OFFICE 365

Premium Management

and Protection of Identity

and Access with Azure AD

Jan Vidar Elven

OFFICE 365

Jan Vidar Elven

Enterprise Mobility MVP

Cloud and Datacenter

Architect @ Skill

P-TSP @ Microsoft

OFFICE 365

KEY TAKEAWAYS

Protect Admin Roles

Assess Risks and Vulnerabilities for Users

Monitor Azure AD Health

Use Azure MFA Conditionally

OFFICE 365

Azure AD Premium Offerings

Manage Azure AD administrator role access

On-demand admin access

Real-time risk event & vulnerability detection, and Mitigation Policies

Monitor and gain insights

Second layer of security

OFFICE 365

Requirements

■For Privileged Identity Management +

Identity Protection + Connect Health:

■Azure AD Premium P2/EMS E5

■Global Administrator Access to Configure

■End Users:

■Azure AD Premium/EMS and Password

Writeback for Policy Mitigation

OFFICE 365

Administrators

Intune

Azure Information

Protection

Protect your users, devices, and apps

Detect problems early with visibility and threat analytics

Protect your data, everywhere

Extend enterprise-grade security

to your cloud and SaaS apps

Manage identity with hybrid

integration to protect application

access from identity attacks

Advanced Threat Analytics

Microsoft Cloud App Security

Azure Active Directory

Identity Protection

Users

Privileged Identity Management

Classified as Microsoft General

CLOUD-POWERED PROTECTION

Discover, restrict, and monitor privileged identities

Enforce on-demand, just-in-time administrative access when needed

Provides more visibility through alerts, audit reports and access reviews

Global Administrator

Billing Administrator

Exchange Administrator

User Administrator

Password Administrator

Classified as Microsoft General

CLOUD-POWERED PROTECTION

How time-limited activation of privileged roles works

MFA is enforced during the activation process

Alerts inform administrators about out-of-band changes

Users need to activate their privileges to perform a task

Users will retain their privileges for a pre-configured amount of time

Security admins can discover all privileged identities, view audit reports and review everyone who has is eligible to activate via access reviews

Audit

SECURITY ADMIN

Configure Privileged

Identity Management

USER

PRIVILEGED IDENTITY MANAGEMENT

Identity

verificationMonitor

Access reports

MFA

ALERT

Read only

ADMIN PROFILES

Billing Admin

Global Admin

Service Admin

OFFICE 365 Azure AD Privileged Identity Management

(PIM)

Key Features:

■Access Review

■ Enable on-demand, "just in time" administrative access

■ Reports on access history and administrator assignments

■Alerts about access and configurations to a privileged role

OFFICE 365

Configure Azure AD PIM

Sign in Azure Portal with Global Administrator

Select New > Security + Identity > Azure AD Privileged Identity Management for your Azure AD tenant

First admin will be:

■Security administrator

■Privileged role administrator

OFFICE 365OFFICE 365

Demo - Azure AD Privileged

Identity Management

Enabling organizations to control access based on risk

Risk severity calculation

Remediation recommendations

Risk-based conditional access automatically protects against suspicious logins and compromised credentials

Gain insights from a consolidated view of machine learning based threat detection

Leaked credentials

Infected devices Configuration

vulnerabilities

Risk-based

policies

MFA Challenge Risky Logins

Block attacks

Change bad credentials

Machine-Learning Engine

Brute force attacks

Suspicious sign-in activities

Use the power of Identity Protection in PowerBI, SIEM and other monitoring tools

OFFICE 365

OFFICE 365

Azure AD Identity Protection

Key Features:■Risk event detection and risk

accounts

■ Investigate risk events

■Risk-based conditional access policies:■Sign-in risk policy

■User risk policy (not for federated users in preview)

■MFA registration policy

OFFICE 365OFFICE 365

Demo - Azure AD Identity

Protection

OFFICE 365

Azure AD Connect Health

Features:

■Azure AD Connect Health for Sync

■Azure AD Connect Health for ADFS/WAP

■Azure AD Connect Health for AD DS (Preview)

OFFICE 365

OFFICE 365

Configure Azure AD Connect Health

Get Azure AD Premium

Download, Install & Register Connect Health Agent:

■AD FS/Proxy/WAP Health Agent

■AD DS Health Agent

■Azure AD Connect Server (>=version 1.0.9125.0)

Go to https://aka.ms/aadconnecthealth

OFFICE 365OFFICE 365

Demo - Azure AD Connect

Health

OFFICE 365 Azure Multi-Factor Authentication (MFA)

MFA Versions:

■MFA for Office 365

■MFA for Azure Admins

■Azure MFA

Features:

■Selected Authentication Methods

■Admin Control

OFFICE 365OFFICE 365

Demo - Azure Multi-Factor

Authentication

OFFICE 365

SummaryTakeaways:

Protect Admin Roles

Assess Risks and Vulnerabilities for Users

Monitor Azure AD Health

Use Azure MFA Conditionally

Contact:E-mail: jve@skill.no

Twitter: @skillriver

Blog: http://systemcenterpoint.wordpress.com

OFFICE 365

17:15 – 18:15

Closing Note

Hasain Alshakarti, Marcus Murray