©  Matthew Katzer 2018
Matthew KatzerSecuring Office 365https://doi.org/10.1007/978-1-4842-4230-8_1

1. Why Security and Compliance?

Matthew Katzer1 
(1)
Hillsboro, OR, USA
 

Whenever IT managers hear the terms security, compliance, and audit, they tend to run and hide. Executive management fears the cost and additional regulations required. In fact, all levels of management are concerned. People think, does the government have access to my information? Are there federal regulations from the Department of Homeland Security to address? Has my company been sued? Executives and IT managers assume compliance and security mean nonplanned budget expenses.

The challenge that we all have is that we do not know what we do not know. It may sound trite, but this is the way people operate. Therefore, we need to change and adapt to a new security mind-set.

Today, all of us have a responsibility to manage information in a secure way. We are the custodians of information. Our role is to manage and protect not only our employees and fellow co-workers’ information but also that of our clients and vendors. This is the new security and compliance mind-set I’m talking about. Many times, we abdicate this duty and do not realize the impact that we have on the users and businesses we support.

This book addresses the issues of security and compliance with Office 365. For us to reach the same destination together, we need to have a common understanding of the problem and the potential solutions that are available. In this book, you will learn how to use Office 365 security services to defend your organization from internal and external threats.

The purpose of this book is to provide you with the necessary tools and information to secure your Office 365 services. There are many solutions that you can use, but there are also many different ways you use those services. My goal is to assist you with additional information that you can use to manage your Office 365 services—in the most secure manner possible. On this journey together, we’ll look at the threats we’re facing in the current environment. Our first task as a team is to understand the threats and the Office 365 tools that can be used to combat the threats.

Security and Hackers

We all need to change the way that we look at security and how we handle threats. Before we can understand the threats, we need to take a step back and look at the industry as a whole and what is driving this new imperative. Security threats are everywhere.

“There are two kinds of companies: those who’ve been hacked and those who don’t know they’ve been hacked.”

—James Comey, Former Director, FBI

To understand hackers (also known as bad actors) today, you need to understand that they are after information in all forms for the sole purpose of selling the information. When an organization is hacked (such as Equifax), the attacker first tries to get into the organization by any means. The bad actor uses phishing attacks or overt trojans on USB memory stick (One of the classic trojans intrusions is to randomly drop a number of USB drives on the side walk in front of a building you want to penetrate. Statistically 1 out of 5 people will pick up the USB memory stick and plug it into their work computer to see what is on the USB memory stick and infect their system with a trojan). Once the hacker is in an organization, the bad actor goes quiet, and there is little detectable movement. The bad actor slowly probes the organization for weaknesses with the sole purpose of understanding the organization. The bad actor covertly learns the organizational structure and begins to understand the business practices and how to subvert them. This is what happens to all organizations, and you can see the results with large data breaches such as Sony and Target. The organizations do not even know their security has been breached.

Compliance and Security Are a Mind-Set

Vigilant companies must protect their environment with methodical planning and security best practices. Security and compliance audits are simple to achieve and do not break the bank. How you service these compliance audits is simply planning for them. This is where Office 365 is a must-have tool. Office 365 makes compliance audits simple because the compliance tools are built into Office 365. When you look at compliance, Microsoft cloud products are far simpler to use and easier to deploy than other methods. For years, Microsoft has been under the scrutiny of the Department of Justice (DOJ) and Federal Trade Commission (FTC) for many of its business practices in early 2000. This oversight has driven Microsoft to develop a common set of software-as-a-service (SaaS) products that are focused on business security.

Microsoft has developed products to address a fundamental business need, that is, to address internal compliance requirements. Today, these products form the basis of the Microsoft threat detection road map (see Figure 1-1).
../images/429219_1_En_1_Chapter/429219_1_En_1_Fig1_HTML.jpg
Figure 1-1

Microsoft cybersecurity reference—threat detection map (courtesy of Microsoft)

It is also ironic that the pressures that Microsoft faced in years past are now the pressures that we all face in our businesses. That is, how can we create full transparency and information controls in our business practices? As I said, to start we need to change our mind-set. It is all about security and the road map that we use to get to our destination.

Note

Office 365 security/compliance is a large topic. To simplify the view for new users, the approach I will take in this book is to look at Office 365 as an application that runs in Azure. Looking at this from the book’s perspective, Azure provides identity services/management for Office 365. So, this book is about using Azure identity services to manage Office 365 security and configuring those services. I will not go into Azure in much detail, unless it helps clarify Office 365.

The Microsoft cybersecurity road map shown in Figure 1-1 ties all the Microsoft cloud services together. Before you can truly understand this road map, you need to understand where the data comes from and how it is collected. This is where the Intelligent Security Graph shown in Figure 1-2 comes into play. The Intelligent Security Graph is the base information source for Microsoft Threat Detection.
../images/429219_1_En_1_Chapter/429219_1_En_1_Fig2_HTML.jpg
Figure 1-2

Intelligent security graph (courtesy of Microsoft)

Note

Not on Office 365 yet and wondering what to do next? Chapter 7 covers how to migrate to Office 365.

All new security models for preventing attacks comes down to the analysis of information. Microsoft published the Intelligent Security Graph as the basis of its security backbone. It is the collection of information from billions of devices and data from endpoints around the world. This information is analyzed to look at the user usage of Microsoft programs and at different attacks by bad actors. The data shows trends of attacks, which provides Microsoft with the necessary responses. In other words, this data allows the analytic tools to detect a bad actor and take the appropriate actions to combat the threat. The different Microsoft technologies such as Windows 10 Defender and Windows 10 Advanced Threat Protection (WATP) deploy these defenses automatically to the connected devices. WATP uses new behavioral analysis to defend the desktop and is included in the office 365 subscriptions for Windows 10 E5.

The simplest example of the impact of information collected in the Intelligent Security Graph is to look at the Office 365 login process. You have probably run into the situation where you try to log in to Office 365 in your browser and get prompted to try again. You know that the password is correct and cannot understand why you can’t log into the service.

