Microsoft 365 Enterprise Security with E5 Overview

Vice President and General Manager, Digital Business Solutions at Razor Technology um David J Rosenthal
25. Oct 2019

Más contenido relacionado

Similar a Microsoft 365 Enterprise Security with E5 Overview(20)


Microsoft 365 Enterprise Security with E5 Overview

  1. Security through simplicity Microsoft 365 Enterprise E5 security overview David J. Rosenthal Vice President, Digital Business Microsoft Technology Center, New York City October 24, 2019
  2. TECHNOLOGY HAS CHANGED THE WAY WE DO BUSINESS. PROTECTING COMPANY ASSETS REQUIRES A NEW APPROACH. of the world’s data has been created in the last two years IBM Marketing Cloud, “10 Key Marketing Trends For 2017” 90% cloud apps in the avg. large enterprise, 61% is shadow IT. Microsoft 2018 1,181of hacking breaches leverage stolen/ weak passwords Verizon 2017 Data Breach Investigation Report 81% The intelligent, connected cloud introduces both opportunity and risk
  3. Complexity is the enemy of intelligent security $1.37M On average that an organization spends annually in time wasted responding to erroneous malware alerts 1.87M Global cybersecurity workforce shortage by 2022 70 35Security products Security vendors Is the average for companies with over 1,000 employees Global Information Security Workforce Study 2017Nick McQuire, VP Enterprise Research CCS Insight. “The Cost of Insecure Endpoints” Ponemon Institute© Research Report, June 2017
  4. Cloud Redefines Security Responsibilities
  5. $$ Customer Security landscape
  6. Complex and expensive integration Constant training on new tools Too many alerts to handle Gaps in visibility The ‘best-of-breed’ model is broken
  7. The security paradigm needs to change.
  8. Native capabilities provide simplicity Fewer vendors and products to manage Less end-user friction and resistance Lower integration costs Reduced blindspots “If you make security hard, people may work around it. With Microsoft 365, we get native capabilities, visibility into our operational environment, and simplicity for all employees.” Simon Hodgkinson Group Chief Information Security Officer BP, United Kingdom
  9. Securing the enterprise with Microsoft 365
  10. Threat Protection Information Protection Security Management Optimize with security insights and configuration tools Correlate threat information and automatically respond Data is your most important company asset Identity & Access Management
  11. Secure identities to reach zero trust Strengthen your security posture with insights and guidance Help stop damaging attacks with integrated and automated security Protect sensitive information anywhere it lives Threat Protection Identity & Access Management Information Protection Security Management Intelligent security for the modern workplace Microsoft 365 unifies enterprise security and user productivity Holistic security across your digital landscape
  12. For enterprise customers that embrace Microsoft productivity tools, significant gains can be realized in security
  13. Placeholder for overview video
  14. Microsoft 365 Enterprise E5 value Adds incremental value to Microsoft 365 E3 across these solution areas Microsoft Internal Use Only Brings together information protection & advanced compliance capabilities to protect and govern data while reducing risk Compliance Adds audio conferencing and calling capabilities in the cloud to enable your teams Meetings & Calling Adds Power BI capabilities that help you realize significant business value from your data Analytics Extends identity and threat protection to help stop damaging attacks with integrated and automated security Security Microsoft 365 E5
  15. Productivity, Creativity and Teamwork solutions Analytics Office Applications Outlook/ Exchange Microsoft Teams Skype for Business Delve Azure Active Directory P2 Windows Defender Advanced Threat Protection Office 365 Advanced Threat Protection P1 & P2 Azure Advanced Threat Protection Microsoft Cloud App Security Azure Information Protection P2 Office 365 Cloud App Security Advanced eDiscovery Customer Lockbox Advanced Data Governance Skype Audio Conferencing Phone System Power BI Pro, MyAnalytics Microsoft 365 Enterprise E5 (includes E3 solutions) E3 E5 Microsoft 365 Enterprise E5 Azure Active Directory P1 Windows Hello Credential Guard Microsoft Advanced Threat Analytics Windows Defender Antivirus Azure Information Protection P1 Office 365 Data Loss Prevention Windows Information Protection BitLocker eDiscovery Compliance Security
