Microsoft Security Matter Newsletter – June 2019

As Microsoft wraps up its fiscal year this past week here’s the latest newsletter for Microsoft Security.  There’s a lot of good content in this edition to be consumed but have called out ones that should be prioritized in italics.

General News

Microsoft 365 Security (All Up News)

Identity & Data Protection (Azure AD, Intune, AIP, MCAS)

Latest Azure AD Stats

Identity stats

Threat Protection (Office ATP, Windows Defender ATP, Azure ATP/ATA)

MDATP engines

MDATP protection

How to Get Started Resources for Securing Office 365

As I have mentioned in previous posts, I get the opportunity to meet with enterprises on a regular basis around security.  Most of these organizations run the spectrum on their adoption of O365 and other cloud-related services.  Specific to O365, there are extreme early adopters before there were means to secure the service to ones that are just now considering it to others that are in the process. The commonality between all these customers, no matter their stage of adoption, is how “what are best practices for securing O365?”.  So let’s take a look at the best practices resources from Microsoft.

Note:  In most cases, the guidance below assumes the customer is licensed for a minimum of EMS E3 for their environment and additional licensing for advanced security features are typically called out in the documentation.

O365 30, 60, and Beyond

This is a baseline resource to help establish a foundation of security for companies as they begin to adopt their first O365 workload which is typically Exchange or OneDrive.  It focuses on quick wins around basic admin and identity protections along with key service logging.

O365 Roadmap

Identity 5 Easy Steps

In the roadmap above it references in the 90-day timeline to implement advanced protection.  The 5 Easy Steps guide focuses on those advanced steps for protecting identities with an organization by focusing on:

  1. Strengthen your credentials.
  2. Reduce your attack surface area.
  3. Automate threat response.
  4. Increase your awareness of auditing and monitoring.
  5. Enable more predictable and complete end-user security with self-help.

Azure AD Break Glass

While the link to this guide has several of the same guidance as the 5 Easy Steps above there are a few additional ones that are worth calling out that every organization should put in their own O365 Security Roadmap.

Microsoft 365 Golden Config

As I mentioned in the note above, the guidance assumes the customer has licensed a minimum of M365 E3/EMS E3 to protect O365.  However, if your organization has licensed M365 E5/EMS E5 then you will want to use this guide as it provides guidance to implement the necessary policies to establish zero trust when accessing O365 resources.

m365 golden config

Deployment Guides

While the sections above provide links to get started with key security components, customers will inquire if there are deployment guides for the respective security components that can protect O365.  Provided below are such guides that can be provided to the IT architecture group or PMO to develop an implementation plan.

Fast Track Resources

As part of licensing M365 services, customers have the option to leverage a “FREE” (yes, free) service from Microsoft called Fast Track.  This group can be engaged through your Account Team or Customer Success Manager to assist with guidance and adoption of M365 services.  As you can see in the graphic below, they also can assist and provide resources to help implement all the security components discussed above.

Fast Track

Microsoft Secure Score

As organizations go about implementing the above guidelines and services they can refer to the Microsoft Secure Score.  This a checklist of items that can be used as a checkpoint to make sure the best practices are being implemented for their environment.

homepage-original

Check Back for Updates

Keep this link bookmarked in your browser favorites and check back periodically as I will update this as new guidance is released from Microsoft.  Best of luck in securing your O365 investment.

Microsoft Security Matters Newsletter – April 2019 Edit

Spring time is here and time for a new Security Newsletter.  Provided below are the updates on the Microsoft Security front that have been announced since RSA.

General News

M365 Security Security (All Up News)

Identity & Data Protection (Azure AD, Intune, AIP, MCAS)

Threat Protection (Office ATP, Windows Defender ATP, Azure ATP/ATA)

avtest

Back-porting of #MDATP automation capabilities to Windows 10 build 1709 (RS3) and above is now complete. Capability has just lit up automatically on all machines updated with latest from Windows Update.

MDATP 1709

 

 

 

 

Microsoft Security Matters Newsletter – Feb/Mar Edition Part 2 (Announcements)

I purposely had held off on doing just a February Newsletter knowing that RSA was at the beginning of March and would bring lots of exciting announcements.  However, when I went to go compile the newsletter I realized that not only were there a lot of announcements to pass along but there were also several webinars (see Part 1 of the newsletter) that kicked off that deserved their own communication.  Provided below are the announcements specific to Microsoft Security that occurred over the past 6-8 weeks.

