Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Advanced Threat Analytics

Published byPaula Owens Modified over 7 years ago

Similar presentations

Presentation on theme: "Microsoft Advanced Threat Analytics"— Presentation transcript:

1 Microsoft Advanced Threat Analytics
AUGUST 2016 Speaker Name Title

2 76% of all network intrusions are due to compromised user credentials
Sobering statistics The frequency and sophistication of cybersecurity attacks are getting worse. The median # of days that attackers reside within a victim’s network before detection 146 of all network intrusions are due to compromised user credentials >63% $500B The total potential cost of cybercrime to the global economy $3.8M The average cost of a data breach to a company We are all aware of the advanced cyber security attacks that are taking place : we have seen several examples in the last couple years with Target, Premera, JP Morgan Chase, Anthem Blue Cross, Sony. Almost every day now in news, we are seeing new, sophisticated cybersecurity attacks. Most of us got our credit cards changed even without asking for it in the last year. Some of us have been a victim of identity theft. In the past we have been shredding credit card statements but now our information is out there anyway. The fact of the matter is the frequency and sophistication of cybersecurity attacks is getting worse. Today, the topic of cyber-security has moved from IT and the datacenter to the highest levels of the boardroom and event to the White House. Attacks and threats have grown substantially more sophisticated in frequency and severity. We would like to share some sobering, eye opening statistics regarding these cyber security attacks: Over 63% of the network intrusions are tracked back to compromised (weak or exploited) user credentials. We have several devices and we are accessing corporate resources from a variety of devices. Users and user credentials remain to be the most important blind spot in the advanced attacks. We think we can catch these attackers, right? Wrong. The median number of days the attackers reside within a victim’s network before detection. As one of the IT directors I had a discussion mentioned, they are not coming into our networks with bombs, explosive materials anymore. They use chopsticks and toothpicks. They law low. The cost of these attacks to the global economy and to a company is significant. It is estimated that the total potential cost of cybercrime to the global economy is $500B. The average cost of a data breach to a company is $3.8Million and that is only the top of the iceberg. 200+ days: The average number of days that attackers reside within a victim’s network before detection 76% of all network intrusions are due to compromised user credentials (Source: Verizon 2013 Data Breach Investigation Report) $500B The total potential cost of cybercrime to the global economy (Source: CSIS-McAfee Report) $3.5M The average cost of a data breach to a company (Source: Ponemon Institute Releases 2014 Cost of Data Breach)

3 S4 Solutions Specialist Summit
9/28/2017 2:29 AM Banking and financial services Energy and telco Manufacturing Education Transit, planning, and infrastructure Government and public sector Retail Health and social services Govn’t – Office of personnel management Energy – Ukraine Power Grid – Israel Power Authority Transit and critical infrastructure – Stuxnet took down Iran’s nuclear power plant Manufacturing: Supply Chain is hugely vulnerable Education – hacks at universities where data has been exposed Health – Premera Retail – Home Depot, Target etc. Banking –JP Morgan Every customer, regardless of industry vertical, is either under attack or already breached. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Attack kill chain Initial Recon:
Attackers Goal: Identify interesting assets. Find all users, machines, etc. Attackers are not administrator on the machine Means: SAMR Recon (net group/user) DNS Recon Local privilege escalation Attackers Goal: become local administrator Means Compromised Creds Of a Domain User who has Local administrator privileges Of a Local administrator privileges 0 days / Known vulnerabilities (CVEs) Compromise Credentials Attacker Goals: Get creds to expand toward destination Windows cred harvesting Tools Mimikatz Passwords in Group Policy Passwords in plaintext “passwords.txt” In Admin recon Attackers’ Goal: Find machines that has Admin creds on NetSess Luring admin Creating an IT ticket and waiting for admin to connect Remote Code Execution Attackers’ Goals: take over another machine using compromised creds PsExec (new remote service) Remote ScheduleTask WMI Remote PowerShell RDP Remote Registry Lateral Movement Vehicle is Remote Code Execution Fuel is Compromised Creds Map is provided by Recon Ignition Key is Local privilege Escalation That’s how real world attacks look like. There are multiple stages in the APT taking place within months. None of the traditional security vendors like SIEMs, IPSs,IDSs, etc’ provide solutions for detecting compromised credentials, lateral movement and other elements present in every APT. ATAs (and UEBA in general) focus *EXACTLY* on this blind-spot and provide detection capabilities for the different stages based on UEBA. That’s why there’s why a new market for UEBA solutions emerged in the last year: Detect attackers before they cause damage. None of the traditional security vendors like SIEMs, IPSs, IDSs, etc’ provide solutions for detecting compromised credentials, lateral movement and other elements present in every APT.