  16. Why Microsoft 365 security?
  17. Why Microsoft 365 E5? Provides unmatched depth and breadth in enterprise security signals Prioritizes user productivity alongside security Products are designed to work better together Automates routine tasks to speed up incident response Secures more than just Microsoft products Reduces Total Cost of Ownership (TCO)
  18. Why Microsoft 365 E5? Provides unmatched depth and breadth in enterprise security signals Prioritizes user productivity alongside security Products are designed to work better together Automates routine tasks to speed up incident response Secures more than just Microsoft products Reduces Total Cost of Ownership (TCO)
  19. Microsoft Intelligent Security Graph
  20. Why Microsoft 365 E5? Provides unmatched depth and breadth in enterprise security signals Prioritizes user productivity alongside security Integrates products to work better together Automates routine tasks to speed up incident response Secures more than just Microsoft products Reduces Total Cost of Ownership (TCO)
  21. Getting to a world without passwords High security, convenient methods of strong authentication Windows Hello Microsoft Authenticator FIDO2 Security Keys
  22. Corporate Network Geo-location Microsoft Cloud App SecurityMacOS Android iOS Windows Windows Defender ATP Client apps Browser apps Google ID MSA Azure AD ADFS Require MFA Allow/block access Block legacy authentication Force password reset ****** Limited access Controls Employee & Partner Users and Roles Trusted & Compliant Devices Physical & Virtual Location Client apps & Auth Method Conditions Machine learning Policies Real time Evaluation Engine Session Risk 3 40TB Effective policy Conditional Access
  23. Holistic Identity Protection Azure Active Directory Proactively identifies suspicious login attempts and challenges them with MFA Microsoft Cloud App Security Detects anomalous behavior and reduces threats by limiting access to data and applications Microsoft Intelligent Security Graph Azure Advanced Threat Protection Recognizes compromised accounts and lateral movement, alerts you, and visualizes the attack timeline SCENARIO: A third-party site is hacked and user credentials are exposed on the dark web.
  24. Attachment opened Integration + Automation Malware infects PC ! Windows Defender ATP removes malware Remediate infected end-points Search companywide email and remove attachment from affected mailboxes Phishing mail Intelligent Security Graph Shared security signals Personal email SCENARIO: Malware gets onto a work PC through a personal email inbox. Windows Defender ATP Office 365 ATP Infection detected Block the attachment from future attacks
  25. Malicious emails found User anomalies suggest identity compromise Threat signal shared with WDATP for auto remediation Automatic remediation actions complete Because Minutes Matter
  26. Browse to a website Phishing mail Open attachment Click a URL Exploitation & Installation Command & Control User account is compromised Brute force account or use stolen account credentials Attacker attempts lateral movement Privileged account compromised Domain compromised Attacker accesses sensitive data Exfiltrate data Azure AD Identity Protection Identity protection & conditional access Microsoft Cloud App Security Extends protection & conditional access to other cloud appsProtection across the attack kill chain Office 365 ATP Malware detection, safe links, and safe attachments Windows Defender ATP Endpoint Detection and Response (EDR) & End-point Protection (EPP) Azure ATP Identity protection Attacker collects reconnaissance & configuration data
  27. DEVICES ON P REMISES CLOUD & SaaS AP P S Wherever it lives or travels Protect sensitive information • Discover sensitive data across apps, cloud, on-premises and endpoints • Classify documents and apply persistent sensitivity labels • Prevent unauthorized sharing or unsafe storage with encryption and rights- restrictions • Apply DLP actions based on classification labels, such as block sharing
  28. Labels are easy for users to see and understand Label is metadata written to data, so it is persistent and readable by other systems e.g. DLP engine Sensitive data is automatically detected Classify & label sensitive company data Automatically discover personal data and apply persistent labels
  29. Detect content in cloud storage services • Inspect files for sensitive information – based on policy • Discover sensitive data across 3rd party clouds like SalesForce, Box, Dropbox and others. Apply classification labels & protection Automatically apply labels defined in Microsoft Information Protection to sensitive files discovered in cloud apps Automatically classify, label & protect files in cloud apps
  30. Scan for sensitive files on-premises Manage sensitive data prior to migrating to Office 365 or other cloud services • Use discover mode to identify and report on files containing sensitive data • Use enforce mode to automatically classify, label and protect files with sensitive data • Can be configured to scan: • CIFS file shares • SharePoint Server 2016 • SharePoint Server 2013
