Microsoft/Office 365 · 2019-08-06 · Microsoft/Office 365 Wade Walker ... 11:45: Microsoft 365...
Transcript of Microsoft/Office 365 · 2019-08-06 · Microsoft/Office 365 Wade Walker ... 11:45: Microsoft 365...
Lig
ht B
lue
R0 G
188 B
242
Gre
en
R16 G
124 B
16
Red
R232 G
17 B
35
Mag
en
taR
180 G
0 B
158
Pu
rple
R92 G
45 B
145
Blu
eR
0 G
120 B
215
Teal
R0 G
130 B
114
Yello
wR
255 G
185 B
0
Ora
ng
eR
216 G
59 B
1
Lig
ht Y
ello
wR
255 G
241 B
0Lig
ht O
ran
ge
R255 G
140 B
0Lig
ht M
ag
en
taR
227 G
0 B
140
Lig
ht P
urp
leR
180 G
160 B
255
Lig
ht T
eal
R0 G
178 B
148
Lig
ht G
reen
R186 G
216 B
10
Dark
Red
R168 G
0 B
0D
ark
Mag
en
ta
R92 G
0 B
92
Dark
Pu
rple
R50 G
20 B
90
Mid
Blu
eR
0 G
24 B
143
Dark
Teal
R0 G
75 B
80
Dark
Gre
en
R0 G
75 B
28
Dark
Blu
eR
0 G
32 B
80
Mid
Gra
yR
115 G
115 B
115
Dark
Gra
yR
80 G
80 B
80
Ric
h B
lack
R0 G
0 B
0
Wh
iteR
255 G
255 B
255
Gra
yR
210 G
210 B
210
Lig
ht G
ray
R230 G
230 B
230
Microsoft/Office 365
Wade WalkerManager Cloud [email protected]
Today’s Agenda
11:30: Introductions (Jonas Nordling)
11:40: Microsoft 365 Overview (Wade Walker)
11:45: Microsoft 365 Deep Dive (Wade Walker)
12:30: Microsoft 365 Demo (Wade Walker)
1:00: Q & A / Wrap Up / Surveys
Who is Big Green IT?
• Quote from StudioWC– “I had no idea our transition would be so smooth! Big Green IT was responsive and prompt every step of the
way. The nicest team I’ve ever worked with!”
• Headquartered in Rocklin, CA; offices in LA, San Diego and Bay Area
• 2018 Sacramento Business Journal Best Places to Work
• Microsoft Gold Partner
• Microsoft Tier 1 Azure and Office 365 Managed Partner
• Microsoft Data Center Optimization (DCO) Partner
• Some of our Microsoft Cloud Clients:– Summit Funding 1,200 users Rideout Health 3,400 users
– Red Hawk (Rancheria) 340 users Wind Creek / Sands 2,000 users
– Rego Consulting 150 users APM 1,400 users
– In-Shape Clubs 1,300 users ProSearch 180 Users
– EJ Gallo 7,000 users Many others in the 20-100 user range
Office 365 Basic Features
Office Applications
• Word• Excel• Outlook• PowerPoint• OneNote• Access, Publisher, Visio, etc.
Cloud Services
• Email & Calendaring (Exchange)• Intranet & Company Files (SharePoint)• Cloud File Storage and Sharing (OneDrive)• Online Meetings, Collaboration & Phone (Teams)
Office 365
Business or Enterprise
Office ApplicationsWord, Excel, PowerPoint, Outlook,
OneNote, Publisher, and Access
Online ServicesExchange, OneDrive, Skype for
Business, SharePoint, Teams, etc.
