Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Llunitebe2018 ten practical tips to secure your corporate data with microsoft 365 112018 edition

Kenny Buntinx
Kenny Buntinx

ten practical tips to secure your corporate data with microsoft 365 112018 edition by Kenneth Van Surksum and Peter Daalmans

Related slideshows

Programming with Azure Active Directory
Programming with Azure Active DirectoryProgramming with Azure Active Directory
Programming with Azure Active Directory
 
WSO2 Enterprise Mobility Manager - 2.0
WSO2 Enterprise Mobility Manager - 2.0WSO2 Enterprise Mobility Manager - 2.0
WSO2 Enterprise Mobility Manager - 2.0
 
O365Con18 - Azure Active Directory - Sasha Kranjac & Mustafa Toroman
O365Con18 - Azure Active Directory - Sasha Kranjac & Mustafa ToromanO365Con18 - Azure Active Directory - Sasha Kranjac & Mustafa Toroman
O365Con18 - Azure Active Directory - Sasha Kranjac & Mustafa Toroman
 
1 of 27
Download to read offline
#Scugbe #LLUniteBE #BEEMUG Ten practical tips to secure your corporate data with Microsoft 365 NOVEMBER 2018 EDITION
Thanks to our event sponsors Silver Platinum #Scugbe #LLUniteBE #BEEMUG
Kenneth van Surksum Senior Consultant @ Insight24 ksurksum@insight24.nl @kennethvs
Peter Daalmans Consultant & Trainer @ Daalmans Consulting Enterprise Mobility MVP peter@daalmansconsulting.com @pdaalmans
Agenda • Identity • Conditional access • Resource access & App management • MDM / Modern Management
Identity related tips
Choose right identity model • Cloud only identity, synced identity, federated identity • Do not sync complete Active Directory • Select OU with “cloud users" • Select OU with “cloud groups” Cloud Identity Independent cloud identity Synchronized Identity Single identity, enabling a same sign-on experience with password hash sync Federated Identity Single federated identity, enabling single sign-on in some scenarios and additional flexibility
How many global admins do you have? • Microsoft best practice is to use up to five global admins. • Use Role Based Access Control (RBAC) model • Use Azure Privileged Identity Management (PIM) User Administrator UserAdministrator privileges expire after a specified interval
Identity protection • Protect your identity with • Monitoring for risks / risky behavior • MFA based Conditional Access
Demo ❖IDENTITY ❖ Identity Protection ❖ RBAC ❖ PIM
Conditional access tips
Device and app based conditional access •Configure App Based conditional access to • Control data leakage for Exchange and SharePoint Online • Web services via Intune Managed Browser or Edge •Enable device based conditional access to • Allow access only on managed or controlled devices •Look at legacy protocols like POP, IMPA, EWS with legacy authentication •Legacy authentication for EWS in Exchange Online deprecated at Oct. 13, 2020 Still have CA v1 policies active? Be sure to move to CA v2!!
Enhance Compliance •Enhance device compliance by adding • Mobile Threat Protection of • Lookout for Work • Symantec Endpoint Protection • Check Point SandBlast Moblie • Zimperium • Windows Defender ATP •General Compliance configuration (default state)
Demo CONDITIONAL ACCESS - DEVICE CONDITIONAL ACCESS
Resource access & app tips
App Management • App Protection • App Protection with or without enrollment for Windows, iOS and Android • App Configuration • App Configuration for supported apps on iOS and Android (with or without enrollment) • App Deployment
Azure AD Application Proxy • Use Azure AD Application Proxy to • Publish Internal Web Services • Control access via Azure AD Conditional Access • Publish NDES via Azure Web Application Proxy • Provides DDOS prevention out of the ‘box’ • Integrate with Managed Browser • Integrate with Conditional Access • Allow wildcard access (*.emskings.com)
Demo RESOURCE ACCESS - APP MANAGEMENT - APP CONDITIONAL ACCESS - AZURE WEB APPLICATION PROXY
MDM related tips
Move of Android legacy management! Deprecation announced ◦ Announced publicly by Google Dec 19 (https://cloudblogs.microsoft.com/enterprisemobility/2017/ 12/19/modern-android-management-with-microsoft- intune/) ◦ Deprecated in Android 9/P (~2018) ◦ Removal in Android 10/Q (~2019) Android Enterprise ◦ One common experience
Android Enterprise management modes Designed for BYOD • Managed work profile exists alongside personal profile • Enrollment initiated by IW by installing CP app For IW • Privacy and separation assurances For IT • Management and containerization Corp-owned • Device is fully managed • No personal Google account required Must be provisioned at device setup • Options: NFC, QR, Android Zero- touch enrolment Several deployment scenarios • Single use (COSU) • Business only (“worked managed” or COBO) • Personally enabled (“work managed, personally enabled”)(COPE, 8.0+) Managed Google Play Store leveraged across all Android enterprise modes to provide app deployment and configuration
Migration to Android Enterprise •BYOD scenario: •Unenroll from Android Device Administrator (Legacy) •Enroll in Android Enterprise (work profile) •COSU, COBO, COPE •Factory reset of device, enroll via QR, code or NFC
Supervised mode • Enable supervised mode for corporate owned iOS devices via • Apple Device Enrollment Program • Apple Configurator • Lots more policies and management options • Devices are marked as company owned
Windows 10 - AutoPilot • Start evaluating Windows 10 AutoPilot • Configure Windows 10 OBEE Enrollment experience • Windows Store for Business integrates with Intune, SCCM and 3rd party MDM.
Share your ideas Share your voice / ideas! ◦http://microsoftintune.uservoice.com/ ◦http://configurationmanager.uservoice.com/
More questions; @pdaalmans or @kennethvs
Questions?

