Microsoft 365 Security platform explained – part 2 – the solutions

[Blog post updated on October 9, 2020 with reference to the new version 8.0 of the Microsoft 365 Security & Compliance – Single Slide]

If you landed here, there’s the high probability that you’ve already read my previous blog post about the strategy behind the Microsoft 365 Security platform, (if this is not the case I strongly recommend to read it before going on) where I shared the layered approach of the Microsoft 365 security and compliance solutions to address the end-to-end stack from the device to the applications, with a very high level overview of suites and licensing levels inside Microsoft 365.

Now it’s time to reveal the full solution set with a more detailed level, the one that would be appreciated by a CISO who is wondering if Microsoft could be able to address most of her/his needs to secure the modern workplace.

First I have to share with you a couple of personal confidences: I’m quite obsessed by taxonomies (I like to give an order to the chaos in the universe :-), maybe because I’m an engineer?? ;-)) and inside Microsoft I’ve always fought for the principle of mastering end-to-end security (again testified by my 2nd post in the far January 2007) regardless any silos, job roles, business divisions, and company incentives.

Security must be applied and so learned end-to-end, in light of the defense in-depth principle, otherwise there isn’t any Security!

These explain why I started in the middle of 2016, well before the arrival of Microsoft 365 (see its announcement on July 2017), to build and share with colleagues and customers the idea of a Microsoft security platform, to highlight the value of several security features and solutions across Microsoft products and their increasing ability to integrate with each other to define a coordinated line of defense.

Additionally, I set the personal goal to use only a single PowerPoint slide to describe it, and this was the first prototype (ver. 0.1), dated in July 2016:


(If you are curious about later versions of this single slide you may find some examples in a previous blog post, when I celebrated 10 years of this blog).

Now you may understand my personal satisfaction when we later announced Microsoft 365 (see its announcement on July 2017): someway I was really looking forward our security strategy!

After almost 3 years of huge Microsoft investments in Security, with direct product development and several acquisitions (mainly looking for innovative Israeli cybersecurity companies…), the “single slide” personal goal I set in 2016 has become a daunting challenge!!

Here is a snapshot of one of the latest efforts, specifically the October 2018 version v.5.0 (which it is not the latest, see below for updates!) just built after the Ignite 2018 announcements:


I have to say (with a bit of deep pride :-)) that out of dozens of PowerPoint slides I may use to pitch the value of our new Microsoft 365 Security platform, this is the single one slide that everyone wants to take-away as soon as possible, preferably right at the end of meeting!

Last month I updated it at the February 2019 version v.6.1 and you can now download it from the downloads page of this blog: this version has been enhanced with short description screentips and hyperlinks to the technical documentation by simply hovering and clicking with your mouse pointer over the single solution when viewing the slide in presentation mode.

March 21, 2019 update: slide version is now v.6.3 with latest announcements.

January 9, 2020 update: slide version is now v.7.0 with plenty of new additions & improvements. With this version I started to add detail slides (currently 9) to enlarge sections, improve font readability and simplify hyperlinking to technical documentation for every product / solution.

October 8, 2020 update: slide version is now v.8.0 with several updates, mainly about changes in the Microsoft 365 E5 Compliance bundle and announcements at Microsoft Ignite 2020.

I hope you can find it useful to map how Microsoft 365 can cover almost any end-to-end security and compliance needs to secure the Modern Workplace!

Of course you can expect I will build something similar for other Microsoft Security technologies , so stay tuned!

Ciao!

Feliciano

Microsoft 365 Security platform explained – part 1 – the strategy

In the latest blog post I’ve just shared my view on the real Cloud Security and Compliance model, and I made it in a totally vendor-agnostic way.

Let’s decline it in the Microsoft world of solutions, and specifically starting from the first realm that we call “Modern Workplace”, the IT environment where the digital transformation journey of an organization typically starts.

These solutions help employees to use the best collaboration tools that enable them to securely access applications (inside and outside the company) and to process data (with colleagues and external partners) without sacrificing the mandatory need of the Security and Compliance teams to have this productivity environment, without any tangible perimeter, still under total control of the company.

In this Microsoft realm, the Cloud Security and Compliance model can be declined with the following diagram:


When the Microsoft Office 365 suite is at the center of your risk assessment evaluations, you should understand how the several security and compliance controls are layered over the stack from the endpoint to the cloud applications inside Office 365.

The key infrastructure security solutions in the middle of this stack at layer 3 are represented by the Microsoft Enterprise Mobility and Security (EMS) solutions: a fundamental note is these are able to secure even non-Microsoft applications (3rd party web applications in the cloud and on-premises) and to protect data processed by non-Microsoft devices (iOS and Android devices as well), as I’ll show you better in a future blog post of this series where I’ll go deep in the several solutions layers (Identity, Information and Threat Protection).

Where we consider the Windows PC as the main device to enable this secure productivity environment, you may note from the green square box in the picture how Microsoft has been able to build a commercial bundle to help customers to acquire the full set of licenses and related security and compliance features to secure the full end-to-end stack from the device to the cloud productivity suite: Microsoft 365 !

The following picture adds just a bit of licensing detail: every product suite inside Microsoft 365 Enterprise is offered in two flavors, the Enterprise E3 or E5, and the size of the relative boxes is there to suggest how they broaden the spectrum of coverage over the main Identity, Information and Threat Protection solutions areas.


Hoping these diagrams are quite clear, I can now use them to make an example to demonstrate the Microsoft strategy behind the Microsoft 365 Security platform to offer a layered incremental feature set depending on the component and the licensing level of choice.

Example: Multi-Factor Authentication (MFA) capabilities.

Just to catch even the interest of novice readers not so expert about security, let me remind that MFA is the technology solution that adds a second authentication factor to prove the real identity of the user after the less secure first one (the password), as maybe everyone experiments when making disposition actions in their internet banking web application.


As you can see from the light green boxes from the Office 365 E3, to the EMS E3 layer and ending on the EMS E5 layer, there are 3 incremental solutions that offer MFA capabilities over the platform:

  • The MFA features inside Office 365 E3 are not so granular: think about them as a big power supply handle to switch on/off MFA for all Office 365 applications (and only for them!) and for all user/group without any ability to selectively choose which application/user/group should benefit from it.
  • Azure MFA inside Azure AD Premium P1 plan is the complete MFA feature set to gain granularity to specify which application (even a not Microsoft one!) and which user/group should benefit from it. The only “limitation” with regards to the following solution is related to the static setting nature of these capabilities.
  • The best of breed MFA capabilities offered in the Microsoft 365 security platform are represented by the ability of Azure AD Identity Protection to offer MFA as one of the dynamic and automatic remediation actions where the Azure AD solution, powered by machine learning and artificial intelligence analysis of the authentication logs at sign-in, may rate at high risk a specific user/session combination. This is the most powerful and with the best user experience way to harden the access to Azure AD protected applications (Microsoft and not).

This incremental progression I’ve just shared represents the Microsoft strategy behind the different types of security and compliance solution in the platform: the more you need security feature richness, 3rd party application protection, automation of protection, and the empowering by machine learning and artificial intelligence, the more you need to move towards EMS and specifically to the best M365 E5 plan.

Now at this point I hope you may be eager to know which are the specific security and compliance solutions included in this Microsoft 365 Security platform…

…I’ll be glad to give you this view in the next blog post, stay tuned!

Ciao

Feliciano