Business AppsBookings, Outlook Customer Manager
Enhanced Security
Cross-platform
Consistent Security configuration across
Windows 10, Android and iOS devices
Rights Management, Sensitivity labeling
and intelligent Data Loss Prevention tips
Enforced device and documents encryption
Network protection from malware exploits
Remote wipe of business data from
lost or stolen devices
Conditional access
Device Management &
Simplified Admin
Mobile Device Management for Windows
10, Android and iOS with Microsoft Intune
Always up-to-date Office, Windows
and Windows Defender anti virus
Single admin console to setup and
manage users and devices
Streamlined deployment of PCs
with Windows AutoPilot, including Auto-
installation of Office apps + Automated
PowerShell Deployments
+ +
Moving up to Microsoft 365
Microsoft 365 | One subscription for Productivity + Security + Device Management
3rd party
solutions(bought separately,
expensive & hard to
integrate)
Archiving
Data Loss Prevention
Email Threat Protection
Device Anti Virus
Email Filtering
Productivity Software
Storage
Online Chat & Meetings
Device Management
Data Loss Prevention
Email + Device Threat Protection
100 GB or Unlimited Archiving
Device & App Management PCs, Macs, iOS & Android
Email Filtering
Windows Defender AV
1 TB+ File Storage
50 or 100 GB Cloud Email
Teams & Skype for Business
Office (Word, PowerPoint, Excel, Outlook, OneNote)
Information Protection
vs.Microsoft 365(all included, seamlessly
integrated)
https://azure.microsoft.com/en-us/global-infrastructure/regions/
https://aka.ms/AzureCompliancehttps://products.office.com/en-us/business/office-365-trust-center-welcome
Security Tools, Recommendations,
Monitoring, Assessments, and more
Microsoft 365 Business
1. Office 365 Advanced Threat ProtectionAttachment scanning & ML detection to catch suspicious attachments + link Scanning/Checking to prevent users from clicking suspicious links
2. Azure Information ProtectionControls & manages how sensitive content is accessed by providing classification labels on documents and email
Security features available in
Microsoft 365 Business
1. Data Loss PreventionDoes content analysis to easily identify, monitor, and protect sensitive information (e.g., SSN) from leaving org
2. Exchange Online Archiving100GB archiving & preservation policies such as eDiscovery to remain complaint
3. Office Message EncryptionEncrypt email messages, including adding do not forward and encryption properties
Security add-ons available in
Microsoft 365 Business
Microsoft 365 Enterprise
Teams
Yammer
Office Apps
SharePointOutlook
Office 365
Enterprise
Windows 10
Enterprise
Enterprise Mobility
+ Security
Microsoft Intune
Azure Information
Protection
Microsoft
Cloud App Security
Microsoft Advanced
Threat Analytics
Azure Active
Directory PremiumWindows Defender
ATP
Microsoft GraphSuite-wide intelligence
connecting people and content
Security and ComplianceCentralized policy
management
Features (new in blue)Office 365
BP
Microsoft 365
Business
Microsoft 365
E3
Microsoft 365
E5
Estimated retail price per user per month $USD (with annual commitment) $12.50 $20 $32 $57
Maximum number of users 300 300 unlimited unlimited
Office Apps Install Office on up to 5 PCs/Macs + 5 tablets + 5 smartphones per user (Word, Excel, PowerPoint, OneNote,
Access), Office OnlineBusiness Business ProPlus ProPlus
Email & Calendar Outlook, Exchange Online 50GB 50GB unlimited unlimited
Chat-based
Workspace, MeetingsMicrosoft Teams ⚫ ⚫ ⚫ ⚫
File Storage OneDrive for Business 1 TB 1 TB unlimited unlimited
Social, Video, Sites Yammer, SharePoint Online, Planner ⚫ ⚫ ⚫ ⚫
Stream ⚫ ⚫
Business Apps Scheduling Apps – Booking, StaffHub ⚫ ⚫ ⚫ ⚫
Business Apps – Outlook Customer Manager, MileIQ1 Business center2, Listings2, Connections2, Invoicing2⚫ ⚫
Threat Protection Microsoft Advanced Threat Analytics, Device Guard, Credential Guard, App Locker, Enterprise Data Protection, ⚫ ⚫
Office 365 Advanced Threat Protection ⚫ ⚫
Windows Defender Advanced Threat Protection ⚫
Office 365 Threat Intelligence ⚫
Identity & Access
Management
Azure Active Directory - SSPR Cloud Identities, MFA, SSO >10 Apps ⚫ ⚫ ⚫
Azure Active Directory - Conditional Access, SSPR Hybrid Identities, Cloud App Discovery, AAD Connect Health ⚫ ⚫
Credential Guard and Direct Access ⚫ ⚫
Azure Active Directory Plan 2 ⚫
Device & App
Management
Microsoft Intune, Windows AutoPilot ⚫ ⚫ ⚫
Microsoft Desktop Optimization Package, VDA ⚫ ⚫
Information
Protection
Unlimited Exchange Archiving3, Office 365 Data Loss Prevention*, Azure Information Protection Plan 1 ⚫ ⚫ ⚫
Azure Information Protection Plan 2, Microsoft Cloud App Security, O365 Cloud App Security ⚫
On-Prem CAL Rights ECAL Suite (Exchange, SharePoint, Skype, Windows, SCCM, Win. Rights Management) ⚫ ⚫
Compliance Litigation Hold, eDiscovery, Compliance Manager, Data Subject Requests ⚫ ⚫ ⚫
Advanced eDiscovery, Customer Lockbox, Advanced Data Governance ⚫
Analytics Power BI Pro, MyAnalytics ⚫
Voice PSTN Conferencing, Cloud PBX ⚫
[1] Available in US, UK, Canada; [2] Currently in public preview in US, UK, Canada; [3] Unlimited when auto-expanding turned on *Data Loss Prevention Features will be available summer 2018
Detailed comparison of plans
Add-ons are SKUs that can be added to an existing suite or service
1There are no technical blockers for customers to purchase Office 365 Cloud App Security, but usage can only be achieved if an Office 365 workload is deployed.2Dial-out conferencing capabilities may incur additional per minute Communications Credits charges. Customers can disable these features to avoid additional billing. $24 includes both International and Domestic calling plans. Domestic only calling plans are available for $12.