When you look under the hood and you review the data collected in the Intelligent Security Graph, you will begin to understand that Microsoft looks not only at the location where you are logging into the service but also at how you logged into the service. The way you type your password or login ID is an important action. The pause between letters and how long you wait before you press Enter are other forms of identification. If I look at myself, for instance, my right hand types faster than my left hand. This tracking maps to a unique behavior and a predictable pattern. This is one of my “digital characters.” In this AI-enabled world, everything is collected and analyzed to determine whether it’s really you or a bad actor. If the Office 365 security mechanism classifies you as a bad actor, you need to provide some additional level of authentication to ensure you are who you say you are. In Figure 1-3, the learner builds a pattern for your account. The patterns are unique (albeit not 100 percent trustworthy) and provide a level of guarantee that you are indeed the correct person for the account.
../images/429219_1_En_1_Chapter/429219_1_En_1_Fig3_HTML.jpg
Figure 1-3

Login processing for Office 365 (courtesy of Microsoft)

As another example, say you use Microsoft security services to manage your account. You can link additional information about you to your account such as cell phone, e-mail address, office phone number, and answers to those pesky security questions. Any information like this is linked into the multifactor authentication (MFA) service and is integrated with Azure Identity Protection (more about this in Chapter 4). Combine this new security information along with a customized Office 365 portal and compute devices that are “joined to Azure Active Directory” and you have a secure compute environment. The integrated security of Office 365 is further enhanced with your credentials and user identity protection.

As a side note, look at your neighbors’ homes as you drive home from work. Do you see homes with alarm signs on them? Are the homes well-lit or dark? If you are a bad actor, which home would you pick to break into? Which home would give you the best opportunity as a thief? Would you pick the well-lit home with the alarm sign on it or the dark house with few lights on and no posted alarm sign? Your Office 365 organization is very much like your home. What are the tools that you need to look at to make it so the bad actors look somewhere else? What changes do you need to make in your business processes and basic configuration so that the environment is much more difficult to clone? Do you have a universal cloud-based signature (like Crossware, https://www.crossware.co.nz ) that signs all e-mail from all devices in the same way so you can easily tell whether your e-mail has been spoofed? You need to approach your SaaS security from this mind-set—assume that you could be breached and put tools in place to make it difficult for the bad actors to impersonate you.

You can add internal security controls with Azure privilege identity to control access to the Office 365 tenant by your administrators. Figure 1-4 shows my home page login for Office 365, and it is different from the generic home page login for Office 365. This difference is important for the simple reason that the bad actors do not expect it.
../images/429219_1_En_1_Chapter/429219_1_En_1_Fig4_HTML.jpg
Figure 1-4

Customized login portal for Office 365

Changing your home login screen for Office 365 helps your employees recognize when something is not quite right. The bad actors send out millions of e-mails in an attempt to break into a company, so if you change the default look (like putting the alarm sign outside of your house), you also make it difficult for the bad actors to penetrate the company. When your users receive a phishing e-mail and someone clicks the bait (yes, there will be one person who will click the link in the e-mail no matter how much training you do), they know that the company’s front door is different (because you have trained them) and so do not try to log in to the phishing site with their credentials. This is a simple thing to do to make your digital home harder to breach than your neighbors’ homes. If you make this simple change, you will have completed the following:
  • Deployed custom login screens to help users detect phishing attacks

  • Deployed multifactor authentication (using cell phones and a non-Office 365 e-mail account)

  • Deployed Azure privilege identity to manage the security aspects for your administrative user account

These items are simple to complete. These capabilities (and others) exist within the Office 365 security license. Once you add these capabilities, you have drastically improved the security of your Office 365 service, and in the process you have made your company less susceptible to attacks by bad actors. Remember, security is a mind-set. The way I approach security is to review weekly (and sometimes daily and hourly) the accounts that my organization manages for security. On these accounts we deploy the Microsoft 365 Enterprise E5 suite (a combination of Office E5, Enterprise Mobility Suite [EMS] E5, and Windows 10 E5 security software). This allows us to handle both proactive and reactive security. During my weekly review session, I look at the security of the Office 365 organization. I review a set of key reports that cover the health of the behavior of the employees. These behavior reports flag actions based on incorrect privacy data releases or bad actors impersonating users in the organization.

A key component of an organization’s security strategy is to continuously review the employee behaviors, looking for ways to educate employees to improve security and looking for ways to address any data leaks by bad actors. In fact, a review of the security policy by the computer information security officer (CISO) and of any privacy issues by the data protection officer (DPO) is crucial for a business’s long-term survival. Typically, I look at the following reports to get an understanding of the security of the business:
  • Cloud App security (CAS) dashboard, showing the dashboard access

  • Service assurance status of the Office 365 and Azure tenants

  • Azure Advanced Threat Protection security dashboard and reports

  • Windows Security Center for Windows Advanced Threat Protection (WATP)

  • Microsoft Secure Score value

In Chapter 2, we will build the baseline reporting structure and detail of the reports that you need to review. After you set up and enable some basic Azure services, in Chapter 3 you will look at your Microsoft Secure Score for your cloud-based services and make changes to improve that score. You will use the Microsoft Secure Score for both Office 365 and Windows 10 E5 Advanced Threat Protection.

Note

The DPO is the person responsible for the data management and privacy policies in the company. This is different than the compliance officer. The compliance officer looks for governance activity, such as related to a FINRA or SEC policy. The DPO looks for data privacy violations. In small organizations, these are the same person. Under the new data protection laws (in the European Union and California), all companies (no matter how small) must have a DPO role assigned.

In another example, Figure 1-5 shows the Azure Advanced Threat Protection analytics (see https://portal.atp.azure.com ) to detect patterns of access. This is the new model for security. (The old model for security consisted of bloated data scanners looking at known bad program signatures.) The new model is an AI-based machine learning or deep learning model that looks at behaviors and characteristics. When you look at the data from the Microsoft Intelligent Threat Graph, the information that is detected across the user base is integrated into the different security tools. The new model incorporates behavior analysis of the data access and threat modeling of systems activities on desktop and mobile devices.
../images/429219_1_En_1_Chapter/429219_1_En_1_Fig5_HTML.jpg
Figure 1-5

Advanced Threat Protection a dashboard for on-premises/Azure endpoints

Detection today looks at how applications work and how users use the applications. This combination of data and usage collection develops an operational profile for the users. As an example, let’s look at Microsoft Word, which is a fancy text editor. It does not run administrator scripts or look at permissions (or change user permissions and access). You would not expect Word to invoke an administrator application that changes a user’s password or performs other administrative functions. The next-generation security software operates in this manner. It analyzes the applications (on a Mac or PC) and logs (or blocks) the nonstandard behavior when it is detected.

In addition, we are not faced with just security for the sake of security; we are also faced with new requirements on how governments expect us to manage our employees and customers’ information. Security is a broad topic, and Office 365 contains hundreds of product codes. This book is based on the configuration of a specific security suite called Microsoft 365 Enterprise E5.

