Matthew Katzer
Securing Office 365Masterminding MDM and Compliance in the Cloud
Matthew Katzer
Hillsboro, OR, USA
ISBN 978-1-4842-4229-2e-ISBN 978-1-4842-4230-8
Library of Congress Control Number: 2018966697
© Matthew Katzer 2018
This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed.
Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights.
While the advice and information in this book are believed to be true and accurate at the date of publication, neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or omissions that may be made. The publisher makes no warranty, express or implied, with respect to the material contained herein.
Distributed to the book trade worldwide by Springer Science+Business Media New York, 233 Spring Street, 6th Floor, New York, NY 10013. Phone 1-800-SPRINGER, fax (201) 348-4505, e-mail [email protected], or visit www.springeronline.com. Apress Media, LLC is a California LLC and the sole member (owner) is Springer Science + Business Media Finance Inc (SSBM Finance Inc). SSBM Finance Inc is a Delaware corporation.

To Barbara—my friend, business partner, soul mate, and wife to whom I owe so much; I could never have written this book without your love and support.

About the Technical Review

Unlike most technical reviews, this one took a team approach, leveraging the talents of the internal team at KAMIND IT. This book lays out a collective and strategic security road map for businesses using Office 365. It brings together hard-earned “notes from the field” that the team at KAMIND IT has generated to help educate our clients as we support their goals for migrating to a secure environment based on Microsoft Office 365. Also, many customers attended KAMIND IT’s Microsoft Cloud Immersion Experience training and gave feedback and suggestions to further clarify how Office 365 security can be easily implemented.

../images/429219_1_En_BookFrontmatter_Figc_HTML.jpg
Introduction

I started writing this book in 2016. At that time, the European Union had just released the new requirements for data privacy. Businesses were being breached, and millions of data records were being stolen and sold. Large organizations such as Sony, Target, and Equifax had millions of records of information stolen and sold on the dark web. Privacy was in turmoil. Some online search companies were selling millions of records of information for revenue. I was concerned and wanted to help businesses that use Office 365 do so in a secure manner.

Fresh off of coauthoring two security books, I personally felt that there were no reasons for having data breaches on Office 365. I researched the problem and discovered that the issue was directly related to the Office 365 subscriptions that the users purchased and their configurations. I also discovered that there was a secondary problem: users and most IT professionals did not know how to configure Office 365 in a secure manner. So, my goal with this book was to produce a practical security guide that could be used by businesses and IT companies in the Office 365 community.

Office 365 is a cloud-based service based on familiar software that you know—the Microsoft Office suite. It simply works, and you don’t have to give up your intellectual property to use the service. Microsoft is adamant that the customer owns the data; Microsoft is only a custodian of the customer data, with a shared responsibility with the client. This is important. Not all cloud solutions are this forthright. My customers who use Office 365 have significantly reduced their IT service costs and their concerns in the areas of data security, compliance, and discovery. They reduce their IT costs because my company helps them choose the correct Office 365 licenses and helps them manage the security and logs.

This is a critical book of knowledge based on tried-and-true methods to deploy the services for Office 365. Office 365 is a secure service. The challenge was to write a book on a complex subject about security configurations in Office 365 and Azure cloud services and structure the book in such a way that any user could deploy Office 365/Azure securely. In some ways, I consider this a living book about security for Office 365. Not only does it cover the security of today, but given the changing nature of the tech world, the content will expand and evolve with newer tips and techniques through the blog at www.kamind.com/blog .

The problem has been how to present the information in a roadmap form that will help you build a secure solution for your company on Office 365. To do this I decided to use the Microsoft 365 E5 subscription along with an Azure Cloud Solution Provider (CSP) subscription and walk through the configuration process.

Chapter 1 , “Why Security and Compliance?”

Security and compliance need to be a way of life as business becomes more digital. We need to look at the tools and how we run our businesses to determine how best to manage and secure them. The goal of the chief information security officer (CISO) and business owners is to protect and secure assets to increase business value. Security, Office 365, and Azure are all complex topics. I found the best way to describe this is to use one of the Microsoft simplified roadmaps that shows the security products and how they interoperate with each other. This chapter is an overview of the different security technologies and gives you the background. At the end of this chapter, you will have an understanding of the path we will follow on Office 365 and Azure security configuration.

Chapter 2 , “Azure and Office 365 Security”

Office 365 and Azure are complex. As an Office 365 administrator, you need to configure the Office 365 portion of security but also the Azure security services. In this chapter, we build out the Azure data collection portals and the dashboards that are used to monitor and collect data. The information services we configure are Log Analytics Services, Azure Security Center and Office 365 Admin and Compliance Center. As part of this chapter, we link Cloud App Security to start the data collection from Office 365 and the device endpoints. Security is about information collection and analysis. In this chapter, you will see how to set up the Office 365 Security & Compliance Center and Azure Security Center. At the end of this chapter, you will have configured the key cloud data collection services.

