Book Image

Microsoft 365 Security, Compliance, and Identity Administration

By : Peter Rising

5 (1)

Book Image

Microsoft 365 Security, Compliance, and Identity Administration

5 (1)

By: Peter Rising

Overview of this book

The Microsoft 365 Security, Compliance, and Identity Administration is designed to help you manage, implement, and monitor security and compliance solutions for Microsoft 365 environments. With this book, you’ll first configure, administer identity and access within Microsoft 365. You’ll learn about hybrid identity, authentication methods, and conditional access policies with Microsoft Intune. Next, you’ll discover how RBAC and Azure AD Identity Protection can be used to detect risks and secure information in your organization. You’ll also explore concepts such as Microsoft Defender for endpoint and identity, along with threat intelligence. As you progress, you’ll uncover additional tools and techniques to configure and manage Microsoft 365, including Azure Information Protection, Data Loss Prevention (DLP), and Microsoft Defender for Cloud Apps. By the end of this book, you’ll be well-equipped to manage and implement security measures within your Microsoft 365 suite successfully.

Preface

Who this book is for

What this book covers

Conventions used

Share Your Thoughts

Download a free PDF copy of this book

Part 1: Implementing and Managing Identity and Access

Part 1: Implementing and Managing Identity and Access

Free Chapter

Chapter 1: Planning for Hybrid Identity

Chapter 1: Planning for Hybrid Identity

Planning your hybrid environment

Authentication methods in Azure AD

Synchronization methods with Azure AD Connect

Azure AD Connect cloud sync

Event monitoring and troubleshooting in Azure AD Connect

Further reading

Chapter 2: Authentication and Security

Chapter 2: Authentication and Security

Implementing Azure AD dynamic group membership

Implementing password management

Implementing and managing external identities

Implementing and managing MFA

Planning and implementing device authentication methods

Further reading

Chapter 3: Implementing Conditional Access Policies

Chapter 3: Implementing Conditional Access Policies

Explaining Conditional Access

Conditional Access and Microsoft Intune

Introducing the types of Conditional Access

Monitoring Conditional Access events

Further reading

Chapter 4: Managing Roles and Identity Governance

Chapter 4: Managing Roles and Identity Governance

Planning and configuring PIM

Planning and configuring entitlement management

Planning and configuring access reviews

Further reading

Chapter 5: Azure AD Identity Protection

Chapter 5: Azure AD Identity Protection

Understanding Identity Protection

Protecting users with risk and registration policies

Configuring alert options

Managing and resolving risk events

Further reading

Part 2: Implementing and Managing Threat Protection

Part 2: Implementing and Managing Threat Protection

Chapter 6: Configuring a Microsoft Defender for Identity Solution

Chapter 6: Configuring a Microsoft Defender for Identity Solution

Identifying the organizational need for MDI

Understanding the MDI architecture

Managing and monitoring MDI

Further reading

Chapter 7: Configuring Device Threat Protection with Microsoft Defender for Endpoint and Intune

Chapter 7: Configuring Device Threat Protection with Microsoft Defender for Endpoint and Intune

Planning and implementing MDE

Managing and monitoring MDE

Implementing Microsoft Defender Application Guard, Application Control, and exploit protection

