Hosted by Terranova Security and sponsored by Microsoft, keynote by Gartner.
Aware and vigilant end users are key to unlocking the full potential of your security technologies. Any part of your cybersecurity strategy that involves users—whether it’s data protection or email security—depends on your users’ security awareness, engagement, and alertness. To truly protect our organizations, we must not only empower our colleagues to protect themselves but also build an organizational culture that prioritizes security.
Security Awareness Virtual Summit
We are co-sponsoring Terranova Security’s Security Awareness Virtual Summit, coming to a laptop near you on May 5th, 2020 12:00 pm to 3:00 pm ET. Register now to hear from Gartner Senior Director, Brian Reed, Lise Lapointe CEO of Terranova Security, and @Brandon Koeller, Microsoft Security Principal PM Lead.
Ask your questions to a panel of experts, including @Blythe Price and Erin Csonaki, Program Managers for Microsoft Cyber Security Awareness and Training. Participate in a virtual workshop that will walk you through designing a custom security training program for your organization and leave armed with knowledge that will help you boost completion rates, identify the right frequency, format and length for your training, and monitor effectiveness.
Why Simulated Attack is essential to your Security Awareness Training at 12:45 pm ET
Tune in to Brandon’s session to learn how to leverage simulated attack to detect and quantify your user risk. This session gives you a sneak peek of upcoming product innovations. Simulated phishing attacks which are context-specific to your business needs help you detect and quantify user susceptibility. And targeted Terranova Security training, customized for user vulnerability level, engagement level, and context, remediates user risk. Our solution automates administration and monitoring end-to-end, simplifying processes like payload management and user targeting to a few clicks, and delivers robust analytics to enable rich reporting. Save your spot now to attend this session.
Expert Panel at 2:00 pm ET
To learn more about how we design and deploy phish simulation and training within Microsoft, and optimizing for engagement and completion, join Blythe Price and Erin Csonaki at the expert panel at 2:00 pm. They will be in conversation with Lise Lapointe, author of the book The Human Fix to Human Risk and Gartner’s Brian Reed. Blythe and Erin will share tips, best practices, and expertise gleaned from designing and managing Microsoft’s cyber security awareness program.
We hope to see many of you on May 5! Register here to learn how to maximize the impact of your security awareness program.
Microsoft Compliance Score is a feature in the Microsoft 365 compliance center to help you understand your organization’s compliance posture. It calculates a risk-based score measuring your progress in completing actions that help reduce risks around data protection and regulatory standards.
References:
This webinar was presented on Tue Apr 15th 2020, and the recording can be found here.
Attached to this post are:
- The FAQ document that summarizes the questions and answers that came up over the course of both Webinars; and
- A PDF copy of the presentation.
Thanks to those of you who participated during the two sessions and if you haven’t already, don’t forget to check out our resources available on the Tech Community.
Thanks!
@Adam Bell on behalf of the MIP and Compliance CXE team
In this difficult time, remote work is becoming the new normal for many companies around the world. Part of this new normal is increased focus on implementing stricter security controls and data loss prevention policies within the solutions that already exist within your environment. We understand that you may be looking at our portfolio of solutions and trying to better understand how we can help provide the appropriate balance of security and productivity.
To help address these questions, we are hosting a webinar that will provide information about how you can use your existing Microsoft security and compliance tools to better secure your remote work environment and not negatively impact productivity.
Please see below for additional details:
- Date and time: April 27, 2020 – 9:00am – 10:30am PST
- Agenda topics:
- Restricting Teams experiences for guests and people outside of your organization – how customers can use sensitivity labels to protect content in Teams, Office 365 groups, and SharePoint Online sites
- Applying data loss prevention in Teams
- Applying sensitivity labels to protect sensitive data
- Minimizing insider risk with Insider Risk Management, Communications Compliance, and Information Barriers
- Enabling simple retention policies
- Next steps/instructions on how to join:
Please feel free to add a comment or message me if you have any questions.
Am a keen follower of Microsoft's SharePoint Blog and proud to provide this direct from the Microsoft Tech Community:
In this weekly discussion of latest news and topics around Microsoft 365, hosts – Vesa Juvonen (Microsoft), Waldek Mastykarz (Rencore), are joined by Albert-Jan Schot – CTO and MVP at Portiva – Utrecht, Netherlands.
The group discusses differences in development for on-prem (one framework, add boxes) vs cloud (many frameworks, throttling), for business productivity stack (integrate stuff) vs Azure (expose stuff) and for open-source projects (rinse and repeat). Unclear? Watch the episode.
