Securing and maintaining a trustworthy Office 365 and Microsoft Azure deployment is not an easy task.
Join Jussi in his session where we’ll take a look into how you can secure and control your cloud-based servers and services, data and users using Azure Active Directory, Azure Security Center, Privileged Identity Management, and Advanced Security Management.
In addition, we’ll also take a look at how Operations Management Suite and Microsoft Advanced Threat Analytics can be used to provide better overall security for on-premises and hybrid deployments.
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Rencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
1. w: rencore.com | e: info@rencore.com | t: @rencoreab
Securing Office 365 and Microsoft Azure
like a Rockstar
Jussi Roine
April 27th, 2017
2. Matthias Einig
Microsoft MVP
CEO at Rencore
Jussi Roine
Microsoft MVP, Microsoft Regional Director, MCSM, MCT
CTO at Onsight, Helsinki
Our Guest
Your Host
3. rencore.com
Q&A
Please use the Q&A functionality in
Zoom instead of chat.
We will pick up some questions at
the end and answer the others in
the follow-up email.
FAQ:
Recording of this webinar?
Yes, the session is recorded and you
will get the recording later today.
4. Agenda
Security building blocks
The big picture
Azure Active Directory
Beyond basics
ASM, OMS, PIM, TI, CAS,
ASC and other acronyms
13. A starting point: ”We are in the cloud!”
This is the common, kind-of hybrid architecture model
Microsoft Azure
Office 365
Site-to Site
VPN
Azure AD Connect
ADFS
Proxy
On-premises
14. The heart of security: Azure Active Directory
The core of each Azure
subscription
You can have multiple AAD tenants
within the same Azure subscription
Managed through Azure Portal,
some tiny things are still only
available in the Classic Portal
It’s important to understand the
difference between AAD, AD and
AAD Connect (and AAD DS)
Identities, management and security
16. Azure Active Directory: Free, Basic, Premium
Feature AAD Free AAD Basic AAD Premium P1 AAD Premium P2
SSO support 10 apps/user 10 apps/user No limit No limit
Security reports 3 (basic) 3 (basic) Advanced Advanced
Self-Service password
reset
Multi-Factor
Authentication
Connect Health
Cloud App Discovery
Privileged Identity
Management
Identity Protection
Price Free! 0,85 €/user/month 5.06 €/user/month 7.59 €/user/month
A few highlighted features of AAD and a comparison between licenses
(cloud
users)
(cloud
users)
17. Security building blocks in Azure
Securing assets
Security Center
Role-Based Access Control
Key Vault
Microsoft anti-malware
Rights Management/Information
Protection
Cloud App Discovery
Infrastructure
Network Security Groups (NSG)
Site-to-Site VPN
Point-to-Site VPN
ExpressRoute
Network Security Appliances
Host-based firewalls
Azure Active Directory
Connect Health
Identity Protection
Privileged Identity Management
OMS Security & Audit
Multi-Factor Authentication
18. Azure Security Center
Central overview of security state of all Azure resources
Includes behavioral analytics and incident reporting
Standard license gives advanced threat detection & intelligence
Available as Free or Standard
19. Azure Monitor: inbuilt monitoring
Query against Azure backends to
see operations against services
Connect with
Log Analytics (for further analysis)
Power BI (for reports)
Application Insights (for wisdom)
Search, view and react to activities happening within Azure subscriptions
21. Secure Score on Office 365
Guidelines for user management, including MFA,
password resets etc.
