SlideShare a Scribd company logo

Security and Compliance with SharePoint and Office 365

Download as PPTX, PDF
Richard Harbridge
Richard Harbridge

Whether you’re new to security and compliance in Office 365 or a seasoned veteran, we’ll have something for you in this session. Hear about Microsoft’s overall security story from Microsoft MVP Richard Harbridge, and better understand how it relates to SharePoint services, catch up on new developments over the past year, and learn about the new capabilities Microsoft provides. From advanced security management and threat intelligence to sensitive content encryption, governance and sharing there is plenty to discuss.

Technology
1 of 55
Security and Compliance: A Whole New World with SharePoint and Office 365 Presented By: Richard Harbridge (@RHarbridge) #ILTASPS
RICHARD HARBRIDGE My twitter handle is @RHarbridge, blog is on http://2toLead.com, and I work at CTO & MVP | SPEAKER & AUTHOR | SUPER FRIENDLY
Great, we know who you are, but what do you do on a daily basis? MAXIMIZE SECURITY INVESTMENTS… Typically the work centers around…
RICHARD HARBRIDGE My twitter handle is @RHarbridge, blog is on http://2toLead.com, and I work at CTO & MVP | SPEAKER & AUTHOR | SUPER FRIENDLY
What are the big trends in security, compliance and transparency? TOP THREE CLOUD CONCERNS… Security 73% of orgs indicated security as a top challenge holding back SaaS adoption Compliance 89% of orgs required to govern content for compliance or business continuity purposes Transparency 63% of orgs state transparency challenges restrict them from growing their cloud usage
Let’s Talk About User Control… WHATWEWILLTALKABOUTTODAY… Let’s Talk About Security Services… Let’s Talk About Compliance Services…
MANAGING ACCESS & CONTROL… While core documents are managed and controlled many other places like team or departmental collaboration suffer from permission challenges.
MANAGING ACCESS & CONTROL… Throughout the Office 365 experience for SharePoint or OneDrive content access control is readily available and easy to understand as an end user.
MANAGING ACCESS & CONTROL… We use dynamic groups with membership defined as a rule, rather than as a static list of members. We expire groups (if need not attested). Expiring Groups Admins set a duration after creation when group owners need to attest the continuing need for their group. Else it’s deleted. One Identity Azure Active Directory (AAD) is the master for group identity and membership across Office 365 (Exchange, SharePoint, Yammer, Teams, Planner, Power BI, etc.)
MANAGING ACCESS & CONTROL… Make it easy to manage access and ensure the wrong kind of sharing doesn’t take place – whether internal or external.
Better site management at a service level makes this easier to target and notify owners based on site activity, classifications, sharing status or more. MANAGING ACCESS & CONTROL…
Let’s Talk About User Control… WHATWEWILLTALKABOUTTODAY… Let’s Talk About Security Services… Let’s Talk About Compliance Services…
Let’s Talk About User Control… WHATWEWILLTALKABOUTTODAY… Let’s Talk About Security Services… Let’s Talk About Compliance Services…
You need both defense in breadth and depth to mitigates product vulnerabilities, user education mitigates human vulnerabilities and continuous monitoring shortens attack times (because at some point, you will be attacked). BEST WAY TO PROTECT YOUR DATA? Breadth Depth User Education Systematic Security
Microsoft’s security platform is quite a bit more than just Office 365, and the modern security platform has considerably more capability today. THE BIGGER PICTURE…
SECURESCORE… One place to understand your security position and what features you have enabled. Targeted guidance to increase your security level.
Broad visibility into attack trends Billions of data points from Office, Windows, and Azure Integrated data from external cyber threat hunters Proactive security policy management Intuitive dashboards with drill-down capabilities THREATINTELLIGENCE… Microsoft Advanced Threat Analytics brings the behavioral analytics concept to IT and the organization’s users.
THREATINTELLIGENCE… Abnormal resource access Account enumeration Net Session enumeration DNS enumeration Directory Services enumeration (ATA 1.7) Abnormal working hours Brute force using NTLM, Kerberos or LDAP Sensitive accounts exposed in plain text authentication Service accounts exposed in plain text authentication Honey Token account suspicious activities Unusual protocol implementation Malicious Data Protection Private Information (DPAPI) Request Abnormal authentication Abnormal resource access Pass-the-Ticket Pass-the-Hash Overpass-the-Hash MS14-068 exploit (Forged PAC) MS11-013 exploit (Silver PAC) Skeleton key malware Golden ticket Remote execution Malicious replication requests Reconnaissance Compromised Credential Lateral Movement Privilege Escalation Domain Dominance
ADVANCEDTHREATPROTECTION… This is integrated across apps and services (across Exchange Online, SharePoint Online, OneDrive for Business, Office Apps, etc.) Time-of-click protection against malicious URLs URL reputation checks along with detonation of attachments at destination URLs. Zero-day protection against malicious attachments Attachments with unknown virus signatures are assessed using behavioral analysis. Critical insights into external threats Rich reporting and tracking features provide critical insights into the targets and categories of attacks. Intelligence sharing with devices Integration with Windows Advanced Threat Protection to correlate data across users and devices.
Dynamic delivery for Safe Attachments URL Detonation (not just links but even files that have links). ADVANCEDTHREATPROTECTION… This is integrated across apps and services (across Exchange Online, SharePoint Online, OneDrive for Business, Office Apps, etc.)
SENSITIVECONTENTENCRYPTION… O365 instead of RMS allows us to secure and transfer it but put responsibility on receiving party via secure portal to view, reply (or take). Secure email that works across organizations and with anyone you wish to reach Remove the complexity of getting started Simplify manual or automatic protection Ensure that all recipients can read and respond/
ENHANCEDSHARINGCONTROLS… Tenant level, site collection, group, and more control levels. Continuing to improve in terms of capabilities, controls and experiences.
Multi-geo support where you can control data residency (store in that geo) & control settings (distinct settings on sharing etc.) WHAT CAN I DO IN THE ADMIN?
ADVANCEDSECURITYMANAGEMENT… Advanced security management is a great way to be more pro-active with your policy enforcement and evaluating risks. Threat detection Identify high-risk and abnormal usage, security incidents, and threats. Enhanced control Shape your Office 365 environment with granular security controls and policies. Discovery and insights Gain enhanced visibility and context into your Office 365 usage and shadow IT.
ADVANCEDSECURITYMANAGEMENT… Alerts can be extremely powerful in detecting certain patterns to accelerate pro-active and improved security posture.
PRODUCTIVITY APPDISCOVERY… Analyze which cloud apps are being used in your organization by importing your traffic logs from firewalls/proxies.
Device access = conditional access (by IP, by manage or unmanaged) by blocking, allow read-only capabilities or even specific time out settings. CONDITIONAL ACCESS…
POWERBI… It’s not just about enabling the sharing of reports and dashboards. Policy Controls I want to… I should use… Control who uses Power BI Office 365 Portal to assign licenses Prevent access off corp. network AAD Conditional Access View/control usage PBI features Power BI Admin Portal Control usage of mobile features Intune MAM Audit Power BI activity Power BI auditing in Office 365 Portal
Let’s Talk About User Control… WHATWEWILLTALKABOUTTODAY… Let’s Talk About Security Services… Let’s Talk About Compliance Services…
Let’s Talk About User Control… WHATWEWILLTALKABOUTTODAY… Let’s Talk About Security Services… Let’s Talk About Compliance Services…
50% year over year growth rate in electronic data 45% of orgs state lack of governance opens them to security & compliance risks 41% of orgs state enforcing a governance policy is their biggest issue DATAISGROWING… Achieving organizational compliance is challenging.
Preserve vital data Organization needs Find relevant data Monitor activity Data Governance Import, store, preserve and expire data eDiscovery Quickly identify the most relevant data Auditing Monitor and investigate actions taken on data Security & Compliance Center Manage compliance for all your data across Office 365 IN-PLACECOMPLIANCE… Microsoft is evolving beyond the core preservation and monitoring.
In-Place Office 365 Data Governance Benefits of In-Place Office over Journaling Location, query or policy based Apply preservation to mailbox or SharePoint site, apply a query to hold less content, or use preservation policies Higher fidelity and lower costs Content stays in Exchange and SharePoint, which results in lower storage costs, and higher fidelity data No impact to users Seamlessly create, edit, and delete without knowing data is being preserved Reduce risk Data is not duplicated to another provider or compliance boundary. Record all actions taken on the data Insights Insights to enable you to keep what’s important, delete what’s not, and to share according to policy IN-PLACEDATALIFE-CYCLE… Microsoft is prioritizing in-place models and offers many capabilities that fit with this model. Going beyond legal hold into preservation policy etc. 4 1
COMPLIANCELIFE-CYCLE… You can bring in data today into Office 365 for preservation and to apply compliance. Once it’s in all the in-place capabilities are applicable. 4 2
DATALOSSPREVENTION… Protect sensitive information taking into account content, users and the dynamic operating environment. Detailed story for how this can be used. Sophisticated, built-in content protection across Office 365 Insights and automatic safeguards End user empowerment to maintain productivity and enforcement
Unified policy definition Unified reporting DATALOSSPREVENTION… DLP can be applied to more targeted and a wider variety of sources. The reporting is also improved and unified.
Leverage intelligence to automate data retention Classify data based on age, type, user, or sensitivity Policy recommendations based on machine learning Apply actions to preserve high value data Purge redundant, obsolete, and trivial data ADVANCEDDATAGOVERNANCE… Helping customers understand how to better improve their data governance and giving the tools you need to do it.
ADVANCEDDATAGOVERNANCE… Quickly get insights on the dashboard into your data.
ADVANCEDDATAGOVERNANCE… When importing get intelligence that helps you improve your data governance.
ADVANCEDDATAGOVERNANCE… When importing get intelligence that helps you improve your data governance. Filter and see the impact of your filtering.
ADVANCEDDATAGOVERNANCE… When importing get intelligence that helps you improve your data governance. Filter and see the impact of your filtering.
ADVANCEDDATAGOVERNANCE… Preserving and retaining content can be user driven, match a query, or be based on advanced rules.
AUDITLOG… It’s not just that everything is audited. It’s that we can have alerts, that we can extend this with the API, and that this can be helpful.
AUDITLOG… Be sure to use the API to store this data if you want to use it at a later time. Exchange Online Admin activity, end-user (mailbox) activity Security and Compliance Center Admin activity Azure Active Directory Office 365 logins, directory activity Power BI Admin activity SharePoint Online and OneDrive for Business File activity, sharing activity
EDISCOVERY… Enabling in-place, intelligent eDiscovery, to quickly identify relevant data while decreasing cost and risk. You can use to find sensitive data too!
Identify relevant documents Predictive coding enables you to train the system to automatically distinguish between likely relevant and non-relevant documents. Identify data relationships Use clustering technology to look at documents in context and identify relationships between them. Organize and reduce the data prior to review Use near duplicate detection to organize the data and reconstruct email threads from unstructured data to reduce what’s sent to review. EDISCOVERY… Still an area that is continuing to improve.
Last year Feature Pack 1 was released. It improved experiences and hybrid capabilities. It also includes a hybrid auditing capability that is unified w/ O365. Feature pack 2 coming later this fall is all about a better development pattern across on-premises and O365. WHAT ABOUT SHAREPOINT 2016?
CUSTOMERLOCKBOX… Can help customers meet compliance obligations by demonstrating that they have procedures in place for explicit data access authorization. Extended access Control Use Customer Lockbox to control access to customer content for service operations Visibility into actions Actions taken by Microsoft engineers in response to Customer Lockbox requests are logged and accessible via the Management Activity API and the Security and Compliance Center Microsoft Engineer Microsoft Manager Microsoft Approved CustomerMicrosoft EngineerLockbox systemCustomer Submits request 100101 011010 100011 Customer Approved “Only time we touch data is when you call with a support incident. Not something everyone needs. Example in a recent month there was ~9 requests (5 were MSFT IT, 4 were customers out of millions and millions of customers).”
ENCRYPTIONKEYS… BYOK is for service exit! Remember: Contractual terms have clear obligations with fraud, negligence and breach of contract liabilities.
ENCRYPTION KEYS… BYOK is for service exit! Remember: Contractual terms have clear obligations with fraud, negligence and breach of contract liabilities.
The Trust Center is still a great resource, but now in your security and compliance center you have all the reports, trust documents, controls and more available for inspection (you can even share access). SERVICE TRUST & TRUST CENTER… Rich information on how Microsoft implements security, privacy and compliance controls including details of testing by independent third- party auditors Third-party audit reports including: SOC 1 / SSAE 16, SOC 2 / AT 101, ISO 27001, ISO 27018 and many more Deep insights into how we implement encryption, incident management, tenant isolation and data resiliency Information on how you can leverage Microsoft cloud security controls and configurations to protect your data
Let’s Talk About User Control… WHATWEWILLTALKABOUTTODAY… Let’s Talk About Security Services… Let’s Talk About Compliance Services…
There are a few high level recommendations that I wanted to leave you with. • Configure Secure Score: • Weekly performance of activities to increase secure score is highly recommended. • Multi-factor authentication for global/non-global admins is a must! • Recommended weekly report checks also a must. • Increase the target score slider to include a few more defense in breadth activities. • DKIM/DMARC/SPF • Ensure that all three are enabled for the default domain not the onMicrosoft.com domain. • Also, check Spoof mail report weekly (requires E5 or Advanced Threat Protection SKU) • Exchange Online • Weekly checks on all mailboxes with last login date (PowerShell script). • Enable common attachments type filter & notifications for protection > malware • Verify list of allowed/blocked Ips under protection > connection filter. • Verify block/allow list in spam filter policy. • Threat Management (Requires E5) • Check the dashboard and individual reports weekly. • Data Loss Prevention • At minimum, set up a DLP policy for mitigating access to documents that have Personally Identifiable Information (PII). • SharePoint Online • Always use Groups and where possible use dynamic memberships! • If on premises – consider SharePointURLBrute or SharePoint UserDispEnum DEFAULT CONFIGURATION IS NOT ENOUGH…
Information protection Identity-driven security Managed mobile productivity Identity and access management Azure Information Protection Premium P2 Intelligent classification and protection for files and emails shared inside and outside your organization (includes all capabilities in P1) Azure Information Protection Premium P1 Manual classification and protection for files and emails shared inside and outside your organization Cloud-based file tracking Microsoft Cloud App Security Enterprise-grade visibility, control, and protection for your cloud applications Microsoft Advanced Threat Analytics Protection from advanced targeted attacks leveraging user and entity behavioral analytics Microsoft Intune Mobile device and app management to protect corporate apps and data on any device Azure Active Directory Premium P2 Identity and access management with advanced protection for users and privileged identities (includes all capabilities in P1) Azure Active Directory Premium P1 Secure single sign-on to cloud and on-premises apps MFA, conditional access, and advanced security reporting EMS E3 EMS E5 UNLOCKMORECAPABILITIES… Understand your current investments and what you already own today!
Thank You! BMO’samazingteamformakingthispossible. 100+AwesomePresentationsAt.. Slideshare.Net/RHarbridge 300+PagesOfWhitepapersAt.. 2toLead.com/Whitepapers WhenToUseWhat.com Office365Intranets.com Office365Metrics.com Office365Campaigns.com Office365Extranets.com Office365Resources.com Message Me On LinkedIn or Email Richard@2toLead.com CTO & MVP | SPEAKER & AUTHOR | SUPER FRIEND Twitter: @RHarbridge. More to come on our blog at http://2toLead.com.