  31. Meet data privacy requirements • Discover compliance-related sensitive data across locations, including on-premises • GDPR-specific sensitive information types helps protect personal data in EU countries • Assess whether your cloud apps are GDPR compliant • Gain visibility into classification, labeling and protection of personal data (including endpoints, locations, users) • Guide end-users when working with personal data – with policy tips and recommendations
  32. • Dedicated security workspace for security administration and operations teams • Centralized visibility, control and guidance across Microsoft 365 security • Actionable insights help security administrators assess historic and current security postures • Centralized alerts and tools help security operations better manage incident response Centralized security management Microsoft 365 Security Center
  33. • Quantifiable measurement of your security posture • Visibility across all of Microsoft 365 security services and managed entities (e.g.: Identities, Endpoints, etc) • Board-level trend report to shows security ROI • Benchmarks for industry and size • Recommendations for improving your score Improve your security posture Microsoft Secure Score
  34. Insights and recommendations • Learn about the latest threats as they emerge in the threat landscape • Determine your endpoints exposure to the latest threats • Identify recommended mitigations and actions • Prioritize your next steps
  35. Teaming up with our security partners to build an ecosystem of intelligent security solutions that better defend against a world of increased threats Integration with the security tools you already have Microsoft Intelligent Security Association
  36. Why Microsoft 365 E5? Provides unmatched depth and breadth in enterprise security signals Prioritizes user productivity alongside security Products are designed to work better together Automates routine tasks to speed up incident response Secures more than just Microsoft products Reduces Total Cost of Ownership (TCO)
  37. Microsoft 365 secures more than just Microsoft products • Single sign on for thousands of applications, use Azure Multi-Factor Authentication or your current MFA solution • Monitors and protects how your data is accessed in real- time across your non-Microsoft cloud apps and services • Integrates with your current Data Loss Prevention solution • Maintains data classification and protection when emails or documents travel to non-Microsoft platforms • Protects emails and files on any device (Windows, Mac, iOS, Android, or Android Enterprise) • Extends Microsoft data labels and protections to any non- Microsoft or internally-developed solution • Integrates security signals from Microsoft’s Intelligent Security Graph into your SIEM • Protects workloads running in the cloud, for both Windows and Linux
  38. Why Microsoft 365 E5? Provides unmatched depth and breadth in enterprise security signals Prioritizes user productivity alongside security Products are designed to work better together Automates routine tasks to speed up incident response Secures more than just Microsoft products Reduces Total Cost of Ownership (TCO)
  39. Workers gained Microsoft 365 Enterprise E5 – by the numbers Productivity in end user data breaches ($3.3M PV saved in remediation and other related costs) EXAMPLE: 5,000 users, 3 yrs 101% ROI NPV = $23.5M, $4,696/ user 10.25% reduced TCO 11.3 months faster adoption as a unified solution 10-15% across-the-board productivity improvement Forrester Total Economic Impact™ (TEI) Achieving Digital Business Transformation With Microsoft 365 Enterprise E5: A Total Economic Impact Analysis, September 2017 accessing systems and information 22minutes per day from increased collaboration and information sharing Security 24minutes per day Highly mobile workers saved from reducing 3rd-party security solutions 55.3% Reduction $442,467PV total savings
  40. Recap The cloud continues to change security ‘Best of platform’ approach reduces complexity Integration and automation at-scale put Microsoft ahead of the market Microsoft 365 secures non-Microsoft products and plays well with the security tools you love
  41. I need to be compliant with data protection regulations, like GDPR. How can Microsoft help me discover, classify and protect my sensitive data? How do I find and manage shadow IT and rogue devices, and put in place policies to ensure we remain compliant and secure? If a user gets compromised, how can I configure security policies that automatically enforce additional layers of authentication to keep my organization safe? Microsoft 365 addresses real-world security challenges I have solutions from many vendors in my enterprise IT environment, how can Microsoft help me secure our entire digital landscape? Eventually, we will experience a breach. How can Microsoft help me detect it and respond fast to limit damage? How can Microsoft help me understand my security posture and get recommendations on how to improve it?