Why develop for M365 as opposed to Azure? It’s not that you choose one or the other. Both so intertwined and converging in a cloud first world. Azure (tools/services) supports so much that we just do AI, Infrastructure, Security, Identity in the process of delivering business solutions. M365 is like an OS providing many services. Our focus is integrating and building on top of M365 – within feature rich environments – Teams, Outlook, SharePoint where our customers conduct their daily business.
This episode was recorded on Tuesday, April 14, 2020.
Got feedback, ideas, other input – please do let us know!
The above is kindly provided by the Microsoft Tech Community!
Am a keen follower of Microsoft's SharePoint Blog and proud to provide this direct from the Microsoft Tech Community:
Latest monthly summary of SharePoint Development guidance for SharePoint Online and on-premises is now available from the SharePoint Dev Blog. Check the latest news, samples and other guidance from this summary.
The above is kindly provided by the Microsoft Tech Community!
The unified auditing functionality in Microsoft 365 provides organizations with visibility into many types of audited activities across many different services in Microsoft 365. Now with the release of Advanced Audit in Microsoft 365, we’re adding new auditing capabilities that can help your organization with forensic and compliance investigations
References:
This webinar was presented on Tue Apr 7th 2020, and the recording can be found here.
Attached to this post are:
- The FAQ document that summarizes the questions and answers that came up over the course of both Webinars; and
- A PDF copy of the presentation.
Thanks to those of you who participated during the two sessions and if you haven’t already, don’t forget to check out our resources available on the Tech Community.
Thanks!
@Adam Bell on behalf of the MIP and Compliance CXE team
Thanks for your feedback. My team is actually working on a comprehensive guide for install options and which network optimization technologies can be used when. On your ask: You can employ Delivery Optimization for Office in combination with Connected Cache to reduce the load on your corp internet circuits. We save tremendous saving when the combination of the two technologies is leveraged. For completeness, we could also use Configuration Manager Client Peer Cache, but this would only cache the setup.exe and configuration file included in the deployment package.
Thanks again for the feedback, I will add this to the blog post later.
We are excited to announce the availability of Microsoft 365 Multi-Geo in Switzerland, and the reduction of the seat minimum requirement to 250 for Enterprise Agreement customers. These updates will allow more organizations to utilize Microsoft 365 Multi-Geo to address their legal, compliance, industry, or other related data residency requirements.
Please note that this product was previously referred to as ‘Multi-Geo Capabilities for Office 365,’ and will now be named ‘Multi-Geo Capabilities for Microsoft 365,’ consistent with the overall Microsoft 365 announcement on March 30. We previously announced the general availability of Multi-Geo Capabilities, in addition to the workload expansion from Exchange Online and OneDrive to include SharePoint Online.
Microsoft 365 Multi-Geo provides a solution for multi-national businesses seeking a balance between working as a single organization in the Microsoft 365 cloud and addressing global data residency needs. With the reduced seat minimum requirement and coverage across Exchange Online, OneDrive, and SharePoint Online this feature helps bring the full power of Microsoft 365 – the world’s productivity cloud – to organizations at any stage in their digital transformation journey.
Microsoft 365 Multi-Geo enables customers to reduce their on-premises footprint by allocating user data at rest to our available geo locations in the Microsoft 365 cloud, facilitating their ability to meet data residency obligations, all within a single tenant. For in-depth information on how Multi-Geo capabilities work and how to get started, please review the links above.
Available Geos
Microsoft is continuously making new infrastructure investments in response to growing customer demand as more industry leaders choose Microsoft’s cloud services. As a result, Microsoft 365 Multi-Geo is increasing our geo coverage as we expand our datacenter footprint for Microsoft 365. With the latest addition of Switzerland, you can now extend your Microsoft 365 tenant to store your users’ data in one or more of the following geos:
|
Australia
|
Asia Pacific
|
|
Canada
|
European Union
|
|
France
|
India
|
|
Japan
|
Korea
|
|
United Kingdom
|
United States
|
|
United Arab Emirates
|
South Africa
|
|
Switzerland
|
|
Learn about where your Microsoft 365 data is stored at aka.ms/DataMaps
Industry Focus
We see worldwide organizations of all sizes and across all industries currently investing in new ways of empowering their employees with modern tools to enable secure, flexible, and mobile working that fosters collaboration. The ability to configure data residency on a by-user basis helps organizations meet regulatory requirements, which is particularly important and relevant in industries such as healthcare, manufacturing, public sector, and financial services. This latest step enables companies adopting Microsoft 365 to accelerate their digital transformation journey. As a result, we see Microsoft 365 Multi-Geo assisting organizations across the world to enable the scalability required to address critical challenges affecting the global community.
|
“We now have as many people outside the US as in it, and although the GDPR doesn’t mandate a particular Geo for data residency, our clients are hypersensitive about data privacy issues, so we prefer to get in front of it,” Ackermann says. “Our lifeblood includes data which is personal information about people and with Multi-Geo, we’re able to proactively address client concerns about data residency.”