5 Attack kill chain Domain dominance
Attackers Goal: Get full control over the domain, i.e. access all assets, all the time Means NTDS.DIT stealing to get all keys DC-SYNC Backup utils Create new admins Compromise KRBTGT key for Golden Ticket Install the Skeleton Key Malware Get more secrets with DPAPI Attacking Data Attackers Goal: Get the data they are after Lateral Movement Same Same, But different Fast and Easy: attackers’ has all credentials Some Subject Matter Expertise (SME) might be required Reading documents - That’s how real world attacks look like. There are multiple stages in the APT taking place within months. None of the traditional security vendors like SIEMs, IPSs, IDSs, etc’ provide solutions for detecting compromised credentials, lateral movement and other elements present in every APT. ATAs (and UEBA in general) focus *EXACTLY* on this blind-spot and provide detection capabilities for the different stages based on UEBA. That’s why there’s why a new market for UEBA solutions emerged in the last year: Detect attackers before they cause damage.

6 Attack kill chain and ATA
This is where ATA focuses on. Detect attackers before they cause damage. That’s how real world attacks look like. There are multiple stages in the APT taking place within months. None of the traditional security vendors like SIEMs, IPSs, IDSs, etc’ provide solutions for detecting compromised credentials, lateral movement and other elements present in every APT. ATAs (and UEBA in general) focus *EXACTLY* on this blind-spot and provide detection capabilities for the different stages based on UEBA. That’s why there’s why a new market for UEBA solutions emerged in the last year:

7 Traditional IT security tools have problems
Complexity Prone to false positives Designed to protect the perimeter Initial setup, fine-tuning, and creating rules and thresholds/baselines can take a long time. You receive too many reports in a day with several false positives that require valuable time you don’t have. When user credentials are stolen and attackers are in the network, your current defenses provide limited protection.

8 What’s the solution?

9 Microsoft Advanced Threat Analytics
An on-premises platform to identify advanced security attacks and insider threats before they cause damage Behavioral Analytics Detection of advanced attacks and security risks Advanced Threat Detection Microsoft Advanced Threat Analytics brings the behavioral analytics concept to IT and the organization’s users.

10 Advanced Threat Analytics benefits
S4 Solutions Specialist Summit 9/28/2017 2:29 AM Advanced Threat Analytics benefits Detect threats fast with Behavioral Analytics Adapt as fast as your enemies Focus on what is important fast using the simple attack timeline Reduce the fatigue of false positives Prioritize and plan for next steps No need for creating rules, fine-tuning or monitoring a flood of security reports, the intelligence needed is ready to analyze and self-learning. ATA continuously learns from the organizational entity behavior (users, devices, and resources) and adjusts itself to reflect the changes in your rapidly-evolving enterprise. The attack timeline is a clear, efficient, and convenient feed that surfaces the right things on a timeline, giving you the power of perspective on the “who-what-when-and how” of your enterprise. Alerts only happen once suspicious activities are contextually aggregated, not only comparing the entity’s behavior to its own behavior, but also to the profiles of other entities in its interaction path. For each suspicious activity or known attack identified, ATA provides recommendations for the investigation and remediation. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 How Microsoft Advanced Threat Analytics works
1 Analyze After installation: Simple non-intrusive port mirroring, or deployed directly onto domain controllers Remains invisible to the attackers Analyzes all Active Directory network traffic Collects relevant events from SIEM and information from Active Directory (titles, groups membership, and more) The ATA system continuously goes through four steps to ensure protection: Step 1: Analyze After installation, by using pre-configured, non-intrusive port mirroring, all Active Directory-related traffic is copied to ATA while remaining invisible to attackers. ATA uses deep packet inspection technology to analyze all Active Directory traffic. It can also collect relevant events from SIEM (security information and event management) and other sources.