Action list for things to fix, in order to achieve a
higher score
Max score is 344, Office 365 average is 29
Automated scan of your Office 365 subscription settings and general security
22. Securing Azure: Azure AD Connect Health
Monitors your AD FS, AD FS Proxy, AAD Domain
Services and AAD Connect status
Can alert you when things break down
Deploying is easy: install agents for AD FS, AAD
Connect and AD DS from Azure Portal
Requires AAD Premium – all users must be licensed
in the scope of AAD CH
Agent-based service to monitor your Azure AD synchronization health
23. Azure AD Identity Protection
Analyzes user sign-ins and associates risk
events
Ability to automatically flag suspicious
events
Can enforce additional policies if risk
factors seem high
Typically enforces MFA, or password reset
Also sends a weekly digest of findings
Monitoring for risk events, vulnerabilities and automatic policy changes
24. Azure AD Privileged Identity Management
Instead of granting permanent admin
privileges, PIM allows ad-hoc & just-in-
time admin roles
Central view & management for all admins
roles throughout Azure and Office 365
Admin roles become non-permanent
Duration can be set from 1 hour to 72 hours
Can enforce MFA during role grant
Just-in-time administration functionality for administrative roles
25. Operations Management Suite (OMS)
Azure OMS together with Log Analytics provides System
Center Operations Manager capabilities in the cloud
Gathers logs (also custom ones), configuration data,
update status, availability, backup info etc.
26. Operations Management Suite: Security & Audit
Provides management & monitoring capabilities for on-premises and cloud
resources for IT Pros
Includes support for Office 365 assets, AAD, networking, security updates
etc.
Data is collected through logs using a management agent
Allows for in-depth analysis of security events
Ability to export findings to Power BI for further drill-down and reporting
”System Center Ops Manager in the cloud” – easier, and more fun
27. Multi-Factor Authentication (MFA)
Enforces security beyond username and password
The user must possess something – typically a mobile device
Available as Office 365 MFA, Azure MFA for Admins and Azure MFA
Strong authentication for on-premises, hybrid & the cloud
Enables easy securing of VPNs, IIS web apps & Remote Desktop
Maybe not the most logical to set up..
Supports RADIUS so fairly easy to integrate with legacy systems ;)
Multi-Factor Authentication Server for on-premises
28. Cloud App Discovery
Install agents on workstations (and servers if needed)
Get data & findings on usage patterns
Based on reports, act accordingly
Finding unmanaged cloud applications through your users
29. Advanced Security Management (ASM)
Similar to OMS, but more directly aimed for Office 365 workloads
Records all activities of users, including external users
Supports on-premises edge router log analysis also!
Discover activity and incidents in Office 365
30. Threat Intelligence
Rollout in April, 2017 for Office 365 tenants
Provides insights and analysis based on evidence, act accordingly
Evidence-based knowledge on threats and actionable advice
31. Advanced Threat Analytics (ATA)
Captures all authentication
traffic to-and-from Domain
Controllers
Uses Machine Learning to
identify issues and
unauthorized usage
Fully automatic, install &
forget! Almost like SharePoint
;-)
Aggressive auditing and analytics for on-premises Active Directory requests
33. Enterprise Mobility + Security (EMS)
Used to be known as Enterprise Mobility Suite
A bundled collection of licenses for Azure-based services
Available as E3 and E5
(Source: Microsoft)
40. Recommendations
Follow current practices and patterns: http://onsig.ht/azuresecpnp
Adjust accordingly – balance between usability and
security
Azure Security Center holds your hand together with
OMS: Security & Audit
Get the book! http://onsig.ht/azuresecbook
And get the guidance! http://onsig.ht/perimeterbook
41. Recap
Deploy the free services
Azure Active Directory reporting
Azure Security Center
Operations Management Suite
Strongly consider upgrading your licenses
EM+S for AAD Premium offerings
Privileged Identity Management and Identity Protection
MFA for admins – preferrably also for users via conditional access
Azure AD Cloud App Discovery is great for initial auditing
Advanced Security Management is not cheap but gives great visibility for
external usage
43. Spencer Harbar
Microsoft MVP, MCSM, MCT
User Profile Synchronization with Identity
Manager and SharePoint Server 2016
rencore.com/media/webinar/Sign up now
Next Rencore Webinar
2017-05-17,10:00 AM (EDT) / 4:00 PM (CEST)
44. Thank you for attending!
The webinar recording will be sent to you later today.