Recommended

Making Office 365 Work: Best Of Ignite Edition
Making Office 365 Work: Best Of Ignite EditionMaking Office 365 Work: Best Of Ignite Edition
Making Office 365 Work: Best Of Ignite EditionRichard Harbridge
 
Vivafy your SharePoint intranet in Microsoft Teams with Viva Connections
Vivafy your SharePoint intranet in Microsoft Teams with Viva ConnectionsVivafy your SharePoint intranet in Microsoft Teams with Viva Connections
Vivafy your SharePoint intranet in Microsoft Teams with Viva ConnectionsJoel Oleson
 
Intranets In The Cloud: What You Need To Know - SPSToronto
Intranets In The Cloud: What You Need To Know - SPSTorontoIntranets In The Cloud: What You Need To Know - SPSToronto
Intranets In The Cloud: What You Need To Know - SPSTorontoRichard Harbridge
 
SharePoint In The Cloud: Evaluating Impact, Pros, And Cons - SharePoint Satur...
SharePoint In The Cloud: Evaluating Impact, Pros, And Cons - SharePoint Satur...SharePoint In The Cloud: Evaluating Impact, Pros, And Cons - SharePoint Satur...
SharePoint In The Cloud: Evaluating Impact, Pros, And Cons - SharePoint Satur...Richard Harbridge
 
Real World Tips & Tricks For Enterprise Social Collaboration
Real World Tips & Tricks For Enterprise Social CollaborationReal World Tips & Tricks For Enterprise Social Collaboration
Real World Tips & Tricks For Enterprise Social CollaborationRichard Harbridge
 
Getting More Out Of Microsoft 365: From The Microsoft Graph To Workplace Anal...
Getting More Out Of Microsoft 365: From The Microsoft Graph To Workplace Anal...Getting More Out Of Microsoft 365: From The Microsoft Graph To Workplace Anal...
Getting More Out Of Microsoft 365: From The Microsoft Graph To Workplace Anal...Richard Harbridge
 
Intranets In The Cloud: What You Need To Know
Intranets In The Cloud: What You Need To KnowIntranets In The Cloud: What You Need To Know
Intranets In The Cloud: What You Need To KnowRichard Harbridge
 
Part 2 -Deep Dive into the new features of Sharepoint Online and OneDrive for...
Part 2 -Deep Dive into the new features of Sharepoint Online and OneDrive for...Part 2 -Deep Dive into the new features of Sharepoint Online and OneDrive for...
Part 2 -Deep Dive into the new features of Sharepoint Online and OneDrive for...Vignesh Ganesan I Microsoft MVP
 

Recommended

Making Office 365 Work: Best Of Ignite Edition
Making Office 365 Work: Best Of Ignite EditionMaking Office 365 Work: Best Of Ignite Edition
Making Office 365 Work: Best Of Ignite EditionRichard Harbridge
 