  42. Contact Information © 2019 Razor Technology David Rosenthal VP & General Manager Digital Business @DavidJRosenthal SlideShare Blog: 5 Tower Bridge 300 Barr Harbor Dr., Suite 705 West Conshohocken, PA 19428 Cell: 215.801.4430 Office: 866.RZR.DATA LETS KEEP IN TOUCH 43
  43. Appendix
  44. Security operations that work for you Partnerships for a heterogeneous worldEnterprise-class intelligent security
  45. “We chose Microsoft 365 Enterprise E5 because of its components’ tight integration, intuitive user experiences, and the strong Microsoft cloud roadmap and commitment to security. We also find it easy to attach best-of-breed security add-ins where we like. Perhaps most important, we use the native security capabilities in Microsoft 365 to reduce complexity and streamline processes.” Simon Hodgkinson Group Chief Information Security Officer, BP UK
  46. “Given our strategy to digitally transform using native technologies underpinned by secure platforms, we recognized that we needed to take the best of all Microsoft products, which are combined in Microsoft 365 Enterprise E5.” Simon Hodgkinson Group Chief Information Security Officer, BP UK
  47. “As we see the security landscape evolving with more sophisticated attacks, we trust Microsoft to stay ahead of the latest threats to protect our network and our data.” Chris Krebs Chief Information Officer Fruit of the Loom
  48. “Using Cloud App Security as a magnifying glass, we gain amazing visibility into our SaaS environment. Cloud App Security works with Azure Information Protection to alert us if someone is trying to share sensitive data. Our vision is to use Cloud App Security together with the Azure conditional access policies that we have already defined, such as for our SuccessFactors app.” Muhammad Yasir Khan Head of IT Infrastructure Nakilat, Qatar Gas Transport
  49. “With Azure Active Directory, we can set policies that treat employees outside the office more strictly than those inside it and that prompt for Multi-Factor Authentication on unmanaged devices or for certain applications. With Microsoft 365, we no longer have to choose between mobility and security— we have both.” Bryan Ackermann Chief Information Officer Korn Ferry, United States
  50. “We set Azure Information Protection so that when you click ‘confidential,’ the file will be encrypted automatically and access will be restricted to designated users—even if you accidentally send it to the wrong person.” Erlend Skuterud Chief Information Security Officer Yara, Norway
  51. “We’re using Azure AD to give each of our 20,000 employees one identity and one password, which lets us provide simple, safeguarded access to network assets across business units. We’ve used Azure to change the culture at Hearst— we’re getting people to look ahead and see IT as an enabler, not a barrier.” Chris Suozzi Director of Cloud Programs Hearst Communications
  52. “Teams across different divisions and different countries can now easily build and safely store and share documents. In the past, there was nothing comparable.” Conor O’Halloran Head of Identity Management Merck KGaA, Darmstadt, Germany
  53. “Today, we trust EMS and Surface devices running Windows 10 as a highly reliable platform that protects our data—such as the proprietary running shoe designs that make our name—in a mobile environment.” Edwin Idema IT Manager, EMEA Asics
  54. “The biggest advantage of Windows Defender ATP over any other endpoint protection software is that it’s already part of the operating system and not a third- party add-in.” Itzik Menashe VP IT and Information Security Telit, United Kingdom
  55. “I can take numbers and actions from Secure Score to management to explain what we’re going to do next and how that will improve our level of protection. It helps us keep on top of security.” Itzik Menashe VP IT and Information Security Telit, United Kingdom
  56. The security perimeter has changed devices datausers apps On-premises & Web apps
  57. On-premises & Web apps
  58. Data center security Data loss prevention Compliance tools Anomaly detection Security management Information rights management Email security Threat detection Hybrid cloud security The security market is segmented and confusing
  59. How do you balance security and productivity? Built-in, native security for your platform, devices, and productivity tools. ? A
  60. Jason’s Deli January 11, 2018 As many as 2 million payment cards were stolen and sold on the dark web. FedEx February 15, 2018 Personal information was found on an unsecure cloud storage server. Under Armour March 29, 2018 An unauthorized party acquired data from 150 million cloud app users. Saks Fifth Avenue April 1, 2018 Hackers stole 5 million credit and debit cards and sold them on the dark web. Real life data breaches
  61. Realities of digital transformation
  62. of companies have embraced the cloud (1.88B) of the global workforce will be mobile by 2023 of European companies say they are GDPR compliant of successful enterprise attacks will be on Shadow IT resources by 2020 96% 43% 1/3 Only 26% The intelligent, connected cloud introduces both opportunity and risk Technology has changed the way enterprises conduct business… …requiring a new approach to protecting company assets 2018 State of the Cloud Survey (Rightside) Global Mobile Workforce Forecast Update 2017-2023, Strategy Analytics How to eliminate enterprise shadow IT, Gartner, April 11, 2017 “The State of GDPR Readiness: GDPR Readiness Progresses, But Strategies Depend Too Heavily on IT” Forrester, January, 2018