12 How Microsoft Advanced Threat Analytics works
2 Learn ATA: Automatically starts learning and profiling entity behavior Identifies normal behavior for entities Learns continuously to update the activities of the users, devices, and resources Step 2: Learn ATA automatically starts learning and profiling behaviors of users, devices, and resources, and then leverages its self-learning technology to build an Organizational Security Graph. The Organizational Security Graph is a map of entity interactions that represent the context and activities of users, devices, and resources. What is entity? Entity represents users, devices, or resources

13 How Microsoft Advanced Threat Analytics works
3 Detect Microsoft Advanced Threat Analytics: Looks for abnormal behavior and identifies suspicious activities Only raises red flags if abnormal activities are contextually aggregated Leverages world-class security research to detect security risks and attacks in near real-time based on attackers Tactics, Techniques, and Procedures (TTPs) Step 3: Detect After building an Organizational Security Graph, ATA can then look for any abnormalities in an entity’s behavior and identify suspicious activities—but not before those abnormal activities have been contextually aggregated and verified. ATA leverages years of world-class security research to detect known attacks and security issues taking place regionally and globally. ATA will also automatically guide you, asking you simple questions to adjust the detection process according to your input. ATA not only compares the entity’s behavior to its own, but also to the behavior of entities in its interaction path.

14 How Microsoft Advanced Threat Analytics works
4 Alert ATA reports all suspicious activities on a simple, functional, actionable attack timeline ATA identifies Who? What? When? How? For each suspicious activity, ATA provides recommendations for the investigation and remediation While the hope is that this stage is rarely reached, ATA is there to alert you of abnormal and suspicious activities. To further increase accuracy and save you time and resources, ATA doesn’t only compare the entity’s behavior to its own, but also to the behavior of other entities in its interaction path before issuing an alert. This means that the number of false positives are dramatically reduced, freeing you up to focus on the real threats. At this point, it is important for reports to be clear, functional, and actionable in the information presented. The simple attack timeline is similar to a social media feed on a web interface and surfaces events in an easy-to-understand way

15 What’s new - Advanced Threat Analytics 1.6
New Detections Easier Deployment / Updates Malicious Data Protection API (DPAPI) requests Net Session Enumeration Malicious replication requests MS Kerberos Elevation of Privilege Unusual protocol implementation ATA Lightweight Gateway for Domain Controllers Automatic Updates and Upgrades Improved Performance Reduced storage requirements by 5x ATA Center capacity increased from 200k packets/sec to 400K packets/sec ~ 250 DC’s ATA Gateway capacity increased from 40K packets/sec to 50K packets/sec Improved Existing Detections ATA 1.5 was released December 2015 – This was mostly fixes to the 1.4 release.  Here is what was included in the update. ( My comments in green text. ATA Supports all the best of breed SIEMX – splunk, RSA, HP ArcSight and IBM Qradar - Faster detection times. Many detections took a long time to run, delaying alerts that should take minutes to hours Improved support for PoC environments. Fixed problem in v1.4 where the ATA Gateway required multiple DCs to start. Enhanced automatic algorithm for NAT (network address translation) devices. Enhanced name resolution process for non-domain joined devices. Added support for data and product migration.(Migration support from 1.4 to 1.5) Added ATA Gateway update status in the configuration page. New UI notification if Gateway is different version than Center. Better UI responsiveness for suspicious activities with thousands of entities involved. Improved auto-resolution of monitoring alerts. Additional performance counters for enhance troubleshooting. Fix for “Sometimes gateway service stuck on shutdown”. Fix for “Exception when parsing forwarded event messages from Splunk”. Fix for "Center service fail to start". Additionally there was a fix for DB management that was not working in 1.4, not sure if that is what they refer to as Center service fail to start. HoneyToken detected in LDAP, NTLM and Kerberos Golden Ticket BruteForce Remote Execution Expanded SIEM Support Added support for IBM Qradar to enrich detection