Tax is included in price in the US. Service usage limits exist to manage fraud, abuse, excessive use, and maintain service performance. Further details about these services can be found in our recently published Skype for Business Online Service Use Terms.35,000 Seat Minimum. $6pupm for E1/E3, $2pupm for E5
Business Essentialsor
Business Premium
Microsoft
365 Business
Office 365
Enterprise E3
Microsoft 365
Enterprise E3
Office 365
Enterprise E5
Microsoft 365
Enterprise E5
Price
(USD)
Secu
rity
Advanced Threat Protection Add-on Included Add-on Add-on Included Included $2
Office 365 Cloud App Security Add-on Add-on Add-on Add-on Included Included $3
Advanced Compliance Add-on Add-on Add-on Add-on Included Included $8
Threat Intelligence Add-on Add-on Add-on Add-on Included Included $8
An
aly
tics Workplace Analytics N/A N/A Add-on Add-on Included Included $6/$2
MyAnalytics Add-on Add-on Add-on Add-on Included Included $4
Power BI Pro Add-on Add-on Add-on Add-on Included Included $10
Vo
ice
Audio Conferencing Add-on Add-on Add-on Add-on Included Included $4
Phone System N/A N/A Add-on Add-on Included Included $8
Calling Plan (Select countries) N/A N/A Add-onPhone System Required
Add-onPhone System Required
Add-on Add-on $12/$24**
Premium add-ons and their eligibility by plan
Microsoft Licensing Options
• Bundles vs. A la Carte - Mix and match!
• Enterprise vs. Business Bundles
• Open Volume
• Enterprise Agreements (EAs)
• Migrate SA Benefits from EA to MPSA
• Non-Profit
• Government/Education
• Cloud Service Provider (CSP)
Big Green IT can handle ALL of your Microsoft Licensing!
Four key areas of Intelligent Security
Secure the front door
Protection from Identity
driven breaches, Email attacks
and Attacks targeting OS
Secure devices
Workplace issued or
BYOD devices
Great employee
experience
Productivity without
compromise
Secure content
Protect content: At the
time of creation, in transit,
and during consumption
Microsoft Intelligent Security Graph
400Bemails
analyzed
1.2Bdevices
scanned each month
200+global cloud
customer and commercial services
930Mthreats detected on devices every month
Shared threat data from partners,
researchers, and law enforcement worldwide
Botnet data from Microsoft Digital
Crimes Unit
18B+Bing web pages
scanned 450Bmonthly
authentications
Enterprise security
for 90% of
Fortune 500
750M+Azure user accounts
Azure
Outlook
Xbox Live
Bing
OneDrive
Windows
Microsoftaccounts
Microsoft platform
80%
of employees use non-
approved apps for work
81%
of breaches are caused
by credential theft
73%
of passwords are
duplicates
1) SECURE THE FRONT DOOR: WHY IDENTITY IS IMPORTANT
Microsoft Intune
Office 365 Threat
Intelligence
Windows Defender
Advanced Threat
Protection
Azure Active
Directory
Office 365 Advanced
Threat Protection
Microsoft Cloud
App Security
Azure Security
Center
Azure Advanced
Threat Protection
Windows 10
Identities: Validating, verifying and
protecting both user and admin
accounts
User Data: evaluating email messages
and documents for malicious content
Endpoints: protecting user devices and
signals from sensors
Infrastructure: protecting servers,
virtual machines, databases and
networks across cloud and on-
premises locations
Cloud Apps: protecting SaaS applications
and their associated data stores
1
3
2
5
4
Microsoft Threat Protection
Exchange Online
Protection
SQL ServerWindows Server
Linux
1 billion Windows devices updated
450 billion Microsoft Azure user
authentications
400 billion Office emails analyzed
Integration across our platforms and services
Cloud App Security
Office 365 Advanced Threat Protection addresses our customer’s challenges
Protect business critical data
Detect compromised users Gain visibility to respond to threats
Protect your data• Advanced Threat Protection Safe Attachments: detonating malicious attachments
Detonation
Protect your data• Advanced Threat Protection Safe Links: Time of click protection for malicious links
Web serversperform latest URL reputation check
Rewriting URLs to redirect to a web server.