Vivafy your SharePoint intranet in Microsoft Teams with Viva Connections
Vivafy your SharePoint intranet in Microsoft Teams with Viva ConnectionsVivafy your SharePoint intranet in Microsoft Teams with Viva Connections
Vivafy your SharePoint intranet in Microsoft Teams with Viva ConnectionsJoel Oleson
 
Intranets In The Cloud: What You Need To Know - SPSToronto
Intranets In The Cloud: What You Need To Know - SPSTorontoIntranets In The Cloud: What You Need To Know - SPSToronto
Intranets In The Cloud: What You Need To Know - SPSTorontoRichard Harbridge
 
SharePoint In The Cloud: Evaluating Impact, Pros, And Cons - SharePoint Satur...
SharePoint In The Cloud: Evaluating Impact, Pros, And Cons - SharePoint Satur...SharePoint In The Cloud: Evaluating Impact, Pros, And Cons - SharePoint Satur...
SharePoint In The Cloud: Evaluating Impact, Pros, And Cons - SharePoint Satur...Richard Harbridge
 
Real World Tips & Tricks For Enterprise Social Collaboration
Real World Tips & Tricks For Enterprise Social CollaborationReal World Tips & Tricks For Enterprise Social Collaboration
Real World Tips & Tricks For Enterprise Social CollaborationRichard Harbridge
 
Getting More Out Of Microsoft 365: From The Microsoft Graph To Workplace Anal...
Getting More Out Of Microsoft 365: From The Microsoft Graph To Workplace Anal...Getting More Out Of Microsoft 365: From The Microsoft Graph To Workplace Anal...
Getting More Out Of Microsoft 365: From The Microsoft Graph To Workplace Anal...Richard Harbridge
 
Intranets In The Cloud: What You Need To Know
Intranets In The Cloud: What You Need To KnowIntranets In The Cloud: What You Need To Know
Intranets In The Cloud: What You Need To KnowRichard Harbridge
 
Part 2 -Deep Dive into the new features of Sharepoint Online and OneDrive for...
Part 2 -Deep Dive into the new features of Sharepoint Online and OneDrive for...Part 2 -Deep Dive into the new features of Sharepoint Online and OneDrive for...
Part 2 -Deep Dive into the new features of Sharepoint Online and OneDrive for...Vignesh Ganesan I Microsoft MVP
 
Content Collaboration And Protection With SharePoint, OneDrive & Microsoft Teams
Content Collaboration And Protection With SharePoint, OneDrive & Microsoft TeamsContent Collaboration And Protection With SharePoint, OneDrive & Microsoft Teams
Content Collaboration And Protection With SharePoint, OneDrive & Microsoft TeamsRichard Harbridge
 
Customizing Microsoft Teams provisioning and governance - Olli Jääskeläinen
Customizing Microsoft Teams provisioning and governance - Olli JääskeläinenCustomizing Microsoft Teams provisioning and governance - Olli Jääskeläinen
Customizing Microsoft Teams provisioning and governance - Olli JääskeläinenOlli Jääskeläinen
 
Getting started with Microsoft Search
Getting started with Microsoft Search Getting started with Microsoft Search
Getting started with Microsoft Search Vignesh Ganesan I Microsoft MVP
 
SharePoint for Legal: The Road Ahead
SharePoint for Legal: The Road AheadSharePoint for Legal: The Road Ahead
SharePoint for Legal: The Road AheadRichard Harbridge
 
Microsoft 365 Toronto User Group May 2021
Microsoft 365 Toronto User Group May 2021Microsoft 365 Toronto User Group May 2021
Microsoft 365 Toronto User Group May 2021Kanwal Khipple
 
Tackling Governance, Site & Teams Sprawl with Microsoft 365
Tackling Governance, Site & Teams Sprawl with Microsoft 365Tackling Governance, Site & Teams Sprawl with Microsoft 365
Tackling Governance, Site & Teams Sprawl with Microsoft 365Richard Harbridge
 
How to Better Leverage SharePoint through Microsoft Teams
How to Better Leverage SharePoint through Microsoft TeamsHow to Better Leverage SharePoint through Microsoft Teams
How to Better Leverage SharePoint through Microsoft TeamsChristian Buckley
 
Sharepoint User Group Geneva - Introduction to Office 365
Sharepoint User Group Geneva - Introduction to Office 365Sharepoint User Group Geneva - Introduction to Office 365
Sharepoint User Group Geneva - Introduction to Office 365Mark Stokes
 
Microsoft Groups Demystified: 5 Keys to Successful Group Management
Microsoft Groups Demystified: 5 Keys to Successful Group Management Microsoft Groups Demystified: 5 Keys to Successful Group Management
Microsoft Groups Demystified: 5 Keys to Successful Group Management Joel Oleson
 
O365 Groups- Best Practices and Solutions
O365 Groups- Best Practices and SolutionsO365 Groups- Best Practices and Solutions
O365 Groups- Best Practices and SolutionsJohnConnected
 
What Makes an Ideal Microsoft 365 Intranet​
What Makes an Ideal Microsoft 365 Intranet​What Makes an Ideal Microsoft 365 Intranet​
What Makes an Ideal Microsoft 365 Intranet​BizPortals Solutions
 
SharePoint Syntex from an Architects Perspective
SharePoint Syntex from an Architects PerspectiveSharePoint Syntex from an Architects Perspective
SharePoint Syntex from an Architects PerspectiveChris Bortlik
 
Microsoft Viva - understanding the four types of Viva
Microsoft Viva - understanding the four types of VivaMicrosoft Viva - understanding the four types of Viva
Microsoft Viva - understanding the four types of VivaMatthew Carter
 
SharePoint in the Cloud - ILTA 2011 - APP2
SharePoint in the Cloud - ILTA 2011 - APP2SharePoint in the Cloud - ILTA 2011 - APP2
SharePoint in the Cloud - ILTA 2011 - APP2Richard Harbridge
 
IAMCP - Cloud Platform Overview & Partner Opportunities
IAMCP - Cloud Platform Overview & Partner OpportunitiesIAMCP - Cloud Platform Overview & Partner Opportunities
IAMCP - Cloud Platform Overview & Partner OpportunitiesRichard Harbridge
 
Microsoft 365 adoption share point + microsoft teams webinar_3.26.20_deck
Microsoft 365 adoption share point + microsoft teams webinar_3.26.20_deckMicrosoft 365 adoption share point + microsoft teams webinar_3.26.20_deck
Microsoft 365 adoption share point + microsoft teams webinar_3.26.20_deckWithum
 
Microsoft Teams, Office 365 Groups, SharePoint, Yammer...What Should I Use, a...
Microsoft Teams, Office 365 Groups, SharePoint, Yammer...What Should I Use, a...Microsoft Teams, Office 365 Groups, SharePoint, Yammer...What Should I Use, a...
Microsoft Teams, Office 365 Groups, SharePoint, Yammer...What Should I Use, a...AvePoint
 
Understanding Microsoft Teams Security & Compliance features and plan for Gov...
Understanding Microsoft Teams Security & Compliance features and plan for Gov...Understanding Microsoft Teams Security & Compliance features and plan for Gov...
Understanding Microsoft Teams Security & Compliance features and plan for Gov...Ravikumar Sathyamurthy
 
Introduction to Microsoft Kaizala And How to Empower Your Mobile Workforce us...
Introduction to Microsoft Kaizala And How to Empower Your Mobile Workforce us...Introduction to Microsoft Kaizala And How to Empower Your Mobile Workforce us...
Introduction to Microsoft Kaizala And How to Empower Your Mobile Workforce us...Vignesh Ganesan I Microsoft MVP
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreJoel Oleson
 
Security and compliance in Office 365 -Part 1
Security and compliance in Office 365 -Part 1Security and compliance in Office 365 -Part 1
Security and compliance in Office 365 -Part 1Vignesh Ganesan I Microsoft MVP
 
Power Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 securityPower Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 securityPowerSaturdayParis
 

More Related Content

What's hot

Content Collaboration And Protection With SharePoint, OneDrive & Microsoft Teams
Content Collaboration And Protection With SharePoint, OneDrive & Microsoft TeamsContent Collaboration And Protection With SharePoint, OneDrive & Microsoft Teams
Content Collaboration And Protection With SharePoint, OneDrive & Microsoft TeamsRichard Harbridge
 
Customizing Microsoft Teams provisioning and governance - Olli Jääskeläinen
Customizing Microsoft Teams provisioning and governance - Olli JääskeläinenCustomizing Microsoft Teams provisioning and governance - Olli Jääskeläinen
Customizing Microsoft Teams provisioning and governance - Olli JääskeläinenOlli Jääskeläinen
 
SharePoint for Legal: The Road Ahead
SharePoint for Legal: The Road AheadSharePoint for Legal: The Road Ahead
SharePoint for Legal: The Road AheadRichard Harbridge
 
Microsoft 365 Toronto User Group May 2021
Microsoft 365 Toronto User Group May 2021Microsoft 365 Toronto User Group May 2021
Microsoft 365 Toronto User Group May 2021Kanwal Khipple
 
Tackling Governance, Site & Teams Sprawl with Microsoft 365
Tackling Governance, Site & Teams Sprawl with Microsoft 365Tackling Governance, Site & Teams Sprawl with Microsoft 365
Tackling Governance, Site & Teams Sprawl with Microsoft 365Richard Harbridge
 