16 What’s new - Advanced Threat Analytics 1.7
New and Improved Detections User Experience Improvements SAMR Reconnaissance Detection Pass-the-Ticket Improvement Pass-the-Hash Improvement Abnormal Behavior Enhancements Unusual Protocol Implementation Improvement New Welcome Experience New Gateway Update Page Improved configuration experience For more info please visit the technical blog post: Infrastructure Enhancements Role Based Access Control Center & Gateway support for Windows Server 2016 Lightweight Gateway support for Windows Server Core

17 ATA detects a wide range of suspicious activities
Abnormal resource access Account enumeration Net Session enumeration DNS enumeration SAM-R Enumeration Abnormal authentication requests Abnormal resource access Pass-the-Ticket Pass-the-Hash Overpass-the-Hash Skeleton key malware Golden ticket Remote execution Malicious replication requests Compromised Credential Privilege Escalation Reconnaissance Lateral Movement Domain Dominance Abnormal working hours Brute force using NTLM, Kerberos, or LDAP Sensitive accounts exposed in plain text authentication Service accounts exposed in plain text authentication Honey Token account suspicious activities Unusual protocol implementation Malicious Data Protection Private Information (DPAPI) Request MS exploit (Forged PAC) MS exploit (Silver PAC)

18 Key features Auto updates Integration to SIEM Seamless deployment
Updates and upgrades automatically with the latest and greatest attack and anomaly detection capabilities that our research team adds Analyzes events from SIEM to enrich the attack timeline Works seamlessly with SIEM Provides options to forward security alerts to your SIEM or to send s to specific people Software offering that runs on hardware or virtual Utilizes port mirroring to allow seamless deployment alongside AD, or installed directly on domain controllers Does not affect existing topology Some key features to mention: Mobility support No matter where your corporate resources reside— within the corporate perimeter, on mobile devices, or elsewhere—ATA witnesses authentication and authorization. This means that external assets like devices and vendors are as closely monitored as internal assets. Integration to SIEM ATA works seamlessly with SIEM after contextually aggregating information into the attack timeline. It can collect specific events that are forwarded to ATA from the SIEM. Also, you can configure ATA to send an event to your SIEM for each suspicious activity with a link to the specific event on the attack timeline. Seamless Deployment ATA functions as an appliance, either hardware or virtual. It utilizes port mirroring to allow seamless deployment alongside Active Directory without affecting existing network topology. It automatically starts analyzing immediately after deployment. You don’t have to install any agents on the domain controllers, servers or computers.

19 ATA Lightweight Gateway
9/28/2017 Topology INTERNET ATA GATEWAY 1 VPN DMZ Web Port mirroring Syslog forwarding SIEM Fileserver DC1 DC2 DC3 DC4 ATA CENTER DB ATA Lightweight Gateway :// DNS ATA may be deployed by either using port mirroring with the domain controllers, or the ATA Lightweight Gateway may be deployed to the domain controllers itself. The ATA Gateway is performing deep packet inspection on the traffic to and from the domain controllers looking for known attacks. ATA also uses the network traffic to learn which users are accessing which resources from which computers. ATA also makes LDAP queries to the domain to fill in user and device profiles. The user account used by ATA only requires read-only access to the domain. If you are collecting Windows Events to a central SIEM / Syslog server, ATA can be configured from these systems. This additional information source helps ATA in enriching the attack timeline. © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 Topology - Gateway ATA GATEWAY 2 ATA GATEWAY 1 Port mirroring Syslog forwarding Fileserver DC1 DC2 DC3 DC4 ATA CENTER DB SIEM :// DNS Captures and analyzes DC network traffic via port mirroring Listens to multiple DCs from a single Gateway Receives events from SIEM Retrieves data about entities from the domain Performs resolution of network entities Transfers relevant data to the ATA Center