  63. complexity Lack of specific recommendations on how to improve security posture Too much time spent managing security vendors Too many alerts to investigate Learning how to configure and manage disparate security solutions slows deployment Integration is time-consuming and increases total cost of ownership User productivity is compromised for the sake of security, resulting in users bypassing security measures
  64. Microsoft 365 Enterprise E5 security products
  65. Security solutions in Microsoft 365 Enterprise E5 Azure Active Directory Microsoft Cloud App Security Windows Hello Windows Credential Guard Microsoft 365 Security Center Microsoft Secure Score Microsoft Cloud App Security Azure Advanced Threat Protection Windows Defender Advanced Threat Protection Office 365 Advanced Threat Protection Microsoft Cloud App Security Azure Information Protection Office 365 Data Loss Prevention Microsoft Cloud App Security Windows Information Protection Microsoft Intune BitLocker Threat Protection Identity & Access Management Information Protection Security Management
  66. Identity & Access Management Threat Protection Security Management Information Protection Secure Email Gateway Endpoint Detection and Response (EDR) Endpoint Protection (EPP) Anti-phishing Anti-virus/ Anti-malware User and Entity Behavior Analytics (UEBA) Anomaly Detection Threat Intelligence Feeds Remote Browser Intrusion Detection System (IDS) Intrusion Prevention System (IPS) Host intrusion prevention system (HIPS) Host Firewall Security Scoring Reporting Secrets Management Database Security Encrypted Cloud Storage Back Up Disaster Recovery Virtual Private Networks (VPN) IoT Protection Cloud Workload Protection DDoS Protection Incident Response Services Asset Discovery Pen Testing/ Risk Assessment Vulnerability Assessment Web Application Testing Managed detection and response (MDR) SOC Security training SIEM (SIM/ SEM/ Log management) Incident Ticket System Network Firewall Mobile Threat Detection tools Cross-platform endpoint protection Single Sign-on (SSO) Multi-Factor Authentication (MFA) Access Control Privileged Access Management (PAM) Data Loss Prevention (DLP) Data Encryption Information Protection Data Classification Data Governance Cloud Access Security Broker (CASB) Key Management Mobile Application Management Cloud-based Management Security categories M365 Enterprise E5 covers Security categories other Microsoft solutions cover What Microsoft Services/ MSSPs/ ISVs cover What Microsoft integrates with What Microsoft doesn’t do Network traffic analysis (NTA) Container Security* Anti-tamper software* Deception Web content filtering
  67. Microsoft Cloud App Security Discovers cloud app being used in your enterprise, identifies and combats cyberthreats and enables you to control how your data travels Azure Information Protection P2 Protects sensitive enterprise data, even when it travels outside of your organization Windows Defender Advanced Threat Protection A unified endpoint security platform that protects against advanced attacks and automatically investigates and remediates evolving threats Azure ATP Detect and investigate advanced attacks on-premises and in the cloud Azure Active Directory P2 Identity & Access Management that is automated across your entire digital footprint Office 365 Advanced Threat Protection P1 Protects your email, files and online storage against unknown and sophisticated attacks Security Office 365 Advanced Threat Protection P2 Research threats, track phishing or malware campaigns aimed at your users, and search for threat indicators from user reports and other intelligence sources MICROSOFT 365 E5 SECURITY PRODUCT SUITE E5 My Analytics Customer Lockbox Power BI Pro Audio Conferencing, Phone System Advanced Data GovernanceCompliance Analytics Voice Advanced eDiscovery
  68. Threat protection gain insight from the trillions of security-related signals on the Intelligent Security Graph from across the global Microsoft ecosystem. Standard integration capabilities connect to your other security tools (3rd party or homegrown). Security capabilities extend beyond Microsoft to secure 3rd party platforms, apps, and services. Intelligent, adaptive security gives users more freedom in how they work, from anywhere on any device. Native security capabilities reduce complexity and shorten deployment times. Individual products are purpose-built to integrate, which decreases TCO. A security platform approach that can reduce the number of vendors you manage. Microsoft 365
  69. Speed up investigations by mapping lateral movement, providing evidence to support alerts and making recommendations for remediation and improved security. Proactively protect against threats with advanced hunting queries and education for end users that simulates phish/malware attacks. Automate security to detect threats and correlates alerts to identify a specific attack vector, investigates and remediates threats, reauthenticates high-risk users, and takes action to limit access to data. Discover shadow IT so it can be secured and managed, reducing your exposure to data leakage and finding threats with machine learning, like behavior-based anomalies. Control access to sensitive data, even when it’s shared outside of your organization or accessed via a 3rd party application. Automatically change what level of access is allowed and how users authenticate based on ML that detects risk, like impossible travel, an infected device, or compromised credentials.