General News

Microsoft 365 Security (All Up News)

Identity & Data Protection (Azure AD, Intune, AIP, MCAS)

Threat Protection (Office ATP, Windows Defender ATP, Azure ATP/ATA)

Microsoft Security Matters Newsletter – Feb/Mar Edition Part 1 (Webinars)

I purposely had held off on doing just a February Newsletter knowing that RSA was at the beginning of March and would bring lots of exciting announcements.  However, when I went to go compile the newsletter I realized that not only were there a lot of announcements to pass along but there were also several webinars that kicked off that deserved their own communication.  Provided below are M365 related webinars that organizations of any size can leverage as learning opportunities for their staff.

Azure AD Deployment Webinars

Microsoft Cloud App Security Deployment Webinar Series

  • Registration Link
  • March 12, 3:00 PM ET     Information Protection
  • March 19, 3:00 PM ET     Threat detection
  • March 26, 3:00 PM ET     Conditional Access App Control
  • April 2, 3:00 PM ET          App Discovery and Log Collector Configuration
  • April 9, 3:00 PM ET          Connecting 3rd party Applications
  • April 16, 3:00 PM ET        Automation and integration with Microsoft Flow

Azure Information Protection Webinar Series

  • Registration Link
  • March 14, 3:00 PM ET          Introduction: AIP basics and latest announcements
  • March 21, 3:00 PM ET          Discovery: Discover data at rest
  • March 28, 3:00 PM ET          Classification: Label taxonomy and recommendations
  • April 4, 3:00 PM ET               Protection: Protect data at rest and in motion
  • April 11, 3:00 PM ET            Monitoring: Visibility into who is accessing data
  • April 18, 3:00 PM ET            MIP SDK: How to leverage the SDK

The Virtual Security Summit

“Managing Healthcare Insider Security Threats” Needs to Include Data Protection

 

See the source image

Over the past few weeks, there have several posts in my LinkedIn feed around the growing concern around insider threats for healthcare organizations.  The most recent of these posts was a write-by  Dan Fabbri on Maize Analytics which was a summary of his thoughts on a recent HIMMS study performed by SailPoint.  In his (Dan Fabbri) post he calls out the following to combat healthcare insider threats:

The best way to combat insider threats is by combining a training and awareness program with technology. With machine learning, user-based analytics, and artificial intelligence programs that monitor ePHI access, hospitals can catch inappropriate access to patient data.

While this approach is one step in controlling access to sensitive data the reality is that it is not protecting the data.  The above approach should be partnered with technical solutions that classify and protect the data that may be exported out of clinical systems.  Traditionally, some of the larger healthcare organizations have tried to implement a client (agent) based DLP solution(s) to address this scenario but in a lot of cases have had challenges, if not failures, due to the complexity of these systems.

Given that the majority of the data generated out of a clinical system ends up in an unstructured form (ie Office or PDF files, makes up 85% of unstructured data in most corporations) a technical solution that classifies and protect these files at the time of creation should be considered.   One such technical solution that can classify and protect files is Microsoft’s Azure Information Protection (AIP) which automatically labels sensitive files being created by staff.

An example from working with healthcare customers is that physicians were exporting sensitive patient data from the EMR in order to perform clinical research with colleagues at another healthcare organization.  This data was being sent in an Excel format via email with no protection and was accidentally sent to a recipient with 1000’s of sensitive patient information.  In this scenario, if AIP had been in place the data could have been automatically classified as having sensitive patient information then applied protection (encrypting the file) to ensure that unattended recipients couldn’t have opened up the document.  This protection is applied at the file level so even if the file was placed on an external drive, a network share or online storage (Box, DropBox, Google Drive, OneDrive, etc) it would still be safe.

As healthcare organizations adopt Exchange Online and other cloud technologies, leveraging a Cloud App Security Broker (CAS-B) to monitor for sensitive data leaving the organization should be a technical solution to evaluate to further expand data protection.

More information about Microsoft’s Azure Information Protection can protect data is available here.

 

Microsoft 365 Security Year in Review 2018 Newsletter

WOW!! What a year for the Cybersecurity industry.  Some things haven’t changed (breaches are still occurring) but the security solutions continue to evolve and this includes Microsoft 365 Security.  Included in this edition of the newsletter is a compilation of announcements and resources from calendar year 2018 that show the power of the M365 Security platform.  It was an exciting year and suspect that 2019 will be more of the same for Microsoft and its customers.

General News

M365 Security (All Up News)

O365 Stats

Identity & Data Protection (Azure AD, Intune, AIP, MCAS)

Azure AD

Threat Protection (Office ATP, Windows Defender ATP, Azure ATP/ATA

Defender

MTP