Securing the Remote Workplace · • Group and team expiration, retention, and archiving ......
Transcript of Securing the Remote Workplace · • Group and team expiration, retention, and archiving ......
Securing the Remote WorkplaceRapidly deploy and secure Microsoft Teams
Synergy Advisors• What we do?
• Design and deploy end-to-end Cyber security solutions, based on Microsoft and partner products
• Services
• Consulting
• Training and Events
• New! Managed Services
• Custom Solutions
• Enterprise Analytics, secure collaboration and data protection
• E-Suite: E-Visor, E-Cryptor, & E-Inspector
• Partner Solutions
• Cymulate, IONIC, Secude, Thales, Lookout
• Sharegate, BitTitan
• Offices
• 130+ Consultants
• US [SEA, CLT, NYC], Latam [NI, CR, CO, PR]
• Recognitions (2015 – 2020)• 20/20 Security Workshop Partner of the Year• WW EM+S Highest Activation Partner FY2018 [Q4]• US EPG Partner of the Year [West Coast]
• Finalist 2017
• WW Microsoft Partner Case Study – Cloud Adoption
• Winner - FY 2016
• WW EMS Partner of the Year• Finalist 2016, Nominated 2015
• Alliance Partner of the year • Nominated FY 2015 & 2016
• National Solution Partner of the Year• Nominated FY 2015 & 2016
• Compete Partner of the Year• Nominated FY 2015 & 2016
• Cloud Partner of the Year • Nominated FY 2015 & 2016
• Specialty Partner Apps and IP• Nominated FY 2015 & 2016
Agenda• New landscape for Teamwork #WFH (Work From Home - #covid-19)
• Microsoft Teams Adoption
• Use cases
• Fundamental function• Best Practices/ Lessons learned from the field• Corporate Culture• Service Management of Microsoft Teams
• Governance, Management and Lifecycle• Group and team expiration, retention, and archiving
• Security and Compliance• Advance Threat Protection (ATP), Safe Links, Retention Policies, Data Loss Prevention (DLP),
eDiscovery
Microsoft Teams is Transforming the way people work
Enabling Remote Work Community
Microsoft Teams hits 44M daily active users Spiking
37% in one week amid remote work surge
• Make the most of meetings
• Be inclusive and use your video
• Track notes and action items, share frequently used documents
• Customize your virtual workspace
Staying productive while working remotely with Microsoft Teams
• Set up your workspace
• Communicate, communicate, communicate
• Maintain healthy boundaries
• Embrace online meetings
• Be mindful and inclusive
• Make up for missing hallway talk
• Bring the team together
Best Practices for Working from Home (WFH)
Microsoft Teams Adoption
Like: Plan > Build > Deploy
1. Start
2. Experiment
3. Scale
Put Aside the Traditional Steps
aka.ms/SuccessWithTeams.
Teams admin center> Planning > Teams Advisor
Start
• Validate adoption prerequisites
• Assemble your team
• Understand teams and channels
• Set up your first teams on Teams to build your technical knowledge
• Assess your organization's readiness for change
Teams admin center> Planning > Network Planner
Experiment
• Create your champions program
• Governance quick start
• Define usage scenarios
• Onboard early adopters and gather feedback
• Onboard support
Scale• Define outcomes and success
• Optimize feedback and reporting
• Drive awareness and implement training
• Schedule service health reviews
Governance, Management & Lifecycle
Apps
One identity Federated resources Loose coupling
Azure AD is the master for group
identity & membership
Office 365 services extend with
their data
Service notify each other of
changes to a group
Attributes
FlowUser creates new group
for teamwork
Group experience
populated in app of choice
Group identity created in
Azure Active Directory
Office 365 Groups is a Membership Service
What Do I Get with Office 365 Groups?
Entry-points for self-service creation
Planner “Outlook
“Team”
“Team”
“Team”
“Yammer
Connected”
Group”
X
X
X X=
=
=
Why Ensure Governance?
Administrative efficiency
Accurate cataloging & monitoring of adoption, usage and governance attributes for collaboration workspaces
Provable compliance with internal and external policies and regulatory requirements
Repeatable and consistent service delivery
How Teams are
requested, approved
and created
For Microsoft Teams, you need to govern:
Provisioning
How information,
access and containers
are managed
Operations
How to
retain/expire/dispose of
information as
appropriate
Information Lifecycle
Governance Focus
Azure AD Licensing Requirements
Govern Provisioning
• Sprawl
• Duplication
• Appropriateness
• Convention
• Cataloging
Restrict who can create Groups
Documentation: Manage who can create Office 365 groups | Populate groups dynamically based on object attributes
Set naming policy & custom blocked words
Documentation: Office 365 Groups Naming Policy
https://aad.portal.azure.com/
Provisioning Gotcha: Privacy
Make sure privacy is set accordingly
Public or Private?
