Content Collaboration And Protection With SharePoint, OneDrive & Microsoft TeamsRichard Harbridge
SharePoint connects the workplace and powers content collaboration. OneDrive connects you with all your files in Office 365. Teams is the hub for teamwork. Together, SharePoint, OneDrive and Teams are greater than the sum of their parts. Join us for an overview of how these products interact with each other and learn about latest integrations we are working on to bring the richness of SharePoint directly into Teams experiences and vice versa. We'll explore new innovations for sharing and working together with data using SharePoint lists, and no-code productivity solutions that streamline business processes. Finally, we’ll explore how to structure teams and projects with hub sites.
Deep Dive Microsoft Teams and Yammer integration - Teams Nation 2022Chirag Patel
Session presented at Teams Nation 2022. This demo packed session will look at all the integration experiences between Microsoft Teams and Yammer including Microsoft Viva so that you can empower employees and increase your collaboration & productivity experiences.
Track: SHAREPOINT, ONEDRIVE, YAMMER & STREAM (SOYS)
Date & Time: Wednesday 23rd March, 12:00 – 12:40 CET (11:00 – 11:40 GMT)
This document introduces Mobile Iron, an enterprise mobility platform company. It summarizes the background and experience of key executives, the opportunity in the enterprise mobility market as smartphones proliferate and become more heterogeneous, and Mobile Iron's solution to provide security, application management and control across multiple device platforms. It also outlines the competitive landscape, target market metrics, and roadmap for the company.
OneDrive for Business is an integral part of your collaboration strategy and Microsoft 365 roll out. Being able to mange or administer OneDrive is essential to ensure files safe and secure. OneDrive as it provides a cloud location to store, share, discover and sync your files and work with them from any device.
Whether you are looking to roll-out OneDrive for Business or are already are utilizing it, there are a lot of important things that you should know about administration.
This session will go through things such as:
• Admin centers
• Sync capabilities and restrictions
• Security capabilities from the user to the tenant
• Overall limits, guidance, and best practices
• Reporting
• What’s new for administration
M365 reinventing digital environment for modern workplaceAhmad Almarzouk
This document provides an overview of Microsoft 365 and its key capabilities for collaboration, productivity, mobility and security. It discusses how Microsoft 365 enables reinvented productivity through integrated collaboration tools like SharePoint, Teams, and Office 365 apps. It highlights capabilities for chat-based collaboration with Teams, content sharing with SharePoint, and communication tools like Outlook, Skype and Yammer. The document also summarizes security and compliance features including threat protection, conditional access, and information protection capabilities provided by Enterprise Mobility and Security.
Microsoft Enterprise Mobility Suite Presented by AtidanDavid J Rosenthal
Windows 10 is better with EMS
Windows 10 is the best Windows ever and provides a foundation for protection against modern threats and continuous management while enabling your users to be more productive. To get the most out of your mobile security and productivity strategy, integrate the Microsoft Enterprise Mobility Suite (EMS) with Windows 10 for greater protection of users, devices, apps, and data.
A key concern for you continues to be security, and rightly so. Identity is the control plane at the center of our solution helping you to be more secure. Only Microsoft offers cloud identity and access management solutions running at Internet scale and designed to help secure your IT environment. Microsoft Azure Active Directory has hundreds of millions of users, is available in 35 datacenters around the world, and has processed more than 1 trillion (yes, trillion) authentications. Our innovative new technology, Microsoft Advanced Threat Analytics is designed to help you identify advanced persistent threats in your organization before they cause damage.
KEY FEATURES
Threat detection: Detect abnormal user behavior, suspicious activities, known malicious attacks and security issues right away. Focus on what is important using a simple, convenient feed.
Conditional access: Control access to applications and other corporate resources like email and files with policy-based conditions that evaluate criteria such as device health, user location etc. This includes support for multi factor authentication (MFA).
Single sign-on: Sign in once to cloud and on-premises web apps from any device. Pre-integrated support for Salesforce, Concur, Workday, and thousands more popular SaaS apps.
Content Collaboration And Protection With SharePoint, OneDrive & Microsoft TeamsRichard Harbridge
SharePoint connects the workplace and powers content collaboration. OneDrive connects you with all your files in Office 365. Teams is the hub for teamwork. Together, SharePoint, OneDrive and Teams are greater than the sum of their parts. Join us for an overview of how these products interact with each other and learn about latest integrations we are working on to bring the richness of SharePoint directly into Teams experiences and vice versa. We'll explore new innovations for sharing and working together with data using SharePoint lists, and no-code productivity solutions that streamline business processes. Finally, we’ll explore how to structure teams and projects with hub sites.
Deep Dive Microsoft Teams and Yammer integration - Teams Nation 2022Chirag Patel
Session presented at Teams Nation 2022. This demo packed session will look at all the integration experiences between Microsoft Teams and Yammer including Microsoft Viva so that you can empower employees and increase your collaboration & productivity experiences.
Track: SHAREPOINT, ONEDRIVE, YAMMER & STREAM (SOYS)
Date & Time: Wednesday 23rd March, 12:00 – 12:40 CET (11:00 – 11:40 GMT)
This document introduces Mobile Iron, an enterprise mobility platform company. It summarizes the background and experience of key executives, the opportunity in the enterprise mobility market as smartphones proliferate and become more heterogeneous, and Mobile Iron's solution to provide security, application management and control across multiple device platforms. It also outlines the competitive landscape, target market metrics, and roadmap for the company.
OneDrive for Business is an integral part of your collaboration strategy and Microsoft 365 roll out. Being able to mange or administer OneDrive is essential to ensure files safe and secure. OneDrive as it provides a cloud location to store, share, discover and sync your files and work with them from any device.
Whether you are looking to roll-out OneDrive for Business or are already are utilizing it, there are a lot of important things that you should know about administration.
This session will go through things such as:
• Admin centers
• Sync capabilities and restrictions
• Security capabilities from the user to the tenant
• Overall limits, guidance, and best practices
• Reporting
• What’s new for administration
M365 reinventing digital environment for modern workplaceAhmad Almarzouk
This document provides an overview of Microsoft 365 and its key capabilities for collaboration, productivity, mobility and security. It discusses how Microsoft 365 enables reinvented productivity through integrated collaboration tools like SharePoint, Teams, and Office 365 apps. It highlights capabilities for chat-based collaboration with Teams, content sharing with SharePoint, and communication tools like Outlook, Skype and Yammer. The document also summarizes security and compliance features including threat protection, conditional access, and information protection capabilities provided by Enterprise Mobility and Security.
Microsoft Enterprise Mobility Suite Presented by AtidanDavid J Rosenthal
Windows 10 is better with EMS
Windows 10 is the best Windows ever and provides a foundation for protection against modern threats and continuous management while enabling your users to be more productive. To get the most out of your mobile security and productivity strategy, integrate the Microsoft Enterprise Mobility Suite (EMS) with Windows 10 for greater protection of users, devices, apps, and data.
A key concern for you continues to be security, and rightly so. Identity is the control plane at the center of our solution helping you to be more secure. Only Microsoft offers cloud identity and access management solutions running at Internet scale and designed to help secure your IT environment. Microsoft Azure Active Directory has hundreds of millions of users, is available in 35 datacenters around the world, and has processed more than 1 trillion (yes, trillion) authentications. Our innovative new technology, Microsoft Advanced Threat Analytics is designed to help you identify advanced persistent threats in your organization before they cause damage.