How to Better Leverage SharePoint through Microsoft Teams
How to Better Leverage SharePoint through Microsoft TeamsHow to Better Leverage SharePoint through Microsoft Teams
How to Better Leverage SharePoint through Microsoft TeamsChristian Buckley
 
Sharepoint User Group Geneva - Introduction to Office 365
Sharepoint User Group Geneva - Introduction to Office 365Sharepoint User Group Geneva - Introduction to Office 365
Sharepoint User Group Geneva - Introduction to Office 365Mark Stokes
 
Microsoft Groups Demystified: 5 Keys to Successful Group Management
Microsoft Groups Demystified: 5 Keys to Successful Group Management Microsoft Groups Demystified: 5 Keys to Successful Group Management
Microsoft Groups Demystified: 5 Keys to Successful Group Management Joel Oleson
 
O365 Groups- Best Practices and Solutions
O365 Groups- Best Practices and SolutionsO365 Groups- Best Practices and Solutions
O365 Groups- Best Practices and SolutionsJohnConnected
 
What Makes an Ideal Microsoft 365 Intranet​
What Makes an Ideal Microsoft 365 Intranet​What Makes an Ideal Microsoft 365 Intranet​
What Makes an Ideal Microsoft 365 Intranet​BizPortals Solutions
 
SharePoint Syntex from an Architects Perspective
SharePoint Syntex from an Architects PerspectiveSharePoint Syntex from an Architects Perspective
SharePoint Syntex from an Architects PerspectiveChris Bortlik
 
Microsoft Viva - understanding the four types of Viva
Microsoft Viva - understanding the four types of VivaMicrosoft Viva - understanding the four types of Viva
Microsoft Viva - understanding the four types of VivaMatthew Carter
 
SharePoint in the Cloud - ILTA 2011 - APP2
SharePoint in the Cloud - ILTA 2011 - APP2SharePoint in the Cloud - ILTA 2011 - APP2
SharePoint in the Cloud - ILTA 2011 - APP2Richard Harbridge
 
IAMCP - Cloud Platform Overview & Partner Opportunities
IAMCP - Cloud Platform Overview & Partner OpportunitiesIAMCP - Cloud Platform Overview & Partner Opportunities
IAMCP - Cloud Platform Overview & Partner OpportunitiesRichard Harbridge
 
Microsoft 365 adoption share point + microsoft teams webinar_3.26.20_deck
Microsoft 365 adoption share point + microsoft teams webinar_3.26.20_deckMicrosoft 365 adoption share point + microsoft teams webinar_3.26.20_deck
Microsoft 365 adoption share point + microsoft teams webinar_3.26.20_deckWithum
 
Microsoft Teams, Office 365 Groups, SharePoint, Yammer...What Should I Use, a...
Microsoft Teams, Office 365 Groups, SharePoint, Yammer...What Should I Use, a...Microsoft Teams, Office 365 Groups, SharePoint, Yammer...What Should I Use, a...
Microsoft Teams, Office 365 Groups, SharePoint, Yammer...What Should I Use, a...AvePoint
 
Understanding Microsoft Teams Security & Compliance features and plan for Gov...
Understanding Microsoft Teams Security & Compliance features and plan for Gov...Understanding Microsoft Teams Security & Compliance features and plan for Gov...
Understanding Microsoft Teams Security & Compliance features and plan for Gov...Ravikumar Sathyamurthy
 
Introduction to Microsoft Kaizala And How to Empower Your Mobile Workforce us...
Introduction to Microsoft Kaizala And How to Empower Your Mobile Workforce us...Introduction to Microsoft Kaizala And How to Empower Your Mobile Workforce us...
Introduction to Microsoft Kaizala And How to Empower Your Mobile Workforce us...Vignesh Ganesan I Microsoft MVP
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreJoel Oleson
 

What's hot (20)

Content Collaboration And Protection With SharePoint, OneDrive & Microsoft Teams
Content Collaboration And Protection With SharePoint, OneDrive & Microsoft TeamsContent Collaboration And Protection With SharePoint, OneDrive & Microsoft Teams
Content Collaboration And Protection With SharePoint, OneDrive & Microsoft Teams
 
Customizing Microsoft Teams provisioning and governance - Olli Jääskeläinen
Customizing Microsoft Teams provisioning and governance - Olli JääskeläinenCustomizing Microsoft Teams provisioning and governance - Olli Jääskeläinen
Customizing Microsoft Teams provisioning and governance - Olli Jääskeläinen
 
Getting started with Microsoft Search
Getting started with Microsoft Search Getting started with Microsoft Search
Getting started with Microsoft Search
 
SharePoint for Legal: The Road Ahead
SharePoint for Legal: The Road AheadSharePoint for Legal: The Road Ahead
SharePoint for Legal: The Road Ahead
 
Microsoft 365 Toronto User Group May 2021
Microsoft 365 Toronto User Group May 2021Microsoft 365 Toronto User Group May 2021
Microsoft 365 Toronto User Group May 2021
 
Tackling Governance, Site & Teams Sprawl with Microsoft 365
Tackling Governance, Site & Teams Sprawl with Microsoft 365Tackling Governance, Site & Teams Sprawl with Microsoft 365
Tackling Governance, Site & Teams Sprawl with Microsoft 365
 
How to Better Leverage SharePoint through Microsoft Teams
How to Better Leverage SharePoint through Microsoft TeamsHow to Better Leverage SharePoint through Microsoft Teams
How to Better Leverage SharePoint through Microsoft Teams
 
Sharepoint User Group Geneva - Introduction to Office 365
Sharepoint User Group Geneva - Introduction to Office 365Sharepoint User Group Geneva - Introduction to Office 365
Sharepoint User Group Geneva - Introduction to Office 365
 
Microsoft Groups Demystified: 5 Keys to Successful Group Management
Microsoft Groups Demystified: 5 Keys to Successful Group Management Microsoft Groups Demystified: 5 Keys to Successful Group Management
Microsoft Groups Demystified: 5 Keys to Successful Group Management
 
O365 Groups- Best Practices and Solutions
O365 Groups- Best Practices and SolutionsO365 Groups- Best Practices and Solutions
O365 Groups- Best Practices and Solutions
 
What Makes an Ideal Microsoft 365 Intranet​
What Makes an Ideal Microsoft 365 Intranet​What Makes an Ideal Microsoft 365 Intranet​
What Makes an Ideal Microsoft 365 Intranet​
 
SharePoint Syntex from an Architects Perspective
SharePoint Syntex from an Architects PerspectiveSharePoint Syntex from an Architects Perspective
SharePoint Syntex from an Architects Perspective
 
Microsoft Viva - understanding the four types of Viva
Microsoft Viva - understanding the four types of VivaMicrosoft Viva - understanding the four types of Viva
Microsoft Viva - understanding the four types of Viva
 
SharePoint in the Cloud - ILTA 2011 - APP2
SharePoint in the Cloud - ILTA 2011 - APP2SharePoint in the Cloud - ILTA 2011 - APP2
SharePoint in the Cloud - ILTA 2011 - APP2
 
IAMCP - Cloud Platform Overview & Partner Opportunities
IAMCP - Cloud Platform Overview & Partner OpportunitiesIAMCP - Cloud Platform Overview & Partner Opportunities
IAMCP - Cloud Platform Overview & Partner Opportunities
 
Microsoft 365 adoption share point + microsoft teams webinar_3.26.20_deck
Microsoft 365 adoption share point + microsoft teams webinar_3.26.20_deckMicrosoft 365 adoption share point + microsoft teams webinar_3.26.20_deck
Microsoft 365 adoption share point + microsoft teams webinar_3.26.20_deck
 
Microsoft Teams, Office 365 Groups, SharePoint, Yammer...What Should I Use, a...
Microsoft Teams, Office 365 Groups, SharePoint, Yammer...What Should I Use, a...Microsoft Teams, Office 365 Groups, SharePoint, Yammer...What Should I Use, a...
Microsoft Teams, Office 365 Groups, SharePoint, Yammer...What Should I Use, a...
 
Understanding Microsoft Teams Security & Compliance features and plan for Gov...
Understanding Microsoft Teams Security & Compliance features and plan for Gov...Understanding Microsoft Teams Security & Compliance features and plan for Gov...
Understanding Microsoft Teams Security & Compliance features and plan for Gov...
 