Govern Operations
• Monitor usage and adoption
• Ensure users aren’t doing what they shouldn’t
• Quota enforcement
• SharePoint governance
Native “Dynamic Membership”Based on AAD
Attributes
▪ AAD properties drive
membership
▪ Not based on Security
Group Membership
Requires clean AAD
▪ AAD properties must
be current and
complete
Monitor adoption and usage
Security & Compliance for Microsoft Teams
PrivacySecurity
Security by design
• Data Encryption at rest and in transit
• Dedicated security professionals
• Threat models, Security Reviews, Automated
Security Tools
• Penetration testing with regular rotation of
3rd party penetration testers
• All keys stored in Azure Key Vault
• Admin: Screening, training, access control
• Host: Access control, anti-malware, patch
management, AAD Modern Authentication
• Network: Firewalls, edge routers
• Facility: Physical controls, video surveillance,
access control
• Bug Bounty Program (We pay friends, hackers
and researchers to find security bugs)
Privacy by design
• Data stored in-region based on tenant affinity
• No customer content accessible in logs or
telemetry
• Grant least privilege required to complete task
• Dedicated Privacy professionals
• Adhere to Office 365 data classification and
data handling standards
• Access to Production environments is locked
down
• GDPR
Security & Privacy
How compliant is Microsoft Teams?
http://aka.ms/STP is where you can
download the audit reports
https://aka.ms/MicrosoftComplianceStan
dards for Microsoft Compliance
Standards DownloadMore than 950 Office 365 controls
• Access control
• Auditing and logging
• Identification and authorization
• Awareness and training
• Continuity planning
• Incident response
• Risk assessment
• Communication protection
• Information integrity
• Deployment Approvals and management
Ongoing compliance processes
• Recurring audits like SOC, FEDRAMP, ISO+
independent verification
Microsoft Teams Certification
Microsoft Cloud Services Verified with
International, Regional and Industry
specific standards and terms
Strong Privacy and Security Commitments
• ISO 27001
• ISO 27018
• EU Model Clauses (EUMC)
• GDPR
• HIPAA Business Associated Agreement
• SSAE 16 SOC 1 & SOC 2 Reports
• FedRAMP Moderate and High
• IRS 1075, UK Official (IL2)
• Health Information Trust Alliance
(HITRUST)
Contractual commitment to meet US and
EU data residency requirements
Controls
Ava
ilab
le T
od
ay
Compliance Features availableCapability Description
Archive Any content stored in any Teams related workload needs to be preserved immutably
Compliance Content search Search content stored in any workload through rich filtering capabilities and export to a container for compliance and litigation.
eDiscovery – Messaging/FilesRich in-place eDiscovery capabilities including case management, preservation, search, analysis and export to help our customers simplify the eDiscovery process to quickly identify relevant data while decreasing cost and risk.
Legal hold When any team or individual is put on In-Place Hold or litigation hold, the hold is placed on the primary and archive messages.
Auditing and reporting All Team activities and business events must be captured and available for customer search and export.
Conditional Access and Intune MAM
Ensure that access to Microsoft Teams is restricted to devices that are compliant with IT Admin or Corporate Organization setpolicies and security rules both for the Teams Apps and the services it uses under the hood. Includes MAC Support for Conditional Access as well.
Moderator supportThe ability to have a moderator (owner of team) of a Team delete data from any user in the team that is inappropriate and mute users in a team/channel.
Windows Information ProtectionWIP, previously known as enterprise data protection (EDP), helps to protect against this potential data leakage without otherwise interfering with the employee experience. WIP also helps to protect enterprise apps like MS Teams.
Allowed List of Apps An Admin can control the list of 3P apps (bots, connectors, tabs) that can be used by end users within a tenant.
Retention / PreservationHelp organizations reduce the liabilities associated with messaging. The Customer can configure their tenant to retain data for a fixed period of time or retain it with unlimited storage for different Teams workloads.
eDiscovery – Calling/MeetingsRich in-place eDiscovery capabilities including case management, preservation, search, analysis and export to help our customers simplify the eDiscovery process to quickly identify relevant data while decreasing cost and risk.
Data loss prevention (DLP)Identify any sensitive data stored being transferred within or outside of Customer Organization in Teams to intercept and prevent leakage for Files and Chat/Channel Messages.