KEY FEATURES
Threat detection: Detect abnormal user behavior, suspicious activities, known malicious attacks and security issues right away. Focus on what is important using a simple, convenient feed.
Conditional access: Control access to applications and other corporate resources like email and files with policy-based conditions that evaluate criteria such as device health, user location etc. This includes support for multi factor authentication (MFA).
Single sign-on: Sign in once to cloud and on-premises web apps from any device. Pre-integrated support for Salesforce, Concur, Workday, and thousands more popular SaaS apps.
Get comprehensive protection across all your platforms and clouds
Protect your organization from threats across devices, identities, apps, data and clouds. Get unmatched visibility into your multiplatform environment that unifies Security Information and Event Management (SIEM) and Extended Detection and Response (XDR). Simplify your security stack with Azure Sentinel and Microsoft Defender.
Modern Automated Site Provisioning for SharePoint OnlineDocFluix, LLC
Overview + Tips and Tricks related to how to leverage PnP-Powershell, Microsoft Flow, Azure Functions to develop an automated system for provisioning modern sites in SharePoint Online.
Platform + Intelligence + Partners
This new understanding has led us to build new solutions for our customers. It informs our entire approach across three critical elements:
Building a platform that looks holistically across all the critical end-points we talked about – building security into our platform as well as providing security tools and technologies to you
Acting on the Intelligence that comes from our security-related signals and insights – helps you and us to detect threats more quickly
Fostering a vibrant ecosystem of partners who help us raise the bar across the industry – we know we’re not your only security vendor, and we want to work with the industry and take a holistic approach to technology
Microsoft 365 provides holistic security that is aligned to these four pillars of security.
By helping enterprise businesses secure corporate data and manage risk in today’s mobile-first, cloud-first world Microsoft 365 E5 enables customers to digitally transform by unifying user productivity and enterprise security tools into a single suite that enables the modern workplace.
Identity & Access Mgmt
Protect users’ identities and control access to valuable resources based on user risk level
Information Protection
Ensure documents and emails are seen only by authorized people
Threat Protection
Protect against advanced threats and recover quickly when attacked
Security Management
Gain visibility and control over security tools
Serverless data and analytics on AWS for operations CloudHesive
The document discusses using serverless data and analytics on AWS for operations. It describes ingesting data from various sources into an AWS data lake for storage, processing, analysis and visualization. This allows operational data to be combined and analyzed to improve response by leveraging serverless AWS services like S3, Glue, Athena and QuickSight in a cost-effective way. A demo shows how different data sources can be ingested and analyzed using a data lake approach.
Intech has successfully implemented the
MuleSoft for Bi-Directional Multi Cross
CRM, Investment platform and solution for
MuleSoft community version.
It has pioneered in providing custom
solutions and integration with third-party
systems like Payment Providers, PLM, and
logistic partners.
SharePoint is Microsoft's browser-based content management system that allows centralized document sharing and collaboration. It comes in different editions like SharePoint server and SharePoint Online. SharePoint can be used for enterprise content management, intranet sites, collaborative work, and custom web applications. It provides features like social networking, content management, site administration, and mobile device support. Some advantages include powerful search and scalability, while disadvantages include complexity, resource-intensive setup and maintenance, and limited mobile functionality.
Identity— Help protect against identity compromise and identify potential breaches before they cause damage
Devices—Enhance device security while enabling mobile work and BYOD
Apps and Data—Boost productivity with cloud access while keeping information protected
Infrastructure—Take a new approach to security across your hybrid environment
Microsoft 365 provides holistic security across these four aspects of security.
By helping enterprise businesses secure corporate data and manage risk in today’s mobile-first, cloud-first world Microsoft 365 enables customers to digitally transform by unifying user productivity and enterprise security tools into a single suite that enables the modern workplace.
Identity & Access Mgmt
Secure identities to reach zero trust
Threat Protection
Help stop damaging attacks with integrated and automated security
Information Protection
Protect sensitive information anywhere it lives
Security Management
Strengthen your security posture with insights and guidance
Intro to Office 365 Security & Compliance CenterCraig Jahnke
This is a session I gave at SharePoint Saturday Atlanta --> The Office 365 Security & Compliance Center is your one-stop portal for protecting your data in Office 365. Microsoft has been adding many new features and services for those companies that have data protection or compliance needs, or want to audit user activity in their organization. Come to my session to learn how to get started with Security & Compliance Center, and find out you can better manage and secure you data.
Microsoft Teams Governance and Security Best Practices - Joel OlesonJoel Oleson
In this session we will focus on the recommendations from the field - what we have learned in the trenches along with recommended best practices related to Teams management, provisioning, OneDrive and SharePoint sharing, as well as retention and sensitivity labelling strategies and common industry considerations for financial data, healthcare and legal holds.
Agenda:
We will walk through these key points:
1. Getting started with classifications, retention, and sensitivity.
2. Best practices in setting retention policy durations
3. Industry practices in setting archiving policies
4. When to use a suffix or prefix? Which is better?
5. Data backup and its importance with relevant policy settings
6. Best practices for auditing security and settings
7. Maximizing Teams Security
8. Best practices for global administration
9. Best practices for Teams administration
Register Now
I'm looking forward to seeing everyone on the webinar.
Joel Oleson
Microsoft MVP and Regional Director
This document provides an overview and introduction to SharePoint. It defines SharePoint as a platform for collaboration, content management and intranets. The summary describes the logical architecture of SharePoint including key components like web applications, site collections, lists and libraries. Hardware and software requirements for SharePoint 2013 are also outlined.
Application modernization involves transitioning existing applications to new approaches on the cloud to achieve business outcomes like speed to market, rapid innovation, flexibility and cost savings. It accelerates digital transformations by improving developer productivity through adoption of cloud native architectures and containerization, and increases operational efficiency through automation and DevOps practices. IBM's application modernization approach provides prescriptive guidance, increased agility, reduced risk, and turnkey benefits through tools, accelerators and expertise to help modernize applications quickly and safely.
Conditional access policies in Azure Active Directory control who has access to what resources and from where based on conditions. Policies consist of assignments determining scope, conditions regarding platforms/locations/apps, and controls for authentication and session behavior. Risk-based access can be configured to require multifactor authentication at certain risk levels. Policies grant or block access and optionally enforce device compliance, password strength, and other requirements. Admins create policies by defining these components and preview the access statements that will be implemented.
This document provides an overview of security and compliance in Office 365. It discusses the modern workplace and security challenges in a cloud-first, mobile-first world. It then describes Office 365's defense-in-depth, multi-dimensional approach to security across physical, network, host, application, administration and data layers. Specific Office 365 security and compliance offerings are outlined, including Cloud Access Security Brokers, SIEM, MDR and CASB tools. The document concludes by discussing upcoming topics that will be covered in future parts, such as Exchange Online Protection, Advanced Threat Protection, Threat Intelligence, GDPR compliance and data governance tools.
