The Azure Security Dojo: Live! Microsoft 2016 11/23/2017 6:36 PM THR2075 The Azure Security Dojo: Live! Andy Malone (MVP) Founder: Cybercrime Security Forum www.AndyMalone.org © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Andy Malone (UK) Andy Malone MVP Microsoft MVP (10 Years) MCT Microsoft Certified Trainer (20 years) Founder: Cybercrime Security Forum! Worldwide Event Speaker Since 2004 Winner: of the first Microsoft Speaker Idol contest in 2006 Author of the award winning Sci-Fi Thriller The Seventh Day Sequel Coming Soon … Out now in Paperback & eBook www.Andymalone.org © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Number 5 Eye in the Sky … Azure AD Privileged Identity Management
Remember Role Based Admin Control?
Azure AD Privileged Identity Management Azure AD Privileged Identity Management helps you See which users are Azure AD administrators Enable on-demand, "just in time" administrative access to Microsoft Online Services like Office 365 and Intune Get reports about administrator access history and changes in administrator assignments Get alerts about access to a privileged role
Azure AD Privileged Identity Management Alerts that point out opportunities to improve security The number of users who are assigned to each privileged role The number of eligible and permanent admins Ongoing access reviews
Demo Azure AD Privileged Identity Management
Top Tip: JIT & JEA AD Privileged Admins 11/23/2017 6:36 PM Top Tip: JIT & JEA AD Privileged Admins Global Admins can update which users are permanently assigned to roles in Azure AD. PowerShell cmdlets like Add-MsolRoleMember and Remove-MsolRoleMember The Azure classic portal as described in assigning administrator roles in Azure Active Directory Cannot be done in the Office 365 Portal yet! Global Admins can make temporary role assignments by making users eligible for a role An eligible admin can activate the role when they need it, and then their permissions expire once they're done. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Number 4 Deploying Multi Factor Authentication
Azure Multi Factor Authentication! Method of authentication requiring more than one verification method Combines device as something you have or Somewhere you are Password Something you know Fully supports Biometrics (Something you are) Adds a critical second layer of security to user sign-ins and transactions Available for Azure, Office 365 & Hybrid Deployments User Logs in
Azure Multi Factor Authentication! Authentication Methods: Phone call Text message Mobile app notification Users can choose the method they prefer Mobile app verification code 3rd party OAUTH tokens
Azure Multi Factor Authentication!
Azure Multi Factor Authentication!
Number 4 Protecting your Information
The Changing Structure of Data! TRADITIONAL HIERARCHIES RESPONSIVE NETWORKS INFORMATION MOVES SLOWLY COMMAND AND CONTROL INFORMATION TRAVELS FAST LEARN AND ADAPT
Azure Information Protection: Wild West Hero Permissions Bleed Once data is outside organization, its beyond the realm of your control Anyone can plagiarise Content easily copied Potential Copyright Infringement Issues Plausible Deniability Reins Lack of Compliance
Azure Information Protection Document Classification & Labelling File Encryption Rights Management Detailed Auditing, Tracking & Reporting Simple Configuration
Azure AD Rights Management Services
Azure AD Rights Management Services
Number 3 The Identity Game …
Ok now you know AAD-Connect Right? On-premises Cloud Manage a single, unified global address list Eliminates the need to manage users and groups in two places Simplifies user provisioning Enables scenarios such as a hybrid deployment On-premises Active Directory Azure Active Directory
Ok Andy Tell me Something I don’t Know! The AAD Sync Engine actually has two Sync Processes, a primary and an undocumented Secondary Process For an urgent delta sync, AAD-Connect sends out a secondary sync pulse to check for account deletions, password resets etc every 2mins This is not configurable and cannot be amended The Primary sync engine can be edited via PowerShell Primary Sync Secondary Sync On-premises Active Directory
Azure Identity Protection Azure AD Identity Protection Date / Time Location Alert Triggers Detailed Logs User Logs in Reporting Services Detailed Heuristics Risk Evaluation Azure Identity Protection
Number 2 Nuggets of Gold!
Top Tip: Here’s Lookin’ at you Kid!
Where do you want (your data) to go today?
Top Tip: JIT & JEA Come to OneDrive for Business
Number 1 Cool … My very own Security Centre!
Azure Security Centre
Session Review Azure AD Privileged Identity Management Multi Factor Authentication The Identity Game Nuggets of Gold Azure Security Portal
Thanks for attending! Follow me @AndyMalone
Please evaluate this session 11/23/2017 6:36 PM Please evaluate this session Your feedback is important to us! From your PC or Tablet visit MyIgnite at http://myignite.microsoft.com From your phone download and use the Ignite Mobile App by scanning the QR code above or visiting https://aka.ms/ignite.mobileapp © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.