Encrypting your Windows devices using BitLocker

Implementing application protection policies

Further reading

Chapter 8: Configuring Microsoft Defender for Office 365

Chapter 8: Configuring Microsoft Defender for Office 365

Protecting users and domains with anti-phishing protection and policies

Configuring Safe Attachments options and policies

Configuring Safe Links options, blocked URLs, and policies

Monitoring and remediating with Microsoft Defender for Office 365 reports

Running simulated attacks with Microsoft Defender for Office 365

Further attack simulation configuration options

Further reading

Chapter 9: Using Microsoft Sentinel to Monitor Microsoft 365 Security

Chapter 9: Using Microsoft Sentinel to Monitor Microsoft 365 Security

Planning and configuring Microsoft Sentinel

Configuring playbooks in Microsoft Sentinel

Creating and using automation rules to manage responses

Managing and monitoring your Microsoft Sentinel instance

Further reading

Chapter 10: Configuring Microsoft Defender for Cloud Apps

Chapter 10: Configuring Microsoft Defender for Cloud Apps

Planning your MDA implementation

Configuring MDA

Managing Cloud App Discovery

Managing the MDA catalog

Managing apps and app connectors in MDA

Configuring policies and templates

Using Conditional Access App Control with MDA

Reviewing and interpreting alerts, reports, and dashboards

Further reading

Part 3: Implementing and Managing Information Protection

Part 3: Implementing and Managing Information Protection

Chapter 11: Managing Sensitive Information

Chapter 11: Managing Sensitive Information

Planning a sensitivity label solution for your organization

Creating and managing SITs

Setting up sensitivity labels and policies

Configuring and using Activity explorer

Using sensitivity labels with Teams, SharePoint, OneDrive, and Office apps

Further reading

Chapter 12: Managing Microsoft Purview Data Loss Prevention

Chapter 12: Managing Microsoft Purview Data Loss Prevention

Planning and implementing DLP

Managing DLP policies for Microsoft 365 workloads

DLP reporting and alerting capabilities

Implementing Endpoint DLP

Further reading

Chapter 13: Managing Microsoft Purview Data Lifecycle Management

Chapter 13: Managing Microsoft Purview Data Lifecycle Management

Planning for data lifecycle management

Analyzing reports and dashboards

Configuring retention labels and policies

Creating a retention policy

Planning and implementing adaptive scopes

Finding and recovering deleted Microsoft 365 data

Further reading

Part 4: Managing Compliance Features in Microsoft 365

Part 4: Managing Compliance Features in Microsoft 365

Chapter 14: Monitoring and Analyzing Audit Logs and Reports in Microsoft Purview

Chapter 14: Monitoring and Analyzing Audit Logs and Reports in Microsoft Purview

Planning for auditing and reporting

Investigating compliance activities by using audit logs

Reviewing and interpreting compliance reports and dashboards

Configuring alert policies

Configuring audit log retention policies

Further reading

Chapter 15: Planning For, Conducting, and Managing eDiscovery Cases

Chapter 15: Planning For, Conducting, and Managing eDiscovery Cases

Recommending eDiscovery (Standard) or eDiscovery (Premium)

Planning for content searches and eDiscovery

Delegating the required permissions to use search and discovery tools

Creating eDiscovery cases

Managing eDiscovery cases

Further reading

Chapter 16: Managing Regulatory and Privacy Requirements

Chapter 16: Managing Regulatory and Privacy Requirements

Planning your regulatory compliance journey in Microsoft 365

Managing regulatory compliance in Microsoft Purview Compliance Manager

Exploring Microsoft Priva

Further reading

Chapter 17: Managing Insider Risk Solutions in Microsoft 365

Chapter 17: Managing Insider Risk Solutions in Microsoft 365

Implementing Customer Lockbox

Implementing and managing Communication Compliance policies

Implementing and managing insider risk management policies

Implementing and managing Information Barriers policies

Implementing and managing Privileged Access Management

Further reading

Answers

Index

Other Books You May Enjoy

Other Books You May Enjoy

Packt is searching for authors like you

Share Your Thoughts

Download a free PDF copy of this book

Customer Reviews

5 (1)

5 star

100%

4 star

0

3 star

0

2 star

0

1 star

0

Summary

In this chapter, we examined Microsoft Defender for Identity (MDI), which is a feature that's included with Enterprise Mobility + Security E5 and Microsoft 365 E5. It enables you to protect your Microsoft 365 hybrid cloud environment against malicious actors attempting to access vulnerable user accounts and devices and conduct reconnaissance activities to gain elevation of privilege and achieve domain dominance.

We also learned how to configure MDI in the Microsoft 365 Defender portal and install sensors on domain controllers. We looked at how entity tags can be configured to establish sensitive accounts, honeytoken accounts, and exchange servers and set to trigger alerts when matched to suspicious activity. We then considered how MDI establishes a timeline of suspicious and malicious activities, the steps that can be taken to review and resolve these within the MDI health center, and how to use notifications and alerts.

In the next chapter, we will examine the principles...