12/5/2018 2:50 AM How to secure your front door with real-time risk assessments of your logons Jan Ketil Skanke COO and Principal Cloud Architect CloudWay AS MVP Enterprise Mobility @JankeSkanke © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12/5/2018 2:50 AM @JankeSkanke © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12/5/2018 2:50 AM @JankeSkanke © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12/5/2018 2:50 AM @JankeSkanke © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12/5/2018 2:50 AM @JankeSkanke © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12/5/2018 2:50 AM @JankeSkanke © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12/5/2018 2:50 AM Quick Demo © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Azure Active Directory Schrödingers user Credentials ? 12/5/2018 2:50 AM Azure Active Directory Classifier Seems Good Seems Bad Analysis 10+ TB Logs Relying parties Self-reporting Threat data Behavior True Negative True Positive Label Data We were right! False Negative False Positive We were wrong! @JankeSkanke © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Azure Active Directory Schrödingers user ? 12/5/2018 2:50 AM Azure Active Directory Classifier Credentials Seems Good Seems Bad Analysis 10+ TB Logs Relying parties Self-reporting Threat data Behavior True Negative True Positive Label Data We were right! False Negative False Positive We were wrong! @JankeSkanke © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Azure Active Directory Schrödingers user 12/5/2018 2:50 AM Azure Active Directory Classifier ? Credentials @JankeSkanke Seems Good Seems Bad Analysis © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. 10+ TB Logs Relying parties Self-reporting Threat data Behavior True Negative True Positive Label Data We were right! False Negative False Positive We were wrong!

Azure Active Directory Schrödingers user 12/5/2018 2:50 AM Azure Active Directory Classifier ? Credentials @JankeSkanke Seems Good Seems Bad Analysis © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. 10+ TB Logs Relying parties Self-reporting Threat data Behavior True Negative True Positive Label Data We were right! False Negative False Positive We were wrong!

? @JankeSkanke Schrödingers user Credentials Azure Active Directory 12/5/2018 2:50 AM Azure Active Directory ? Real time Evaluation Engine Credentials Seems Good Seems Bad @JankeSkanke Analysis © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. 10+ TB Logs Relying parties Self-reporting Threat data Behavior True Negative True Positive Label Data We were right! False Negative False Positive We were wrong!

How does the system learn? 12/5/2018 2:50 AM How does the system learn? @JankeSkanke © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Azure Active Directory Schrödingers user 12/5/2018 2:50 AM Azure Active Directory ? Classifier Credentials Seems Good Seems Bad Analysis 10+ TB Logs Relying parties Self-reporting Threat data Behavior @JankeSkanke © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. True Negative True Positive Label Data We were right! False Negative False Positive We were wrong!

Azure Active Directory Schrödingers user 12/5/2018 2:50 AM Azure Active Directory ? Classifier Credentials Seems Good Seems Bad Analysis 10+ TB Logs Relying parties Self-reporting Threat data Behavior @JankeSkanke © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. True Negative True Positive Label Data We were right! False Negative False Positive We were wrong!

Azure Active Directory Schrödingers user 12/5/2018 2:50 AM Azure Active Directory ? Classifier Credentials Seems Good Seems Bad Analysis Deploy new Classifier Code updates to Classifier 10+ TB Logs Relying parties Self-reporting Threat data Behavior True Negative True Positive @JankeSkanke Security Analyst Label Data © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. We were right! False Negative False Positive We were wrong!

Azure Active Directory Schrödingers user 12/5/2018 2:50 AM Azure Active Directory ? Classifier Credentials Seems Good Seems Bad Analysis Deploy new Classifier Code updates to Classifier 10+ TB Logs Relying parties Self-reporting Threat data Behavior True Negative True Positive Label Data We were right! @JankeSkanke Security Analyst © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. False Negative False Positive We were wrong!

Azure Active Directory Schrödingers user 12/5/2018 2:50 AM Azure Active Directory ? Classifier Credentials Seems Good Seems Bad Analysis Deploy new Classifier 10+ TB Logs Relying parties Self-reporting Threat data Behavior True Negative True Positive Label Data We were right! False Negative False Positive We were wrong! Code updates to Classifier Security Analyst © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Azure Active Directory Schrödingers user 12/5/2018 2:50 AM Azure Active Directory ? Classifier Credentials Seems Good Seems Bad Analysis Deploy new Classifier 10+ TB Logs Relying parties Self-reporting Threat data Behavior True Negative True Positive Label Data We were right! False Negative False Positive Security Analyst We were wrong! Code updates to Classifier © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Azure Active Directory Schrödingers user 12/5/2018 2:50 AM Azure Active Directory ? Classifier Credentials Deploy new Classifier Seems Good Seems Bad Analysis 10+ TB Logs Relying parties Self-reporting Threat data Behavior Code updates to Classifier True Negative True Positive Label Data We were right! False Negative False Positive Security Analyst We were wrong! © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Azure Active Directory Schrödingers user 12/5/2018 2:50 AM Azure Active Directory ? Classifier Credentials Seems Good Seems Bad Deploy new Classifier Analysis 10+ TB Logs Relying parties Self-reporting Threat data Behavior Code updates to Classifier True Negative True Positive Label Data We were right! False Negative False Positive Security Analyst We were wrong! © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Azure Active Directory Schrödingers user 12/5/2018 2:50 AM Azure Active Directory ? Classifier Credentials Seems Good Seems Bad Analysis Deploy 10+ TB Logs Relying parties Self-reporting Threat data Behavior Update True Negative True Positive Analyze Label Data We were right! False Negative False Positive We were wrong! © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Azure Active Directory Schrödingers user 12/5/2018 2:50 AM Azure Active Directory ? Classifier Credentials Learner Seems Good Seems Bad Analysis Deploy 10+ TB Logs Relying parties Self-reporting Threat data Behavior Update True Negative True Positive Analyze Label Data We were right! False Negative False Positive We were wrong! © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

How Identity Protection detects and mitigates cyber attacks Sign in Risk (Session) Invoked on each login, evaluating that particular login 100++ data points (signals) Result sent as input to Conditional Access User Risk (Identity) Invoked on each login, evaluating accumulated data Background process Collects data over time @JankeSkanke

Demo Jan Ketil Skanke @JankeSkanke 12/5/2018 2:50 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Risk Based Conditional Access Suspicious sign-in activities Risk-based policies MFA Challenge Risky Logins Block attacks Change bad credentials Machine-Learning Engine Leaked credentials Infected devices Brute force attacks Shadow IT Risk Assessment Configuration vulnerabilities ! Microsoft Intelligent Security Graph Intelligent Security Graph analyzes the data from 450B authentications per month, 400B email scans for malware and phishing, Microsoft Digital Crimes Unit, and more. Allow, block, or require other controls based on dynamically calculated risk levels for each user and sign-in activity @JankeSkanke

THANK YOU  @JankeSkanke Jan Ketil Skanke 12/5/2018 2:50 AM THANK YOU  Jan Ketil Skanke COO and Principal Cloud Architect CloudWay AS MVP Enterprise Mobility https://jankesblog.com @JankeSkanke © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Please evaluate this session Tech Ready 15 12/5/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite https://myignite.microsoft.com/evaluations Phone: download and use the Microsoft Ignite mobile app https://aka.ms/ignite.mobileapp Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.