0% found this document useful (0 votes)
41 views21 pages

Security Best Practices For Microsoft Partners

This document provides guidance to Microsoft partners on improving security practices by adopting a Zero Trust security model. It recommends partners learn about Zero Trust, identify security contacts, secure endpoints and identities, and conduct ongoing monitoring. Implementing these best practices will help partners create a safer environment for their organization and customers, stay ahead of evolving threats, and capitalize on security opportunities.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
41 views21 pages

Security Best Practices For Microsoft Partners

This document provides guidance to Microsoft partners on improving security practices by adopting a Zero Trust security model. It recommends partners learn about Zero Trust, identify security contacts, secure endpoints and identities, and conduct ongoing monitoring. Implementing these best practices will help partners create a safer environment for their organization and customers, stay ahead of evolving threats, and capitalize on security opportunities.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 21

Security best

practices for
Microsoft partners
Improve your security posture
with Microsoft tools, resources,
trainings, and platforms.

Version 1.1
Why security matters Microsoft is invested in keeping our ecosystem
secure as cyberthreats rise.
for you and your
customers The volume of password attacks has risen to
an estimated 921 attacks every second—
a 74% increase in just one year.1
With the rise in sophisticated
cybersecurity attacks, security
continues to be one of the top Microsoft synthesizes 43 trillion1
challenges of our digital age. security signals daily, using sophisticated
analytics to understand and protect
against digital threats.
Today, anything less than
comprehensive security is no
Microsoft has 8,500+ engineers, data
security at all. scientists, cybersecurity experts, threat
hunters, geopolitical analysts, and frontline
responders across 77 countries.1

1. “Microsoft Digital Defense Report 2022,” Microsoft, 2022.


As the threat landscape continues to evolve—
and industries transition from remote to hybrid
work—you need to adopt an end-to-end
Zero Trust security model
that covers the entire technology ecosystem.
What is the Zero Trust framework?
Microsoft follows the Zero Trust framework, a highly
effective security model that assumes all activity—even
by trusted users—could be a breach.

Verify explicitly Use least privileged access Assume breach


Authenticate and authorize based on Limit user access with just-in-time Minimize blast radius and segment
all available data points, including and just-enough-access (JIT/JEA), access. Verify end-to-end encryption
user identities, location, device risk-based adaptive polices, and data and use analytics to get visibility,
health, service or workload, data protection to help secure both data drive threat detection, and
classification, and anomalies. and productivity. improve defenses.
Use the Zero Trust
Keep your employees and business safe—anytime,
anywhere, and on any device.
By applying proven Zero Trust security techniques,

framework to become a
you can keep the data belonging to you, your business,
and your employees safe from cyberattacks.

key security collaborator Help customers mitigate risk.


Customers value partners who can safeguard their data,
By adopting the Zero Trust close security maps, and advise on the products, services,
and solutions for best-in-class security.
security model, you can keep your
organization resilient, consistent,
and responsive to attacks.
Stay at the forefront of digital transformation.
Partners who invest in key solutions today—and become
experts on intelligent security—position themselves to be
valuable resources in the years to come.

Security holds immense opportunity for partners.


Gartner expects the total addressable market in security
and risk management to reach $261.9 billion in 2026.1

1. Gartner: “Forecast: Information Security and Risk Management, Worldwide, 2020-2026, 3Q22 Update,”
September 28, 2022.
Microsoft will deliver ongoing guidance
and resources to help you adopt
stronger protective measures.
To successfully implement Zero Trust
across our ecosystem, we’re relying on
Creating a safer world for all— you to take the necessary security
together actions.
By working together, we can better plan
for shifts in the cybersecurity landscape
and proactively respond to risk for years
to come.
Implement a strong approach to security

With new threats constantly emerging, Learn and Identify and add
security must remain a top priority for upskill security contacts
your business—and tasks should be
properly delegated to ensure a
sustainable system.

Explore this guide for key actions and


trainings that can help you implement
ongoing practices and keep your
security sharp.

Ongoing Secure your Secure your


monitoring endpoints identities
Commit to ongoing security with these best practices
Upholding security is not a step-by-step process—it’s an ongoing commitment. Keep your customers and
organization safe by continually updating and investing in each aspect of your security.

