1
24 2016#CODEIB #Office365 Microsoft Office
365e-mailfb.me/[email protected]
Microsoft
per user securitySecure Productive Enterprise
Infrastructure securityAdvanced Threat ProtectionAdvanced
Security ManagementData Loss PreventionAdvanced Threat
ProtectionInformation ProtectionCredential GuardDevice
GuardAdvanced Threat AnalyticsCloud App SecurityIntuneAzure Active
Directory PremiumAzure Information ProtectionAcross clouds & on
premisesAzure Security CenterAzure backup & disaster
recoveryAnalytics & monitoringAutomation
Office 365Windows 10Enterprise Mobility + Security Operations
Mgmt. + Security
PurpleR:92 G:45 B:145Dark PurpleR:50 G:20 B:90Dark BlueR:0 G:32
B:80MagentaR:180 G:0 B:158Dark GrayR:80 G:80 B:80BlueR:0 G:120
B:215Main colorsSecondary colors (use only when necessary)Mid
BlueR:0 G:24 B:143GreenR:16 G:124 B:16Light BlueR:0 G:188 B:2422
min: high level set on security strategy and tech - O365, Azure,
EMS, OMS CISO comprehensive security package is ECS
2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES
NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION
IN THIS PRESENTATION.11/24/2016 10:03 AM2
Office 365
WordExcelPowerPointOneNoteSway
OutlookExchangeYammer
OneDriveSharePointDelve
SkypePlanner
Power BI Delve Analytics
Microsoft Corporation. All rights reserved. 11/24/2016 10:03
AM3
Office 365
5 /5 /5 -
50 /-,
1 10
10 + 500
, , Skype 10 000
Yammer, Power BI, Sway, Delve, Planner, Video, Flow, PowerApps,
Teams,
MSFT Field - Please view associated material at:
https://microsoft.sharepoint.com/sites/Infopedia_G01/Pages/OneMicrosoftSecurity.aspx
2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES
NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION
IN THIS PRESENTATION.11/24/2016 10:03 AM5
Microsoft Trust Center microsoft.com/trustcenter/Online Services
Terms - -Microsoft Online Services Privacy Statement - Online
Services Microsoft Microsoft Security Development LifecycleCloud
Security Alliance AIG etc
CCSL (IRAP)CDSAChina DJCPChina GB 18030China TRUCSCJISCS MarkCSA
STAR Self-AssessmentDoDEU Model ClausesFACTFDAFedRAMPFERPAFIPS
140-2FISCHIPAA/HITECHIRS 1075ISO 22301ISO/IEC 27001ISO/IEC
27017ISO/IEC 27018IT Grundschutz Compliance
WorkbookITARMARS-EMPAAMTCSNZ CC FrameworkPCI-DSSSection 508
VPATsSOC 1, 2, and 3Spain ENSUK G-Cloud
MSFT Field - Please view associated material at:
https://microsoft.sharepoint.com/sites/Infopedia_G01/Pages/OneMicrosoftSecurity.aspx
2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES
NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION
IN THIS PRESENTATION.11/24/2016 10:03 AM7
https://www.microsoft.com/en-us/cloud-platform/global-datacenters
1989: $15+ 1+ 100+ 1.125 PUE ( industry avg 1.8) red\blue 3 TLS,
IPsec, Bitlocker
Office 365
Strategy: Employ risk-based, multi-dimensional approach to
safeguarding services and data Threat Intelligence Feed , ,
, - , , , JEA JIT
, , , ,
, ,
,
, , DDOS
, ,
ISO 27001, 27018, SSAE 16, FISMA
Slide title: Operational securitySlide objectives: Provide an
overview of securing online services.
Slide script: So, what about operational security? Securitys an
ongoing effort that combines experienced and qualified personnel;
software and hardware technologies; as well as processes to design,
build, deploy, operate, and support the service. Security has to be
vigilantly maintained, regularly enhanced, and routinely verified
through testing.
As you can see from the slide, we have a multidimensional
approach to securing our online services. It starts in our
facilities, where we have strong physical security controls, such
as video surveillance, and as you move up the stack, up the slide
into our service, you can see key controls like two-factor
authentication for personnel who access the Azure infrastructure.
As you move towards the access control monitoring, file data
integrity, you can see that we think about security in the
facility, in the infrastructure, and in the application.
For example:Vulnerability Management- We use multiple layers of
automatically updated anti-virus protection to help prevent
malicious code from entering the environment. Intrusion detection
and prevention systems are in place to detect, alert and where
applicable, prevent anomalous activities or deviations from a
baseline configuration that may be indicative of a suspected
compromise.We have Training and Awareness programs, where Formal
training is provided for all engineers, test, and program managers.