Introduction to Microsoft Kaizala And How to Empower Your Mobile Workforce us...
Introduction to Microsoft Kaizala And How to Empower Your Mobile Workforce us...Introduction to Microsoft Kaizala And How to Empower Your Mobile Workforce us...
Introduction to Microsoft Kaizala And How to Empower Your Mobile Workforce us...
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure Score
 

Similar to Security and Compliance with SharePoint and Office 365

Power Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 securityPower Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 securityPowerSaturdayParis
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanSPS Paris
 
Information protection and compliance
Information protection and complianceInformation protection and compliance
Information protection and complianceDean Iacovelli
 
Microsoft Teams in the Modern Workplace
Microsoft Teams in the Modern WorkplaceMicrosoft Teams in the Modern Workplace
Microsoft Teams in the Modern WorkplaceJoanne Klein
 
Microsoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMSMicrosoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMSDavid J Rosenthal
 
Future Proofing Your Office 365 & SharePoint Strategy
Future Proofing Your Office 365 & SharePoint StrategyFuture Proofing Your Office 365 & SharePoint Strategy
Future Proofing Your Office 365 & SharePoint StrategyRichard Harbridge
 
M365 Virtual Marthon: Protecting your Teamwork across Microsoft 365
M365 Virtual Marthon: Protecting your Teamwork across Microsoft 365M365 Virtual Marthon: Protecting your Teamwork across Microsoft 365
M365 Virtual Marthon: Protecting your Teamwork across Microsoft 365Joanne Klein
 
Protect your data in / with the Cloud
Protect your data in / with the CloudProtect your data in / with the Cloud
Protect your data in / with the CloudGWAVA
 
Microsoft 365 | Modern workplace
Microsoft 365 | Modern workplaceMicrosoft 365 | Modern workplace
Microsoft 365 | Modern workplaceSiddick Elaheebocus
 
Microsoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance FrameworkMicrosoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance FrameworkAlistair Pugin
 
Proteccion de datos contra pérdida de los mismos con MS365
Proteccion de datos contra pérdida de los mismos con MS365Proteccion de datos contra pérdida de los mismos con MS365
Proteccion de datos contra pérdida de los mismos con MS365RalSejas
 
Protecting your Teams Work across Microsoft 365
Protecting your Teams Work across Microsoft 365Protecting your Teams Work across Microsoft 365
Protecting your Teams Work across Microsoft 365Joanne Klein
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Robert Crane
 
One name unify them all
One name unify them allOne name unify them all
One name unify them allBizTalk360
 
TOP SAILPOINT INTERVIEW QUESTION
TOP SAILPOINT INTERVIEW QUESTIONTOP SAILPOINT INTERVIEW QUESTION
TOP SAILPOINT INTERVIEW QUESTIONInfosec Train
 
SailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfSailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfVishnuGone
 
Microsoft Azure Rights Management
Microsoft Azure Rights ManagementMicrosoft Azure Rights Management
Microsoft Azure Rights ManagementDavid J Rosenthal
 
SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...
SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...
SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...jeffgellman
 
Microsoft Office 365 Security and Compliance Updates
Microsoft Office 365 Security and Compliance UpdatesMicrosoft Office 365 Security and Compliance Updates
Microsoft Office 365 Security and Compliance UpdatesDavid J Rosenthal
 

Similar to Security and Compliance with SharePoint and Office 365 (20)

Security and compliance in Office 365 -Part 1
Security and compliance in Office 365 -Part 1Security and compliance in Office 365 -Part 1
Security and compliance in Office 365 -Part 1
 
Power Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 securityPower Saturday 2019 E1 - Office 365 security
Power Saturday 2019 E1 - Office 365 security
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam Levithan
 
Information protection and compliance
Information protection and complianceInformation protection and compliance
Information protection and compliance
 
Microsoft Teams in the Modern Workplace
Microsoft Teams in the Modern WorkplaceMicrosoft Teams in the Modern Workplace
Microsoft Teams in the Modern Workplace
 
Microsoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMSMicrosoft Enterprise Mobility and Security EMS
Microsoft Enterprise Mobility and Security EMS
 
Future Proofing Your Office 365 & SharePoint Strategy
Future Proofing Your Office 365 & SharePoint StrategyFuture Proofing Your Office 365 & SharePoint Strategy
Future Proofing Your Office 365 & SharePoint Strategy
 
M365 Virtual Marthon: Protecting your Teamwork across Microsoft 365
M365 Virtual Marthon: Protecting your Teamwork across Microsoft 365M365 Virtual Marthon: Protecting your Teamwork across Microsoft 365
M365 Virtual Marthon: Protecting your Teamwork across Microsoft 365
 
Protect your data in / with the Cloud
Protect your data in / with the CloudProtect your data in / with the Cloud
Protect your data in / with the Cloud
 
Microsoft 365 | Modern workplace
Microsoft 365 | Modern workplaceMicrosoft 365 | Modern workplace
Microsoft 365 | Modern workplace
 
Microsoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance FrameworkMicrosoft Information Protection: Your Security and Compliance Framework
Microsoft Information Protection: Your Security and Compliance Framework
 
Proteccion de datos contra pérdida de los mismos con MS365
Proteccion de datos contra pérdida de los mismos con MS365Proteccion de datos contra pérdida de los mismos con MS365
Proteccion de datos contra pérdida de los mismos con MS365
 
Protecting your Teams Work across Microsoft 365
Protecting your Teams Work across Microsoft 365Protecting your Teams Work across Microsoft 365
Protecting your Teams Work across Microsoft 365
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015
 
One name unify them all
One name unify them allOne name unify them all
One name unify them all
 
TOP SAILPOINT INTERVIEW QUESTION
TOP SAILPOINT INTERVIEW QUESTIONTOP SAILPOINT INTERVIEW QUESTION
TOP SAILPOINT INTERVIEW QUESTION
 
SailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfSailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdf
 
Microsoft Azure Rights Management
Microsoft Azure Rights ManagementMicrosoft Azure Rights Management
Microsoft Azure Rights Management
 
SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...
SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...
SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...
 
Microsoft Office 365 Security and Compliance Updates
Microsoft Office 365 Security and Compliance UpdatesMicrosoft Office 365 Security and Compliance Updates
Microsoft Office 365 Security and Compliance Updates
 

More from Richard Harbridge

Piloting & Scaling Successfully With Microsoft Viva
Piloting & Scaling Successfully With Microsoft VivaPiloting & Scaling Successfully With Microsoft Viva
Piloting & Scaling Successfully With Microsoft VivaRichard Harbridge
 
Preparing, Piloting & Paths to Success with Microsoft Copilot
Preparing, Piloting & Paths to Success with Microsoft CopilotPreparing, Piloting & Paths to Success with Microsoft Copilot
Preparing, Piloting & Paths to Success with Microsoft CopilotRichard Harbridge
 
Bridging The Gap: How AI Is Transforming Both Customer Experience & Employee ...
Bridging The Gap: How AI Is Transforming Both Customer Experience & Employee ...Bridging The Gap: How AI Is Transforming Both Customer Experience & Employee ...
Bridging The Gap: How AI Is Transforming Both Customer Experience & Employee ...Richard Harbridge
 
Getting The Most Out Of Microsoft 365 Employee Experience Today & Tomorrow
Getting The Most Out Of Microsoft 365 Employee Experience Today & TomorrowGetting The Most Out Of Microsoft 365 Employee Experience Today & Tomorrow
Getting The Most Out Of Microsoft 365 Employee Experience Today & TomorrowRichard Harbridge
 
Mastering Microsoft 365: The Winning Trio Of Automation, Governance & Adoption
Mastering Microsoft 365: The Winning Trio Of Automation, Governance & AdoptionMastering Microsoft 365: The Winning Trio Of Automation, Governance & Adoption
Mastering Microsoft 365: The Winning Trio Of Automation, Governance & AdoptionRichard Harbridge
 
Piloting & Scaling Successfully With Microsoft Viva
Piloting & Scaling Successfully With Microsoft VivaPiloting & Scaling Successfully With Microsoft Viva
Piloting & Scaling Successfully With Microsoft VivaRichard Harbridge
 
Getting The Most Out Of Microsoft 365 Employee Experience Today & Tomorrow SH...
Getting The Most Out Of Microsoft 365 Employee Experience Today & Tomorrow SH...Getting The Most Out Of Microsoft 365 Employee Experience Today & Tomorrow SH...
Getting The Most Out Of Microsoft 365 Employee Experience Today & Tomorrow SH...Richard Harbridge
 
Elevate Your Microsoft 365 Experience The Winning Trio Of AI, Analytics & Aut...
Elevate Your Microsoft 365 Experience The Winning Trio Of AI, Analytics & Aut...Elevate Your Microsoft 365 Experience The Winning Trio Of AI, Analytics & Aut...
Elevate Your Microsoft 365 Experience The Winning Trio Of AI, Analytics & Aut...Richard Harbridge
 
Elevate Your Microsoft 365 Experience The Winning Trio Of AI, Analytics & Rec...
Elevate Your Microsoft 365 Experience The Winning Trio Of AI, Analytics & Rec...Elevate Your Microsoft 365 Experience The Winning Trio Of AI, Analytics & Rec...
Elevate Your Microsoft 365 Experience The Winning Trio Of AI, Analytics & Rec...Richard Harbridge
 
Metaverse & The Employee Experience: What You Need To Know
Metaverse & The Employee Experience: What You Need To KnowMetaverse & The Employee Experience: What You Need To Know
Metaverse & The Employee Experience: What You Need To KnowRichard Harbridge
 
Elevate Your Microsoft 365 Experience The Winning Trio Of AI, Analytics & Aut...
Elevate Your Microsoft 365 Experience The Winning Trio Of AI, Analytics & Aut...Elevate Your Microsoft 365 Experience The Winning Trio Of AI, Analytics & Aut...
Elevate Your Microsoft 365 Experience The Winning Trio Of AI, Analytics & Aut...Richard Harbridge
 