Chapter 3 , “Microsoft Secure Score”

Security is a difficult topic to address with moving threats. How do you tell whether you need to do more (or even if you have done enough)? In this chapter, you will take a deep dive into your security score and the measures that you can use to configure your Office 365 tenant and Windows 10 Security Center. This chapter talks about the security metrics and how to measure against them. At the end of the chapter, you will have a Microsoft security score (composed of Windows 10 and Office 365) that can be used to manage your security profile and threats against your business in the cloud.

Chapter 4 , “Deploying Identity Management with EMS”

In this chapter, you will expand your learning by looking into the Enterprise Mobility Suite (EMS) from the viewpoint of identity management and information protection. Identity is how you manage information about the users and information protection is how you manage a user’s access to protect corporate data. These tools are important in the management of Office 365 and Azure. At the end of this chapter, you will have configured the necessary components required to set up Azure information protection services from the Microsoft 365 E5 suite. You will have configured a base line identity Management and Information protection services in Azure. The Azure integration is a key service that you can use to manage your digital assets.

Chapter 5 , “Mobile Device Management with EMS”

How do you manage user devices in the enterprise today? The answer is with Windows Information Protection (WIP), Mobile Device Management (MDM) and Mobile Applications Management (MAM). This chapter walks you through the configuration of MAM, WIP and MDM to manage your environment for Office 365 and Azure. At the end of this chapter, you will have a configured solution for both MAM, WIP and MDM to manage your corporate data. This chapter concludes with some helpful suggestions on the management of the mobile applications in your environment.

Chapter 6 , “Using Office 365 Compliance Center”

Office 365 has a set of tools that are preconfigured for the compliance management of Office 365 through the Office 365 Security & Compliance Center. Office 365 includes a complete eDiscovery capability that offers all compliance managers the tools necessary to perform search discovery requests to meet the new regulation requirements. You are left with a “cookbook” on the deployment of the eDiscovery center and how to perform keyword searches across Exchange, OneDrive, and SharePoint.

Chapter 7 , “Step-by-Step Migration”

The secret to a successful deployment to Office 365 is picking the correct plan that supports your business. Another key is the planning and purchase process. Once you select a plan, your primary consideration must be to ensure that the migration process is seamless for your organization. This chapter describes the basic purchase choices. It concludes with information about pre-deployment, deployment, and post-deployment.

Chapter 8 , “Managing Office 365”

This chapter describes the different administration centers in Office 365 and the most common tools that you will use to administer Office 365. Depending on your Office 365 plan, there are 15 possible administration centers that are used to manage Office 365 and Azure. This chapter focuses on the primary administration portals for your business. The chapter closes with showing you how to use PowerShell to manage your Office 365 tenant.

I want to share with you what I’ve learned over the years so that you can benefit from my mistakes. I’ve been fortunate in that my company is a Microsoft direct Tier 1 Cloud Solution Provider, Cloud Champion, and a multi-year Microsoft Partner award winner. We’ve learned a lot as an early cloud adopter and want to share our experience. I wanted to write the book with a combination of the “why” and the “how-to” so business owners, Corporate Security Officers and IT Managers will have a roadmap to protect your company’s digital assets. Good luck in your journey with the Microsoft Intelligent cloud!

Acknowledgments

I want to thank all of my customers who have spurred me on to write this book and have encouraged me to share what I have learned. To my editors, who kept me going even when it seemed impossible, I owe a special debt of gratitude: Nancy Chen, Joan Murray, and Gwenan Spearing. Thank you all.

A special mention must also be made to Justin Slagle, our Microsoft business development manager; Matt Soseman, security architect at Microsoft; and the countless support staff at Microsoft who have helped steer me in the right direction.

Robin Robins of Technology Marketing Toolkit has inspired me in so many ways, and I want to thank her for the countless opportunities she has opened up for me. Her support has been invaluable.

I also want to acknowledge my core team at KAMIND IT, which allowed me the time to write this book, especially Chris Speigel and Barbara Dawson. Your teamwork amazes me!

Brian Geraths, photographer extraordinaire, has also helped me in many ways. Thank you, Brian.

Last but by no means least, my wife, Barbara—I owe her so much for her encouragement and support.

Without the assistance of all these individuals and companies, this book would never have been written.

Table of Contents

Summary 609
Index 625

About the Author

Matthew Katzer
../images/429219_1_En_BookFrontmatter_Figb_HTML.jpg
is the CEO and president of KAMIND IT, a direct Tier 1 Microsoft Gold Partner, and author of the best-selling cloud book Office 365: Managing and Migrating Your Business in the Cloud (Apress, 2013) as well as Moving to Office 365 (Apress, 2015). He is an active member of many technical community organizations and local business communities.

Matt’s focus on cloud solutions started in 2008, as he was looking at ways that businesses could grow quickly while still reducing operating costs. His interest in security began while working in Intel’s security division.

Matt holds a BSEE from the University of Michigan and an Executive MBA from the University of Oregon. His greatest satisfaction comes from helping customers and others become more competitive by scaling their businesses in an increasingly technology-driven world.

 
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.149.242.9