Security training also includes secure design and coding
standards.In terms of Physical Access- Restrictions by job function
exist so that only essential personnel are authorized to physically
access datacenter hardware. Authorization requires:Badge, and card
reader restricted accessBiometric scannersOn-premises security
officersContinuous video surveillanceFinally, controls across our
framework are ranked and marked for review though a program we call
cycle testing
9
. . . .
:
ProgramAzureOffice 365CRMOLIntune ISO 27001:2005 or
27001:2013ISO 27018:2014SOC 1 Type 2 (SSAE 16/ISAE 3402)SOC 2 Type
2 (AT 101)CSA STAR Level 1US Government CloudFed RAMP
ModerateITARCJISIRS 1075PCI DSS Level 1HIPAA BAA21 CFR Part 11 (FDA
and European Medicinal Evaluation Agency EMEA)FERPAGxP (GLP or
GMP)EU Model ClausesUK G-Cloud OFFICIALAustralia Gov
IRAP/ISMSingapore MTCS at Level 1 at Level 1China Sovereign
CloudChina MLPS Level 2China CCCPPF
S4 Solutions Specialist Summit 2015 Microsoft Corporation. All
rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR
STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.11/24/2016
10:03 AM11
ISO 27018 :
12
Office 365
: , .
Azure Active Directory
: .
Azure Active Directory
+ : .
Azure Active Directory
, .
*.
.14
AD . Azure Windows Server Active Directory AD FS
Active Directory
, Windows Server Active DirectoryActive Directory
AD FS , Work Place Join Multi-Factor Authentication
*
Active Directory
Active Directory
When it comes to creating that single identity across
on-premises and in the cloud you have options around sync and
federation. The key question here is, where do you want passwords
stored?
In the Sync model, identity information is kept in sync between
the 2 locations, including passwords. Authentication can occur
against either directory.In the Federation model, identity
information is kept in sync, but passwords are not. All
authentication is passed back to on-premises AD to validation.
2012 Microsoft Corporation. All rights reserved. Microsoft,
Windows, and other product names are or may be registered
trademarks and/or trademarks in the U.S. and/or other countries.The
information herein is for informational purposes only and
represents the current view of Microsoft Corporation as of the date
of this presentation. Because Microsoft must respond to changing
market conditions, it should not be interpreted to be a commitment
on the part of Microsoft, and Microsoft cannot guarantee the
accuracy of any information provided after the date of this
presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR
STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.11/24/201615
Active Directory
givenNamesurnametitleE-mailtelephone
[email protected]
AAD Connect , . , / , , ,
Active Directory
givenNamesurnametitleE-mailemployeeIDtelephone
[email protected] Boss555-123-4567
, A (): Surname EmployeeID telephone --
One of the biggest challenges to creating a single user identity
for each user is to get all the various identity attributes
together and consistent across an environment.
[Forefront] Identity Manager provides an extensible sync engine
that can bring together all the attributes from the various
locations into a single view of the user and keep them up to date
as they change across a number of identity directories.11/24/2016
2011 Microsoft Corporation. All rights reserved. Microsoft,
Windows, Windows Vista and other product names are or may be
registered trademarks and/or trademarks in the U.S. and/or other
countries.The information herein is for informational purposes only
and represents the current view of Microsoft Corporation as of the
date of this presentation. Because Microsoft must respond to
changing market conditions, it should not be interpreted to be a
commitment on the part of Microsoft, and Microsoft cannot guarantee
the accuracy of any information provided after the date of this
presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR
STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.16
Office 365 Azure AD Premium : (PIN )SMS- ,
Office 365
/- root- jailbreak : Outlook, OneDrive for Business
, , /, Outlook ( , .) Exchange Online Protection
Exchange Server / Exchange Online
Exchange Online Protection
19
URL- URL- Advanced Threat Protection
20
Office 365
Customer SIEM
2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES
NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION
IN THIS PRESENTATION.11/24/2016 10:03 AM22
Exchange Online Exchange Online SharePoint Online SharePoint
Online Security and Compliance Center Azure Active Directory
MSODS
:
https://support.office.com/ru-ru/article/%d0%9f%d0%be%d0%b8%d1%81%d0%ba-%d0%b2-%d0%b6%d1%83%d1%80%d0%bd%d0%b0%d0%bb%d0%b5-%d0%b0%d1%83%d0%b4%d0%b8%d1%82%d0%b0-%d0%b2-%d0%b3%d1%80%d1%83%d0%bf%d0%bf%d0%b5-%d0%b1%d0%b5%d0%b7%d0%be%d0%bf%d0%b0%d1%81%d0%bd%d0%be%d1%81%d1%82%d0%b8-Office-365-%d0%b8-%d1%86%d0%b5%d0%bd%d1%82%d1%80-%d1%81%d0%be%d0%be%d1%82%d0%b2%d0%b5%d1%82%d1%81%d1%82%d0%b2%d0%b8%d1%8f-0d4d0f35-390b-4518-800e-0c7ec95e946c?ui=ru-RU&rs=ru-RU&ad=RU#auditlogevents11/24/201623Microsoft
Office365 2012 Microsoft Corporation. All rights reserved.
