Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Microsoft 365 Security and Compliance for Administrators
Microsoft 365 Security and Compliance for Administrators

Microsoft 365 Security and Compliance for Administrators: A definitive guide to planning, implementing, and maintaining Microsoft 365 security posture

Arrow left icon
Profile Icon Sasha Kranjac Profile Icon Omar Kudović
Arrow right icon
zł59.99 zł161.99
Full star icon Full star icon Full star icon Full star icon Full star icon 5 (8 Ratings)
eBook Mar 2024 432 pages 1st Edition
eBook
zł59.99 zł161.99
Paperback
zł201.99
Subscription
Free Trial
Arrow left icon
Profile Icon Sasha Kranjac Profile Icon Omar Kudović
Arrow right icon
zł59.99 zł161.99
Full star icon Full star icon Full star icon Full star icon Full star icon 5 (8 Ratings)
eBook Mar 2024 432 pages 1st Edition
eBook
zł59.99 zł161.99
Paperback
zł201.99
Subscription
Free Trial
eBook
zł59.99 zł161.99
Paperback
zł201.99
Subscription
Free Trial

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Table of content icon View table of contents Preview book icon Preview Book

Microsoft 365 Security and Compliance for Administrators

Getting Started with Microsoft 365 Security and Compliance

Microsoft 365 is a subscription-based service from Microsoft that provides users with a suite of applications and services for productivity, collaboration, and communication, helping businesses and individuals work more efficiently. It includes popular software such as Microsoft Word, Excel, PowerPoint, and Outlook, as well as cloud-based services such as OneDrive and SharePoint.

In this chapter, we are going to cover the following main topics:

  • Introduction to Microsoft 365 offers, plans, and licenses
  • Introduction to Microsoft 365 security
  • Introduction to Microsoft 365 compliance

In this chapter, readers will learn what Microsoft 365 is and its capabilities and products, plans, and offers. Additionally, you will learn about Microsoft 365 security, Microsoft 365 Defender, and related security products. Finally, we will conclude this chapter by introducing Microsoft 365’s comprehensive compliance features.

Technical requirements

Microsoft 365 is a subscription-based service and, to try and experience the functionality of each product and service, a user must have an appropriate license. It does not matter whether a user has a trial license, or they have a “regular” or paid license – as long as they have a license assigned, they can enjoy the proper product.

Introduction to Microsoft 365 offers, plans, and licenses

More than a decade ago, Microsoft introduced Office 365, a software as a service (SaaS) offering, as a natural evolution from the very popular business productivity suite. The suite, or the bundle, consisted of core productivity desktop-based applications such as Outlook, Word, Excel, PowerPoint, OneNote, and Access, including server-based services such as SharePoint, Exchange, and Skype for Business.

It became obvious that productivity encompasses and needs more than just productivity tools. That led to a logical move by Microsoft to include more essential products and services and bring together Windows and Enterprise Mobility + Security (EM+S) to form Microsoft 365.

Microsoft 365 is a name for Microsoft’s cloud-based service, that is, a collection of cloud-based services with common denominators including enhanced user productivity, efficient collaboration, and communication, while keeping data and devices secure wherever they are, whether that be in the office, at home, or on the go.

One of the main benefits of Microsoft 365 is that it allows users to access their files and applications from anywhere on any device. This is made possible through the integration of cloud-based services such as OneDrive, which allows users to store and share files online. This means that users can access their files from a desktop computer, laptop, tablet, or smartphone, as long as they have an internet connection.

Another benefit of Microsoft 365 is the ability to collaborate and communicate with others in real-time. Applications such as SharePoint and Teams allow users to share and co-author documents, as well as participate in virtual meetings and chat with their colleagues. This makes it easy for teams to work together, regardless of their physical location.

In addition to the productivity and collaboration features, Microsoft 365 also includes security and compliance tools to help protect users’ data and ensure compliance with regulatory requirements. For example, it uses machine learning and behavioral analysis to detect and block malicious emails, links, and files, and can also help to identify and respond to security threats in near real-time. Among many features that Microsoft 365 offers is Data Loss Prevention (DLP), which helps to prevent sensitive data from being shared or leaked. DLP is just one of the numerous Microsoft 365 security features; we will take a closer look and learn more about them later in the book.

