Microsoft 365 SMB Advanced Security - PowerPoint Presentation

Slide1

Microsoft 365 SMB Advanced Security

Microsoft 365 Business Premium: Understanding the Nuts and Bolts

New name, same great value, same price.

Microsoft 365 for business

Office 365 Business

Essentials

Cloud services

Microsoft 365 Business

BasicCloud services

Office 365 Business

PremiumCloud services and desktop apps

Microsoft 365 Business StandardCloud services and desktop apps

Microsoft 365

BusinessCloud services, desktop apps, and advanced security

Microsoft 365 Business PremiumCloud services, desktop apps, and advanced security

Effective on April 21

st

, 2020

Microsoft 365 for business

New name, same great value, same price.

Exchange

Teams

SharePoint

OneDrive

Outlook

Word

Excel

PowerPoint

Publisher

Access

Exchange

TeamsSharePointOneDrive

Exchange

Teams

SharePoint

OneDrive

Outlook

Word

Excel

PowerPoint

Publisher

Access

Intune

Azure Information Protection

Conditional Access

Defender

Windows Virtual Desktop

Microsoft 365 Business

Basic

Cloud services

Microsoft 365 Business

Standard

Cloud services and desktop apps

Microsoft 365 Business

Premium

Cloud services, desktop apps, and advanced security

Note: Not all features/product logos shown.

Layered approach to security

Compromised login

Weak credentials

Suspicious locations

Malware/ ransomware (compromised device)

Unmanaged device –BYOD – has your corp data

Weak pin – anyone can accessUsers can copy/paste/save corp data to personal appsUsing 3

rd party apps with weak securityEmail malware vulnerabilitiesRansomware threats/phishingProtecting sensitive data from being shared

Important documents need to be protected internally and externallyMaking sure only the right people have access

Making sure departing employees don’t have accessSecurity Issues at each layer

User

Device

ApplicationEmailDocument

10 Pro

AAD

Features like MFA

Self Service Password Reset

Conditional Access

Microsoft Defender AV

Full Centralized Management of Mobile and Laptops with IntuneRemote wipe of data of lost & stolen devicesBitLocker Encryption

Enforce Strong Pin requirements along with WiFi, VPN profilesRestrict copy/paste/save corp data to personal appsAccessing sensitive apps securely (Windows Virtual Desktop)

Advanced Threat Protection for protection against malware and zero day attacksData Loss Prevention to monitor sensitive data from being transmittedEmail restrictions like “Do Not Forward” or “Encrypt Email”

Azure Information Protection protects, classifies Documents for secure sharingRevoke access to DocumentsTrack Sensitive documents

Identity SecurityDevice SecurityApplication Security

Email SecurityDocument Security

Microsoft 365 Business Premium

Securing each & every layer of productivity seamlesslyWhat is Microsoft 365 Business Premium

User

Device

Application

Email

Document

10 Pro

Active Directory

Azure AD

Intune

Windows 10 Pro device

Mobile Devices

Device & Application Security

Office 365

Exchange Online: Email Calendar

SharePoint Online:

ODFB

, Sites

Teams: Persistent Chat

Office Client: Word, Excel PowerPoint

External Threat Protection

Office 365 Advanced Threat Protection

Office 365 Multi-Factor Authentication

Controlling Data Access

Data Loss Prevention

Preservation with Exchange Online archiving

Information Rights Management & Encryption

Azure Information Protection

Email Security

Self Service Password Reset

MFA

Conditional Access

New

Device Management

Microsoft Defender AV

Centralized Windows Security Enablement

E2E MDM for iOS/Android

Wifi

, VPN, Profile; Certificate Management

Identity Security

Document Security

Intune Application Management

Restriction on Cut/Copy/Paste on personal apps

10 Pro

What is Microsoft 365 Business Premium

Identity

1. Self Service Password Reset

2. Multi Factor Authentication for:

Microsoft Services3rd Party Apps3. Conditional Access

NewUser

LocationDevicesAppsHybrid ConfigurationAAD Connect enables a single username/password for cloud and on premises apps

Self Service Password Reset with writebackLet’s your users change password easily and that’s written back to AD to maintain uniform Password PoliciesMFA for additional security for:Microsoft Services (incl. Office services)3rd Party Apps

Conditional AccessEnforce access controls based on location, user state, device state and appsActive Directory

Azure AD

Intune does two things:

Device & Application Security

Device Management

For Windows & Mobile Devices

Mobile Application Management

for iOS & Android

Intune

Windows 10 Pro device

Mobile Devices

10 Pro

MDM + MAM

Intune does two things:

Device Management

For Windows & Mobile Devices

Win 10 Auto enrollment benefits: Central Management of windows by enabling Microsoft Defender AV, Ransomware end point protection and BitLocker enablement