  70. Eliminate passwords by using biometrics or pins. A single solution that can protect identity across on premises and cloud directories. Discover, restrict, and monitor privileged identities and their access to resources. Discover 3rd party cloud apps that are in use and assess their risk, so you can sanction or block the application. Alert me when a user's credentials are for sale on the dark web and elevate their user risk level. If a user’s identity or device becomes compromised, automatically block/limit access, or require MFA. Secure identities to reach zero trust
  71. Teach users to guard against email phishing by simulating an attack in a safe environment. Reduce false positives by contextually aggregating alerts together to identify a specific attack vector. Detect anomalies and suspicious behavior without needing to create and fine tune rules. After a threat is remediated, share signals to trigger protection for all email and devices, companywide. Detect and remove ransomware, then recover my files. Advanced email protection against phishing attempts, and unknown (zero day) threats. Automatically investigate endpoint alerts and remediate threats, removing them from all impacted machines. Detect attacks across both on-premises and cloud signals. Help stop damaging attacks with integrated and automated security Threat Protection
  72. Grant select partners and customers access rights to sensitive information. Scan historical on-premises data files for potentially sensitive information before you move to the cloud. Protect sensitive data when it travels outside of your organization via email, USB, or a 3rd party SaaS app. Identify potentially sensitive information, like credit card or bank routing numbers, and automatically apply a sensitivity label and protection to the file. Automatically apply data protection policies if a user's access to that data changes, the user becomes compromised or the data reaches a certain age. Protect sensitive information anywhere it lives Detect and protect sensitive data that falls under compliance regulations, such as GDPR.
  73. Incident and event forensic reporting.Detailed reports on the latest threats, so you can answer questions, like "How well am I protected against the latest threats?" Recommended actions you can take to improve your security posture. Benchmark your security against companies in your industry or of similar size. A quantifiable measurement of your security posture. Strengthen your security posture with holistic visibility, control and guidance
  74. Features P1 Directory Objects1 No Object Limit User/Group Management (add/update/delete). User-based provisioning, Device registration Available Single Sign-On (SSO). Free, basic tiers + self-service app integration templates5 No Limit B2B Collaboration7 Available Self-Service Password Change for cloud users Available Connect (Sync engine that extends on-premises directories to Azure Active Directory) Available Security/Usage Reports Advanced Reports Group-based access management/provisioning Available Self-Service Password Reset for cloud users Available Company Branding (Logon Pages/Access Panel customization) Available Application Proxy Available SLA Available Premium Features Advanced group features8 Available Self-Service Password Reset/Change/Unlock with on-premises writeback Available Device objects 2-way sync between on-premises directories and Azure AD (Device write-back) Available Multi-Factor Authentication (Cloud and On-premises (MFA Server)) Available Microsoft Identity Manager user CAL4 Available Cloud App Discovery9 Available Connect Health6 Available Automatic password rollover for group accounts Available Conditional Access based on group and location Available Conditional Access based on device state (Allow access from managed devices) Available 3rd party identity governance partners integration Available Terms of Use Available SharePoint Limited Access Available OneDrive for Business Limited Access Available 3rd party MFA partner integration Preview Available Microsoft Cloud App Security integration Available Identity Protection • Detecting vulnerabilities and risky accounts: • Providing custom recommendations to improve overall security posture by highlighting vulnerabilities • Calculating sign-in risk levels • Calculating user risk levels • Investigating risk events: • Sending notifications for risk events • Investigating risk events using relevant and contextual information • Providing basic workflows to track investigations • Providing easy access to remediation actions such as password reset • Risk-based conditional access policies: • Policy to mitigate risky sign-ins by blocking sign-ins or requiring multi-factor authentication challenges • Policy to block or secure risky user accounts • Policy to require users to register for multi-factor authentication Advanced Identity Governance • Privileged Identity Management (PIM) • Access Reviews Only in Azure AD P2 What is the difference between Azure AD P1 & P2?