– Bryan Ackermann, Chief Information Officer, Korn Ferry
|
Pricing and Licensing:
Multi-Geo is available as an add-on to the following Microsoft 365 subscription plans for EA customers with a minimum of 250 Microsoft 365 seats in their Microsoft 365 tenant, and a minimum of 5% of the Microsoft 365 seats within a tenant have corresponding Multi-Geo Capabilities for Microsoft 365. Please contact your Microsoft account team for details.
|
Microsoft 365 F1, E1, E3, or E5
|
|
Microsoft 365 F1, E1, E3, or E5
|
|
Exchange Online Plan 1 or Plan 2
|
|
OneDrive for Business Plan 1 or Plan 2
|
|
SharePoint Online Plan 1 or Plan 2
|
Licensing
- USD $2/user/month for users in Satellite Geos
- Resource mailboxes (Rooms/Equipment) and Shared mailboxes need to be licensed
- Microsoft 365 Group Mailboxes moved to Satellite Geos will not need to be licensed for Multi-Geo
How to buy Multi-Geo?
Please talk to your Microsoft representative to buy Multi-Geo Capabilities for Microsoft 365.
Questions?
Please comment on this thread with your questions
With more and more users working from home, organizations are facing new security and privacy challenges. One of them might be, that users are working on unmanaged, maybe personal devices accessing corporate data. Classic technologies like Active Directory Group Policy Management do not help in such scenarios, as these do not apply to unmanaged devices.
This blog post will provide guidance on how to leverage the Office cloud policy service (OCPS) to address those scenarios. OCPS allows an admin to target a user with policies which follow them across all devices, regardless of the way the devices are managed (if at all). We will also share some recommended security settings which might be worth considering.
Step 1 – Enable OCPS
The Office cloud policy service (OCPS) is a cloud-based service that enables you to apply policy settings for Microsoft 365 Apps for enterprise (formally known as Office 365 ProPlus) on a user’s device. The policy settings roam to whichever device the user signs into and uses Microsoft 365 Apps for enterprise. This applies whether the device is managed through on-premises domain devices, as a Azure AD registered, Azure AD Joined, or Hybrid Azure AD joined device.
You should start by verifying the requirements:
- Supported version of Microsoft 365 Apps for enterprise deployed
- Licensed for Microsoft 365 Apps for enterprise
- At least one Azure AD group which contains the users you’re targeting.
- An admin user with at least the Office Apps Admin role assigned
Sign in on https://config.office.com and accept the EULA for OCPS. That’s it. No more prep work needed.
Step 2 – Create a policy configuration and assign to users
Now you should create your first policy configuration and assign it to a group of users:
- Expand the Customization node and select Policy Management
- On the Policy configurations page, choose Create and provide a name and a description (optional)
- In assignments, choose whether this policy applies to all users of Microsoft 365 Apps for enterprise, or just to users who anonymously access documents using Office for the web.
- Select the AAD-based security group that is assigned to the policy configuration. Each policy configuration can only be assigned to one group, and each group can only be assigned one policy configuration.
We also have a video ready for you which walks you through these steps.
Step 3 – Set policies
After clicking on Configure policies you can start to search for and configure policies. Please note that most policies are only applicable to Office on Windows, but some are applicable cross-platform as noted in the platform column in the policy list.
As a starting point, you can filter the Recommendation column to view the recommended Microsoft Security baseline policies. Click on each policy name to view the description and decide if you want to keep the baseline’s recommended value or manually configure it. The reviewed items will switch the Status to Configured when applied.