Ideas & Inspiration: Getting Started & Driving Success With Power Platform At...
Ideas & Inspiration: Getting Started & Driving Success With Power Platform At...Ideas & Inspiration: Getting Started & Driving Success With Power Platform At...
Ideas & Inspiration: Getting Started & Driving Success With Power Platform At...Richard Harbridge
 
Smarter, Not Harder How AI Is Changing Employee Experience - Reworked Connect...
Smarter, Not Harder How AI Is Changing Employee Experience - Reworked Connect...Smarter, Not Harder How AI Is Changing Employee Experience - Reworked Connect...
Smarter, Not Harder How AI Is Changing Employee Experience - Reworked Connect...Richard Harbridge
 
Tackling Employee Experience Today As We Embrace The Future Workplace
Tackling Employee Experience Today As We Embrace The Future WorkplaceTackling Employee Experience Today As We Embrace The Future Workplace
Tackling Employee Experience Today As We Embrace The Future WorkplaceRichard Harbridge
 
Smarter, Not Harder How AI Is Changing Communication - Ragan Events
Smarter, Not Harder How AI Is Changing Communication - Ragan EventsSmarter, Not Harder How AI Is Changing Communication - Ragan Events
Smarter, Not Harder How AI Is Changing Communication - Ragan EventsRichard Harbridge
 
Enhancing Microsoft Teams To Build A Better Digital Workplace
Enhancing Microsoft Teams To Build A Better Digital WorkplaceEnhancing Microsoft Teams To Build A Better Digital Workplace
Enhancing Microsoft Teams To Build A Better Digital WorkplaceRichard Harbridge
 
Masterclass On Improving & Measuring Onboarding, Retention & Wellbeing With M...
Masterclass On Improving & Measuring Onboarding, Retention & Wellbeing With M...Masterclass On Improving & Measuring Onboarding, Retention & Wellbeing With M...
Masterclass On Improving & Measuring Onboarding, Retention & Wellbeing With M...Richard Harbridge
 
Getting Started & Driving Success With Power Platform At Scale
Getting Started & Driving Success With Power Platform At ScaleGetting Started & Driving Success With Power Platform At Scale
Getting Started & Driving Success With Power Platform At ScaleRichard Harbridge
 
Masterclass On Improving & Measuring Onboarding, Retention & Well-being
Masterclass On Improving & Measuring Onboarding, Retention & Well-beingMasterclass On Improving & Measuring Onboarding, Retention & Well-being
Masterclass On Improving & Measuring Onboarding, Retention & Well-beingRichard Harbridge
 
Piloting & Scaling Successfully With Microsoft Viva
Piloting & Scaling Successfully With Microsoft VivaPiloting & Scaling Successfully With Microsoft Viva
Piloting & Scaling Successfully With Microsoft VivaRichard Harbridge
 

More from Richard Harbridge (20)

Piloting & Scaling Successfully With Microsoft Viva
Piloting & Scaling Successfully With Microsoft VivaPiloting & Scaling Successfully With Microsoft Viva
Piloting & Scaling Successfully With Microsoft Viva
 
Preparing, Piloting & Paths to Success with Microsoft Copilot
Preparing, Piloting & Paths to Success with Microsoft CopilotPreparing, Piloting & Paths to Success with Microsoft Copilot
Preparing, Piloting & Paths to Success with Microsoft Copilot
 
Bridging The Gap: How AI Is Transforming Both Customer Experience & Employee ...
Bridging The Gap: How AI Is Transforming Both Customer Experience & Employee ...Bridging The Gap: How AI Is Transforming Both Customer Experience & Employee ...
Bridging The Gap: How AI Is Transforming Both Customer Experience & Employee ...
 
Getting The Most Out Of Microsoft 365 Employee Experience Today & Tomorrow
Getting The Most Out Of Microsoft 365 Employee Experience Today & TomorrowGetting The Most Out Of Microsoft 365 Employee Experience Today & Tomorrow
Getting The Most Out Of Microsoft 365 Employee Experience Today & Tomorrow
 
Mastering Microsoft 365: The Winning Trio Of Automation, Governance & Adoption
Mastering Microsoft 365: The Winning Trio Of Automation, Governance & AdoptionMastering Microsoft 365: The Winning Trio Of Automation, Governance & Adoption
Mastering Microsoft 365: The Winning Trio Of Automation, Governance & Adoption
 
Piloting & Scaling Successfully With Microsoft Viva
Piloting & Scaling Successfully With Microsoft VivaPiloting & Scaling Successfully With Microsoft Viva
Piloting & Scaling Successfully With Microsoft Viva
 
Getting The Most Out Of Microsoft 365 Employee Experience Today & Tomorrow SH...
Getting The Most Out Of Microsoft 365 Employee Experience Today & Tomorrow SH...Getting The Most Out Of Microsoft 365 Employee Experience Today & Tomorrow SH...
Getting The Most Out Of Microsoft 365 Employee Experience Today & Tomorrow SH...
 
Elevate Your Microsoft 365 Experience The Winning Trio Of AI, Analytics & Aut...
Elevate Your Microsoft 365 Experience The Winning Trio Of AI, Analytics & Aut...Elevate Your Microsoft 365 Experience The Winning Trio Of AI, Analytics & Aut...
Elevate Your Microsoft 365 Experience The Winning Trio Of AI, Analytics & Aut...
 
Elevate Your Microsoft 365 Experience The Winning Trio Of AI, Analytics & Rec...
Elevate Your Microsoft 365 Experience The Winning Trio Of AI, Analytics & Rec...Elevate Your Microsoft 365 Experience The Winning Trio Of AI, Analytics & Rec...
Elevate Your Microsoft 365 Experience The Winning Trio Of AI, Analytics & Rec...
 
Metaverse & The Employee Experience: What You Need To Know
Metaverse & The Employee Experience: What You Need To KnowMetaverse & The Employee Experience: What You Need To Know
Metaverse & The Employee Experience: What You Need To Know
 
Elevate Your Microsoft 365 Experience The Winning Trio Of AI, Analytics & Aut...
Elevate Your Microsoft 365 Experience The Winning Trio Of AI, Analytics & Aut...Elevate Your Microsoft 365 Experience The Winning Trio Of AI, Analytics & Aut...
Elevate Your Microsoft 365 Experience The Winning Trio Of AI, Analytics & Aut...
 
Ideas & Inspiration: Getting Started & Driving Success With Power Platform At...
Ideas & Inspiration: Getting Started & Driving Success With Power Platform At...Ideas & Inspiration: Getting Started & Driving Success With Power Platform At...
Ideas & Inspiration: Getting Started & Driving Success With Power Platform At...
 
Smarter, Not Harder How AI Is Changing Employee Experience - Reworked Connect...
Smarter, Not Harder How AI Is Changing Employee Experience - Reworked Connect...Smarter, Not Harder How AI Is Changing Employee Experience - Reworked Connect...
Smarter, Not Harder How AI Is Changing Employee Experience - Reworked Connect...
 
Tackling Employee Experience Today As We Embrace The Future Workplace
Tackling Employee Experience Today As We Embrace The Future WorkplaceTackling Employee Experience Today As We Embrace The Future Workplace
Tackling Employee Experience Today As We Embrace The Future Workplace
 
Smarter, Not Harder How AI Is Changing Communication - Ragan Events
Smarter, Not Harder How AI Is Changing Communication - Ragan EventsSmarter, Not Harder How AI Is Changing Communication - Ragan Events
Smarter, Not Harder How AI Is Changing Communication - Ragan Events
 
Enhancing Microsoft Teams To Build A Better Digital Workplace
Enhancing Microsoft Teams To Build A Better Digital WorkplaceEnhancing Microsoft Teams To Build A Better Digital Workplace
Enhancing Microsoft Teams To Build A Better Digital Workplace
 
Masterclass On Improving & Measuring Onboarding, Retention & Wellbeing With M...
Masterclass On Improving & Measuring Onboarding, Retention & Wellbeing With M...Masterclass On Improving & Measuring Onboarding, Retention & Wellbeing With M...
Masterclass On Improving & Measuring Onboarding, Retention & Wellbeing With M...
 