To simplify the process, you will use the Microsoft 365 Enterprise E5 subscription as a base for all configurations. To continue on our security journey, you will need to deploy a Microsoft 365 E5 subscription and an Azure subscription. Azure Cloud Service Provider (CSP) subscriptions are nothing more than a payment commitment through a Microsoft cloud partner.

My goal in this chapter is to expose you to the different aspects of security in Office 365 and slowly help you configure your Office 365 and Azure security service. To get started on this journey, let’s look at the European regulation—the General Data Protection Regulation (GDPR)—that will have a major impact on how you manage personal information. Office 365 is designed around privacy. But for privacy to work, you need to conform to the new and upcoming regulations. The U.S. version of GDPR is coming. In fact, California has recently passed the California Consumer Privacy Act (CCPA), and many states are about to clone the same law. We all need to change our view about security and data privacy. Let’s take a quick look at the GDPR and then step through some Office 365 security features.

General Data Protection Regulation and Privacy Policies

Information security is an ever-changing landscape. As a compliance officer (or IT manager), you must constantly be aware of changes in the laws and regulations. The EU GDPR law will have a dramatic impact on everyone who manages any IT activity. We will all need to change our business processes and software compliance tools to ensure that our organizations will conform (see Figure 1-6).
../images/429219_1_En_1_Chapter/429219_1_En_1_Fig6_HTML.jpg
Figure 1-6

EU GDPR overview (courtesy of Microsoft)

All IT managers and compliance officers need to recognize that there will be a significant change starting in 2018 that will affect personal privacy and how we as both businesses and consumers need to understand our responsibilities under the European Union General Data Protection Regulation. The law was introduced in May 2016 and became fully enforceable in May 2018. The GDPR put in place privacy policies, strengthening data protection controls and making breach notification procedures highly transparent. Breaking the GDPR rules can generate fines of 20 million euros or 4 percent of the worldwide revenue of the corporation—there are no business exemptions. California, in June 28, 2018, enacted the California Consumer Privacy Act. The CCPA, like the GDPR, has stiff fines. If the CCPA was in effect when the Target breach occurred a few years ago, Target’s fines would have been $5 billion.

The impact for business is significant. The GDPR puts in place transparent policies for data management . This policy is a requirement for all entities that have a business transaction with the EU and all entities that consume EU information. Why should you care if your business operates only in the United States? The answer is simple: if your business transacts or allows any product or service to be purchased or consumed in a country that is covered under the GDPR, you have no choice but to conform. Again, the penalties are severe. The GDPR measures the fines in a percent of the gross sales of the organization. The California CCPA measure fines per data record. In both regulations, the fines are extreme.

Office 365 is a foundational service that is designed to meet the GDPR requirements . Office 365 with Azure services collects information for audit and analysis for millions of endpoints. What each of us needs to do next is to look at our organization and discuss how we need to change our business processes and business practices to conform to the new regulations. This is important because these standards will take over worldwide as the new privacy standards. There are requirements for breach reporting and significant penalties for noncompliance. There are skeptics who say this will never happen, but the California CCPA has disproven that theory.

The world is a global economy, and as large multinational corporations are required to adapt to maintain their competitive advantage, they will lobby various nations (and states) to adopt the same regulations, thereby leveling the playing field. Business is competitive. The new CCPA, the HIPAA, and the GDPR all require companies to report data breaches quickly. The GDPR requires that the report is made to the relevant supervisory authority no later than 72 hours after the data breach occurs (note this is not business hours).

The GDPR is applicable to businesses of all sizes—both large and small. Its basis is all about how personal data is managed for employees, contractors, and customers. The regulation is broad. Some data is processed under the GDPR, and some data is not managed under the GDPR. Looking at the GDPR in detail, there are four tenets to the regulations that all organizations need to address.
  • Personal privacy and individual rights to access collected information

  • Controls and notifications that an organization must deploy under new regulations

  • Transparent policies with data management

  • IT training and responsibilities for the organization collected data

Getting back to Office 365 and your own company, you need to look at the changes you need to adopt to conform to the GDPR and other regulations . This will allow you to be competitive and transparent in your business practices. Where and how does Office 365 come into play? The Microsoft road map is designed to implement security processes that conform to the GDPR practices. When you look at products like Enterprise Mobility Suite or Advanced Threat Protection, you are looking at tools that help organizations conform to the new global regulations. The GDPR includes any data, images, or analytics that can be linked to any person. Organizations must look at the four tenets of security shown in Figure 1-7 and implement the necessary policies. Organizations must take organizational and technical measures that manage the data for the appropriate security of the data. Article 28 of the GDPR specifically talks about the processor that manipulates the data on behalf of the customer. The responsibility is shared between the controller and the processor. As compliance officers, we are custodians for our users’ information, and we need to understand what we need to do to conform. Let’s consider each of these areas for a better idea as to the requirements and see how the Microsoft cybersecurity road map can help us conform to these requirements.
../images/429219_1_En_1_Chapter/429219_1_En_1_Fig7_HTML.jpg
Figure 1-7

Microsoft approach to implementing the GDPR regulation changes (courtesy of Microsoft)

Personal Privacy and Individual Rights

Personal privacy rights require you to implement Office 365 Advanced Data Governance (ADG). The ADG capabilities are part of the Microsoft 365 E5 license that we are using in this book. The new data protection laws are about how we managed personal privacy. To manage personal privacy, you need to also manage the different cloud-based apps that are installed in the environment using tools like Cloud App Security. Everything is about personal data protection and the services used to manage personal information (see Figure 1-8).
../images/429219_1_En_1_Chapter/429219_1_En_1_Fig8_HTML.jpg
Figure 1-8

Why is the GDPR important for all businesses? (Courtesy of Microsoft)

The new GDPR rules require that any “personal” information that you access needs to provide the end user with the ability to manage that information. The definition of personal information is broad. Personal information is any information that is identifiable to the individual. If you collect information on videos and share information with affiliates, all of that information needs to be fully disclosed, and the end user must be given the ability to access their personal information, correct any errors associated with that data, erase the personal information from your business records, and object to the processing of the information (if you are a processor under the EU regulations, you can be exempt from managing any information about individuals and export all information that you have collected on them).

Note

Some people think that in the United States they are not subject to personal data protection laws. However, because of the GDPR, there has been an increase in audits and fines associated with all sorts of data privacy violations. Check out https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf .

As a business manager, you need to seriously look at how you manage personal data and what controls you have on that data. If you are a multinational company that does business in the European Union, you are subject to data regulations—even if you are based in the United States. The privacy laws (worldwide, not just in the United States) are changing, and the data breach laws and the penalties for noncompliance are significant. One of the new features that Google is providing in the European Union to comply with the GDPR is the ability to destroy all information collected in Gmail accounts and the Chrome browser. This capability is slowly being introduced in the United States.