Especially for the scenario of remote workers, here are some policies you might want to have a closer look at:
| Policy Name |
Comment |
| Block signing into Office |
Can be used to prevent users from being signed in with a corporate and personal account at the same time in order to prevent data leakage to e.g. a personal OneDrive. |
| Hide file locations when opening or saving files |
Setting to “Hide local PC” will discourage users from saving corporate data to the maybe non-corporate device. |
| Disable VBA for Office applications |
VBA/macros are powerful tools and can help automate data processing or entry. But it is also used for malicious attacks and might be better prevented to run on non-managed/remote devices. |
| Do not open files from the Internet zone in Protected View |
If set to “Disabled”, Office files downloaded from the internet will always be opened in Protected View first. |
| Set document behavior if file validation fails |
Admins can enforce Protected View for files which failed validation. Those files could e.g. try to exploit Office through malformed documents. |
| Allow the use of connected experiences in Office, et al. |
Admins can control if Office is allowed to leverage cloud services for downloading and analyzing content. Review documentation for available controls. |
| Force Runtime AV Scan |
If enabled, all files opened by Office will be passed to the installed AV engine for scanning. |
| Use Cached Exchange Mode for new and existing Outlook profiles |
You can use this policy to enforce Online Mode for Exchange in order to prevent users from syncing down their inbox content to a maybe insecure device. Note that this setting will apply to all devices the user is signing into. |
| Block all unmanaged add-ins |
This setting allows you to block all add-ins from being loaded by Office. |
Step 4 – Additional considerations
As policies configured through OCPS are following the user across all devices, it is not limited to remote workers or users on un-managed devices. You should consider folding your on-prem policies into OCPS policies and go forward with a single solution for both on-prem as well as off-prem users.
Once you have deployed OCPS policies, you can also enable the Security Policy Advisor to get further insights into high impactful these changes are for your users. Maybe there are opportunities to further tightening it up without impacting users.
Overview of blog post series
This post is part of a series which is covering different stages and phases in the Office lifecycle in remote worker/work from home scenarios. The others are:
We hope this will help you to minimize the impact of deploying, servicing and managing Microsoft 365 Apps for enterprise on your own network and your user’s VPN connections.
FAQ
Q: Am I secure after enabling OCPS and setting the Microsoft recommended policies?
A: “Being secure” is a relative state where you can try to achieve a high bar, but basically never be 100% secure. Using OCPS is one building block in a broader strategy to secure remote workers. In addition make sure to review Azure Multi-Factor Authentication, Azure Conditional Access and the user’s sign-in risk assessment to further protect the user’s identity. For guidance on protecting your corporate data, please review Azure Information Protection.
Q: I’ve got issues with OCPS, how can I troubleshoot the service?
A: We got you covered, please review Troubleshooting OCPS on Windows.
Q: Can I fully secure a device not owned by my organization?
A: There are limits on how secure a device that you don’t own or manage can be. Each employed security technology raises the bar for an attack/exploit on the device/user/data successfully, but unless you fully manage the device there is a risk to your data. Security is sometimes not about secure/not secure, but more about the right level of security for a given scenario. You can use Intune to manage devices that you don’t own.
Q: Can I also secure and control Office on iOS or Android using OCPS?
A: While some policies also apply to Office on Android or iOS, there are more advanced controls available through Intune Application policies. These allow you to e.g. enforce a PIN, local data encryption of cloud-only storage of data for the Office apps on mobile devices.
Q: We’re an Intune shop, can I also use Intune to manage OCPS policies?
A: Sure thing. You can manage the Policies for Office apps from the Intune portal as well.
Q: Can we use OCPS to block syncing OneDrive for Business content on devices which aren’t managed?
A: No. However, we can address this concern by having your Office 365 tenant administrator running Set-SPOTenantSyncClientRestriction cmdlet. This permits adding restrictions on whether users can sync items to non-domain joined machines.
The Authors
This blog post is brought to you by the Microsoft 365 Apps for enterprise Ranger Team at Microsoft. Feel free to share your questions and feedback in the comments below.
This post is authored by Mor Rubin, Security Researcher, Azure ATP.
The SMB vulnerability CVE-2020-0796, also known as “SMBGhost” or “CoronaBlue”, was published a few days ago. This CVE is about a potential remote code execution due to a buffer overflow vulnerability in the way SMBv3 (3.1.1) handles SMBv2 compression requests. The vulnerability affects Windows 10 and Windows Server 2019 versions 1903 and 1909.
A few proofs of concept that trigger this vulnerability have been published already – one of them is on GitHub. So far, the tools published online are expected to cause a “blue screen” if the target Windows server is vulnerable to this issue. As most of the critical servers in an organization are Windows servers, attackers will exploit this vulnerability to try to gain control of the remote servers without authenticating.
The vulnerability has the potential to become widely spread, similar to the way EternalBlue exploited the SMB protocol in 2017. It’s important to protect critical Windows servers by installing a patch, KB4551762, or following other suggested mitigations and workarounds.
In addition, to help our customers stay secure, we are releasing a new Azure ATP detection that looks for use of this vulnerability on unpatched Domain Controllers. The detection identifies crafted packets attempting to exploit SMBv3.
Get Started Today
Azure ATP leverages your Active Directory signals, the cloud intelligence underpinning all Microsoft’s security services, and identity-focused detections updated at cloud scale to prevent, detect, and investigate identity-based threats, compromised and malicious users, and lateral movement of on-premises attacks.
