Describe how Microsoft 365-Describe security, compliance, privacy, and trust in Microsoft 365

Risk management is a highly specialized undertaking heavily dependent on the type and sensitivity of the information to be protected and the nature of the threats to which the network is most vulnerable. For example, an organization that consists mostly of IT professionals will not be overly susceptible to phishing attacks because they have more awareness of them and experience with them. On the other hand, an organization of users with little or no IT expertise will be far more vulnerable to this particular threat and will require more effort to prevent this type of attack.

Microsoft 365 includes a wide variety of security tools that make it possible to predict, prevent, and react to many different kinds of threats. Many of these tools are discussed individually in this chapter and elsewhere in this book. The nature of each tool’s function is explained in relation to the types of threats it addresses. However, Microsoft recently announced an effort to organize Microsoft 365’s security components under the single name Microsoft 365 Defender, which places the tools into the following categories:

  • Endpoints Tools that protect user devices and sensors from the effects of loss, theft, and attack, such as Microsoft Defender for Endpoint, Microsoft Intune, and Configuration Manager
  • Cloud apps Tools that protect Software as a Service (SaaS) applications, such as Microsoft Defender for Cloud Apps and Exchange Online Protection
  • Identities Tools that authenticate, authorize, and protect the accounts of standard users and privileged administrators, such as Microsoft Defender for Identity, Windows Hello, Azure Active Directory Identity Protection, and Privileged Identity Management
  • User data Tools that analyze documents and messages for sensitive or malicious content, such as Microsoft Defender for Office 365, Exchange Online Protection, Azure Information Protection, and Data Loss Prevention

However, Microsoft 365 Defender is meant to be more than just a list of individual tools. Microsoft 365 Defender also gathers information from all these security components and accumulates them in a single Microsoft 365 Defender portal, as shown in Figure 3-29.

FIGURE 3-29 Microsoft 365 Defender portal

Microsoft 365 Defender goes beyond the reactive approach to security and provides tools that can be proactive by detecting attacks and other security issues before they occur or when they have barely begun. The various Defender tools are all designed to monitor the behavior of users, devices, and other network resources and analyze the information they collect to detect and anticipate suspicious behavior. The intelligence the tools apply to the task is based on the Microsoft Intelligent Security Graph, a web of security relationships that spans the entire network. Microsoft’s Cybersecurity Reference Architecture, shown in Figure 3-30, illustrates these relationships.

FIGURE 3-30 Microsoft Cybersecurity Reference Architecture

Need More Review? Microsoft Cybersecurity Reference Architecture

For an interactive PowerPoint version of the architecture shown in Figure 3-30, see https://aka.ms/MCRA.

The predominant threats to endpoints, applications, and identities are as follows:

  • Endpoints Threats to endpoints can include various types of malware, including phishing attempts and ransomware. What often makes endpoints extra vulnerable, however, is when the devices are not compliant with the safety standards imposed by the management. Devices without the latest security patches or not protected by updated antivirus software can provide ingress to the network that attackers can exploit.
  • Applications Shadow IT—the use of unauthorized applications—can leave a network open to a variety of attacks, including the introduction of malware or spyware to the network, as well as infrastructure attacks, such as Denial of Service (DoS) and Distributed Denial of Service (DDoS).
  • Identities Credential theft is the chief threat against identities, which can take the form of social engineering, keystroke capture, and even brute force attacks.

A typical enterprise network today faces security threats from many directions and at many levels. Administrators must know that attackers frequently take advantage of vulnerabilities in an enterprise’s identities, documents, or endpoints. The following sections examine how the Microsoft 365 security tools address each area.

Leave a Reply

Your email address will not be published. Required fields are marked *

Search

Popular Posts

  • Summary-Describe security, compliance, privacy, and trust in Microsoft 365
    Summary-Describe security, compliance, privacy, and trust in Microsoft 365

    Thought experiment In this thought experiment, demonstrate your skills and knowledge of the topics covered in this chapter. You can find the answers to this thought experiment in the next section. Ralph is the Director of the Brooklyn datacenter at Contoso Corp. The company currently has three office buildings in the New York area with…

  • Anticipating threats-Describe security, compliance, privacy, and trust in Microsoft 365
    Anticipating threats-Describe security, compliance, privacy, and trust in Microsoft 365

    Arguably, the most difficult part of the risk management planning process is trying to anticipate all the possible threats that could afflict the company’s data in the future. The three basic risk factors for the data—confidentiality, integrity, and availability—can be exploited in any number of specific ways, but the general threat categories are listed in…

  • Classifying users-Describe security, compliance, privacy, and trust in Microsoft 365
    Classifying users-Describe security, compliance, privacy, and trust in Microsoft 365

    The third element of the digital estate that must be considered when creating a risk management plan is the people who actually access the data. Whether deliberately or inadvertently, users are a constant vulnerability—if not an actual threat—to the organization’s data. After quantifying the organization’s information assets and their value and inventorying the hardware used…

Tags

There’s no content to show here yet.