The document discusses the MITRE ATT&CK framework, which is a knowledge base of adversary behaviors and tactics collected from real-world observations. It describes how the framework categorizes behaviors using tactics, techniques, and procedures. The framework can be used for threat intelligence, detection and analytics, adversary emulation, and assessment and engineering. The document provides examples of how organizations can map their detection capabilities and data sources to techniques in the framework to improve visibility of attacks. It cautions against misusing the framework as a checklist rather than taking a threat-informed approach.
Making the most out of collaboration with Office 365InnoTech
Office 365 provides a universal toolkit for collaboration that addresses challenges for businesses, IT, and users. It offers a single hub for teamwork through Microsoft Teams that allows for chat, calls, meetings and access to Office apps. Additionally, it provides solutions for co-authoring documents, sharing files across organizations, and fostering discussions through Yammer to improve engagement. The tools in Office 365 help dispersed teams work more efficiently across locations through unified communication and collaboration capabilities.
Cyberspace is the new battlefield:
We’re seeing attacks on civilians and organizations from nation states. Attacks are no longer just against governments or enterprise systems directly. We’re seeing attacks against private property—the mobile devices we carry around everyday, the laptop on our desks—and public infrastructure. What started a decade-and-a-half ago as a sense that there were some teenagers in the basement hacking their way has moved far beyond that. It has morphed into sophisticated international organized crime and, worse, sophisticated nation state attacks.
Personnel and resources are limited:
According to an annual survey of 620 IT professional across North America and Western Europe from ESG, 51% respondents claim their organization had a problem of shortage of cybersecurity skills—up from 23% in 2014.1 The security landscape is getting more complicated and the stakes are rising, but many enterprises don’t have the resources they need to meet their security needs.
Virtually anything can be corrupted:
The number of connected devices in 2018 is predict to top 11 billion – not including computers and phones. As we connect virtually everything, anything can be disrupted. Everything from the cloud to the edge needs to be considered and protected.2
Cognitive unified endpoint management allows organizations to manage devices, identities, applications and content through a single management platform powered by cognitive computing and artificial intelligence. The document discusses how traditional mobile device management solutions were built for simpler times but now IT leaders have bigger ambitions and require solutions that can deliver on user expectations through convenience while also balancing control. It provides an overview of IBM MaaS360's cognitive unified endpoint management platform, how it uses cognitive technology like Watson to provide insights, and the various editions that are available.
Microsoft Information Protection demystified Albert HoitinghAlbert Hoitingh
This session was presented at the North American Collaboration Summit 2022. It covers the many technical aspects of Microsoft Purview Information Protection.
Wie Sie mit Azure Information Protection Ihre Daten sicher verschlüsseln und damit zur Optimierung des Daten- und Dokumentenschutzes in Ihrem Unternehmen beitragen können.
Get comprehensive protection across all your platforms and clouds
Protect your organization from threats across devices, identities, apps, data and clouds. Get unmatched visibility into your multiplatform environment that unifies Security Information and Event Management (SIEM) and Extended Detection and Response (XDR). Simplify your security stack with Azure Sentinel and Microsoft Defender.
Modern Automated Site Provisioning for SharePoint OnlineDocFluix, LLC
Overview + Tips and Tricks related to how to leverage PnP-Powershell, Microsoft Flow, Azure Functions to develop an automated system for provisioning modern sites in SharePoint Online.
Platform + Intelligence + Partners
This new understanding has led us to build new solutions for our customers. It informs our entire approach across three critical elements:
Building a platform that looks holistically across all the critical end-points we talked about – building security into our platform as well as providing security tools and technologies to you
Acting on the Intelligence that comes from our security-related signals and insights – helps you and us to detect threats more quickly
Fostering a vibrant ecosystem of partners who help us raise the bar across the industry – we know we’re not your only security vendor, and we want to work with the industry and take a holistic approach to technology
Microsoft 365 provides holistic security that is aligned to these four pillars of security.
By helping enterprise businesses secure corporate data and manage risk in today’s mobile-first, cloud-first world Microsoft 365 E5 enables customers to digitally transform by unifying user productivity and enterprise security tools into a single suite that enables the modern workplace.
Identity & Access Mgmt
Protect users’ identities and control access to valuable resources based on user risk level
Information Protection
Ensure documents and emails are seen only by authorized people
Threat Protection
Protect against advanced threats and recover quickly when attacked
Security Management
Gain visibility and control over security tools
Serverless data and analytics on AWS for operations CloudHesive
The document discusses using serverless data and analytics on AWS for operations. It describes ingesting data from various sources into an AWS data lake for storage, processing, analysis and visualization. This allows operational data to be combined and analyzed to improve response by leveraging serverless AWS services like S3, Glue, Athena and QuickSight in a cost-effective way. A demo shows how different data sources can be ingested and analyzed using a data lake approach.
Intech has successfully implemented the
MuleSoft for Bi-Directional Multi Cross
CRM, Investment platform and solution for
MuleSoft community version.
It has pioneered in providing custom
solutions and integration with third-party
systems like Payment Providers, PLM, and
logistic partners.
SharePoint is Microsoft's browser-based content management system that allows centralized document sharing and collaboration. It comes in different editions like SharePoint server and SharePoint Online. SharePoint can be used for enterprise content management, intranet sites, collaborative work, and custom web applications. It provides features like social networking, content management, site administration, and mobile device support. Some advantages include powerful search and scalability, while disadvantages include complexity, resource-intensive setup and maintenance, and limited mobile functionality.
Identity— Help protect against identity compromise and identify potential breaches before they cause damage
Devices—Enhance device security while enabling mobile work and BYOD
Apps and Data—Boost productivity with cloud access while keeping information protected
Infrastructure—Take a new approach to security across your hybrid environment
Microsoft 365 provides holistic security across these four aspects of security.
By helping enterprise businesses secure corporate data and manage risk in today’s mobile-first, cloud-first world Microsoft 365 enables customers to digitally transform by unifying user productivity and enterprise security tools into a single suite that enables the modern workplace.
Identity & Access Mgmt
Secure identities to reach zero trust
Threat Protection
Help stop damaging attacks with integrated and automated security
Information Protection
Protect sensitive information anywhere it lives
Security Management
Strengthen your security posture with insights and guidance
Intro to Office 365 Security & Compliance CenterCraig Jahnke
This is a session I gave at SharePoint Saturday Atlanta --> The Office 365 Security & Compliance Center is your one-stop portal for protecting your data in Office 365. Microsoft has been adding many new features and services for those companies that have data protection or compliance needs, or want to audit user activity in their organization. Come to my session to learn how to get started with Security & Compliance Center, and find out you can better manage and secure you data.
Microsoft Teams Governance and Security Best Practices - Joel OlesonJoel Oleson
In this session we will focus on the recommendations from the field - what we have learned in the trenches along with recommended best practices related to Teams management, provisioning, OneDrive and SharePoint sharing, as well as retention and sensitivity labelling strategies and common industry considerations for financial data, healthcare and legal holds.
Agenda:
We will walk through these key points:
1. Getting started with classifications, retention, and sensitivity.
2. Best practices in setting retention policy durations
3. Industry practices in setting archiving policies
4. When to use a suffix or prefix? Which is better?
5. Data backup and its importance with relevant policy settings
6. Best practices for auditing security and settings
7. Maximizing Teams Security
8. Best practices for global administration
9. Best practices for Teams administration
Register Now
I'm looking forward to seeing everyone on the webinar.