Microsoft, Windows, and other product names are or may be
registered trademarks and/or trademarks in the U.S. and/or other
countries.The information herein is for informational purposes only
and represents the current view of Microsoft Corporation as of the
date of this presentation. Because Microsoft must respond to
changing market conditions, it should not be interpreted to be a
commitment on the part of Microsoft, and Microsoft cannot guarantee
the accuracy of any information provided after the date of this
presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR
STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Advanced Security Management ( IP , , - .) (, SharePoint) (SMS,
) ( )
(e-Discovery)
SharePoint
Skypefor Business
People search in SharePoint allows you to find people across
based not only on their profile, but on the work they produce. This
means that finding an expert on a topic becomes much easier and far
more accurate. The people search experience is dedicated to making
it easier to find people and understand how that person can help.
In this example the hover card shows not only information from the
profile, but also shows content that matches the person that may be
of interest. With a single click you can follow that person, send
them an IM, or speak to them in Lync.
26
100101011010100011
Office365 : Microsoft
( )
(DLP)
+ Exchange/SharePoint/OneDrive for Business/
DLPhttps://blogs.technet.microsoft.com/tiagosouza/
DLP
Outlook SharePoint
Office
, : , , , .
-
RMS
, MS Office
RMS enables secure collaboration through encryption for content
at rest or in motion with intelligence (Identity and Policy) for
content at rest or in motion to enable
Lock up personal data stores with BitLocker / BitLocker to
GoEveryday Metaphor: Lock on the front door of your home. Good, but
once open, everyone gets in.Great way to protect against lost
laptops and other assets but not at a granular level
Rights Management Everyday Metaphor: Certified mail that, when
closed, requires re-certification before reuse. Protection for data
in the wild with flexible terms-of-use, and transport
agnosticGeneric file protection using Rights Protected Folders
SharePoint Secure LibrariesEveryday Metaphor: A well run public
Library whose librarian actually asks to see your identityGreat way
to host data that can be centralized; data that leaves is
protected
Pro-active protection (aka DLP) via Exchange, FOPE, FCI, ISV
offers, etc.Everyday Metaphor: A persistent yard caretaker for your
digital landscape Volunteer application of RM will only get you so
far DLP offers at strategic points does wonders!
Combined, these offers give you protection of lost assets, data
in repositories, data in flight (user protected or not), and IT
controlled* auditing of data usage.
34
Office 365 Message Encryption Azure RMS ( ) HTML- : Live ID
(MSA), Azure AD, /
35
SharePoint Online Azure RMS AD RMS ( .. ) RMS :Manage Site (, ,
.)Edit Items, Manage Lists , ( )View Items ( )
: , :
60% 45% , 42% , :
94% 62% , 75% Data points provided by Cloud Trust Study
conducted by TWC
2014 Microsoft Corporation. All rights reserved. Microsoft,
Windows, and other product names are or may be registered
trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and
represents the current view of Microsoft Corporation as of the date
of this presentation. Because Microsoft must respond to changing
market conditions, it should not be interpreted to be a commitment
on the part of Microsoft, and Microsoft cannot guarantee the
accuracy of any information provided after the date of this
presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR
STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.11/24/201638
11/24/201639Microsoft Office365 2012 Microsoft Corporation. All
rights reserved. Microsoft, Windows, and other product names are or
may be registered trademarks and/or trademarks in the U.S. and/or
other countries.The information herein is for informational
purposes only and represents the current view of Microsoft
Corporation as of the date of this presentation. Because Microsoft
must respond to changing market conditions, it should not be
interpreted to be a commitment on the part of Microsoft, and
Microsoft cannot guarantee the accuracy of any information provided
after the date of this presentation. MICROSOFT MAKES NO WARRANTIES,
EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.
Office 365 Admin app
,
!
[email protected]/solodovnikov