User clicking URL is taken to EOP web servers for the latest check at the “time-of-click”
Protect your data• Advanced Threat Protection: URL detonation (Anti-Phishing)
DetonationEmail with link Link added to reputation server
https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-advanced-threat-protection-service-description
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-technical-faq
https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp
I want to know what authentication
methods are available through Azure AD
and select the right one for my org
I need to leverage Azure AD to monitor
access and to manage identity lifecycles
I want to protect access to my
resources from advanced threats
Conditional
Access
Multi-Factor
Authentication
Addition of
custom cloud
apps
Remote Access
to on-premises
apps
Privileged
Identity
Management
Dynamic GroupsIdentity
Protection
Azure AD DSOffice 365 App
Launcher
Group-Based
Licensing
Access
Panel/MyApps
Azure AD
Connect
Connect Health
Provisioning-
Deprovisioning
Azure AD Join
Self-Service
capabilities
MDM-auto
enrollment /
Enterprise State
Roaming
Security
Reporting
Access ReviewsHR App
Integration
B2B
collaboration
Azure AD
B2C
SSO to SaaS
Microsoft
Authenticator -
Password-less
Access
1
2
3
Getting to a world without passwords
Windows Hello Microsoft Authenticator FIDO2 Security Keys
In ProductionPublic Preview
NowPublic Preview Now
© 2017 Microsoft Terms of Use Privacy & Cookies
Cancel
Need Help?
Making sure it’s you
Follow the instructions on the Microsoft
Authenticator app and enter the number you see
below.
4026
MFA for enterprise and consumer accounts and
applications
Device registration (workplace join)
Single sign-on to native mobile apps
Certificate-based SSO
Recent News
Passwordless sign on to devices, apps, and
web services
https://aka.ms/deploymentplans
http://aka.ms/securitysteps
http://aka.ms/passwordguidance
http://aka.ms/aaddatawhitepaper
https://aka.ms/PasswordHashSync
2) Secure Content: Protect, Classify/Label, Monitor/RespondAzure Information Protection
DOCUMENT
TRACKING
DOCUMENT
REVOCATION
Monitor &
respond
LABELINGCLASSIFICATION
Classification
& labeling
ENCRYPTION
Protect
ACCESS
CONTROLPOLICY
ENFORCEMENT
aDISCOVER SENSITIVE INFORMATION
CLOUD & SaaS APPS
No matter where it’s created, modified or shared
MCAS
AIP scanner
FINANCE
CONFIDENTIAL
CLASSIFY: SENSITIVITY LABELS PERSIST WITH THE DOCUMENT
Document labeling – what is it? Metadata written into document files
Travels with the document as it moves
In clear text so that other systems such as a DLP engine can read it
Used for the purpose of apply a protection action or data governance action – determined by policy
Can be customized per the organization’s needs
Protect the Crown Jewels
If the critical documents are in a centralized location:
Use AIP PowerShell to bulk classify/protect the data
If documents are not centralized:
Use client-side AIP for users to identify the critical data and classify/protect it
Use restrictive rights that grant rights to a reduced set of users
Grant full rights to a minimal group of designated users (e.g. if an extraction needs to be made, if data needs to be reclassified or shared, etc.)
Use AIP reporting, content tracking, Scanner and MCAS to analyze and report on access to these documents
Enhanced visibility and control
Microsoft Cloud App Security
Identify high-risk and
abnormal usage, security
incidents, and threats.
Shape your Azure/Office 365
environments with granular
security controls and policies.
Gain enhanced visibility and
context into your
Azure/Office 365 usage and
shadow IT – no agents
required.
Threat
Detection
Enhanced
Control
Discovery
& Insights
Office 365
Salesforce Azure
Box
AWS
DropboxFacebook
TwitterYouTube
Mobile application management
PC managementMobile device management
Strategically direct the flow of your mobile ecosystem, giving your end
users the experience they expect while ensuring your corporate data is
protected at every turn.