Joel Oleson
Microsoft MVP and Regional Director
This document provides an overview and introduction to SharePoint. It defines SharePoint as a platform for collaboration, content management and intranets. The summary describes the logical architecture of SharePoint including key components like web applications, site collections, lists and libraries. Hardware and software requirements for SharePoint 2013 are also outlined.
Application modernization involves transitioning existing applications to new approaches on the cloud to achieve business outcomes like speed to market, rapid innovation, flexibility and cost savings. It accelerates digital transformations by improving developer productivity through adoption of cloud native architectures and containerization, and increases operational efficiency through automation and DevOps practices. IBM's application modernization approach provides prescriptive guidance, increased agility, reduced risk, and turnkey benefits through tools, accelerators and expertise to help modernize applications quickly and safely.
Conditional access policies in Azure Active Directory control who has access to what resources and from where based on conditions. Policies consist of assignments determining scope, conditions regarding platforms/locations/apps, and controls for authentication and session behavior. Risk-based access can be configured to require multifactor authentication at certain risk levels. Policies grant or block access and optionally enforce device compliance, password strength, and other requirements. Admins create policies by defining these components and preview the access statements that will be implemented.
This document provides an overview of security and compliance in Office 365. It discusses the modern workplace and security challenges in a cloud-first, mobile-first world. It then describes Office 365's defense-in-depth, multi-dimensional approach to security across physical, network, host, application, administration and data layers. Specific Office 365 security and compliance offerings are outlined, including Cloud Access Security Brokers, SIEM, MDR and CASB tools. The document concludes by discussing upcoming topics that will be covered in future parts, such as Exchange Online Protection, Advanced Threat Protection, Threat Intelligence, GDPR compliance and data governance tools.
The document discusses the MITRE ATT&CK framework, which is a knowledge base of adversary behaviors and tactics collected from real-world observations. It describes how the framework categorizes behaviors using tactics, techniques, and procedures. The framework can be used for threat intelligence, detection and analytics, adversary emulation, and assessment and engineering. The document provides examples of how organizations can map their detection capabilities and data sources to techniques in the framework to improve visibility of attacks. It cautions against misusing the framework as a checklist rather than taking a threat-informed approach.
Making the most out of collaboration with Office 365InnoTech
Office 365 provides a universal toolkit for collaboration that addresses challenges for businesses, IT, and users. It offers a single hub for teamwork through Microsoft Teams that allows for chat, calls, meetings and access to Office apps. Additionally, it provides solutions for co-authoring documents, sharing files across organizations, and fostering discussions through Yammer to improve engagement. The tools in Office 365 help dispersed teams work more efficiently across locations through unified communication and collaboration capabilities.
Cyberspace is the new battlefield:
We’re seeing attacks on civilians and organizations from nation states. Attacks are no longer just against governments or enterprise systems directly. We’re seeing attacks against private property—the mobile devices we carry around everyday, the laptop on our desks—and public infrastructure. What started a decade-and-a-half ago as a sense that there were some teenagers in the basement hacking their way has moved far beyond that. It has morphed into sophisticated international organized crime and, worse, sophisticated nation state attacks.
Personnel and resources are limited:
According to an annual survey of 620 IT professional across North America and Western Europe from ESG, 51% respondents claim their organization had a problem of shortage of cybersecurity skills—up from 23% in 2014.1 The security landscape is getting more complicated and the stakes are rising, but many enterprises don’t have the resources they need to meet their security needs.
Virtually anything can be corrupted:
The number of connected devices in 2018 is predict to top 11 billion – not including computers and phones. As we connect virtually everything, anything can be disrupted. Everything from the cloud to the edge needs to be considered and protected.2
Cognitive unified endpoint management allows organizations to manage devices, identities, applications and content through a single management platform powered by cognitive computing and artificial intelligence. The document discusses how traditional mobile device management solutions were built for simpler times but now IT leaders have bigger ambitions and require solutions that can deliver on user expectations through convenience while also balancing control. It provides an overview of IBM MaaS360's cognitive unified endpoint management platform, how it uses cognitive technology like Watson to provide insights, and the various editions that are available.
Microsoft Information Protection demystified Albert HoitinghAlbert Hoitingh
This session was presented at the North American Collaboration Summit 2022. It covers the many technical aspects of Microsoft Purview Information Protection.
Wie Sie mit Azure Information Protection Ihre Daten sicher verschlüsseln und damit zur Optimierung des Daten- und Dokumentenschutzes in Ihrem Unternehmen beitragen können.
Mit dem neuen Konzept des Dynamic Access Control können Sie auf Ihren File Servern steuern, wer Zugriff auf Informationen hat, und diese Zugriffe protokollieren. Über manuelle oder automatische Klassifizierung der Daten definieren Sie, welche Metadaten Ihren Dokumenten zugewiesen werden. Dann können Sie über zentrale Zugriffsrichtlinien im Active Directory festlegen, wie Benutzer basierend auf Eigenschaften ihres Benutzerkontos Zugriff erhalten. Beispielweise können Sie festlegen, dass alle Benutzer einer bestimmten Abteilung, die in einer AD-Eigenschaft eigetragen ist, auf Informationen zugreifen können, die mit dem gleichen Tag klassifiziert wird, unabhängig des Speicherorts. Komplexe Formeln können den Standort, den Computertyp (Tablet, Notebook, Desktop-PC) oder die Verbindungsart (WiFi oder fest verdrahtet) einbeziehen. Sogar RMS-Richtlinien zur Verschlüsselung der Dokumente sind einstellbar.
Sie betreiben ausgeklügelte Rechteverwaltung auf Ihrem Domino System, die Daten in den zahlreichen Datenbanken und Anwendungen sind gut abgesichert.
Wirklich? Ist Ihr "Generalschlüssel" für den ID-Vault auch gut geschützt, oder wird die Server-ID unnverschlüsselt verwendet? Können Sie sicher gehen, dass die Gruppendokumente nicht unberechtigt geändert werden? Wie breit sind weitreichende Administrationsrechte z.B. an Support-Kollegen "gestreut"?
Der IBM Domino Server bietet umfangreiche Sicherheitsmechanismen. Die Konfiguration ist jedoch komplex, Sicherheitsprobleme können entstehen. Außerdem werden Protokollierung und Verhinderung von Änderungen aus Sicht der Revision seit der Einführung von Basel II und SOX immer wichtiger. Es geht dabei darum für Transparenz im Change Management von Infrastrukturen zu sorgen.
DominoProtect schließt mögliche Sicherheitslücken, vereinfacht das Konfigurationsmanagement in komplexen Umgebungen und hilft Revisions- und Compliance-Anforderungen zu erfüllen - bewährt in vielen Projekten bei großen und kleinen Organisationen, in zahlreichen deutschen und internationalen Finanzinstituten und bei führenden IT-Dienstleistern.
