Securing and maintaining a trustworthy Office 365 and Microsoft Azure deployment is not an easy task. Join Jussi in his session where we’ll take a look into how you can secure and control your cloud-based servers and services, data and users using Azure Active Directory, Azure Security Center, Privileged Identity Management, and Advanced Security Management. In addition, we’ll also take a look at how Operations Management Suite and Microsoft Advanced Threat Analytics can be used to provide better overall security for on-premises and hybrid deployments.

1. w: rencore.com | e: info@rencore.com | t: @rencoreab
Securing Office 365 and Microsoft Azure
like a Rockstar
Jussi Roine
April 27th, 2017

2. Matthias Einig
Microsoft MVP
CEO at Rencore
Jussi Roine
Microsoft MVP, Microsoft Regional Director, MCSM, MCT
CTO at Onsight, Helsinki
Our Guest
Your Host

3. rencore.com
Q&A
Please use the Q&A functionality in
Zoom instead of chat.
We will pick up some questions at
the end and answer the others in
the follow-up email.
FAQ:
Recording of this webinar?
Yes, the session is recorded and you
will get the recording later today.

4. Agenda
Security building blocks
 The big picture
 Azure Active Directory
Beyond basics
 ASM, OMS, PIM, TI, CAS,
ASC and other acronyms

7. Office 365: Core services

8. Office 365: All major services

9. Office 365: Additional services

10. Office 365: With Azure-related services
MFA
Stream
OMS
Azure AD

12. Wait, what?
Do I have to manage all these
AND on-premises too?

13. A starting point: ”We are in the cloud!”
This is the common, kind-of hybrid architecture model
Microsoft Azure
Office 365
Site-to Site
VPN
Azure AD Connect
ADFS
Proxy
On-premises

14. The heart of security: Azure Active Directory
 The core of each Azure
subscription
 You can have multiple AAD tenants
within the same Azure subscription
 Managed through Azure Portal,
some tiny things are still only
available in the Classic Portal
 It’s important to understand the
difference between AAD, AD and
AAD Connect (and AAD DS)
Identities, management and security

15. Your mission
Protect the identities – it is the new perimeter!

16. Azure Active Directory: Free, Basic, Premium
Feature AAD Free AAD Basic AAD Premium P1 AAD Premium P2
SSO support 10 apps/user 10 apps/user No limit No limit
Security reports 3 (basic) 3 (basic) Advanced Advanced
Self-Service password
reset
Multi-Factor
Authentication
Connect Health
Cloud App Discovery
Privileged Identity
Management
Identity Protection
Price Free! 0,85 €/user/month 5.06 €/user/month 7.59 €/user/month
A few highlighted features of AAD and a comparison between licenses
(cloud
users)
(cloud
users)

17. Security building blocks in Azure
Securing assets
Security Center
Role-Based Access Control
Key Vault
Microsoft anti-malware
Rights Management/Information
Protection
Cloud App Discovery
Infrastructure
Network Security Groups (NSG)
Site-to-Site VPN
Point-to-Site VPN
ExpressRoute
Network Security Appliances
Host-based firewalls
Azure Active Directory
Connect Health
Identity Protection
Privileged Identity Management
OMS Security & Audit
Multi-Factor Authentication

18. Azure Security Center
 Central overview of security state of all Azure resources
 Includes behavioral analytics and incident reporting
 Standard license gives advanced threat detection & intelligence
Available as Free or Standard

19. Azure Monitor: inbuilt monitoring
 Query against Azure backends to
see operations against services
 Connect with
 Log Analytics (for further analysis)
 Power BI (for reports)
 Application Insights (for wisdom)
Search, view and react to activities happening within Azure subscriptions

20. Beyond basics

21. Secure Score on Office 365
 Guidelines for user management, including MFA,
password resets etc.
 Action list for things to fix, in order to achieve a
higher score
 Max score is 344, Office 365 average is 29 
Automated scan of your Office 365 subscription settings and general security

22. Securing Azure: Azure AD Connect Health
 Monitors your AD FS, AD FS Proxy, AAD Domain
Services and AAD Connect status
 Can alert you when things break down
 Deploying is easy: install agents for AD FS, AAD
Connect and AD DS from Azure Portal
 Requires AAD Premium – all users must be licensed
in the scope of AAD CH
Agent-based service to monitor your Azure AD synchronization health