Note

Organizations tend to collect much more personal information than what is needed to complete a job or support customers. For example, IT service companies do not need to know the sex, home address (unless you support computers in the home), or any personal characteristics of the people we support—and we should not know their home phone numbers. As a business, unless we have a business reason to collect information, we do not want or care to have any personal information. Too many times we collect personal information for no apparent reason. Everyone should look at the information they collect in their businesses and ask the question—is there a business reason for the information? If there is no business reason, then remove the information from your systems.

Controls and Notifications

The management of personal information is only one aspect of the new privacy laws. Other requirements are based on the type of data maintained. There is a fine line between personal information and health-related information, for example. The fines for data breaches and security are significant, and you need to use different data storage and encryption methods for the data that you retain. There is a requirement to notify “supervisory” authorities (local, state, federal and international agencies) when a data breach occurs. You need to get permission to process personal data, and you need to keep detailed records (with no time limitations) on how you process the data. Figure 1-9 shows the data visibility that you need to have in your company to meet the GDPR requirements.
../images/429219_1_En_1_Chapter/429219_1_En_1_Fig9_HTML.jpg
Figure 1-9

Data access visibility (courtesy of Microsoft)

The GDPR requires different rules for data controllers and for data processors. As an IT manager, you are required to manage the audit logs and security associated with different data types. In some cases, you will be the data processor, and in other cases you will be the data controller. In either case, how you manage, supervise, and review access to information is critical. How you use the different tools to manage this service (such as Compliance Manager in the Microsoft Security and Trust center to managed GDPR compliance) reduces your business liability as well as your personal liability.

Note

Data processors are entities that receive data from data controllers and process personal information (security lookup, credit references, etc.). Under the GDPR regulations, the management of the data is a shared responsibility. Data controllers control the personal information. In this case, this is the Office 365 service.

Transparent Privacy Policies with Data Management

The latest federal laws require notification of the usage of private information, but the laws are so broad that no one really understands what is going on. What the GDPR has done is simplify the requirements. The GDPR has defined organizations that process information and organizations that supply information. The California CCPA does something similar. Under the GDPR, all data controllers and data processors are required to provide a clear statement (which needs to be approved by regulators) about data collection and what type of data is collected. There are also requirements on data processing as well as a full audit process for the data (what has been done, what was changed) and the data retention policy associated with that information and audit logs. In other words, you need a 100 percent transparent policy in how data is used, who it is shared with, and why. Along with this is a new requirement that the personal data can be deleted at any time if requested by the individual. This is also part of the California CCPA. As IT managers and CISOs, we need to look to the future and expect that personal information (from consumers, business associates, employees) management regulation will be more stringent; therefore, we need to develop the processes and learn to use the tools with Microsoft Security and Compliance center to address these new requirements.

IT Training and Responsibilities

All types of security require training . You need to establish the necessary process rules and train the IT personnel to manage the information according to the regulations. It is imperative that information is managed properly. GDRP requires that every company have a data protection officer (DPO) who has the responsibility to manage the information. The regulation also provides methods of contact and requirements for the users who have access to personal information.

Organizations will need to train individual who have access to personal information under the new GDPR privacy requirements. There needs to be a full audit of information access. In addition, vendors that transact against data from a data collector must be fully complaint with the GDRP requirements.

GDPR Next Steps

As the Corporate Information Security Officer (CISO) , my role has just expanded to the DPO role in addition to my traditional compliance role. It is no longer acceptable to use older tools that no longer meet the new data regulations. As the CISO, I need to be proactive and look at how to minimize my organization’s risk. The GDPR is a wake-up call on data management. The call to action for all of us is to reduce the amount of personal information that we collect and to implement additional management tools to manage our employees’ and client information. Information management is the key to managing our business securely.

Microsoft Trusted Cloud

Office 365 services are built on a secure public platform from the ground up. The implementation is a partnership with Microsoft and its customers (see Microsoft Cloud Security for Enterprise Architects at https://www.microsoft.com/en-us/download/48121 ) and is built from Microsoft’s Trusted Cloud principles (see Figure 1-10).
../images/429219_1_En_1_Chapter/429219_1_En_1_Fig10_HTML.jpg
Figure 1-10

Microsoft Cloud Security for Enterprise Architects (courtesy of Microsoft)

The Microsoft threat detection road map (shown in Figure 1-1) shows the different capabilities that are in the Microsoft Office 365/Azure offering. Regardless of the security services that are built around Office 365 and other Microsoft SaaS services, the data owner is the customer. Microsoft acts as a custodian for the customer data and continuously looks at how the data is accessed (and not what’s in the data) and who is accessing the data. Since Microsoft does not own the customer data but is acting as a custodian, the responsibilities are different. The difference is that this is a partnership between Microsoft and the client who owns the data. When you look at the changes in the regulatory landscape over data privacy, Microsoft’s management of the data—as the custodian—is aligned. Likewise, as an IT manager or a CISO, you must also accept that you are the custodian of your company data and accept that shared responsibility with Microsoft. From this viewpoint, when you look at security in the Microsoft cloud, you should be concerned with these five questions:
  • Do you know who is accessing your data?

  • Can you grant access to your data based on risk in real time?

  • Can you find and react to a breach?

  • Can you protect your data on devices, in the cloud, and in transit?

  • Is security integrated into a user’s day-to-day activities with little effort?

These are just a few of the questions that you need to be asking your IT staff to ensure that you have the different solutions in place to address the security needs of your organization. Looking back at the Microsoft threat detection road map, there are a key set of services that are designed around the fundamental capabilities of the Microsoft cloud.
  • Exchange e-mail gateway/anti-malware services called Office 365 Advance Threat Protection (ATP)

  • Windows Defender with Advance Threat Protection (WATP)

  • Cloud App Security (CAS)

  • Azure AD Identity Protection

  • Azure Security Center

  • Azure Advance Threat Protection

  • Log Analytics workspace

  • Mobile Application Management, Windows Information Protection and Mobile Device Management

Most data breaches originate from some form of identity management breach. This type of breach is either because of incorrect permissions or a bad actor getting access to a user identity through various phishing means. The goal of the Office 365 security services is to provide detection and remediation of data breaches; Office 365 also uses the information gained to be proactive in managing the services. The Office 365 security services are designed to look at the behavior of the user based on the user role. These services are a combination of different service offerings and are described next.