Learn and Identify and Secure your Secure your Ongoing


upskill add security identities endpoints monitoring
contacts
Evolve with the security Take action to Invest in platforms Remain engaged with
landscape to protect your enforce multifactor that prevent, your Zero Trust
Establish an individual or
organization and your authentication (MFA) detect, investigate, framework, tapping
group who will be
customers. Sharpen your and remove unnecessary and respond to into resources that
accountable for security-
skills with courses delegated administrative advanced threats. help you detect fraud
related issues, responding
designed to help you make privileges. and protect identities.
quickly when notified
the Zero Trust model work
about potential threats.
for you.
Learn and Stay up-to-date on the security landscape

upskill
Learn the best ways to implement the Zero Trust framework and deploy
and sell security products and services.

Tap into trainings and gain


the skills you need to keep
you and your customers
safe.
Register for "Security through the Lens of Zero Learn more about the principles of Zero Trust and
Trust," a course that demonstrates how to help the corresponding tools designed to fortify your
customers easily protect their identities and business.
networks using tools available through Microsoft
Azure and Microsoft 365. This key training is Read time: 5 min
available via our ongoing 2-day live webinar series
or as an on-demand workshop. Read the blog

Webinar view time: 2 2-hour, 30 min sessions

Register for webinar

Join on-demand workshop

Key role:
Security Operator/Analyst
or Security Administrator
Identify and Security contact responsibilities and guidance

add security
contacts
Establish a point of contact The security contact is an individual or group within your organization who will
for security information. serve as the point of contact if Microsoft detects a threat. The contact must have
an inbox that can be monitored constantly—we recommend using a distribution
list—and respond with urgency to investigate and remedy security concerns.

Read time: 5 min

Establish a security contact

Key role:
Security Administrator
Secure your Enforce multifactor authentication (MFA) for all
users in tenants for you and your customers

identities
Your identity secure score shows MFA is a key component of the Learn more about the Azure
Safeguard against how aligned you are with
Microsoft’s security
Azure Active Directory security
defaults. Explore the benefits of
Active Directory security defaults,
including deployment
frequent attacks with recommendations—and where
you can better protect your
these defaults and follow simple
actions to enable them for your
considerations and enforced
security policies.
these simple tools. customers and business. customers.
Read time: 8 min
Read time: 6 min Read time: 5 min
Read the article
Check your score Read the blog

Discover how to manage Azure Passwordless authentication is


Active Directory roles and close an effective alternative to MFA,
commonly used avenues for and Microsoft offers a variety of
cyberattacks. methods to fit your customers’
needs.
Read time: 5 min
Read time: 9 min
View best practices
Explore authentication options
Key role:
Security Administrator
Access a free 24-month subscription of Azure AD Premium Plan 2, available for partners in the Cloud Solution
Provider (CSP) program. Redeem it today.
Secure your Remove Inactive DAP (delegated administration
privileges) connections

identities
Familiarize yourself with delegated administration Strengthen your customers’ security by monitoring

Complete these key privileges—how to acquire them, manage them,


report their activity, and more.
DAP and removing connections that aren’t in use.

processes to improve
Read time: 5 min
Read time: 6 min
Learn how
customers’ security. Explore the FAQ

Transition active DAP connections to GDAP


(granular delegated admin privileges)

Granular delegated administration privileges (GDAP) Create new GDAP relationships with the GDAP bulk
allow customers to partition partners’ access, migration tool, which allows partners to execute the
creating an appealing option for those who have DAP-GDAP transition in batches.
regulatory privacy or security requirements.
Read time: 10 min
Read time: 2 min
Key role: Discover tool features
Learn more about GDAP
Security Administrator
Secure your Use Microsoft Defender for Endpoint

endpoints Microsoft Defender for Endpoint works to stop Watch an overview video. View time: 7 min
threats, scale defenses, and evolve your security.
Review the documentation for a deeper dive into its

Equip your devices to


With components ranging from asset discovery to capabilities. Read time: 4 min
auto investigation, this comprehensive security

better prevent, detect,


solution provides essential endpoint protection. Compare plans to get started. Read time: 3 min

investigate, and respond


Read time: 2 min

Learn more about Microsft Defender for Endpoint


to cyberattacks.
Use Azure Active Directory Conditional Access
to enforce compliant devices

Create a Conditional Access policy to ensure that all For accounts with customer tenant access, Microsoft
devices accessing an organization’s resources recommends a separate endpoint.
comply with selected security standards—such as
requiring device encryption or a PIN to unlock. Read time: 2 min

Learn more about Conditional Access

Key role:
Security Administrator
Ongoing Detect fraud

monitoring
Watch for suspicious activity by configuring your security
notifications and monitoring customer transactions.