In terms of compliance, Microsoft 365 includes several features to help organizations meet regulatory requirements. For example, it includes eDiscovery, which allows administrators to search for and export data from email, SharePoint, and Teams to comply with legal and regulatory requests. Additionally, it also includes retention and archiving capabilities, which allow organizations to retain and archive data for compliance purposes.

In general, Microsoft 365 is a comprehensive solution for businesses and individuals looking to increase their productivity, collaboration, and communication while also ensuring the security of their data. With its range of applications and services, it provides users with everything they need to work effectively, whether they are in the office or working remotely.

As a subscription-based service, Microsoft 365 offers subscription plans and bundles tailored for personal use, small businesses, enterprises, schools, educational and governmental users, and more.

While classic Office applications such as Word, Excel, Outlook, and PowerPoint are available as a one-time purchase via Office Home & Business 2021 or Office Home & Student 2021, these do not include some popular capabilities and products such as cloud storage or Microsoft Teams.

Microsoft 365 plans and components

There are four fundamental Microsoft 365 plans groups, each containing two or more Microsoft 365 plans:

  • Microsoft 365 For Home plans: These include the following plans:
    • Microsoft 365 Family
    • Microsoft 365 Personal
    • Office Home & Business 2021
    • Office Home & Home 2021
  • Microsoft 365 For Small and Medium Businesses plans: These include the following plans:
    • Microsoft 365 Business Basic
    • Microsoft 365 Business Standard
    • Microsoft 365 Business Premium
    • Microsoft 365 Apps for Business
  • Microsoft 365 For Enterprise plans: These include the following plans:
    • Microsoft 365 E3
    • Microsoft 365 E5
    • Microsoft 365 Apps for Enterprise
  • Microsoft 365 For Frontline Workers plans: These include the following plans:
    • Microsoft 365 F1
    • Microsoft 365 F3
    • Microsoft 365 F5

Other Microsoft 365 and Office 365 offers include plans specifically suited for governments, education (academic institutions), nonprofit organizations, the US government, and 21Vianet-operated areas (China).

Microsoft 365 is comprised of three components, and each component has its own tier, such as E3, F3, or A3, with different capabilities included:

  • Office 365: This includes a cloud-based suite of productivity applications and services, information protection capabilities such as message encryption, rights management, and data loss prevention for files and email messages; compliance capabilities such as mailbox litigation hold and eDiscovery; and data analytics with powerful visualization
  • Windows Enterprise: This includes advanced features aimed and designed specifically for larger organizations and enterprises, such as operating system deployment and update control, device and application management capabilities, universal print, Microsoft Defender for Endpoint, and advanced protection against security threats
  • EM+S: This is a mobility management and security platform that includes advanced identity and access management, endpoint management, information protection capabilities, and advanced identity-related security enhancements

Microsoft 365 comprises many products and features, such as the web, mobile, and desktop versions of Word, Excel, PowerPoint, and Outlook, advanced security, tools to create personalized documents, cyber threat protection, and access and data control features. Depending on organizational size, Microsoft has gathered and included a variety of products in different product packages, or plans, and we will introduce the most important and most prevalent ones.

Products and features

While products included in Microsoft 365 plans have many features, we have put an emphasis on security and compliance capabilities. That means we deliberately have not included tables and descriptions of all features, with the intention of preserving readability, decluttering the book content, and focusing on security and compliance-related products.

Microsoft 365 for small and medium-sized businesses

Microsoft 365 Business plans are specifically adapted to the needs of small and medium businesses, for up to 300 users. If your organization has a need to license more than 300 users, you need to consider using Microsoft 365 Enterprise licenses.