AWS Account Management im Unternehmensumfeld - AWS Security Web DayAWS Germany
Vortrag "AWS Account Management im Unternehmensumfeld" von Andreas Heidoetting beim AWS Security Web Day 2016. Alle Videos und Präsentationen finden Sie hier: http://amzn.to/1NFtR5P
Dieser Vortrag befasst sich mit Sicherheitskonzepten rund um die Verwendung mehrerer AWS Accounts zur Vermeidung schwerwiegender Konsequenzen von Cyberattacken, sowie der Entdeckung von Angriffen, um Gegenmaßnahmen unverzüglich einleiten zu können. Behandelt werden die Aufgaben- und Funktionstrennung in der Ressourcen- und Benutzerverwaltung, der Schutz von Logfiles, Backups, geistigem Eigentum gegen Verlust oder Manipulation, die Absicherung der AWS Zugänge, sowie Möglichkeiten der Angriffserkennung und Methoden zur Alarmierung und Abwehr.
Wie findet man sensitive Daten in der Oracle Datenbank? Das Database Assessment Security Tool (DBSAT 2.0.1) liefert in der Version 2.0.1 eine Antwort darauf. Die Präsentation gibt eine Einführung in DBSAT und zeigt die Verwendung. Am Ende wird noch eine Alternative vorgestellt - Data Masking und Subsetting in Oracle Database Enterprise Manager.
Cloud Deployment und (Auto)Scaling am Beispiel von AngrybirdAOE
Sep 08, 2012
Continuous Delivery und Autoscaling von Enterprise Web-Applicationen in der Amazon Cloud
In diesem Vortrag zeigen wir am Beispiel des neuen Angrybird-Onlineshops, der zu Spitzenzeiten bis zu 10 Bestellungen pro Sekunde aufnehmen kann und dabei hochverfügbar ist, wie eine automatisch skalierende Cloud Infrastruktur sowie die nötigen Konzepte aussehen können.
Wir beschreiben die Herausforderungen und unsere Lösungen, um den Shop für ein Multi-Server-Setup vorzubereiten und zu betreiben. Spezielle Anforderungen an eine solche Architektur sowie die Integration von Reverse Proxies (Varnish), die Nutzung eines CDNs, verschiedene Cache-Strategien und weitere Optimierung sind ebenfalls Bestandteil dieses Vortrags. Außerdem stellen wir unsere automatisierte Cloud-Deployment-Strategien vor, angefangen von den Entwicklungsumgebungen, über den continuous Integration Server und unser Testing Framework bis hin zum A/B-Deployment in der Cloud.
Secure Emailing and its Pitfalls - Systemic Enhancements Are Required!Holliday Consulting
This presentation in german points out the fundamentals of secure emailing and what are its pitfalls. Some pitfalls really need to be addressed by systemic enhancements.
The presentation had been held at a 'Management of Information Security' section workshop of the Gesellschaft für Informatik e.V. (GI) / Germany
Microsoft hat einiges getan um einen guten Ruf im Bereich Security und Datenschutz für Office 365 und seine Cloud zu erhalten. Nicht nur, dass Microsoft seine Cloud fast jeder verfügbaren ISO Zertifizierung und anderen Prüfungen unterzogen hat - auch dem Administrator von Office 365 werden jede Menge Möglichkeiten geboten, seine Daten individuell zu schützen.
Verschärft hat nun auch der Gesetzgeber die Lage, durch die neue Datenschutzgrundverordnung, welche ab Mai 2018 in Kraft tritt. Bei Nichteinhaltung drohen Strafen mit bis zu 4% des Jahresumsatzes (nicht des Gewinns!) Somit steigt die Sensibilität für das Thema und somit das Engagement der Unternehmen doch erheblich an.
Das Special der Office 365 Akademie beschäftigt sich mit den Themen Datenschutzgrundverordnung, Security und Compliance.
Folgende Themen sind diesesmal mit dabei:
GDPR = DSGVO Infoquellen und Whitepaper
GDPR = DSGVO Virutelle Microsoft Konferenz
GDPR = DSGVO Was ist zu tun?
GDPR = DSGVO Was sind personenbezogene Daten?
GDPR = DSGVO Welche Strafen drohen?
GDPR = DSGVO Was bedeutet es für meine Daten?
Bordmittel zur Einhaltung von GDPR / DSGVO
Zugriff auf Ihren Tenant durch Microsoft – Warum ist das nötig?
Zugriff auf Ihren Tenant durch Microsoft - ohne Customer Lockbox
Zugriff auf Ihren Tenant durch Microsoft - mit Customer Lockbox
Was bietet das Security & Compliance Center in Office 365?
Benachrichtigungen
Berechtigungen
Klassifizierung von Daten
Verhindern von Datenverlust - Was ist Data Loss Prevention?
Vertrauliche Daten schützen und dem Datenverlust vorbeugen
Verhindern von Datenverlust - Richtlinien
Gerätezugriffsrichtlinie – Zugriff aus der Domäne
Gerätezugriffsrichtlinie – Zugriff aus fremdem Netzwerk
Datenkontrolle
Datenverwaltung und Aufbewahrungszeiten
Datenkontrolle
Archivpostfächer
Datenkontrolle
Aufbewahrungsrichtlinien
Bedrohungsmanagement
Was ist Threat Intelligence & Advanced Threat Protection?
Suche und Untersuchen - Was ist Advanced eDiscovery?
Suche und Untersuchen – Überwachungsprotokollsuche
Aktivitäten Ihrer User und Admins überwachen
Office 365 Cloud App Security
Berichte
Dienstüberprüfung
SharePoint & OneDrive: Encryption mit eigenem Schlüssel
Spontan testen! Das eigene Test Lab, für jeden in der Cloud!Peter Kirchner
Kurzfristig wurde Ihnen für den Nachmittag eine Besprechung abgesagt. Was anstellen mit der gewonnen Zeit? Wir hätten da eine Idee! Bauen Sie sich doch ein Test Lab auf, um (Ihre) Software in einer größeren Umgebung zu testen, zu debuggen und Erfahrungen zu sammeln.
In vielen Unternehmen dauert es mehr als einen Nachmittag, um spontan einen, zwei oder zwanzig Server für diesen Zwecke zu erhalten. Dabei ist diese Flexibilität möglich! Und zwar durch Infrastructure-as-a-Service. In 60 Minuten zeigt Ihnen Peter Kirchner in mehreren Demos, wie Sie sich ein Test Lab mit mehreren Servern und virtuellen Netzwerken schnell und kostengünstig in der Cloud mit Windows Azure aufbauen können und es so betreiben, dass es auch im längeren Einsatz wirtschaftlich bleibt.
Sie betreiben ausgeklügelte Rechteverwaltung auf Ihrem Domino System, die Daten in den zahlreichen Datenbanken und Anwendungen sind gut abgesichert.
Wirklich?
Ist Ihr "Generalschlüssel" für den ID-Vault auch gut geschützt, oder wird die Server-ID unverschlüsselt verwendet?
Können Sie sicher gehen, dass die Gruppendokumente nicht unberechtigt geändert werden?
Wie breit sind weitreichende Administrationsrechte z.B. an Support-Kollegen "gestreut"?
BCC bietet mit DominoProtect eine Lösung, die mögliche Sicherheitslücken schließt, das Systemmanagement in komplexen Umgebungen vereinfacht und hilft Revisions- und Compliance-Anforderungen zu erfüllen.