Exchange E-mail Gateway/Advanced Threat Protection

Office 365 Advanced Threat Protection protects users from unsafe e-mail attachments and message URLs. The service can work in Office 365, work stand-alone, or in a hybrid environment when the e-mail services are routed through Office 365. ATP processes all URLs and e-mails that are sent to the user’s mailbox. These URLs are examined in real time and blocks access to bad sites and code. ATP also deals with dynamic threats. Dynamic threats are when the links in the e-mail are valid when initially processed by the service and later turn bad because of delayed execution payload. Figure 1-11 is an example of the ATP service executing on a delayed payload link.

Office 365 ATP also validates attachments. Office 365 ATP not only looks for unsafe links but also looks for unsafe attachments and will block them from the user’s mailbox. The user can still override the unsafe attachments, so no data is lost in the case of mischaracterization.

The Office 365 ATP service is included as part of the Microsoft 365 E5 license and is optional with all other 365 services. As a matter of recourse, I recommend that all clients include this license with their Office 365 service. In fact, my organization requires that any customer that we provide security support must purchase this license.
../images/429219_1_En_1_Chapter/429219_1_En_1_Fig11_HTML.jpg
Figure 1-11

Office 365 Advanced Threat Protection trigger on a malware-based URL

Windows 10 Defender Advanced Threat Protection

Windows 10 Defender Advanced Threat Protection ( https://securitycenter.windows.com ) is the next generation of behavioral threat and deep learning tool. This tool is included in the Microsoft 365 E5 security suite and is an optional tool of other Office 365 subscriptions (such as Windows 10 E5 subscription). Windows Defender Advance Threat Protection not only blocks malicious activity but also provides postbreach detection, investigation, and response to ongoing attempts.

Figure 1-12 shows a trigger on one of the alerts from Windows 10 Defender Advanced Threat Protection. In this example, a malicious activity was detected in a Word application. The Windows 10 Defender Advanced Threat Protection monitoring service detected and blocked the malicious activity. In this case, this attack was a kernel attack. Traditional antivirus software would not have caught this activity because traditional antivirus is signiture based. This attack was detected by the Windows Defender Advance Threat Protection AI behavioral change monitoring.
../images/429219_1_En_1_Chapter/429219_1_En_1_Fig12_HTML.png
Figure 1-12

Windows Defender Advanced Threat Protection trigger in Word (courtesy of Microsoft)

Another feature of Windows Defender Advanced Threat Protection is the historical analysis of various attacks on the user (see Figure 1-13). In this case, you can see a complete history of the users, the machines for which a user has logged in to the Office 365 and other services, and what type of behavioral problems were detected.
../images/429219_1_En_1_Chapter/429219_1_En_1_Fig13_HTML.png
Figure 1-13

Windows Defender ATP: historical analysis (courtesy of Microsoft)

Windows Defender is built into the core of Windows 10 operating systems. In other words, it is not a third-party add-on, and it is integrated with the Microsoft intelligent security graph. Simply, this means that when a breach is detected in the various endpoints, Windows Defender ATP (the Windows 10 that includes the Windows E5 with Advance Threat Protection extensions) begins to monitor and block malicious activity in all connected endpoints.

As you deploy Windows Advanced Threat Protection in this book, you will also collect Windows Telemetry data. Windows Telemetry, when used with Windows Advanced Threat Protection, will give you the ability to identity lateral attacks that the bad actors use to penetrate your environment.

A lateral attack is an attack used to breach the defenses in a company. The bad actor looks for a weak entry point (such as a Mac with an out-of-date version of OS X or a 3-year-old BIOS). The bad actor breaches the system, and the help-desk folks try to remotely address the problem. The bad actors use the information from the help-desk access to attack other systems in the network. Windows 10 Defender ATP and Azure ATP help protect and identify this threat.

Cloud App Security

Cloud App Security (CAS) is a key component in the ongoing identification of security breaches. There are new apps released daily with new features and exploits, and users do not know whether an app is valid when they install it. They just download the cloud application and try the service and then uninstall the application. This is where malicious services will creep into the enterprise environment and exploit the user credentials and supply personal data to third-party services. Under the new data privacy laws, this is a data breach.

What Cloud App Security does is to detect the activity of users either from agents running on the local machine (agent-based) or via access to the firewall and other security appliances (agent-less) in the environment. Cloud App Security provides visibility into the user desktop activities, controls for sanctioned apps, deep integration with Office 365, integration with Microsoft intelligent graph to improve detection, remediation, and proactive management (see Figure 1-14).
../images/429219_1_En_1_Chapter/429219_1_En_1_Fig14_HTML.jpg
Figure 1-14

Cloud App Security dashboard (courtesy of Microsoft)

When Cloud App Security (CAS) is deployed, you have access to analytics on user behavior. You have the tools to block activities and remediate problems. CAS supports detections for ransomware, access to subscriptions, and access to unauthorized data. This is a key tool that is used for compliance and data governance and is included as part of the Microsoft 365 E5 subscription.

There have been numerous situations where I had to review the logs of different activities to understand potential threats in SaaS-based environments. Cloud App Security is a must-have tool for security analysis .

Azure Identity Protection

Cloud App Security provides the tools to better understand the behavioral side of the user and provides the tools for remediation. There is another side of security management, and this is the Azure Identity Protection management. Azure Identity Protection allows you to detect potential vulnerabilities affecting your organization’s identities, configure automated responses to detected suspicious actions, and investigate suspicious incidents and take appropriate action to resolve them. The vast number of security breaches take effect when a user identity is stolen. The issue is knowing what to do to identify risk-based activities so you can track the activity and take appropriate action—leveraging the different ways to authenticate a person who is accessing your systems.

Note

Nothing is absolute. The closest you can get to true security is to make the access composed of three different types of information. This includes something you have (like a smartphone), something you are (like fingerprints or biometric), and something you know (like a password). These three pieces of information comprise true security.

The approach that Azure Identity Protection uses is to classify users into three different risk categories: high, medium, and low. The AIP configuration allows you to take specific action based on the risk. As an example, a high-risk user could have their password automatically reset at the next login or be forced to use multifactor authentication) to log in. Azure Identity Protection uses two types of security (something you have and something you know). The Azure Identity Protection dashboard shows the users and how they access different activities (see Figure 1-15).
../images/429219_1_En_1_Chapter/429219_1_En_1_Fig15_HTML.jpg
Figure 1-15

Azure Identity Protection dashboard (courtesy of Microsoft)

Figure 1-15 shows users who are at high risk. In this case, you have policies in place to act on when users are flagged for risk events and vulnerabilities. These are reports such as “Users flagged for risk,” “Risk events,” and “Vulnerabilities.” Risk events could include logging in from multiple addresses, logging in from nontrusted locations, or logging in from devices that are not registered with the Azure identity suite. These policy settings can enable multifactor authentication, password reset, and a reduction in access to different areas of Office 365. The goal of the Azure Identity Protection service is to mitigate risk while managing a user’s credentials. Integrate into this the Azure threat protection’s DNS detection services and you have significantly strengthened the security capability of your deployment.

