Book Image

Microsoft 365 Security, Compliance, and Identity Administration

By : Peter Rising

5 (1)

Book Image

Microsoft 365 Security, Compliance, and Identity Administration

5 (1)

By: Peter Rising

Overview of this book

The Microsoft 365 Security, Compliance, and Identity Administration is designed to help you manage, implement, and monitor security and compliance solutions for Microsoft 365 environments. With this book, you’ll first configure, administer identity and access within Microsoft 365. You’ll learn about hybrid identity, authentication methods, and conditional access policies with Microsoft Intune. Next, you’ll discover how RBAC and Azure AD Identity Protection can be used to detect risks and secure information in your organization. You’ll also explore concepts such as Microsoft Defender for endpoint and identity, along with threat intelligence. As you progress, you’ll uncover additional tools and techniques to configure and manage Microsoft 365, including Azure Information Protection, Data Loss Prevention (DLP), and Microsoft Defender for Cloud Apps. By the end of this book, you’ll be well-equipped to manage and implement security measures within your Microsoft 365 suite successfully.

Preface

Who this book is for

What this book covers

Conventions used

Share Your Thoughts

Download a free PDF copy of this book

Part 1: Implementing and Managing Identity and Access

Part 1: Implementing and Managing Identity and Access

Free Chapter

Chapter 1: Planning for Hybrid Identity

Chapter 1: Planning for Hybrid Identity

Planning your hybrid environment

Authentication methods in Azure AD

Synchronization methods with Azure AD Connect

Azure AD Connect cloud sync

Event monitoring and troubleshooting in Azure AD Connect

Further reading

Chapter 2: Authentication and Security

Chapter 2: Authentication and Security

Implementing Azure AD dynamic group membership

Implementing password management

Implementing and managing external identities

Implementing and managing MFA

Planning and implementing device authentication methods

Further reading

Chapter 3: Implementing Conditional Access Policies

Chapter 3: Implementing Conditional Access Policies

Explaining Conditional Access

Conditional Access and Microsoft Intune

Introducing the types of Conditional Access

Monitoring Conditional Access events

Further reading

Chapter 4: Managing Roles and Identity Governance

Chapter 4: Managing Roles and Identity Governance

Planning and configuring PIM

Planning and configuring entitlement management

Planning and configuring access reviews

Further reading

Chapter 5: Azure AD Identity Protection

Chapter 5: Azure AD Identity Protection

Understanding Identity Protection

Protecting users with risk and registration policies

Configuring alert options

Managing and resolving risk events

Further reading

Part 2: Implementing and Managing Threat Protection

Part 2: Implementing and Managing Threat Protection

Chapter 6: Configuring a Microsoft Defender for Identity Solution

Chapter 6: Configuring a Microsoft Defender for Identity Solution

Identifying the organizational need for MDI

Understanding the MDI architecture

Managing and monitoring MDI

Further reading

Chapter 7: Configuring Device Threat Protection with Microsoft Defender for Endpoint and Intune

Chapter 7: Configuring Device Threat Protection with Microsoft Defender for Endpoint and Intune

Planning and implementing MDE

Managing and monitoring MDE

Implementing Microsoft Defender Application Guard, Application Control, and exploit protection