Dieser Vortrag von der DNUG Frühjahrskonferenz 2014 in Karlsruhe bietet einen Einstieg in das Thema Sicherheit & Compliance in IBM Collaboration Infrastrukturen und beleuchtet insbesondere folgende Bereiche:
* Security Monitoring - wie Sie sicherheits- und systemkritische Änderungen in Ihrer IBM Domino Umgebung in Echtzeit überwachen
* Compliance - wie Änderungen oder sogar Zugriffe auf sensible Elemente zuverlässig verhindert und dokumentiert werden können
* Change Management - wie Konfigurationsänderungen nicht ohne Freigabe aktiviert und Rollback & Recovery mit nur einem Klick möglich werden
Zalando und AWS: Security First in der Public Cloud AWS Germany
Zalando und AWS: Security First in der Public Cloud » Hier mehr erfahren: http://amzn.to/1MeCRE6
AWS-Slides vom Computerwoche Webcast vom 30. Juli 2015
Europas größter Mode Online-Händler Zalando setzt unter dem Motto „Radical Agility“ auf die Amazon Cloud. ..
Erfahren Sie im Webcast wie Zalando mit der Amazon Cloud flexibel Innovationen vorantreibt und gleichzeitig mit Hilfe von Diensten wie CloudTrail, CloudFormation und Identity and Access Management (IAM) eigene Tools zum Thema Auditing, Deployment und Sicherheit auf AWS entwickelt, um so höchste Datenschutz- und Sicherheitsstandards zu gewährleisten.
» Jetzt Webcast ansehen: http://amzn.to/1MeCRE6
Präsentation zum Tech Talk 16 über Exchange Server 2019 CU12. Besprochen werden die Änderungen im Veröffentlichungszyklus und die neue Exchange Management Tools Rolle, um den letzten Exchange Server stillzulegen.
This document summarizes the agenda and announcements from the Microsoft Teams User Group Berlin Meetup #17 on February 17, 2022. The meetup included talks on smarter notetaking with OneNote and Teams, and new features in Microsoft Teams. Some new features discussed include improved guest user usability, expanded reactions, connected templates, live captions, automatically detecting music, muting notifications during meetings, and hiding your own video in meetings. The meetup also covered new features for admins such as phone device updates, app submission notifications, and meeting recording expiration policies.
This document outlines the agenda and topics that will be covered at the Microsoft Teams User Group Berlin meeting on October 21, 2021. The agenda includes talks on accessing Teams content via Microsoft Graph, new features in Teams, and an ultimate guide to Teams meetings. There will also be a question and answer session about Microsoft Teams. Some of the new features that will be discussed include the view switcher in meetings, music mode, paging improvements, updates to Teams rooms, and end-to-end encryption for calls. The document provides slides and details on these upcoming changes and announcements for Microsoft Teams.
Folien zum 14. Treffen der Teams User Group Berlin mit Neuigkeiten und Updates zu Microsoft Teams.
Die Slides der Speaker sind nicht Bestandteil dieser Präsentation.
Weitere Information: https://TeamsUSerGroup.Berlin
Die unterstützten Version von Exchange Server sind das jeweils aktuelle und das vorherige kumulative Update (CU). Im März 2021 wurden zahlreiche Unternehmen überrascht, als die Exchange Produktgruppe nur für diese kumulativen Updates Sicherheitsaktualisierungen veröffentlicht hat.
In diesem Tech Talk erkläre ich, was der Mainstream- und der Extended-Support sind, wie sich der Produktsupport mit Exchange Server vNEXT verändern wird und warum Sie einen Life-Cycle Plan für Ihre Exchange Umgebung benötigen.
Slidedeck zum 12. Treffen der Teams User Group Berlin
Die Slides der Speaker sind nicht Bestandteil dieser Präsentation.
Weitere Information: https://TeamsUSerGroup.Berlin
Auf der Microsoft Ignite 2020 hat das Exchange Team Neuigkeiten zur nächsten Version von Exchange Server vorgestellt. Exchange Server vNEXT hält einige Überraschungen für uns bereit, die sich auch auf bereits vorhandene Installationen von Exchange Server 2019 auswirken.
Die Authentifizierung von hybriden Identitäten kann auf ganz unterschiedliche Weise erfolgen. Wenn keine Kennwort-Hashes zu Azure AD übertragen werden sollen, stehen AD FS und PTA. In diesem Tech Talk erläutere ich die Unterschiede und welche Variante Sie bevorzugt einsetzen sollten.
Was ist Exchange Server Hybrid und wo liegen die Unterschiede zwischen Classic und Modern Hybrid? Warum brauche ich eine Exchange Hybrid Konfiguration? Wie konfiguriere ich Exchange Hybrid mit Hilfe des Hybrid Configuration Wizard?
Antworten auf diese Fragen gibt diese Präsentation, die ich beim Exchange User Group Berlin Meetup am 25. Mai 2020 gehalten habe.
Thomas' Tech Talk 4 - Lohnt sich ein Wechsel zu Exchange Server 2019?Thomas Stensitzki
Exchange Server 2019 ist die aktuelle Version des E-Mail-Server Produktes von Microsoft und inzwischen fast zwei Jahre verfügbar. Der Support von Exchange Server 2010 endet im Oktober 2020 und die Tage von Exchange Server 2013 sind ebenfalls gezählt. Erfahren Sie in diesem Tech Talk, ob sich ein Wechsel zu Exchange Server 2019 lohnt.
Was ist Exchange Server Hybrid, welche Optionen gibt es und welche ist für mein Unternehmen die passende Betriebsart. Antworten auf diese Fragen erhalten Sie in diesem Tech Talk.
Thomas' Tech Talk 2 - Migration von Exchange Server zu Exchange OnlineThomas Stensitzki
Die Migration einer lokalen Exchange Organisation zu Exchange Online ist nicht schwierig, wenn man den Best Practices Empfehlungen der Exchange Produktgruppe folgt. In diesem Tech Talk zeige ich wie Sie eine Migration zu Exchange Online schnell und einfach durchführen können.
2. Thomas Stensitzki
Enterprise Consultant | Geschäftsführer
Granikos GmbH & Co. KG
MVP | MCT | MCT Regional Lead
Twitter @Stensitzki
LinkedIn https://linkedin.com/in/thomasstensitzki
Blog http://Blog.Granikos.eu
YouTube http://TechTalk.Granikos.eu
3. Was wir nicht betrachten
Transportverschlüsselung
Zwischen Kunde und Rechenzentrum Zwischen Servern und Rechenzentrum
4. Was wir nicht betrachten
Azure Service Verschlüsselungen
Client-Side Encryption
Azure Disk Encryption
Azure Storage Service Encryption
Azure Blob Client-Side Encryption
Azure SQL Database Data-at-Rest Encryption
Cosmos DB Database Encryption
Data Lake Encryption
SMB Encryption over Azure Virtual Networks
Server-Side Encryption
Service-Managed Keys
Customer-Managed Keys (Bring Your Own Key BYOK)
Weitere Informationen
5. Was wir nicht betrachten
E-Mail-Verschlüsselungen
Nachrichtenverschlüsselung mit S/MIME
Office 365 Message Encryption (OME)
Vertraulichkeitsbezeichnungen (Sensitivity Label)
6. Verschlüsselung in Microsoft 365
Microsoft 365 Standard
• BitLocker Dateisystem-Verschlüsselung in Microsoft Rechenzentren
• Shredded Storage Verschlüsselung von Dateiteilen mit AES-256 Schlüsseln
Erweiterung der Standardverschlüsselung
• Customer Managed KEY (CMK)
• Double Key Encryption (DKE)
7. Key Store
SharePoint Online – Shredded Storage
Encryption Data-at-Rest
Azure Storage Containers Content Database
Chunks
Encrypted Files
A B C D
https://aka.ms/dataencryption
9. Customer Key
Warum gibt es Customer Key in Microsoft 365?