23. Azure AD Identity Protection
 Analyzes user sign-ins and associates risk
events
 Ability to automatically flag suspicious
events
 Can enforce additional policies if risk
factors seem high
 Typically enforces MFA, or password reset
 Also sends a weekly digest of findings
Monitoring for risk events, vulnerabilities and automatic policy changes

24. Azure AD Privileged Identity Management
 Instead of granting permanent admin
privileges, PIM allows ad-hoc & just-in-
time admin roles
 Central view & management for all admins
roles throughout Azure and Office 365
 Admin roles become non-permanent
 Duration can be set from 1 hour to 72 hours
 Can enforce MFA during role grant
Just-in-time administration functionality for administrative roles

25. Operations Management Suite (OMS)
 Azure OMS together with Log Analytics provides System
Center Operations Manager capabilities in the cloud
 Gathers logs (also custom ones), configuration data,
update status, availability, backup info etc.

26. Operations Management Suite: Security & Audit
 Provides management & monitoring capabilities for on-premises and cloud
resources for IT Pros
 Includes support for Office 365 assets, AAD, networking, security updates
etc.
 Data is collected through logs using a management agent
 Allows for in-depth analysis of security events
 Ability to export findings to Power BI for further drill-down and reporting
”System Center Ops Manager in the cloud” – easier, and more fun

27. Multi-Factor Authentication (MFA)
 Enforces security beyond username and password
 The user must possess something – typically a mobile device
 Available as Office 365 MFA, Azure MFA for Admins and Azure MFA
Strong authentication for on-premises, hybrid & the cloud
 Enables easy securing of VPNs, IIS web apps & Remote Desktop
 Maybe not the most logical to set up..
 Supports RADIUS so fairly easy to integrate with legacy systems ;)
Multi-Factor Authentication Server for on-premises

28. Cloud App Discovery
 Install agents on workstations (and servers if needed)
 Get data & findings on usage patterns
 Based on reports, act accordingly
Finding unmanaged cloud applications through your users

29. Advanced Security Management (ASM)
 Similar to OMS, but more directly aimed for Office 365 workloads
 Records all activities of users, including external users
 Supports on-premises edge router log analysis also!
Discover activity and incidents in Office 365

30. Threat Intelligence
 Rollout in April, 2017 for Office 365 tenants
 Provides insights and analysis based on evidence, act accordingly
Evidence-based knowledge on threats and actionable advice

31. Advanced Threat Analytics (ATA)
 Captures all authentication
traffic to-and-from Domain
Controllers
 Uses Machine Learning to
identify issues and
unauthorized usage
 Fully automatic, install &
forget! Almost like SharePoint
;-)
Aggressive auditing and analytics for on-premises Active Directory requests

32. Demo
How it all fits together

33. Enterprise Mobility + Security (EMS)
Used to be known as Enterprise Mobility Suite
 A bundled collection of licenses for Azure-based services
 Available as E3 and E5
(Source: Microsoft)

34. Don’t worry, security will keep you busy

35. Don’t worry, security will keep you busy

36. Don’t worry, security will keep you busy

37. Don’t worry, security will keep you busy

38. Don’t worry, security will keep you busy

39. Don’t worry, security will keep you busy

40. Recommendations
Follow current practices and patterns: http://onsig.ht/azuresecpnp
 Adjust accordingly – balance between usability and
security
 Azure Security Center holds your hand together with
OMS: Security & Audit
 Get the book! http://onsig.ht/azuresecbook
 And get the guidance! http://onsig.ht/perimeterbook

41. Recap
Deploy the free services
 Azure Active Directory reporting
 Azure Security Center
 Operations Management Suite
Strongly consider upgrading your licenses
 EM+S for AAD Premium offerings
 Privileged Identity Management and Identity Protection
 MFA for admins – preferrably also for users via conditional access
 Azure AD Cloud App Discovery is great for initial auditing
 Advanced Security Management is not cheap but gives great visibility for
external usage

42. Q&A

43. Spencer Harbar
Microsoft MVP, MCSM, MCT
User Profile Synchronization with Identity
Manager and SharePoint Server 2016
 rencore.com/media/webinar/Sign up now
Next Rencore Webinar
2017-05-17,10:00 AM (EDT) / 4:00 PM (CEST)

44. Thank you for attending!
The webinar recording will be sent to you later today.