3) Secure Devices: Device Management (Intune)
Enable your users
Protect your data
Microsoft Intune
User IT
Set mobile app protection & device configuration policies
Configure users & policies
The Setup wizard helps you enable security policies and device configuration from a centralized console in an easy, simple manner.
This is how we protect you from ransomware and keep company data secure.
Setup wizard
Get up and running fast
Save time by easily configuring security features and
settings on Windows 10 devices with Mobile Device
Management, fully automating your Windows installation
with Windows AutoPilot, and enabling or disabling
Windows Store or Cortana on company-owned devices
with Enhanced Manageability.
Reduce hardware costs and simplify management by
running multiple operating systems on one Windows
device as virtual machines (VMs) with Client Hyper-V.
Deploying and managing Microsoft 365 Business is
straightforward – advanced IT expertise is required to set
up new devices with all the Office apps your employees
need. You can add and remove users in minutes, and call if
you need support.
Click to edit Master title style4) Great Employee Experience: Control access to data based on real-time context
Conditional access allows you to define policies that provide contextual controls at the user, location, device, and app levels. As conditions change, natural user prompts ensure that only the right users on compliant devices can access sensitive data.
Lig
ht B
lue
R0 G
188 B
242
Gre
en
R16 G
124 B
16
Red
R232 G
17 B
35
Mag
en
taR
180 G
0 B
158
Pu
rple
R92 G
45 B
145
Blu
eR
0 G
120 B
215
Teal
R0 G
130 B
114
Yello
wR
255 G
185 B
0
Ora
ng
eR
216 G
59 B
1
Lig
ht Y
ello
wR
255 G
241 B
0Lig
ht O
ran
ge
R255 G
140 B
0Lig
ht M
ag
en
taR
227 G
0 B
140
Lig
ht P
urp
leR
180 G
160 B
255
Lig
ht T
eal
R0 G
178 B
148
Lig
ht G
reen
R186 G
216 B
10
Dark
Red
R168 G
0 B
0D
ark
Mag
en
ta
R92 G
0 B
92
Dark
Pu
rple
R50 G
20 B
90
Mid
Blu
eR
0 G
24 B
143
Dark
Teal
R0 G
75 B
80
Dark
Gre
en
R0 G
75 B
28
Dark
Blu
eR
0 G
32 B
80
Mid
Gra
yR
115 G
115 B
115
Dark
Gra
yR
80 G
80 B
80
Ric
h B
lack
R0 G
0 B
0
Wh
iteR
255 G
255 B
255
Gra
yR
210 G
210 B
210
Lig
ht G
ray
R230 G
230 B
230
Microsoft 365 Demo
protection.office.comservicetrust.microsoft.comsecurescore.microsoft.com
Security & Compliance Admin Center
Microsoft Secure Score
Microsoft Compliance Manager
Microsoft Cloud App Security
GET MORE ANSWERS AT THE
MICROSOFT TRUST CENTER
https://securescore.microsoft.com
https://aka.ms/ComplianceManager
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-licensing
https://www.biggreenit.com/blog/pushing-back-against-unauthorized-users
https://www.biggreenit.com/blog/mobile-device-management
https://www.microsoft.com/en-us/cloud-platform/microsoft-intune-pricing
https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-advanced-threat-protection-service-description
https://azure.microsoft.com/en-us/features/azure-advanced-threat-protection/
https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp
https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/
https://cloudblogs.microsoft.com/microsoftsecure/2018/11/28/windows-defender-atp-device-risk-score-exposes-new-cyberattack-drives-conditional-access-to-protect-networks/
https://www.microsoft.com/en-us/microsoft-365/blog/2018/06/12/how-we-built-rebuilt-intune-into-a-leading-globally-scaled-cloud-service/
https://cloudblogs.microsoft.com/microsoftsecure/
www.microsoft.com/sir
https://info.microsoft.com/MicrosoftasaTrustedAdvisorandPartneronCyberResilience-Registration.html
https://buildazure.com/2018/02/16/microsoft-virtual-security-summit-2018/
https://www.cisecurity.org/benchmark/azure/
Documents Download
https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/5-tips-to-help-you-prepare-for-the-new-California-Consumer/ba-p/359610
Thank You!
• Surveys
• Drawing
• Presentation will be sent to everyone!
• Free Trial through BigGreen IT!
• http://biggreenit.com/365trial
• Useful Links
• http://roadmap.office.com
• http://trust.office365.com
• LinkedIn: https://www.linkedin.com/in/wade-
walker-a830781/
• Twitter: @coachwade