Verschlüsselung von Dateninhalten als zusätzliche Schutzebene zu BitLocker
Trennung des Zugriffes für Windows Administratoren auf Applikationsdaten, die durch das
Betriebssystem verarbeitet werden
Customer Key Option ermöglicht eine Schlüsselverwaltung pro Mandant
Ermöglicht die Umsetzung von besonderen Compliance-Anforderungen zur Verschlüsselung in
Microsoft 365
Schlüsselverwaltung durch den Kunden
11. Customer Key
Azure Key Vaults in zwei separaten Azure Abonnements EA oder CSP
Initiale Einrichtung der Customer Managed Keys über FastTrack Portal (Microsoft Empfehlung)
Schlüsselungsmöglichkeiten
Allgemeine Microsoft 365 Data-at-Rest Verschlüsselung
Dienstverschlüsselung für Exchange Online und SharePoint Online (inkl. OneDrive und Microsoft Teams)
Verwaltung
Erstellung von Data Encryption Policies (DEP)
Zuweisung von Data Encryption Policies
Schlüsselwechsel
Rotation eines Customer Key
Rotation eines Availability Key Keine direkte Kontrolle durch Endkunden
Weitere Informationen zum Schlüsselwechsel
12. Customer Key
Löschen Sie keine Schlüssel, die mit DEP-Richtlinien verknüpft sind oder einmal aktiv verknüpft
waren
Inhalte werden bei einer Schlüsselrotation entschlüsselt und mit dem neuen Schlüssel erneut
verschlüsselt
Exchange Online
Aktive Postfächer werden regelmäßig neu verschlüsselt
Inaktive, deaktivierte und nicht mehr verbundene Postfächer können noch mit einem alten Schlüssel
verschlüsselt sein
SharePoint Online
Datensicherungen zur Wiederherstellung können Daten enthalten, die mit einem alten Schlüssel
geschützt sind
Risiko eines nachträglichen Datenverlustes
Hinweise
13. Customer Key
On-Premises Hardware Service Module (HSM)
Empfehlung für den produktiven Einsatz
Azure Key Vault (AKV)
Empfehlung für Testzwecke oder einen Proof-of-Concept
Beide Varianten erfordern Azure Key Vaults für die Konfiguration und Verwaltung
Schlüsselverwaltung
14. Data Encryption Policies
Teams Chat-Nachrichten (1:1 Chats, Gruppenchats, Meeting-Chats, Kanal-Konversationen)
Teams Media-Nachrichten (Bilder, Code-Beispiele, Video-/Audio-Nachrichten, Wiki-Bilder)
Teams Anruf- und Meeting-Aufzeichnungen in Teams-Speicherorten (aka Stream)
Teams Chatbenachrichtigungen und Teams Chatempfehlungen von Cortana
Teams Statusnachrichten
Benutzer- und Signalinformationen in Exchange Online
Exchange Online Postfächer, die nicht über eine dedizierte Postfach-DEP verschlüsselt sind
Microsoft Information Protection
Exact Data Match (EDM) Daten
Label Vertraulichkeitskennzeichnungen (Sensitivity Label)
Teams und EDM Daten werden ab Zuweisung der DEP-Richtlinie verschlüsselt
Exchange Online Daten werden vollständig verschlüsselt
15. Data Encryption Policies
Folgenden Daten werden mit einer M365 Data-at-Rest DEP nicht verschlüsselt
SharePoint Online und OneDrive for Business
Teams Dateien und Aufzeichnungen in SharePoint Online und OneDrive for Business
Teams Live Event Daten
Andere Microsoft 365 Daten, z.B. Yammer oder Planner
Es können mehrere DEP für Microsoft 365 Data-at-Rest im Mandaten existieren
Nur eine DEP ist zugewiesen und aktiv
16. Data Encryption Policies
Verschlüsselung von unterschiedlichen Objekttypen
Benutzerpostfächern (Mailbox User)
E-Mail-Benutzer (Mail User)
Microsoft 365 Gruppen
Geteilte Postfächer
Öffentliche Ordner
Je Postfach kann eine DEP zugewiesen werden
Es können bis zu 50 aktive DEP im Mandanten existieren
17. Data Encryption Policies
2 Customer Keys
Azure Key Vault
RSA
Availability Key
Office 365
AES
256
Mailboxes
Data Encryption Policy Key
Basiert auf Root-Keys
AES
256
Mailbox Key
Basiert auf Data Encryption Policy Key
AES
256
Root Keys
18. Data Encryption Policies
Verschlüsselung von existierenden Daten beginnt unmittelbar nach Zuweisung der Schlüssel
Verschlüsselung von Daten mit unterschiedlichen Schlüssel je Geo-Lokation möglich
19. Data Encryption Policies
Data Chunks
2 Customer Keys
Azure Key Vault
RSA
Availability Key
Office 365
AES
256
Root Keys
1 Datei
= N Chunks
= N Keys
AES
256
File Chunk Encrpytion Key
Basiert auf Site Encryption Key
Site Encryption Key
Basiert auf Tenant Intermediate Key
AES
256
Tenant intermediate Key
Basiert auf Root-Keys
AES
256
21. Customer Key
Vor einer FastTrack-Anfrage zur Einrichtung von Customer Key im Microsoft 365 Mandanten
Einrichtung von Azure Key Vaults und Keys in zwei Azure Abonnements
Ein Key Vault mit Key für jeden zu verschlüsselnden Workload
Azure Subscriptions
Key Vaults
Keys
Subscription B
Subscription A
KEY- EXO-A KEY- EXO-B
KEY- M365-A KEY- M365-B
KV-M365-A KV-EXO-A KV-EXO-B
KV- M365-B
KV-SPO-A
KEY- SPO-A
KV-SPO-B
KEY- SPO-B
22. Customer Key
Vor einer FastTrack-Anfrage zur Einrichtung von Customer Key
Einrichtung von Azure Key Vaults und Keys in zwei Azure Abonnements
Ein Key Vault mit Key für jeden zu verschlüsselnden Workload
Azure Subscriptions
Key Vaults
Keys
KV-SPO-B
KV-EXO-B
KV- M365-B
Subscription B
KEY- M365-B KEY- EXO-B KEY- SPO-B
Subscription A
KV- M365-A KV-SPO-A
KV-EXO-A
KEY- M365-A KEY- EXO-A KEY- SPO-A
1 Schlüsselpaar je Workload
23. Customer Key
1. Erstellung von Azure AD Sicherheitsgruppe für Administratoren
Administrator + Contributor
2. Erstellung von zwei Azure Abonnements
Trennung der Berechtigungen für Azure Ressourcengruppen, Key Vaults und Keys
AZ-EGXDE-CMK-A
AZ-EGXDE-CMK-B
3. Registrierung des Mandanten für Customer Key via FastTrack
4. Erstellung einer Ressourcengruppe in jedem Abonnement
5. Erstellung der benötigten Key Vaults in jeder Ressourcengruppe
