Scribd
Upload
54 views35 pages

Stage v3.0

This document provides an overview of zero trust security strategies using Microsoft 365 products like Microsoft Defender. It discusses zero trust principles of verifying access and using least privilege. It then summarizes Microsoft Defender for Office 365, Microsoft Defender for Endpoints, Microsoft Defender for Cloud Apps, and Microsoft Defender for Identity. Plans for Microsoft Defender for Office 365 are compared. Microsoft Endpoint Manager is described for application and device management. Features of Microsoft Defender for Cloud Apps are outlined. Microsoft Sentinel is introduced as a SIEM and SOAR solution for security alerts, activity monitoring, and incident response automation.

Uploaded by

Ben Torkia Jaweher
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
54 views35 pages

Stage v3.0

This document provides an overview of zero trust security strategies using Microsoft 365 products like Microsoft Defender. It discusses zero trust principles of verifying access and using least privilege. It then summarizes Microsoft Defender for Office 365, Microsoft Defender for Endpoints, Microsoft Defender for Cloud Apps, and Microsoft Defender for Identity. Plans for Microsoft Defender for Office 365 are compared. Microsoft Endpoint Manager is described for application and device management. Features of Microsoft Defender for Cloud Apps are outlined. Microsoft Sentinel is introduced as a SIEM and SOAR solution for security alerts, activity monitoring, and incident response automation.

Uploaded by

Ben Torkia Jaweher
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 35

LOGIN

*****
Zero Trust Security
PASSWORD
*******

Strategy For
Microsoft 365
Presented by : Jaweher Ben Torkia
OUTLINE
Cybersecurity Infographics

ZERO TRUST

Username
MICROSOFT DEFENDER

Login

MICROSOFT SENTIEL

2
Cybersecurity Infographics

Zero Trust

3
Cybersecurity Infographics

4
Cybersecurity Infographics

5
Cybersecurity Infographics

6
Zero TrustInfographics
Cybersecurity

Verify explicitly Use least privilege access Assume breach

7
Cybersecurity Infographics

MICROSOFT DEFENDER
Microsoft Defender For Office 365
Microsoft Defender For Endpoints
Microsoft Defender for Cloud Apps
Microsoft Defender For Identity

8
Cybersecurity Infographics

9
Features of Microsoft Defender for Office 365
Cybersecurity Infographics

Real-time security threat Malware protection for Office files


protection for email 01 02 (Word, Excel, Powerpoint…)

Option of additional protections


for sensitive data 04 03 Advanced reporting on the security
of Office 365 environment to
identify, prioritize and block
existing threats

10
ComparisonCybersecurity Infographics
between Microsoft Defender for Office 365 Plan 1
and Plan 2 licenses

Safe Attachments to manage attachment


security

Safe Link to secure links

Anti-phishing Policy

•Office 365 E5 


•Microsoft 365 E5 
•Microsoft 365 E5 Security 
Real-time reports
•Microsoft 365 Business Premium 
•Microsoft 365 Education A5
•Microsoft 365 Education A5 Security

11
ComparisonCybersecurity Infographics
between Microsoft Defender for Office 365 Plan 1
and Plan 2 licenses

Threat Tracking 

Automated investigations and


responses 

Attack simulation

•Office 365 E5 


•Microsoft 365 E5 
•Microsoft 365 E5 Security 
Threat Investigation
•Microsoft 365 Education A5
•Microsoft 365 Education A5 Security

12
Cybersecurity Infographics

13
Cybersecurity Infographics
Licence requirements : Microsoft 365
(E5, E5 Security, A5, A5 Security)

14
ApplicationCybersecurity
management using Infographics
Microsoft Endpoint Manager

Support applications on multiple


Protect enterprise data at the
platforms and operating systems
application level

Assign policies to limit access and Perform a selective reset by only


prevent data from being used deleting corporate data from apps
outside your organization

View reports on apps used and Verify that personal data is kept
track their usage separate from managed data

15
Manage Device compliance
Cybersecurity Infographics

See enrolled devices and get


an inventory of devices
accessing organization
resources

See reports on users and


Configure devices to meet
devices compliance
your security and health
standards

Push certificates to devices so


users can access your Wi-Fi Remove organization data if a
network or connect via VPN device is lost, stolen, or not used
anymore
16
Cybersecurity Infographics

17
Cybersecurity Infographics

18
Cybersecurity
Features Infographics
of Microsoft Defender for Cloud Apps

Regulatory compliance
Complete cloud app visibility 

Protection against threats Protect your sensitive data anywhere in


the cloud 

19
Cybersecurity Infographics

20
Cybersecurity Infographics

Identify and investigate Provide clear


Monitor users, Protect user
suspicious user activities incident
entity behavior, identities and
and advanced attacks information on
and activities with credentials stored
throughout the kill chain a simple
learning-based in Active
analytics Directory timeline for
fast triage

21
Cybersecurity
Microsoft Infographics
Defender for Identity Architecture

22
Cybersecurity Infographics

MICROSOFT SENTIEL
SIEM – Security Information and Event Management
SOAR – Security, Orchestration, Automation and Response

23
24
25
26
27
1

AZURE + MICROSOFT 365


Security Alerts, Activity Data

COLLECTORS
CEF, Syslog, Windows, Linux AZURE SENTINEL

TAXII + MS Graph
Threat Indicators

AZURE MONITOR LOG ANALYTICS


APIs
Custom Logs

28
2 Use overview dashboard and workbooks to get visibility across enterprise

29
3 Leverage analytics to detect threats

30
4 Hunt for threats

31
Investigate incidents
5

32
6 Automate and orchestrate security operations using
integrated Azure Logic Apps

33
Example playbooks

Incident Management Enrichment + Investigation Remediation

Assign an Incident to an Analyst Lookup Geo for an IP Block an IP Address


Open a Ticket (ServiceNow/Jira) Trigger Defender ATP Investigation Block User Access
Keep Incident Status in Sync Send Validation Email to User Trigger Conditional Access
Post in a Teams or Slack Channel Isolate Machine

34
Cybersecurity Infographics

Thank You For Your


Attention

You might also like