21 Topology – Lightweight Gateway
Fileserver DC1 DC2 DC3 DC4 ATA CENTER DB ATA Lightweight Gateway SIEM :// DNS Installed locally on light or branch-site Domain Controllers Analyzes all the traffic for a specific DC Provides dynamic resource limitation Retrieves data about entities from the domain Performs resolution of network entities Transfers relevant data to the ATA Center

22 ATA Lightweight Gateway
Topology - Center ATA GATEWAY 1 Port-mirroring Syslog forwarding Fileserver DC1 DC2 DC3 DC4 ATA CENTER DB ATA Lightweight Gateway SIEM :// DNS Manages ATA Gateway configuration settings Receives data from ATA Gateways and stores in the database Detects suspicious activity and abnormal behavior (machine learning) Provides Web Management Interface Supports multiple Gateways

23 Branch office deployment
DC1 DC2 Fileserver DNS DB DC4 DC3 ATA CENTER ATA GATEWAY Syslog Forwarding Windows Event Forwarding (WEF) ATA Lightweight Gateway Port Mirroring (Network DPI) SIEM ://

24 Sample multi-server Microsoft Advanced Threat Analytics (ATA) deployment
DC1 DC2 DC3 SIEM ATA CENTER Port mirror group 1 Event forwarding to gateway 1 ATA GATEWAY 1 DC4 DC6 Mgmt adapter – Computer Certificate – gateway1.contoso.com IIS – Web Server Certificate – webata.contoso.com ATA Center – Computer Certificate – center.contoso.com DNS ATA Lightweight Gateway ://

25 Microsoft Advanced Threat Analytics
MICROSOFT CONFIDENTIAL Microsoft Advanced Threat Analytics Pricing and licensing ATA is licensed, standalone, as a Client Management License, with per-user and per-OSE options Best way to get ATA is via one of three Microsoft license suites: Enterprise CAL, EMS, or ECS Server software is free (no server license required) ATA will be available in nearly all Microsoft Volume Licensing channels and programs Included in ECAL Suite ATA license included in both per- user and per-device ECAL Suites starting Aug 1, 2015 Included in EMS and ECS ATA per-user license included with EMS and ECS subscriptions, starting Aug 1, 2015 Available as standalone SKU Per-user or per-OSE Client Management License ATA with EMS/ECS exception: If customer has ECALs, and has bought / is buying an EMS or ECS add-on, then that add-on will not include ATA (or include a charge for ATA in the price), because ECAL already includes ATA. For more background on ATA’s standalone SKU licensing construct (Client Management License model, what is an OSE etc.), please see ATA Internal FAQs on Infopedia. After Aug 1, 2015, existing ECAL customers with active SA, will automatically get license rights to ATA After Aug 1, 2015, all existing EMS/ECS customers will automatically get rights to ATA through their subscription term, including true-ups, at current agreement price Customers making new EMS/ECS purchases after Aug 1, 2015, should be quoted new EMS/ECS pricing taking effect after Aug 1 Standalone ATA option is for customers who can not purchase ECALs or EMS/ECS, or need to mix-and-match licenses based on user-type Sample price: open NL L&SA 2yr ERP ~$160/user