Device Security

Intune

Windows 10 Pro device

10 Pro

Intune does two things:

Device Management

For Windows & Mobile Devices

End-to-end

Device registration

Certificate managementWifi, VPN profileDevice wipe for stolen devicesDevice Management

Intune

Windows 10 Pro device

10 Pro

Mobile Devices

Application Security

Intune

MAM

Corp

Personal

Ring fencing Apps

@hotmail.com

@contsoso.com

Email attachment

Paste

Copy

Can’t paste to personal apps

Save

OneDrive for Business

Can’t save to personal storage

Intune does two things:

Mobile Application Management

for iOS & Android

Restricting Cut/Copy/Paste/Save on Personal apps

Email Security

Office 365

External Threat Protection

Office 365 Advanced Threat Protection

Controlling Data Access

Data Loss Prevention

Preservation with Exchange Online archiving

Information Rights Management & EncryptionExchange Online: Email Calendar

SharePoint Online: ODFB, Sites

Teams: Persistent ChatOffice Client: Word, Excel PowerPoint

External Threat Protection

Office 365 Advanced Threat Protection

Controlling Data Access

Data Loss Prevention Preservation with Exchange Online archiving Information Rights Management & Encryption

Advanced Security

Saf

e

Safe Links rewrite

Multiple filters + three antivirus engines

with Exchange Online protectionRecipientUnsafe

Suspicious attachment

Sender

Office 365

Detonation chamber

(sandbox)

Executable?

Registry call?

Elevation?

……?

Malicious links

Protection against unknown malware/Viruses

Behavioral analysis with machine learning

Admin alerts

Time-of-click Protection

Real-time protection against

malicious URLs

Growing URL coverage

Rich Reporting and Tracing

Built-in URL trace

Reports for advanced threats

Advanced Security

Controlling Data Access

Data Loss Prevention

Data Loss Prevention

Offers Policy Tips

to prevent users from sharing sensitive contentDetects sensitive content based on pattern matching engine for various sensitive dataBank Routing NumbersSSNs

PHITakes ActionBlocksReports to admin

Controlling Data Access

Exchange Online Archiving

Advanced Security

Exchange Online Archiving

Unlimited archiving mailbox

eDiscovery features to help produce data/contentProvides long term retention of content based on compliance requirementRetains even deleted items for long term retention & eDiscovery

Controlling Data Access

Information Rights Management & Encryption

Advanced Security

Information Rights Management and Encryption

Set Permissions like ‘Do Not Forward’

Enable External Encryption – where recipients get fully encrypted emails

Document Security

Azure Information Protection

User 1

User 2

Classification & labeling: “

Highly Confidential

”

Encryption

Tracking

Revocation

Document

Azure Information Protection

Classification & labeling:

Manually classify documents based on labels like “Highly Confidential” that is associated with a certain group access

Encryption: The encryption follows classification labels

Tracking: who/where document is accessed

Revoke access previously granted

AAD

Features like MFA

Self Service Password Reset

Conditional Access

Microsoft Defender AV

Full Centralized Management of Mobile and Laptops with IntuneRemote wipe of data of lost & stolen devicesBitLocker Encryption

Enforce Strong Pin requirements along with WiFi, VPN profilesRestrict copy/paste/save corp data to personal appsAccessing sensitive apps securely (Windows Virtual Desktop)

Advanced Threat Protection for protection against malware and zero day attacksData Loss Prevention to monitor sensitive data from being transmittedEmail restrictions like “Do Not Forward” or “Encrypt Email”

Azure Information Protection protects, classifies Documents for secure sharingRevoke access to DocumentsTrack Sensitive documents

Identity SecurityDevice SecurityApplication Security

Email SecurityDocument Security

Microsoft 365 Business Premium

Securing each & every layer of productivity seamlesslyWhat is Microsoft 365 Business Premium

User

Device

Application

Email

Document

10 Pro

Active Directory

Azure AD

Intune

Windows 10 Pro device

Mobile Devices

Device & Application Security

Office 365

Exchange Online: Email Calendar

SharePoint Online:

ODFB

, Sites

Teams: Persistent Chat

Office Client: Word, Excel PowerPoint

External Threat Protection

Office 365 Advanced Threat Protection

Office 365 Multi-Factor Authentication

Controlling Data Access

Data Loss Prevention

Preservation with Exchange Online archiving

Information Rights Management & Encryption

Azure Information Protection

Email Security

Self Service Password Reset

MFA

Conditional Access

New

Device Management

Microsoft Defender AV

Centralized Windows Security Enablement

E2E MDM for iOS/Android

Wifi

, VPN, Profile; Certificate Management

Identity Security

Document Security

Intune Application Management

Restriction on Cut/Copy/Paste on personal apps

10 Pro

What is Microsoft 365 Business Premium

Thank You!

SMB Technical Community: aka.ms/

smbtc