Getting Started & Driving Success With Power Platform At Scale
Getting Started & Driving Success With Power Platform At ScaleGetting Started & Driving Success With Power Platform At Scale
Getting Started & Driving Success With Power Platform At Scale
 
Masterclass On Improving & Measuring Onboarding, Retention & Well-being
Masterclass On Improving & Measuring Onboarding, Retention & Well-beingMasterclass On Improving & Measuring Onboarding, Retention & Well-being
Masterclass On Improving & Measuring Onboarding, Retention & Well-being
 
Piloting & Scaling Successfully With Microsoft Viva
Piloting & Scaling Successfully With Microsoft VivaPiloting & Scaling Successfully With Microsoft Viva
Piloting & Scaling Successfully With Microsoft Viva
 

Recently uploaded

How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 

Recently uploaded (20)

How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 

Security and Compliance with SharePoint and Office 365

  • 1. Security and Compliance: A Whole New World with SharePoint and Office 365 Presented By: Richard Harbridge (@RHarbridge) #ILTASPS
  • 2. RICHARD HARBRIDGE My twitter handle is @RHarbridge, blog is on http://2toLead.com, and I work at CTO & MVP | SPEAKER & AUTHOR | SUPER FRIENDLY
  • 3. Great, we know who you are, but what do you do on a daily basis? MAXIMIZE SECURITY INVESTMENTS… Typically the work centers around…
  • 4. RICHARD HARBRIDGE My twitter handle is @RHarbridge, blog is on http://2toLead.com, and I work at CTO & MVP | SPEAKER & AUTHOR | SUPER FRIENDLY
  • 5. What are the big trends in security, compliance and transparency? TOP THREE CLOUD CONCERNS… Security 73% of orgs indicated security as a top challenge holding back SaaS adoption Compliance 89% of orgs required to govern content for compliance or business continuity purposes Transparency 63% of orgs state transparency challenges restrict them from growing their cloud usage
  • 6. Let’s Talk About User Control… WHATWEWILLTALKABOUTTODAY… Let’s Talk About Security Services… Let’s Talk About Compliance Services…
  • 7. MANAGING ACCESS & CONTROL… While core documents are managed and controlled many other places like team or departmental collaboration suffer from permission challenges.
  • 8. MANAGING ACCESS & CONTROL… Throughout the Office 365 experience for SharePoint or OneDrive content access control is readily available and easy to understand as an end user.
  • 9. MANAGING ACCESS & CONTROL… We use dynamic groups with membership defined as a rule, rather than as a static list of members. We expire groups (if need not attested). Expiring Groups Admins set a duration after creation when group owners need to attest the continuing need for their group. Else it’s deleted. One Identity Azure Active Directory (AAD) is the master for group identity and membership across Office 365 (Exchange, SharePoint, Yammer, Teams, Planner, Power BI, etc.)
  • 10. MANAGING ACCESS & CONTROL… Make it easy to manage access and ensure the wrong kind of sharing doesn’t take place – whether internal or external.
  • 11. Better site management at a service level makes this easier to target and notify owners based on site activity, classifications, sharing status or more. MANAGING ACCESS & CONTROL…
  • 12. Let’s Talk About User Control… WHATWEWILLTALKABOUTTODAY… Let’s Talk About Security Services… Let’s Talk About Compliance Services…
  • 13. Let’s Talk About User Control… WHATWEWILLTALKABOUTTODAY… Let’s Talk About Security Services… Let’s Talk About Compliance Services…
  • 14. You need both defense in breadth and depth to mitigates product vulnerabilities, user education mitigates human vulnerabilities and continuous monitoring shortens attack times (because at some point, you will be attacked). BEST WAY TO PROTECT YOUR DATA? Breadth Depth User Education Systematic Security
  • 15. Microsoft’s security platform is quite a bit more than just Office 365, and the modern security platform has considerably more capability today. THE BIGGER PICTURE…
  • 16. SECURESCORE… One place to understand your security position and what features you have enabled. Targeted guidance to increase your security level.
  • 17. Broad visibility into attack trends Billions of data points from Office, Windows, and Azure Integrated data from external cyber threat hunters Proactive security policy management Intuitive dashboards with drill-down capabilities THREATINTELLIGENCE… Microsoft Advanced Threat Analytics brings the behavioral analytics concept to IT and the organization’s users.
  • 18. THREATINTELLIGENCE… Abnormal resource access Account enumeration Net Session enumeration DNS enumeration Directory Services enumeration (ATA 1.7) Abnormal working hours Brute force using NTLM, Kerberos or LDAP Sensitive accounts exposed in plain text authentication Service accounts exposed in plain text authentication Honey Token account suspicious activities Unusual protocol implementation Malicious Data Protection Private Information (DPAPI) Request Abnormal authentication Abnormal resource access Pass-the-Ticket Pass-the-Hash Overpass-the-Hash MS14-068 exploit (Forged PAC) MS11-013 exploit (Silver PAC) Skeleton key malware Golden ticket Remote execution Malicious replication requests Reconnaissance Compromised Credential Lateral Movement Privilege Escalation Domain Dominance
  • 19. ADVANCEDTHREATPROTECTION… This is integrated across apps and services (across Exchange Online, SharePoint Online, OneDrive for Business, Office Apps, etc.) Time-of-click protection against malicious URLs URL reputation checks along with detonation of attachments at destination URLs. Zero-day protection against malicious attachments Attachments with unknown virus signatures are assessed using behavioral analysis. Critical insights into external threats Rich reporting and tracking features provide critical insights into the targets and categories of attacks. Intelligence sharing with devices Integration with Windows Advanced Threat Protection to correlate data across users and devices.
  • 20. Dynamic delivery for Safe Attachments URL Detonation (not just links but even files that have links). ADVANCEDTHREATPROTECTION… This is integrated across apps and services (across Exchange Online, SharePoint Online, OneDrive for Business, Office Apps, etc.)
  • 21. SENSITIVECONTENTENCRYPTION… O365 instead of RMS allows us to secure and transfer it but put responsibility on receiving party via secure portal to view, reply (or take). Secure email that works across organizations and with anyone you wish to reach Remove the complexity of getting started Simplify manual or automatic protection Ensure that all recipients can read and respond/
  • 22. ENHANCEDSHARINGCONTROLS… Tenant level, site collection, group, and more control levels. Continuing to improve in terms of capabilities, controls and experiences.
  • 23. Multi-geo support where you can control data residency (store in that geo) & control settings (distinct settings on sharing etc.) WHAT CAN I DO IN THE ADMIN?
  • 24. ADVANCEDSECURITYMANAGEMENT… Advanced security management is a great way to be more pro-active with your policy enforcement and evaluating risks. Threat detection Identify high-risk and abnormal usage, security incidents, and threats. Enhanced control Shape your Office 365 environment with granular security controls and policies. Discovery and insights Gain enhanced visibility and context into your Office 365 usage and shadow IT.
  • 25. ADVANCEDSECURITYMANAGEMENT… Alerts can be extremely powerful in detecting certain patterns to accelerate pro-active and improved security posture.
  • 26. PRODUCTIVITY APPDISCOVERY… Analyze which cloud apps are being used in your organization by importing your traffic logs from firewalls/proxies.
  • 27. Device access = conditional access (by IP, by manage or unmanaged) by blocking, allow read-only capabilities or even specific time out settings. CONDITIONAL ACCESS…
  • 28. POWERBI… It’s not just about enabling the sharing of reports and dashboards. Policy Controls I want to… I should use… Control who uses Power BI Office 365 Portal to assign licenses Prevent access off corp. network AAD Conditional Access View/control usage PBI features Power BI Admin Portal Control usage of mobile features Intune MAM Audit Power BI activity Power BI auditing in Office 365 Portal
  • 29. Let’s Talk About User Control… WHATWEWILLTALKABOUTTODAY… Let’s Talk About Security Services… Let’s Talk About Compliance Services…
  • 30. Let’s Talk About User Control… WHATWEWILLTALKABOUTTODAY… Let’s Talk About Security Services… Let’s Talk About Compliance Services…
  • 31. 50% year over year growth rate in electronic data 45% of orgs state lack of governance opens them to security & compliance risks 41% of orgs state enforcing a governance policy is their biggest issue DATAISGROWING… Achieving organizational compliance is challenging.
  • 32. Preserve vital data Organization needs Find relevant data Monitor activity Data Governance Import, store, preserve and expire data eDiscovery Quickly identify the most relevant data Auditing Monitor and investigate actions taken on data Security & Compliance Center Manage compliance for all your data across Office 365 IN-PLACECOMPLIANCE… Microsoft is evolving beyond the core preservation and monitoring.
  • 33. In-Place Office 365 Data Governance Benefits of In-Place Office over Journaling Location, query or policy based Apply preservation to mailbox or SharePoint site, apply a query to hold less content, or use preservation policies Higher fidelity and lower costs Content stays in Exchange and SharePoint, which results in lower storage costs, and higher fidelity data No impact to users Seamlessly create, edit, and delete without knowing data is being preserved Reduce risk Data is not duplicated to another provider or compliance boundary. Record all actions taken on the data Insights Insights to enable you to keep what’s important, delete what’s not, and to share according to policy IN-PLACEDATALIFE-CYCLE… Microsoft is prioritizing in-place models and offers many capabilities that fit with this model. Going beyond legal hold into preservation policy etc. 4 1
  • 34. COMPLIANCELIFE-CYCLE… You can bring in data today into Office 365 for preservation and to apply compliance. Once it’s in all the in-place capabilities are applicable. 4 2
  • 35. DATALOSSPREVENTION… Protect sensitive information taking into account content, users and the dynamic operating environment. Detailed story for how this can be used. Sophisticated, built-in content protection across Office 365 Insights and automatic safeguards End user empowerment to maintain productivity and enforcement
  • 36. Unified policy definition Unified reporting DATALOSSPREVENTION… DLP can be applied to more targeted and a wider variety of sources. The reporting is also improved and unified.
  • 37. Leverage intelligence to automate data retention Classify data based on age, type, user, or sensitivity Policy recommendations based on machine learning Apply actions to preserve high value data Purge redundant, obsolete, and trivial data ADVANCEDDATAGOVERNANCE… Helping customers understand how to better improve their data governance and giving the tools you need to do it.
  • 38. ADVANCEDDATAGOVERNANCE… Quickly get insights on the dashboard into your data.
  • 39. ADVANCEDDATAGOVERNANCE… When importing get intelligence that helps you improve your data governance.
  • 40. ADVANCEDDATAGOVERNANCE… When importing get intelligence that helps you improve your data governance. Filter and see the impact of your filtering.
  • 41. ADVANCEDDATAGOVERNANCE… When importing get intelligence that helps you improve your data governance. Filter and see the impact of your filtering.
  • 42. ADVANCEDDATAGOVERNANCE… Preserving and retaining content can be user driven, match a query, or be based on advanced rules.
  • 43. AUDITLOG… It’s not just that everything is audited. It’s that we can have alerts, that we can extend this with the API, and that this can be helpful.
  • 44. AUDITLOG… Be sure to use the API to store this data if you want to use it at a later time. Exchange Online Admin activity, end-user (mailbox) activity Security and Compliance Center Admin activity Azure Active Directory Office 365 logins, directory activity Power BI Admin activity SharePoint Online and OneDrive for Business File activity, sharing activity
  • 45. EDISCOVERY… Enabling in-place, intelligent eDiscovery, to quickly identify relevant data while decreasing cost and risk. You can use to find sensitive data too!
  • 46. Identify relevant documents Predictive coding enables you to train the system to automatically distinguish between likely relevant and non-relevant documents. Identify data relationships Use clustering technology to look at documents in context and identify relationships between them. Organize and reduce the data prior to review Use near duplicate detection to organize the data and reconstruct email threads from unstructured data to reduce what’s sent to review. EDISCOVERY… Still an area that is continuing to improve.
  • 47. Last year Feature Pack 1 was released. It improved experiences and hybrid capabilities. It also includes a hybrid auditing capability that is unified w/ O365. Feature pack 2 coming later this fall is all about a better development pattern across on-premises and O365. WHAT ABOUT SHAREPOINT 2016?
  • 48. CUSTOMERLOCKBOX… Can help customers meet compliance obligations by demonstrating that they have procedures in place for explicit data access authorization. Extended access Control Use Customer Lockbox to control access to customer content for service operations Visibility into actions Actions taken by Microsoft engineers in response to Customer Lockbox requests are logged and accessible via the Management Activity API and the Security and Compliance Center Microsoft Engineer Microsoft Manager Microsoft Approved CustomerMicrosoft EngineerLockbox systemCustomer Submits request 100101 011010 100011 Customer Approved “Only time we touch data is when you call with a support incident. Not something everyone needs. Example in a recent month there was ~9 requests (5 were MSFT IT, 4 were customers out of millions and millions of customers).”
  • 49. ENCRYPTIONKEYS… BYOK is for service exit! Remember: Contractual terms have clear obligations with fraud, negligence and breach of contract liabilities.
  • 50. ENCRYPTION KEYS… BYOK is for service exit! Remember: Contractual terms have clear obligations with fraud, negligence and breach of contract liabilities.
  • 51. The Trust Center is still a great resource, but now in your security and compliance center you have all the reports, trust documents, controls and more available for inspection (you can even share access). SERVICE TRUST & TRUST CENTER… Rich information on how Microsoft implements security, privacy and compliance controls including details of testing by independent third- party auditors Third-party audit reports including: SOC 1 / SSAE 16, SOC 2 / AT 101, ISO 27001, ISO 27018 and many more Deep insights into how we implement encryption, incident management, tenant isolation and data resiliency Information on how you can leverage Microsoft cloud security controls and configurations to protect your data
  • 52. Let’s Talk About User Control… WHATWEWILLTALKABOUTTODAY… Let’s Talk About Security Services… Let’s Talk About Compliance Services…
  • 53. There are a few high level recommendations that I wanted to leave you with. • Configure Secure Score: • Weekly performance of activities to increase secure score is highly recommended. • Multi-factor authentication for global/non-global admins is a must! • Recommended weekly report checks also a must. • Increase the target score slider to include a few more defense in breadth activities. • DKIM/DMARC/SPF • Ensure that all three are enabled for the default domain not the onMicrosoft.com domain. • Also, check Spoof mail report weekly (requires E5 or Advanced Threat Protection SKU) • Exchange Online • Weekly checks on all mailboxes with last login date (PowerShell script). • Enable common attachments type filter & notifications for protection > malware • Verify list of allowed/blocked Ips under protection > connection filter. • Verify block/allow list in spam filter policy. • Threat Management (Requires E5) • Check the dashboard and individual reports weekly. • Data Loss Prevention • At minimum, set up a DLP policy for mitigating access to documents that have Personally Identifiable Information (PII). • SharePoint Online • Always use Groups and where possible use dynamic memberships! • If on premises – consider SharePointURLBrute or SharePoint UserDispEnum DEFAULT CONFIGURATION IS NOT ENOUGH…
  • 54. Information protection Identity-driven security Managed mobile productivity Identity and access management Azure Information Protection Premium P2 Intelligent classification and protection for files and emails shared inside and outside your organization (includes all capabilities in P1) Azure Information Protection Premium P1 Manual classification and protection for files and emails shared inside and outside your organization Cloud-based file tracking Microsoft Cloud App Security Enterprise-grade visibility, control, and protection for your cloud applications Microsoft Advanced Threat Analytics Protection from advanced targeted attacks leveraging user and entity behavioral analytics Microsoft Intune Mobile device and app management to protect corporate apps and data on any device Azure Active Directory Premium P2 Identity and access management with advanced protection for users and privileged identities (includes all capabilities in P1) Azure Active Directory Premium P1 Secure single sign-on to cloud and on-premises apps MFA, conditional access, and advanced security reporting EMS E3 EMS E5 UNLOCKMORECAPABILITIES… Understand your current investments and what you already own today!
  • 55. Thank You! BMO’samazingteamformakingthispossible. 100+AwesomePresentationsAt.. Slideshare.Net/RHarbridge 300+PagesOfWhitepapersAt.. 2toLead.com/Whitepapers WhenToUseWhat.com Office365Intranets.com Office365Metrics.com Office365Campaigns.com Office365Extranets.com Office365Resources.com Message Me On LinkedIn or Email Richard@2toLead.com CTO & MVP | SPEAKER & AUTHOR | SUPER FRIEND Twitter: @RHarbridge. More to come on our blog at http://2toLead.com.

