Introduction to Security in Microsoft 365
The course is part of this learning path
In this course, we take an introductory look at the security tools within Microsoft 365.
- Explain what a Zero Trust Policy is and what value it can have.
- Explain identity and access management concepts.
- Explain threat and information protection in Microsoft 365.
- Understand the different tools and portals available to you in Microsoft 365 security offerings.
- Users who are new to Microsoft 365.
- Users looking to learn about the security offerings Microsoft 365 has to offer.
An understanding of general technical concepts.
At the very core of security, is identity and access management. Making sure that users have access to what they need while at the same time restricting access to unnecessary data is the simplest way of protecting your organization. Let us first talk about user identity with Azure Active Directory. Azure Active Directory is a Microsoft Cloud based identity and access management solution. It combines directory services, application access management, and even identity protection into a single easy to use solution while providing the benefits of each tool.
It improves overall user experience by reducing the need for repetitive identity verification through logging in and creates a unified experience across all Windows devices a user logs into with the feature known as enterprise state roaming. Now, there are three options of Azure AD licenses available: Azure AD Free, Azure AD premium P1, and Azure AD Premium P2. Azure AD Free is provided to any organization that is subscribed to a Microsoft online business service. It enables things like Single sign on and user and group management. Azure AD premium P1 provides everything the free version did and adds advanced administration and the Microsoft identity manager.
Azure AD premium P2 builds even further on top of that and throws an Azure AD identity protection and privilege identity management. If organizations already have an on-premises Active directory domain services, then they can also integrate it with Azure Active Directory through Azure AD Connect with either an Azure AD P1 or P2 license. This integration creates a connection between the on-premises domain services and Azure AD. This allows Azure AD to utilize the existing identities in the on-premises directory domain services and provides the benefits of the cloud. Now that we have an understanding of what Azure AD is, let's move into how it can protect users and organizations. Perhaps the largest security risk to organizations is their actual employees and internal users. Forgetting passwords, or worse, creating a weak and easily replicatable password provides a serious threat to organizations particularly, when a user base isn't super tech savvy.
For this reason, Microsoft 365 uses credentials to verify users are who they say they are and go beyond the standard username and password principles. Each user should be utilizing a secondary strong authentication method to verify their access. With a secondary authentication method required it adds another layer of security to the entire framework of the user identity. Azure Multi factor authentication is a way to achieve a much more secure way of this secondary verification. Essentially, it works by requiring two or more authentication methods. These methods could be something you know similar to that of a standard password. Two: something you have represented by something you have like a phone. Or three: something you are represented by biometrics like a fingerprint reader. There are actually multiple ways to authenticate users within Microsoft 365 depending upon the method you want to use and could even implement a password less solution with Multi factor authentication.
By removing the password and instead requiring something like a device pin and authentication via mobile device, you completely remove the historically most vulnerable access point for any user, the password. An example of a tool that can be used for Multi factor authentication is something like Windows Hello. Windows Hello is a password less authentication that ties a device to a biometric authentication or pin. The biometric authentication could be facial recognition or fingerprint recognition depending upon the device or preferred method. It can also be thought of as the "something you are" authentication method. Another example of a tool for Multi factor authentication would be the Microsoft authenticator application.
This creates a tie between your access attempt and your mobile device providing another level of verification. This also allows for passwordless authentication by utilizing a code generator as verification for user access. And perhaps the most widely known version of Multi factor authentication would be receiving a text message when attempting to log in representing the Something you have method. Each of these represents different Multi factor authentication methods that organizations can use to verify users accessing sensitive data, but this is only part of the picture. We need to also discuss access management, much of which can be summed up in two words: conditional access. And while that sounds simplistic, there's much more to it than one might initially think. At its core, Conditional access essentially attaches conditions required for accessing certain data or information. Microsoft likes to simplify the explanation to an "if then" statement.
If a user wants access, then they need to do something. Now, this something could be requiring Multi factor authentication, accessing it on an organization managed device or simply being on a secure network. The conditions vary depending upon the policies in place and add another level of security to your data. It is worth noting that different tiers of Microsoft 365 provide different services when it comes to conditional access. For example, Multi factor authentication is a part of every tier, but something like Azure Identity Protection requires a P2 Azure license. We will talk about this a little bit more once we get into the licensing structure from Microsoft 365, but that pretty much covers identity and access management. Now it's time to take a look at threat protection within Microsoft 365 and the tools it provides to combat external threats.
Lee has spent most of his professional career learning as much as he could about PC hardware and software while working as a PC technician with Microsoft. Once covid hit, he moved into a customer training role with the goal to get as many people prepared for remote work as possible using Microsoft 365. Being both Microsoft 365 certified and a self-proclaimed Microsoft Teams expert, Lee continues to expand his knowledge by working through the wide range of Microsoft certifications.