More Related Content

Llunitebe2018 ten practical tips to secure your corporate data with microsoft 365 112018 edition

  • 1. #Scugbe #LLUniteBE #BEEMUG Ten practical tips to secure your corporate data with Microsoft 365 NOVEMBER 2018 EDITION
  • 2. Thanks to our event sponsors Silver Platinum #Scugbe #LLUniteBE #BEEMUG
  • 3. Kenneth van Surksum Senior Consultant @ Insight24 ksurksum@insight24.nl @kennethvs
  • 4. Peter Daalmans Consultant & Trainer @ Daalmans Consulting Enterprise Mobility MVP peter@daalmansconsulting.com @pdaalmans
  • 5. Agenda • Identity • Conditional access • Resource access & App management • MDM / Modern Management
  • 7. Choose right identity model • Cloud only identity, synced identity, federated identity • Do not sync complete Active Directory • Select OU with “cloud users" • Select OU with “cloud groups” Cloud Identity Independent cloud identity Synchronized Identity Single identity, enabling a same sign-on experience with password hash sync Federated Identity Single federated identity, enabling single sign-on in some scenarios and additional flexibility
  • 8. How many global admins do you have? • Microsoft best practice is to use up to five global admins. • Use Role Based Access Control (RBAC) model • Use Azure Privileged Identity Management (PIM) User Administrator UserAdministrator privileges expire after a specified interval
  • 9. Identity protection • Protect your identity with • Monitoring for risks / risky behavior • MFA based Conditional Access
  • 12. Device and app based conditional access •Configure App Based conditional access to • Control data leakage for Exchange and SharePoint Online • Web services via Intune Managed Browser or Edge •Enable device based conditional access to • Allow access only on managed or controlled devices •Look at legacy protocols like POP, IMPA, EWS with legacy authentication •Legacy authentication for EWS in Exchange Online deprecated at Oct. 13, 2020 Still have CA v1 policies active? Be sure to move to CA v2!!
  • 13. Enhance Compliance •Enhance device compliance by adding • Mobile Threat Protection of • Lookout for Work • Symantec Endpoint Protection • Check Point SandBlast Moblie • Zimperium • Windows Defender ATP •General Compliance configuration (default state)
  • 14. Demo CONDITIONAL ACCESS - DEVICE CONDITIONAL ACCESS
  • 15. Resource access & app tips
  • 16. App Management • App Protection • App Protection with or without enrollment for Windows, iOS and Android • App Configuration • App Configuration for supported apps on iOS and Android (with or without enrollment) • App Deployment
  • 17. Azure AD Application Proxy • Use Azure AD Application Proxy to • Publish Internal Web Services • Control access via Azure AD Conditional Access • Publish NDES via Azure Web Application Proxy • Provides DDOS prevention out of the ‘box’ • Integrate with Managed Browser • Integrate with Conditional Access • Allow wildcard access (*.emskings.com)
  • 18. Demo RESOURCE ACCESS - APP MANAGEMENT - APP CONDITIONAL ACCESS - AZURE WEB APPLICATION PROXY
  • 20. Move of Android legacy management! Deprecation announced ◦ Announced publicly by Google Dec 19 (https://cloudblogs.microsoft.com/enterprisemobility/2017/ 12/19/modern-android-management-with-microsoft- intune/) ◦ Deprecated in Android 9/P (~2018) ◦ Removal in Android 10/Q (~2019) Android Enterprise ◦ One common experience
  • 21. Android Enterprise management modes Designed for BYOD • Managed work profile exists alongside personal profile • Enrollment initiated by IW by installing CP app For IW • Privacy and separation assurances For IT • Management and containerization Corp-owned • Device is fully managed • No personal Google account required Must be provisioned at device setup • Options: NFC, QR, Android Zero- touch enrolment Several deployment scenarios • Single use (COSU) • Business only (“worked managed” or COBO) • Personally enabled (“work managed, personally enabled”)(COPE, 8.0+) Managed Google Play Store leveraged across all Android enterprise modes to provide app deployment and configuration
  • 22. Migration to Android Enterprise •BYOD scenario: •Unenroll from Android Device Administrator (Legacy) •Enroll in Android Enterprise (work profile) •COSU, COBO, COPE •Factory reset of device, enroll via QR, code or NFC
  • 23. Supervised mode • Enable supervised mode for corporate owned iOS devices via • Apple Device Enrollment Program • Apple Configurator • Lots more policies and management options • Devices are marked as company owned
  • 24. Windows 10 - AutoPilot • Start evaluating Windows 10 AutoPilot • Configure Windows 10 OBEE Enrollment experience • Windows Store for Business integrates with Intune, SCCM and 3rd party MDM.
  • 25. Share your ideas Share your voice / ideas! ◦http://microsoftintune.uservoice.com/ ◦http://configurationmanager.uservoice.com/
  • 26. More questions; @pdaalmans or @kennethvs