Advanced Threat ProtectionSupport for safe files and safe links in Microsoft Teams to protect your organization from malicious attacks with the power of Office 365 Advanced threat protection
Business information Barriers Prevent exchanges or communication that could lead to conflicts of interest. (a.k.a. Ethical walls)
VDI Virtual Desktop support for Teams to serve requirements of regulated industries and users with virtual desktops
Chat
service
Microsoft
Teams
O365 Information
Protection tools
▪ eDiscovery
▪ Legal Hold
▪ Compliance content
search
▪ Archive
▪ Retention
▪ Audit Logs
▪ 1:1 chats
▪ Group chats
▪ Channel messages
▪ SharePoint Files
▪ OneNote/Wiki
▪ OneDrive for Business
O365
substrate
Refresher: How Teams Enables Information Protection
Retention Policies for Microsoft TeamsFeatures Available
Retention Policies for Teams Chat and Channel MessagesNote: includes ability to target specific Teams for channel messages and Users for 1xN chat
Now
Support for retention policies for Teams Files
Now
Support for Preservation and Deletion policies > 30 days
Now
Support for Deletion Policies under 30 days
Coming soon
Support for Advanced Retention settings
Future
https://protection.office.com/retention
▪ Files Protected through OneDrive and SharePoint DLP
▪ Support for Office 365 DLP (80sensitive types supported)
▪ Support for 3rd Party DLP providers through:
▪ Graph Webhook (an event API) to listen to all Teams messages via admin approved 3rd Party app
▪ Graph API to update message with DLP Violation
DLP Mode
- Passive
- Intercept
Sharing of data
- Internal
- External
DLP Provider
- Microsoft
- 3rd Party
Protection
- Messaging
- Files
Data Loss Prevention Scenarios
https://aad.portal.azure.com/
MFA with Conditional Access
• Protecting your company data at the app level
• End-user productivity isn't affected, and policies don't apply when using the app in a personal context
• App protection policies
make ensure app-layer
protections are in place
• MDM, in addition to MAM,
makes sure that the device
is protected
Microsoft Intune App Protection Policies
https://devicemanagement.microsoft.com/
https://protection.office.com/safeattachment
Protect files Microsoft Teams with Office 365 ATP
Security & Compliance Resources
Teams Documentation
• All Compliance features in a nutshell
• Content Added based on request from IT Pro audience
https://aka.ms/TeamsSecurityandCompliance
Office 365 SCC documentation
• Each Information Protection Feature in detail
• Teams specific sections
• Examples and Samples
https://aka.ms/SCCOverview
Ignite Recordings
• Learn by watching videos and demos
• Ignite 2017
• Ignite 2018 placeholder
https://channel9.msdn.com
AI in Teams − Available today!
Mobile companion
mode
Inline message
translation
Meeting recording
transcription
Background
blur
Next Steps
Delivery Framework
Security, collaboration and
infrastructure maintenance and
change management
Monitoring
Incident Response
[2-3 year agreement]
Time and Materials (customized)
NEW!
Managed Services
Training sessions and workshops to
develop customer’s knowledge of M365 and Azure in cloud,
hybrid and On-premises scenarios
-Microsoft workloads
-Third-Party Solutions
[2-5 Days]
Price per Attendee
Workshops, Training and Events
Advanced implementation and
configuration of M365 / Azure
Includes additional M365 components
- Microsoft workloads
-Third-Party Solutions
Time and Materials (customized)
Production Deployment +
Basic implementation focused on up to
four use cases and configuration of
M365 / Azure
Integration with up to two workloads
[3-4 Weeks]
Fixed Price
Rapid Production Deployment
Security Assessments
•M365
•Azure
•Infrastructure
Compliance Assessments
•NIST/CIS
•ISO 2700x
Penetration Testing
•Controlled scanning
•ISO 2700x
[2-3 Weeks]
Fixed Price
NEW! Cyber Security and Compliance
Assessments
Testing environment to
evaluate the M365/Azure
solution against customer’s specific
use cases
[2-3 Weeks]
Fixed Price
Staging/PoC in a Box
Sessions to evaluate customer’s current
use cases and define a proposed
M365 / Azure architecture
[3-4 Days]
Fixed Price
Architecture Design Sessions [ADS]
Why Synergy?
• Expert team of consultants with proven field experience since 2003
• Deep experience integrating Microsoft 365 identity and security solutions and complimentary technologies to achieve strategic requirements
• Focused on designing and deploying identity and security platforms
• Knowledgeable writing team helps you understand how to optimize the solution platform using a variety of mediums
Q & A
Thank You!• Cristian Mora, Owner
• Synergy Advisors
• www.synergyadvisors.biz
• Twitter: @SYNERGYSEC
• Facebook: https://www.facebook.com/SynergyAdvisorsLLC
• YouTube: https://www.youtube.com/user/SynergyAdvisors