Azure Security Center

Azure Security Center is an Azure service that assists you in monitoring and analyzing threats against your Azure and Office 365 infrastructure. In the Security Center, you can see a signal dashboard showing all your integrated services and the status of these services (Figure 1-16). You can also see the threats and the responses that you set up to counter the threats. The policies that you put in place are integrated into a single management policy.
../images/429219_1_En_1_Chapter/429219_1_En_1_Fig16_HTML.jpg
Figure 1-16

Azure Security Center (courtesy of Microsoft)

When you think about security, you need to think of incident response and the processes that you have in place to address an incident. Typically, there are five phases with an incident: detect, assess, diagnose, stabilize, and close. The Azure Security Center has been designed around these five basic steps. The Security Center assists you in the management of the incident by giving you the necessary information to address the event .

Cloud based Advanced Threat Protection for endpoints

Advanced Threat Protection (previously called Advanced Threat Analytics) is about detecting threats using behavior analytics in your enterprise. What is unique about Azure ATP is it uses self-learning to build a behavior profile that represents your organization. Azure ATP is deployed on your domain controller and integrates into the Windows Security Center. The detection tool supports Windows desktops, Windows servers, Linux servers. The simplest example is to look at how your organization uses multiple devices to access information. When you access information from multiple sources, using multiple tools, this creates a blind spot in the organization on data management and user behavior. What happens is that you leave backdoors open for bad actors to gain access to your credentials. This opens the door for data breaches. Keep in mind that in this post-GDPR world, those breaches will need to be reported within 72 hours of the event.

This self-learning approach is used to dynamically create a threat profile in your organization while reducing the noise of the information collected. The Azure ATP tool is different than the Office 365/Azure privileged identity feature. Azure ATP is a self-learning tool that looks at the behavior of entities in your organization and helps you make decisions on the best way to handle security management in a deterministic fashion. Figure 1-17 shows the typical deployment for this tool on Azure or on-site servers.
../images/429219_1_En_1_Chapter/429219_1_En_1_Fig17_HTML.jpg
Figure 1-17

Advanced Threat Protection Data Mapping

Note

I mention EU GDPR a lot in this chapter, and I am sure you are wondering why you should care about a European law if you are in the United States. The simple answer is that a U.S. version of the GDPR is slowly making its way through Congress. So, eventually there will be a GDPR-like law in the United States. So, from an IT perspective, we need to look at our business processes and start making changes now. The GDPR is a wake-up call for the United States, and California has already responded with the CCPA.

Azure Log Analytics Suite

Log Analytics is a Microsoft cloud service that allows you to manage any instance of a cloud or on-premises services. Log Analytics can manage on-premises systems, AWS deployment, private clouds, and Azure deployments in multiple networks. Log Analytics allows you to configure the different service “blades” (or groups) to give you a more detailed view of your infrastructure. To get you started, Log Analytics provides four logical data groups for information organization in the management plugin in the Log Analytics Azure dashboard.
  • Search and analyze data logs

  • Manage alert rules

  • Manage usage and cost

  • Customize data views for work process automation

These are the basic configuration blades that are set up to add to Log Analytics. However, there are additional services that can easily be configured (see Figure 1-18). Typically, I recommend configuring the Office 365 services, the health agents, and the Windows telemetry devices. Depending on your infrastructure , you can deploy the data collection agents on your on-premises services or add them to different environments, such as your Windows servers hosted in a private data center. Accessing many of the new features for Azure security and monitoring is simple; just add an Azure CSP subscription to the environment. Once you have added the subscription, the Azure interface is enabled for the optional services.
../images/429219_1_En_1_Chapter/429219_1_En_1_Fig18_HTML.jpg
Figure 1-18

Azure Log Analytics

Mobile Device Management and the Enterprise Mobility + Security Suite

Mobile Device Management (MDM) , Mobile Application Management, Windows Information Protection and the Enterprise Mobile + Security (EMS) suite are core components of the Microsoft security strategy. The main component of the EMS strategy is the Azure identity feature and how this relates to mobile device deployment. I have dedicated Chapter 5 to Mobile Application Management(MAM), Windows Information Protection (WIP) and Mobile Device Management (MDM). There are simple deployments (MAM/WIP) and compliance deployments (full MDM). In Chapter 5, I will go through the details of how to deploy this in your organization. MDM is managed from the intune dashboard Azure.

In the deployments of MAM/WIP/MDM, EMS is the core component. EMS provides you with the user identity glue that you use to tie the different components together. EMS is a combination of products under the branding of EMS/E3 and EMS/E5. The components are listed here:
  • Enterprise Mobility + Security E5
    • Azure Active Directory Premium P2

    • Microsoft Cloud App Security

    • Azure Information Protection Premium P2

  • Enterprise Mobility + Security E3 (included in E5)
    • Azure Active Directory Premium P1

    • Microsoft6 Advance Threat Analytics

    • Microsoft Intune

    • Azure Information Premium P1

This security combination comprises the core offering with Office 365, and Microsoft offers different suites that are composed of a mix of these products (see Figure 1-19). Depending on the base product you are using, you can easily add different products to your Office 365 subscription. Figure 1-20 shows a good representation of the offerings. The prices listed are subject to change.
../images/429219_1_En_1_Chapter/429219_1_En_1_Fig19_HTML.jpg
Figure 1-19

Enterprise Mobility + Security suite with an EMS/E5 configuration

The subscription that I am using in this book is the Microsoft 365 E5 suite. This subscription is composed of the following components: Windows 10 E5, Office 365 E5, and EMS E5. These three components will give you the maximum configuration of Office 365 for your environment. As you read this chapter and deploy some of the advanced security features, you will deploy a Microsoft 365 E5 security suite. This will give you the capabilities that are needed to manage access and information .
../images/429219_1_En_1_Chapter/429219_1_En_1_Fig20_HTML.jpg
Figure 1-20

Office 365 and Microsoft 365 security product mix and add-ons for different subscription types