Editor's Notes

  1. Whether you’re new to security and compliance in Office 365 or a seasoned veteran, we’ll have something for you in this session. Hear about Microsoft’s overall security story from Microsoft MVP Richard Harbridge, and better understand how it relates to SharePoint services, catch up on new developments over the past year, and learn about the new capabilities Microsoft provides. From advanced security management and threat intelligence to sensitive content encryption, governance and sharing there is plenty to discuss.
  2. Richard Harbridge is the Chief Technology Officer and an owner at 2toLead. Richard works as a trusted advisor with hundreds of organizations, helping them understand their current needs, their future needs, and what actions they should take in order to grow and achieve their bold ambitions.   Richard remains hands on in his work and has led, architected, and implemented hundreds of business and technology solutions that have helped organizations transform both digitally and organizationally. Richard has a passion for helping organizations achieve more; whether it is helping an organization build beautiful websites to support great content and social strategy, or helping an organization leverage emerging cloud and mobile technology to better service their members or the communities that they serve.   Richard is an author and an internationally recognized expert in Microsoft technology, marketing and professional services. As a sought-after speaker, Richard has often had the opportunity to share his insights, experiences, and advice around branding, partner management, social networking, collaboration, ROI,  technology/process adoption, and business development at numerous industry events in around the globe. When not speaking at industry events, Richard works with Microsoft, partners, and customers as an advisor around business and technology, and serves on multiple committees, leads user groups, and is a Board Member of the Microsoft Community Leadership Board.
  3. Richard Harbridge is the Chief Technology Officer and an owner at 2toLead. Richard works as a trusted advisor with hundreds of organizations, helping them understand their current needs, their future needs, and what actions they should take in order to grow and achieve their bold ambitions.   Richard remains hands on in his work and has led, architected, and implemented hundreds of business and technology solutions that have helped organizations transform both digitally and organizationally. Richard has a passion for helping organizations achieve more; whether it is helping an organization build beautiful websites to support great content and social strategy, or helping an organization leverage emerging cloud and mobile technology to better service their members or the communities that they serve.   Richard is an author and an internationally recognized expert in Microsoft technology, marketing and professional services. As a sought-after speaker, Richard has often had the opportunity to share his insights, experiences, and advice around branding, partner management, social networking, collaboration, ROI,  technology/process adoption, and business development at numerous industry events in around the globe. When not speaking at industry events, Richard works with Microsoft, partners, and customers as an advisor around business and technology, and serves on multiple committees, leads user groups, and is a Board Member of the Microsoft Community Leadership Board.
  4. There is no charge for inviting B2B users and assigning them to an application in Azure AD. Every invited user gets the rights that the Azure AD Free edition offers if no paid Azure AD license exists in the tenant. The inviting tenant will get 5 B2B user rights with each Azure AD paid license. That is, each Azure AD paid license providing the rights to Azure AD paid features to one employee user in a tenant, will now also provide the rights to those same Azure AD paid features to an additional 5 B2B users invited to the tenant.
  5. Preservation is about protecting your data, archiving is about managing your storage.