Microsoft 365 has enjoyed massive growth at a global level providing modern workplace productivity services in the cloud. This primarily includes Exchange Online, SharePoint Online and Teams coupled with cloud-based identity management using Azure Active Directory (AD) and computing services using Azure cloud services. All of this is managed and supported by a range of security technologies and capabilities including the advanced threat protection capabilities all combined with Azure Sentinel for security operations services.
It is not surprising that organisations are challenged with understanding all the features and capabilities offered by Microsoft 365, and this is even before beginning to look at how to effectively secure these services and achieve compliance requirements. On top of this are the unique challenges posed by cloud services of any kind and the need to reconsider traditional security models and controls.
This unique course is delivered over 2 days and will provide you with an understanding of the current threat landscape and how Microsoft 365 security capabilities can be leveraged and configured to enable a cyber resilient and compliant digital organisation and effectively deliver modern security operations.
The course is presented by ALC in association with leading Microsoft Gold Security Partner, DEFEND. Using practical experience and exposure to a range of many different organisations, the course will bring you up-to-date experience and practice guidance to consider real world examples of how Microsoft 365 is best deployed and secured.
From this course you will learn how to best apply Microsoft security capabilities across Microsoft 365 and Azure as well as implementing operational security using Azure Sentinel and managing ongoing compliance and reporting. While previous exposure and understanding of Microsoft 365, Azure and security technologies is not essential, it can provide useful context.
The course will cover:
- All the key areas of how to consider the threat landscape of cloud services, assess your environment, identify security controls, and determine how they should be implemented in a digital online environment
- How Microsoft 365 ATP technologies can secure the modern workplace
- How compliance requirements can be effectively implemented and reported
- How data is managed and protected in Office 365 and how Azure Sentinel can be leveraged to provide advanced and automated security operations to your organisation.
A demo environment will be provided but attendees can also sign up for a month free trial - https://www.microsoft.com/en-us/microsoft-365/try
Who should attend
This course is designed for:
- Individuals and organisations seeking an advanced understanding of Microsoft 365 and Azure security services and features.
- Managers responsible for employees that are working on Microsoft 365 and Azure security initiatives or projects.
- Technical employees involved in Microsoft 365 and Azure initiatives or projects, such as technical project managers, business analysts, security architects, enterprise architects, solution architects and infrastructure architects.
1. Cloud Security Threat Landscape, Strategy & Architecture:
- Identify and understanding cloud computing concepts and definitions based on industry standards - ISO/IEC 17788 and NIST.
- Understand how security models like zero trust architecture (ZTA) relate to organisational strategies and help to drive a consistent approach to manging cloud services.
- Consider the threat landscape for cloud services and the common challenges faced by digital transformation and the modern workplace.
2. Microsoft 365 & Modern Workplace (Office 365, EMS, E3 & E5):
- Understand the productivity features of Microsoft 365 including identity, user, device & data management.
- Cover the key licensing differences across the Microsoft 365 suite including Office 365, Enterprise Mobility & Security, and specific security SKU’s.
- LAB: Deploy a Microsoft 365 demo environment.
3. Securing Identities & Applications (Azure AD, Azure ATP):
- Defining identity as the key control in ensuring an effective cloud security model.
- Translating organisational identity strategy into cloud-based identity management and Azure Active Directory (AD).
- Implementing baseline security controls including multi factor authentication, AD connect and legacy authentication.
- Application publishing and managing single sign on.
- Understanding guest management and B2B collaboration.
- Manage effective sharing and collaboration internally and externally using SharePoint Online & Teams.
- Implementing advanced features including Privileged Identity Management (PIM), Entitlement Manager and Access Reviews.
- Manage identity across on premise and provide comprehensive visibility using Azure ATP.
4. Email Protection (Office 365 ATP)
- Implementing email protection using Office 365 ATP.
- Deploying Anti-Phishing, Anti-Spam, DKIM, Malware protection, Safe Links, Safe Attachments and using automated investigation and response (AIR) capabilities.
- How to use Office 365 ATP for end to end email security including working with connected email services.
- Utilising Microsoft Threat Protection (MTP) for automated incident and case management in Microsoft 365.
5. Cloud Application Protection (Microsoft Cloud App Security):
- Understanding how application protection works across SaaS applications and Microsoft 365.
- Discovering cloud applications and services and conducting effective risk management of cloud services.
- Reviewing activity and creating alert rules using MCAS.
6. Data Governance & Records Management (AIP, Compliance Portal):
- Understanding data governance and data management principles and requirements.
- Demonstrate Azure Information Protection to provide data compliance in Microsoft 365
- Implement Sensitivity Labels and Retention Policies and configure auto classification.
- Understand auditing and forensic analysis using eDiscovery.
- Review different capabilities of AIP P1 & P2 licensing.
- LAB: Learn how to deploy data loss protection alert rules for compliance.
7. Device Protection & Management (Defender ATP & Intune)
- Understand the key capabilities around device management using Microsoft Endpoint Manager.
- Define a device management strategy across computing and mobile devices including the differences between mobile application management and full mobile device management.
- Configure Intune for mobile and computing device management and establish protection policies.
- Review Defender ATP and advanced endpoint protection and integration with end to end management in Microsoft 365.
8. Azure Security Overview:
- Understanding Azure services and capabilities and the relationship to Microsoft 365.
- Key concepts around role-based access control, subscription management and management groups.
- Using Azure Security Center for IaaS and PaaS and on-premises workload management and defining effective security operating models to support DevSecOps in Azure.
- Advanced security capabilities in Azure including network security configuration, WAF and Firewall capabilities.
- Using Azure Security Center for end to end compliance monitoring and reporting and integration into Microsoft 365.
9. Modern Security Operations:
- Understand security operating models and the challenges faced by managing cloud-based security operations.
- Clearly define the roles & responsibilities for an effective cloud operating model across productivity services, cloud services, development teams and security.
- Implement Azure Sentinel for log management, alerting and incident management.
- Learn how to configure data connectors, create dashboards, run queries, and create alert rules.
- Review end to end incident management using Microsoft Threat Protection (MTP) and Azure Sentinel.
Fees per person
Microsoft 365 Security & Compliance (2 days)
- Course presentation
- Printed course workbook
Candidates should ideally have at least 2 years of IT experience with at least:
- 1 year working with Microsoft 365 solutions and services
- Experience with architecting, designing, implementing or administering Active Directory and Windows Server 2012
There is no exam associated with this course.