Microsoft Secure Score

Compliance and security go hand in hand. One of the tools that I will discuss in detail in Chapter 3 is Microsoft Secure Score. This tool allows the CISO to deploy an Office 365 and Windows solution with the best-known methods compared to peer organizations. The Microsoft Secure Score is not the end-all strategy solution for security. The security score is another tool the CISO will use to verify the Office 365 tenant and Windows 10 configuration. If you follow the recommendations, you can configure your Office 365 tenant to a known baseline for your industry ( https://securescore.office.com/ ; see Figure 1-21) because Secure Score rates your Office 365 tenant against the other Office 365 companies in your industry.
../images/429219_1_En_1_Chapter/429219_1_En_1_Fig21_HTML.jpg
Figure 1-21

Microsoft Secure Score (https://​securescore.​office.​com)

Microsoft Secure Score is a key tool that the CISO will use to verify that the Office 365 tenant has been configured correctly. This tool continuously analyzes the 365 configurations (updated nightly) and looks for security configuration problems. The tool is a key component in the compliance officer toolbox. In Chapter 3, you will look at the best-known methods for configuring your Office 365 tenant , and the Microsoft Secure Score is the tool that you will use to complete this analysis.

Typical Security Offerings

The typical offerings of the security products for Office 365 vary, depending on a partner’s capability and focus. As a CISO, you need to look at the business requirements to see what the needs of the organization are. A typical security package is composed of the following components:
  • Basic-level security (usually notifications and data mining on the dark web)

  • Midrange package (these usually are reports of a predictive nature)

  • High-end package (this is where the real work begins and includes threat modeling)

As a CISO, you will be looking at either the midrange package or the high end. Which one you pick is determined by your staff capabilities. Smaller organizations will typically select a higher-end package. Established organizations with a well-defined process will select a midrange package. Where does your organization fit in? It depends on your business process and how you view security. The low-end packages make sense only if you already have deployed many of the capabilities discussed in this book. If you have not deployed security packages like the ones I have discussed and you consider security as “not” important, then you have a fundamental business problem. In the past 20 years, there are hundreds of fast-growing businesses that are now defunct because they lost their competitive advantage and intellectual property due to cyber-theft.

Let’s take a quick look at a typical security offering (Figure 1-22). In these security classes, you have three different mixes depending on the needs of the CISO. The shield package provides the basic monitoring package.
../images/429219_1_En_1_Chapter/429219_1_En_1_Fig22_HTML.jpg
Figure 1-22

Office 365 security product mixes (courtesy of KAMIND IT)

The basic monitoring package assumes that the organization has the necessary security structure in place. This is an incremental addition to an organization. Most organizations select the middle package. This way they have the best of both worlds: active detection and predictive monitoring of potential threats. The third package is a proactive package that leverages the predictive package to take corrective action on the organization. Which package should you use? Again, this depends on the capabilities of the organization. If you lack infrastructure and resources, choose the higher-end packages. If you have an individual who can monitor what is going on in your organization, then select the middle package. Looking at the security plans offered earlier, we have 3 different plans, and each of the plans are composed of a cyber security early warning detection system. The Shield, Armor and Fortress security plans include dark web monitoring. The reason for this, is that dark web monitoring provides and early warning on potential compromised of information breaches in a business. When a user account is compromised this gives teh bad actor an additional insight into potential security holes in the organization. These security holes are where data breaches occur. There is a company called idagent (www.​idagent.​com) that specializes collecting data that is for sale on the dark web. Any security operations center uses this data to look for potential data breaches. When a user credentials is discovered in the dark web, the impact to a security team is significant. What is the bad actors will try different combinations of passwords (based on the information for sale in the dark web) in an attempt to get access to the user accounts? This approach is known as password spray. You know the user credentials, but you do not have their passwords, but you have a good suspicion that it is a certain combination of numbers and letters. You draw this conclusion because the user credentials have been breached a number of times and they are for sale on the dark web. The bad actor has either purchased the credentials, or is using a service that has collected data about this user and will sell the information on a subscription basis to the bad actor. Once a bad actor is armed with the information, you begin to see a slow attack to compromise the user credentials. As an example, Equifax in 2018 had a credential breach of over 146M accounts and finical records. Just recently Marriott was breached with 500M data records. My credentials happen to be in both breaches. The bad actors now have a pattern of passwords that they can use to access my accounts. In my case, I thwart this with Multifactor authentication and restricted access accounts. However, most clients are not that lucky, so we need to be prepared. Cybercrime is a profit-making business that sells our digital assets. Dark web monitoring is key to a healthy cybersecurity program.

The security packages are described in the following sections.

Shield: Basic Monitoring

The Shield class of products is designed to provide basic monitoring services to any client. Companies that have a process-oriented infrastructure will use these packages to augment additional security service offerings. Companies that use MobileIron, a third-party antivirus package, will use this product. Most vendors will have an offering that looks like this. This basic package offers enough security products to provide basic monitoring, but if you are being targeted or are in a high-risk industry, you need to look at a higher-end offering.

Armor: Predictive Security Class

The Armor class will typically include predictive monitoring. In this case, I am referring to the configuration of services that can show you trends and analysis on your infrastructure. Data is collected from different endpoints (including Microsoft’s intelligent cloud) and presented in a series of dashboards that the IT manager/CISO can review to make business decisions. Data is collected and analyzed, and reports are generated. Companies that use this class of product have an existing IT staff that has experience in remediation and analysis of the company’s data. Basically, you have data being presented in a logical fashion where knowledgeable individuals can decide on the appropriate changes to the infrastructure.

Fortress: Proactive Security Class

The third class of products you typically see are the proactive security products. In this case, the example is the Fortress class. This is the high-end product with different types of security offerings targeted at high-risk industries. High-risk industries are defense contractors, financial businesses with compliance requirements, and any organization that manages large amounts of personal data. Products in this class include two distinct offerings: predictive analysis and proactive management. In this case, you need to have the skills to read the reports and make decisions on the different data that is being collected. The vendor that provides this service will proactively make changes in your security infrastructure to keep the bad actors out of the organization and protect the organization data.

As you look at different security products, you need to look at the offerings in respect to Office 365 because you want to use an integrated service offering. Table 1-1 shows the different options of the security products and how they overlap with Microsoft’s threat detection road map discussed earlier.