26 Microsoft Advanced Threat Analytics
MICROSOFT CONFIDENTIAL Microsoft Advanced Threat Analytics Top licensing FAQs How many licenses does my customer need to buy to use ATA? Customer is buying EMS for some users, but wants ATA for entire org. Do they need to buy EMS for everyone? What RSD does ATA revenue fall in? Is there any relation between ATA and Systems Center client products since they share a licensing model? Customer configures ATA to monitor domain controllers. # of licenses needed = # of users or end-user devices contained in the forests or domains being managed by those domain controllers. ATA is not configurable at a user-level, by design. No, ATA can be licensed through one of three license suites (ECAL, EMS, ECS), or via standalone user licenses. Customer can mix and match as needed. As part of ECAL CnE CAL Suites – ECAL As part EMS/ECS Enterprise Mobility Services Standalone ATA Identity and Access No, ATA is a completely separate, unrelated software product. Notes: Please see ATA Internal FAQs for additional licensing FAQs and more detail on the above top FAQs. Our licensing model is pegged off of Active Directory users and devices, based on domain controllers ATA is chosen to monitor, but ATA can also be set up to look at a customer’s SIEM system, Syslog and VPN log data, but we are not licensing those separately. Those are essentially free additional benefits of licensing the product. ATA is configured to monitor traffic in and out of domain controllers by turning on port mirroring. Each domain controller manages traffic for a given Active Directory forest or domain, and therefore ATA can technically be used to monitor traffic on only particular forests or domains, based on the domain controllers you ask it to monitor. ATA is designed to monitor all activity in and out of domain controllers, and by design, can not be configured to monitor only select users or entities. The purpose of the product (and its value prop) is to monitor all activity agnostically in order to detect threats, anomalies, and breaches. Only known, active users in the given forests or domains need to licensed. ATA will still monitor everything.. Including users outside the domain that may be accessing resources in the domain being monitored, or disabled user accounts being used to access resources, fake users etc.

27 Next steps To learn more about Microsoft Advanced Threat Analytics:
To try and evaluate ATA, please visit the evaluation page: For field readiness resources, please visit Microsoft Advanced Threat Analytics Infopedia page:

28 Data Insights Conversation
9/28/2017 Q&A © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 alias@microsoft.com 9/28/2017 2:29 AM
© 2016 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Microsoft Advanced Threat Analytics"

Similar presentations

Microsoft Ignite /16/2017 4:54 PM

Microsoft Ignite /16/2017 4:54 PM
Understanding Active Directory

Understanding Active Directory
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.
$3.5M The average cost of a data breach to a company 243 The average number of days that attackers reside within a victim’s network before detection 76%

$3.5M The average cost of a data breach to a company 243 The average number of days that attackers reside within a victim’s network before detection 76%
Exchange Deployment Planning Services Exchange 2010 Complementary Products.

Exchange Deployment Planning Services Exchange 2010 Complementary Products.
Marin Frankovic Datacenter TSP

Marin Frankovic Datacenter TSP
Ellis Paul Technical Solution Specialist – System Center Microsoft UK Operations Manager 2007 - Overview.

Ellis Paul Technical Solution Specialist – System Center Microsoft UK Operations Manager Overview.
Nuts and Bolts of ATA Chris Lloyd 2016 Redmond Summit | Identity Without Boundaries May 24, 2016 Senior Architect

Nuts and Bolts of ATA Chris Lloyd 2016 Redmond Summit | Identity Without Boundaries May 24, 2016 Senior Architect
Microsoft Inspire 10/25/2017 8:31 PM

Microsoft Inspire 10/25/2017 8:31 PM
Microsoft Advanced Threat Analytics

Microsoft Advanced Threat Analytics
The time to address enterprise mobility is now

The time to address enterprise mobility is now
Deployment Planning Services

Deployment Planning Services
Hybrid Management and Security

Hybrid Management and Security
Deployment Planning Services

Deployment Planning Services
Make your app a native part of Office with Add-ins

Make your app a native part of Office with Add-ins
Deploy and get started with Microsoft Advanced Threat Analytics

Deploy and get started with Microsoft Advanced Threat Analytics
Enterprise Security in Practice

Enterprise Security in Practice
Emanuele Bianchi | EMEA Security GBB

Emanuele Bianchi | EMEA Security GBB
Hybrid Management and Security

Hybrid Management and Security
Microsoft Operations Management Suite Insight and Analytics

Microsoft Operations Management Suite Insight and Analytics

Similar presentations

Ads by Google