements for sensitive role (MFA)
▶ Conditional access
▶ Monitor
▶ Be proactive
▶ Review activities
▶ Identify your data
Gold Silver Bronze
Room 1 Room 2 Room 3
1:00-2:00
MS Graph Building Data and
Intelligent AppsAshish Trivedi
Extranet for partner CollaborationAlpesh Nakar
Team Sites | Teams |
Groups | Yammer –
Untangling the
Collaboration WebRuss Norton
2:05-3:05
SharePoint Framework – Build
integrated user experiencesAnupam Ranku
9 Months of Fun with SharePoint in
Azure and Office365 Colin Philips
Top 10 Adoption TipsKirsty McGrath
3:10 -4:10
What the heck is GraphAPI and
why should I care?Steven Hosking
Automate Office 365Robert Crane
TBAAdam Cogan
Room 1 Room 2 Room 3
9:00 -10:00
Introduction to SharePoint
Framework (SPFx)Sezai Komur
From Cloud Productivity to
Enterprise Business AppIgor Jericevich
SharePoint Branding for
Non-BrandersColin Gardner
10:05-11:05
Mayhem and Mischief with the
Outlook and Microsoft Graph
APIsSimon Waight
Mind blown: the Dynamite
Dynamics 365 ExperienceRoger Carran
Who said you have to be
a Power-User to create
Dynamic Forms? Ishai Sagi
11:10-12:10
Event Driven Development in
Office 365Amr Found
Office 365 Security Best PracticesBenoit Hamet
Making your first app
with Power AppsHaylee Fox
▶ Office 365 Microsoft Trust Center
https://www.microsoft.com/en-us/trustcenter/cloudservices/office365
▶ Secure Store
https://securescore.office.com
▶ Security and Compliance Portal
https://protection.office.com
▶ Cloud App Security
https://portal.cloudappsecurity.com
▶ Azure Self Service Portal
https://account.activedirectory.windowsazure.com
▶ Azure AD Conditional Access
https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/Policies
▶ OneDrive Access Policy
https://admin.onedrive.com/?v=AccessPolicySettings
▶ Azure Privileged Identity Management
https://portal.azure.com/#blade/Microsoft_Azure_PIM/CommonMenuBlade/QuickStart
https://portal.azure.com/#blade/Microsoft_Azure_PIM/DirectoryRoleManagementMenuBlade/setting