Table 1-1. Office 365 Security Product Feature Comparison (Courtesy of KAMIND IT) ../images/429219_1_En_1_Chapter/429219_1_En_1_Figa_HTML.gif

It is important to look at product positioning and at what you are doing internally to make sure that you are aligned with the business. As you look at different product offerings, you need to step back and look at the services that are available in Office 365 and Azure. My goal in this book is to provide you with a good introduction to the various elements of Office 365—from a security perspective—and allow you to use those services as it makes sense for your business. There are two key security dashboards in Office 365 that you need to manage. These are the Security & Compliance Center dashboard and the Azure Advanced Threat Protection dashboard.

Secure & Compliance Center

I’ve discussed all the different components of Office 365 security. The one place where all the information is tied together is the Security & Compliance Center (see Figure 1-23). The Security & Compliance Center dashboard is the center for analysis of Office 365 on a day-to-day basis. The process that all CISOs go through with Office 365 is the same, as outlined here:
  1. 1.

    Work with the Microsoft partner to purchase an Azure CSP subscription and Microsoft 365 E5 licenses.

     
  2. 2.

    Configure Azure security services (see Chapter 2).

     
  3. 3.

    Configure Secure Score (see Chapter 3).

     
  4. 4.

    Deploy Cloud App Security (see Chapter 3).

     
  5. 5.

    Deploy Privilege Identity Management (see Chapter 4).

     
  6. 6.

    Deploy Azure Identity Protection (see Chapter 4).

     
  7. 7.

    Deploy Azure Information Management/Protection (see Chapter 4).

     
  8. 8.

    Deploy Mobility Application Management (see Chapter 5).

     
  9. 9.

    Deploy Mobile Device Management (see Chapter 5).

     
  10. 10.

    Manage Compliance (see Chapter 6).

     
Once you have the necessary dashboards configured, the issue is to manage the alerts and the day-to-day activity for your organization. The three classes of security products discussed earlier are examples of different types of third-party offerings to assist you in the management of the compliance and security activity. The CISO will do the following on a scheduled basis:
  1. 1.

    Manage the day-to-day activity through the Security & Compliance Center. Look for alerts and breaches.

     
  2. 2.

    Resolve alert notices, and focus attention on Cloud App Security (CAS).

     
  3. 3.

    On a weekly basis, check the Microsoft Security Score for changes once you set your baseline.

     
  4. 4.

    On a weekly basis, check the Compliance Manager score in the security and trust center.

     
Those are the CISO security responsibilities on an ongoing basis. To access the Security & Compliance Center, log in to Office 365, and click the Security & Compliance icon (see Figure 1-23).
../images/429219_1_En_1_Chapter/429219_1_En_1_Fig23_HTML.jpg
Figure 1-23

Accessing the Security & Compliance Center for the first time

If you are new to Office 365, you may notice that your tenant is not configured with all the features shown in Figure 1-23. The reason for this is that you have the incorrect subscription. To enable all the features in the Office 365 Security & Compliance Center, you need to purchase the Microsoft 365 E5 subscription for your account. This will give you the complete set of rights to manage and set the permissions for your Office 365 tenant.

Once you have the complete set of permissions, you can enable the different features for the organization. This way you can define the necessary business processes required to grow your organization. Note I said grow. Businesses that use Office 365 are growing businesses because Microsoft has designed the solution to allow your business to scale. All the features that I described earlier are available to you as an administrator.

I have been asked many times what the best way to proceed is when configuring Office 365 as a secure environment. I have many different tech notes, but the bottom line is to read and configure the services outlined in this book. This will get you started in the correct direction. The best business practice I have discovered is to build the capabilities into Office 365 on the first day. This way the organization can change and grow. If you are proactive and use this approach (as all CISOs should be doing), you will be setting your company up for a secure experience with Office 365. Keep in mind the steps you need to follow that I discussed earlier. Use Secure Score to start, review the configuration in the Security & Compliance Center (see Figure 1-24), and monitor the organization.
../images/429219_1_En_1_Chapter/429219_1_En_1_Fig24_HTML.jpg
Figure 1-24

Security & Compliance Center

Summary

This chapter gave you an overview of the security features in Office 365. My approach was to show you the possibilities that exist and explore what you can do with Office 365. Our road map (refer to Figure 1-1) is the Microsoft threat detection road map. Everything that you do in Office 365 are choices you make as the custodian for your company’s data and your customers’ information. We all need to be vigilant on our responsibilities.

I wanted this book to be a useful guide to IT managers on what they need to configure and do to manage an Office 365 environment, so I wrote the chapters from a CISO’s perspective. I wanted to give you insight into the capabilities of Office 365 and open your mind up to the possibilities in managing a secured environment. As we walk through the chapters in the book, I will expose you to the configuration of Microsoft Secure Score (configurations for your industry), monitoring techniques on handling the Security & Compliance Center, and configuration of Office 365 and Azure services. This will lead us into the management of privilege information and risk analysis of our users, and we will end up with Mobile Application and Mobile and Mobile Device Management. Once we reach this point, we will walk through the configuration of the Mobile Device Management to see how you can lock down your environment. The goal of chapter 1 was to give you an overview of what is coming in the next chapters. We are going to configure for Office 365 and Azure services that we just reviewed. If you have not deployed the Microsoft 365 E5 and an Azure CSP services subscription, go deploy those subscriptions before we proceed. 

The processes discussed in the chapter revolved around the GDPR and CCPA. My goal was to provide you with the necessary information to ensure that your organization has the fundamental business processes and security processes to meet the data protection and privacy requirements.

Note

Before you proceed, you will need to purchase Microsoft 365 E5 and an Azure CSP subscription. To fully understand the concepts in this book, you must have these subscriptions deployed on your administrator account. You can deploy these subscriptions from your current partner. If you are worried about the long-term commitment for Office 365, check out www.kamind.com/csp for the different subscription offerings.

Next Steps

I have assumed that your Office 365 environment is fully set up and you are using the service. If you are not on Office 365, refer to Chapter 7 and migrate your company to Office 365. (You can also refer to my previous book, Moving to Office 365). The chapters in this book are written based on the assumption that you are have Office 365 and are looking for a better way to securely manage it. As we proceed through the book, we will deploy Office 365 and Azure services based on the deployment of the Microsoft 365 E5 subscription and an Azure Cloud Solution Provider (CSP) consumption subscription for Azure. If you do not have these subscriptions, please acquire them as soon as possible.

Reference Links

There is a lot of information about Office 365 on the Web—the issue is finding the right site. The information contained in this chapter is a combination of my experience performing deployments and of support information published by third parties.

Microsoft Azure Architecture Center
Microsoft Cloud Security for Enterprise Architects
Microsoft Cloud Storage for Enterprise Architects
US Department of Health and Human Services—Breach Notification Site
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.16.68.121