Mitigate risk by
upholding the Zero
Trust framework.
Configure your Azure AD Gain insight into customer Azure fraud detection and
Identity Protection notification transactions by viewing and notification locates potential
emails to stay informed on at- exporting activity logs. By cryptocurrency mining activities
risk users and detected risky staying up-to-date on customer in your customers’ Azure
sign-ins (in real time). Promptly purchases, you may be able to subscriptions. Notifications
investigate suspicious activity better identify any actions that enable you to take swift action
and help ensure customer safety. seem suspicious. against fraudulent behavior.

Read time: 4 min Read time: 2 min


Read time: 2 min
Configure notifications Gain insight

Subscribe to fraud notifications

Key role:
Security Operator/Analyst
or Security Administrator
Ongoing Manage costs

monitoring
Managing Azure costs is crucial to keeping security updated and
sharp. Microsoft offers resources to help you monitor cost trends,
detect anomalies, and track your investment in security.

Optimize security spending


and track budgets. Maximize your cloud environment efficiency and
gain visibility into your spending with our cost
Help customers manage their monthly Azure
spending by creating a budget. Monitor, alter, or
optimization training module. remove the budget as necessary, gaining crucial data
to strengthen your partnership.
Training time: 51 min
Read time: 3 min
Start training
Learn to create budgets

Manage nonpayment, fraud, and misuse by building Cost alerts notify you when a customer’s spending
practices that reduce risk and address violations of exceeds a set amount. Types of alerts include
Microsoft policies. Because you are financially budget, credit, and department spending quota,
responsible for customers’ nonpayment and enabling you to keep a close eye on your customers’
fraudulent purchases, having a plan of action is spending—and catch any suspicious activity.
essential for your business.
Key role: Read time: 2 min
Read time: 3 min
Security Operator/Analyst
Turn on alerts
or Security Administrator Make a plan
Maintaining strong security requires more
than completing one task; it’s a continual
practice of monitoring your—and your
Continually invest in each customers'—ecosystem. Thinking critically
aspect of your security about security and regularly updating your
knowledge and tools is the only way to
remain safe in a shifting landscape.
Joining forces is the
best line of defense
At Microsoft, we’re committed to helping you
adopt security strategies that empower you and
your customers to continue achieving at the
highest level.

As we invest in tools for stronger threat protection


rooted in the Zero Trust framework, we rely on you
to proactively strengthen your security posture.

Through our partnership, we can create a safer


world.
Questions? Register for weekly
open Q&A sessions with Microsoft
Business Operations.

Compare available support options and


choose the right plan for your business.

Together, let’s evolve to meet security Need help? Submit a support request in
challenges and protect people and Partner Center.
organizations around the globe
Stay secure by joining our “Security
Through the Lens of Zero Trust” live
webinar series or on-demand workshop.

Contact Microsoft partner technical


consultants* for assistance deploying
security best practices.
Thank you
Additional GDAP bulk migration tool FAQ

resources Secure customer tenants and help customers adopt MFA

Mandating multifactor authentication (MFA) for partner tenant


Continue your journey with
a suite of tools designed to
enhance partner security. Learn about the secure application model framework

Enable the secure application model framework

Get the list of impacted Azure resources that have Azure fraud activities

Security best practices for partners in the Cloud Solution Provider program
Partner Learn and upskill Add a security Secure

checklist
contact identities
□ Register for the “Security through
the lens of Zero Trust” webinar □ Identify your organization’s □ Enable phish-resistant MFA for
security contact and consider your tenants.
□ Read the “Securing the channel”
setting this up as a distribution list
blog post □ Enable phish-resistant MFA for
with multiple people who can
your customer tenants.
□ Watch the on-demand security respond quickly.
workshops □ Review your DAP report and
□ Keep your contacts updated in
Improve your security posture Partner Center.
remove unneeded connections.
Key role: Security Operator/Analyst □ Migrate the DAP connections you
by completing these actions, or Security Administrator
Key role: Security Administrator
still need to GDAP.

ensuring that each action is Key role: Security Administrator


matched with the ideal role in
your organization.

Secure Ongoing
endpoints monitoring
□ Use secured devices to access □ Enable fraud detection and
your tenant. notifications.
□ Enforce compliant devices using □ Set up cost management, budget
Azure AD Conditional Access. limits, and related notifications on
Azure subscriptions.
□ Use next-generation antivirus and
endpoint detection, as well as □ Set up identity protection and
response products such as configure reports and alerting.
Microsoft Defender for Endpoint.
Key role: Security Operator/Analyst
Key role: Security Administrator and Security Administrator

You might also like