Standard (Test, Proof-of-Concept) oder Premium (Produktiv)
6. Konfiguration der Zugriffsberechtigungen je Key Vault für Azure AD Sicherheitsgruppen
7. Erstellung der Keys je Key Vault
Key Vault und Key Namen sind global eindeutig
29. Customer Key
# Registrierung des Provider Feature MandatoryRetentionPeriod
# Verhindert ein versehentliche Löschung des Azure Abonnements
Register-AzProviderFeature -FeatureName mandatoryRetentionPeriodEnabled -ProviderNamespace
Microsoft.Resources
# Registrierung
Register-AzResourceProvider -ProviderNamespace Microsoft.KeyVault
# Einrichtung der Ressourcengruppe für Azure Key Vaults
New-AzResourceGroup -Name RG-EGXDE-KV-A -Location "West Europe"
# Einrichtung des ersten Key Vaults per Azure Portal
# Speichern der Vorlagen- und Parameterdatei für die weiteren Key Vaults
Abfrage der Azure Lokationen
Get-AzLocation
30. Customer Key
# Vorbereitung der Parameterdatei
"parameters": {
"name": {
"value": "az-kv-egxde-exo-a"
{…}
"accessPolicies": {
"value": [
{
"objectId": "754e1dbe-1bcf-4789-bbee-22410877fdb0",
"tenantId": "d320e379-89d3-4566-b834-6ca78a2f6399",
# Template-Datei laden und in Json konvertieren
$TemplateFile = [System.IO.File]::ReadAllText("C:CMKkeyvault-template.json")
$TemplateJson = ConvertFrom-Json $TemplateFile –AsHashtable
# Neue Ressourcengruppe erstellen
New-AzResourceGroupDeployment -ResourceGroupName "RG-EGXDE-KV-A" -TemplateObject `
$TemplateJson -TemplateParameterFile "C:CMKkeyvault-parameters-exo-a.json"
Key Vault Namen sind global eindeutig
31. Customer Key
# Variablen für Key Vault und Admin Sicherheitsgruppe
$kvName = 'az-kv-egxde-exo-a'
$kvAdminGroup = 'kv-Admins'
# Setzen der Zugriffsrichtlinie für Admininstratoren
Set-AzKeyVaultAccessPolicy -VaultName $kvName `
-ObjectId (Get-AzADGroup -SearchString $kvAdminGroup)[0].Id `
-PermissionsToKeys create,import,list,get,backup,restore
# Konfiguration der Contributor-Gruppe via Azure Portal für die Ressourcengruppe
32. Customer Key
# Variablen für Key Vault und Admin Sicherheitsgruppe
$kvName = 'az-kv-egxde-exo-a'
$kvAdminGroup = 'kv-Admins'
Set-AzKeyVaultAccessPolicy -VaultName $kvName `
-ObjectId (Get-AzADGroup -SearchString $kvAdminGroup)[0].Id `
-PermissionsToKeys create,import,list,get,backup,restore
# Konfiguration der Contributor-Gruppe via Azure Portal für die Ressourcengruppe
33. Customer Key
# Variablen für Key Vault
$kvName = 'az-kv-egxde-exo-a'
# Microsoft 365 Workloads
$objExoSfB = '00000002-0000-0ff1-ce00-000000000000'
$objSpoTeams = '00000003-0000-0ff1-ce00-000000000000'
$objMultiWL = 'c066d759-24ae-40e7-a56f-027002b5d3e4'
# Exchange Online / Skype for Business
Set-AzKeyVaultAccessPolicy -VaultName $kvName -PermissionsToKeys wrapKey,unwrapKey,get `
-ServicePrincipalName $objExoSfB
# SharePoint Online / OneDrive for Business / Teams Files
Set-AzKeyVaultAccessPolicy -VaultName $kvName -PermissionsToKeys wrapKey,unwrapKey,get `
-ServicePrincipalName $objSpoTeams
# Microsoft 365 Multi-Workload
Set-AzKeyVaultAccessPolicy -VaultName $kvName -PermissionsToKeys wrapKey,unwrapKey,get `
-ServicePrincipalName $objMultiWL
34. Customer Key
# Variablen für Key Vault
$kvName = 'az-kv-egxde-exo-a'
# Exchange Online / Skype for Business
Add-AzKeyVaultKey -VaultName $kvName -Name 'egxde-exo-key-a' -Destination 'Software'
# SharePoint Online / OneDrive for Business / Teams Files
Add-AzKeyVaultKey -VaultName $kvName -Name 'egxde-spo-key-a' -Destination 'Software'
# Microsoft 365 Multi-Workload
Add-AzKeyVaultKey -VaultName $kvName -Name 'egxde-m365dr-key-a' -Destination 'Software'
Key Namen sind global eindeutig
40. Double Key Encryption
Verschlüsselung einer Teilmenge von Microsoft 365 Daten
Informationsschutz mit Vertraulichkeitsbezeichnungen (Sensitivity Label)
Nutzung von HSM-Lösungen (z.B. Thales)
Kompilierung des DKE GitHub Repository
Keine Unterstützung von
Transport Regeln, inkl. Anti-Malware- und Anti-Spam-Funktionen für Nachrichteninhalte
Microsoft Delve
eDiscovery
Inhaltssuche und Indizierung
Office Web Apps und Co-Authoring
https://go.granikos.eu/DKEVideo
41. Customer Key
Customer Key unterstützt drei Verschlüsselungsziele
Microsoft 365 Data-at-Rest
Exchange Online
SharePoint Online
Nicht alle Microsoft 365 Workloads unterstützen Customer Key Verschlüsselung
Customer Key erfordert eine Lizensierung für jedes Benutzerkonto
Customer Key benötigt mindestens zwei Azure Abonnements für Key Vaults
Ein Key Vault für jedes gewünschte Verschlüsselungsziel
Aktivierung von Customer Key über Microsoft FastTrack (Microsoft Empfehlung)
Definition der Zugriffsberechtigungen für Azure Abonnements und Key Vault
Umsetzung einer Test-Implementierung in einem Test-Mandanten
42. Rate my session & Calls to Action
Rate this
session
https://teamsnation.rocks/
feedback
Attend more
sessions and
join our
keynotes at
19.00 CET
Show your love
on social using
#TeamsNation
and
@TeamsNation
1 2 3
43. Ressourcen
Subtitle
Understanding Microsoft Information Protection Encryption Key Types
Roll or rotate a Customer Key or an availability key
Move requests in the Microsoft 365 or Office 365 service
Encryption ciphers used by Customer Key
Encryption for Skype for Business, OneDrive for Business, SharePoint Online, Microsoft Teams, and
Exchange Online
Microsoft 365 Multi-Geo eDiscovery configuration
Microsoft 365 encryption technical reference
Assign roles in Azure Portal
Microsoft 365 Maps
Double Key Encryption