Encrypting your Windows devices using BitLocker

Implementing application protection policies

Further reading

Chapter 8: Configuring Microsoft Defender for Office 365

Chapter 8: Configuring Microsoft Defender for Office 365

Protecting users and domains with anti-phishing protection and policies

Configuring Safe Attachments options and policies

Configuring Safe Links options, blocked URLs, and policies

Monitoring and remediating with Microsoft Defender for Office 365 reports

Running simulated attacks with Microsoft Defender for Office 365

Further attack simulation configuration options

Further reading

Chapter 9: Using Microsoft Sentinel to Monitor Microsoft 365 Security

Chapter 9: Using Microsoft Sentinel to Monitor Microsoft 365 Security

Planning and configuring Microsoft Sentinel

Configuring playbooks in Microsoft Sentinel

Creating and using automation rules to manage responses

Managing and monitoring your Microsoft Sentinel instance

Further reading

Chapter 10: Configuring Microsoft Defender for Cloud Apps

Chapter 10: Configuring Microsoft Defender for Cloud Apps

Planning your MDA implementation

Configuring MDA

Managing Cloud App Discovery

Managing the MDA catalog

Managing apps and app connectors in MDA

Configuring policies and templates

Using Conditional Access App Control with MDA

Reviewing and interpreting alerts, reports, and dashboards

Further reading

Part 3: Implementing and Managing Information Protection

Part 3: Implementing and Managing Information Protection

Chapter 11: Managing Sensitive Information

Chapter 11: Managing Sensitive Information

Planning a sensitivity label solution for your organization

Creating and managing SITs

Setting up sensitivity labels and policies

Configuring and using Activity explorer

Using sensitivity labels with Teams, SharePoint, OneDrive, and Office apps

Further reading

Chapter 12: Managing Microsoft Purview Data Loss Prevention

Chapter 12: Managing Microsoft Purview Data Loss Prevention

Planning and implementing DLP

Managing DLP policies for Microsoft 365 workloads

DLP reporting and alerting capabilities

Implementing Endpoint DLP

Further reading

Chapter 13: Managing Microsoft Purview Data Lifecycle Management

Chapter 13: Managing Microsoft Purview Data Lifecycle Management

Planning for data lifecycle management

Analyzing reports and dashboards

Configuring retention labels and policies

Creating a retention policy

Planning and implementing adaptive scopes

Finding and recovering deleted Microsoft 365 data

Further reading

Part 4: Managing Compliance Features in Microsoft 365

Part 4: Managing Compliance Features in Microsoft 365

Chapter 14: Monitoring and Analyzing Audit Logs and Reports in Microsoft Purview

Chapter 14: Monitoring and Analyzing Audit Logs and Reports in Microsoft Purview

Planning for auditing and reporting

Investigating compliance activities by using audit logs

Reviewing and interpreting compliance reports and dashboards

Configuring alert policies

Configuring audit log retention policies

Further reading

Chapter 15: Planning For, Conducting, and Managing eDiscovery Cases

Chapter 15: Planning For, Conducting, and Managing eDiscovery Cases

Recommending eDiscovery (Standard) or eDiscovery (Premium)

Planning for content searches and eDiscovery

Delegating the required permissions to use search and discovery tools

Creating eDiscovery cases

Managing eDiscovery cases

Further reading

Chapter 16: Managing Regulatory and Privacy Requirements

Chapter 16: Managing Regulatory and Privacy Requirements

Planning your regulatory compliance journey in Microsoft 365

Managing regulatory compliance in Microsoft Purview Compliance Manager

Exploring Microsoft Priva

Further reading

Chapter 17: Managing Insider Risk Solutions in Microsoft 365

Chapter 17: Managing Insider Risk Solutions in Microsoft 365

Implementing Customer Lockbox

Implementing and managing Communication Compliance policies

Implementing and managing insider risk management policies

Implementing and managing Information Barriers policies

Implementing and managing Privileged Access Management

Further reading

Answers

Index

Other Books You May Enjoy

Other Books You May Enjoy

Packt is searching for authors like you

Share Your Thoughts

Download a free PDF copy of this book

Customer Reviews

5 (1)

5 star

100%

4 star

0

3 star

0

2 star

0

1 star

0

Investigating compliance activities by using audit logs

The Microsoft Purview compliance portal grants administrators the ability to search the unified audit log to view user and administrator activity in your organization. This is a Purview feature that provides further and deeper insight into Microsoft 365 activities. So, as an example, if you need to find out whether a user deleted an email or accessed a specific document, the unified audit log should be your first port of call.

It is often asked why this is known as the unified audit log. This is simply due to the fact that you can use it to search for activities across different Microsoft 365 services and features. A few examples of these features include the following:

Azure Active Directory
Data Loss Prevention (DLP)
eDiscovery
Exchange Online
Microsoft 365 Defender
Microsoft Teams
Sensitivity labels
Threat Intelligence
Yammer

Note

These are only a few of the locations available...