  75. Features P1 Azure Information Protection content consumption by using work or school accounts from AIP policy-aware apps and services Available Protection for Microsoft Exchange Online, Microsoft SharePoint Online, and Microsoft OneDrive for Business content Available Bring Your Own Key (BYOK) for customer-managed key provisioning life cycle2 Available Custom templates, including departmental templates Available Protection for on-premises Exchange and SharePoint content via Rights Management connector Available Azure Information Protection software developer kit for protection for all platforms including Windows, Windows Mobile, iOS, Mac OSX, and Android Available Protection for non-Microsoft Office file formats, including PTXT, PJPG, and PFILE (generic protection) Available Azure Information Protection content creation by using work or school accounts Available Office 365 Message Encryption Available Administrative control3 Available Manual, default, and mandatory document classification Available Azure Information Protection scanner for content discovery of on-premises files matching any of the sensitive information types Available Azure Information Protection scanner to apply a label to all files in an on-premises file server or repository Available Rights Management connector with on-premises Windows Server file shares by using the File Classification Infrastructure (FCI) connector Available Document tracking and revocation Available • Configure conditions for automatic and recommended classification • Azure Information Protection scanner for automated classification, labeling, and protection of supported on-premises files • Hold Your Own Key (HYOK) that spans Azure Information Protection and Active Directory (AD) Rights Management for highly regulated scenarios Only in AIP P2 What is the difference between AIP P1 & P2?
  76. Features P1 Safe Attachments Available Safe Links Available Anti-Phishing Policies Available Safe Attachments in SharePoint, OneDrive and Teams Available Safe Links in Teams Available Real-time reports Available • Threat tracker • Explorer (Advanced threat investigation) • Automated investigation and response • Attack simulator Only in Office 365 ATP P2 What is the difference between Office 365 ATP P1 & P2?
  77. Mac (3rd party) Android, iOS (3rd party) Linux (3rd party) Windows Defender ATP • Windows Defender ATP integrates with leading EDR/ EPP providers for cross platform support • These 3rd party solutions forward all events, alerts into the Windows Defender ATP console making it the centralized console for most of sec admin’s day to day work • Configuration of the 3rd party solution’s client is still handled in the 3rd party's product but that is often a one-time thing. Their client may be deployed via Intune or SCCM or the 3rd party solution itself • If an alert shows up in Windows Defender ATP, SecOps may need to switch over to the 3rd party solution’s console for more detailed info
  78. Privileged Identity Management Discover, restrict, and monitor privileged identities User Administrator UserAdministrator privileges expire after a specified interval Enforce on-demand, just-in-time administrative access when needed Ensure policies are met with alerts, audit reports and access reviews Manage admins access in Azure AD and also in Azure RBAC
  79. Roadmap
  80. • Comprehensive protection of sensitive data via both manual and automated classification and labeling • Simplified IT operations with unified labeling and policy management in the Security & Compliance Center • Labeling experiences built natively into Office apps (Word, PowerPoint, Excel and Outlook) across platforms – Mac, iOS, Android, Windows, and web apps • Complete visibility and analytics for sensitive data across your organization • Extend information protection to non- Microsoft apps and services with the Microsoft Information Protection SDK and third-party partner ecosystem Information protection investments –thru CY2019
  81. • One console • Combines different alerts from different sources (endpoints, email, identities, etc) • Incidents are created automatically based on ML • Detailed view into threats impacting the organization Integrated SecOps experience
  82. • Discover sensitive documents on Windows devices • Integrated reporting for labeled documents • Understand if sensitive corporate data resides on compromised devices • Pivot to investigate and mitigate detected endpoint threats in 1-click Integration for sensitive data discovery, classification and enforcement on endpoints
  83. • Define entitlements for employees and partners • Associate entitlements with resources such as cloud, on-premises apps, SharePoint Online, Security groups • Create policies and approval workflows to ensure governed access Identity governance – entitlements management
  84. 55% Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod te. Source: Lorem ipsum dolor sit amet, consectetur 40% Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod te. Source: Lorem ipsum dolor sit amet, consectetur 81% of hacking breaches leverage stolen and/or weak passwords. Source: 2017 Verizon Data Breach Investigations Stats templates EXAMPLE
  85. 55% Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod te. Source: Lorem ipsum dolor sit amet, consectetur 40% Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod te. Source: Lorem ipsum dolor sit amet, consectetur 40% Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod te. Source: Lorem ipsum dolor sit amet, consectetur Additional stats templates