The following table shows you the security and compliance capabilities and features of Microsoft 365 user subscription suites for small and medium-sized businesses:

Microsoft 365 Suites for Small and Medium-Sized Businesses

Basic

Standard

Premium

Threat Protection

Microsoft Defender for Business

Microsoft Defender Exploit Guard

Microsoft Defender Credential Guard

BitLocker and BitLocker To Go

Windows Information Protection

Microsoft Defender for Office 365 Plan 1

Identity and Access Management

Microsoft Entra ID 1

User provisioning

Cloud user self-service password change

Cloud user self-service password reset

Hybrid user self-service password change/reset with on-premises write-back

Conditional Access

On-premises Active Directory sync for single sign-on (SSO)

Windows Hello for Business

Cloud Access Security Broker

Microsoft Defender for Cloud Apps Discovery

Information Protection

Azure Information Protection

Plan 1

Manual, default, and mandatory sensitivity labeling in Office 365

Manual labeling with the AIP app and plugin

Data Loss Prevention (DLP) for emails and files

Basic Message Encryption

Data Lifecycle Management

Manual retention labels

Basic org-wide or location-wide retention policies

Teams message retention policies

eDiscovery and Auditing

Content Search

Litigation Hold

Audit (Standard)

Security and Compliance

Microsoft 365 Information Protection and Governance

+1

+1

+

Microsoft 365 E5 Insider Risk Management

+

+

+

Microsoft 365 E5 eDiscovery and Audit

+

+

+

Microsoft Defender for Business

+

+

Microsoft Defender for Business servers add-ons for Microsoft Defender for Business

+5

+5

+5

Microsoft Defender for Identity

+

+

+

Microsoft Defender for Office 365 Plan 1

+

+

Microsoft Defender for Office 365 Plan 2

+

+

+

Microsoft Defender for Cloud Apps

+

+

+

App governance add-on for Microsoft Defender for Cloud Apps

+2

+2

+2

Microsoft Defender for Endpoint Plan 1

+

+

+

Microsoft Defender for Endpoint Plan 2

+

+

+

Premium Assessments add-on for Compliance Manager3

+

+

+

Microsoft Entra ID 1

+

+

Microsoft Entra ID 2

+

+

+

Microsoft Intune Plan 1

+

+

Microsoft Intune Plan 2

+4

+4

+

Microsoft Intune Suite

+4

+4

+

Microsoft Intune Remote Help

+4

+4

+

Microsoft Purview Data Loss Prevention (for email and files)

+

+

Exchange Archiving

+

+

Table 1.1 – Microsoft 365 Suites for small and medium-sized businesses

For the current list of features in Microsoft 365 Business plans, see the following page: https://www.microsoft.com/en/microsoft-365/business/compare-all-microsoft-365-business-products-d?market=af

Here is what the different symbols in the table mean:

Microsoft 365 for Enterprise plans represent a suite of products bundled and tailored specifically for the enterprise market, with some unique capabilities relevant to organizations with a larger employee base.

Microsoft 365 for enterprise

Microsoft 365 for Enterprise suites contain solutions and products designed for and targeted primarily at large organizations, although small businesses or medium-sized businesses can take advantage of these more advanced security, compliance, and productivity solutions as well.

Local and productivity services include content and productivity applications such as Microsoft 365 Apps for Enterprise with enterprise deployment and update options, Exchange Online, SharePoint Online, Skype for Business, Microsoft Teams, and Yammer, including simplified and advanced deployment, management, and servicing options such as Windows Enterprise deployment with an upgrade in place and Autopilot, plus auto-enrollment of Windows PCs and devices.

Security options comprise possibilities that span operating systems, device management, and advanced security services and include identity and access management, information protection, threat protection, and security management products and features such as Microsoft Defender for Office 365, SharePoint and Exchange Online access policies, Azure Information Protection (AIP), Microsoft 365 DLP policies, Microsoft Defender for Endpoint, Windows Hello for Business, Windows Information Protection (WIP), Microsoft Intune, device-based Conditional Access policies, Microsoft Entra ID Privileged Identity Management (PIM), Advanced Threat Analytics (ATA), Microsoft Defender for Identity, and Microsoft Cloud App Security Azure Multi-Factor Authentication.

Note

Microsoft stopped developing WIP from July 2022. WIP will still work on the Windows versions that support it, but it will not get any new features or updates. Future Windows versions will not have WIP. Microsoft suggests that you use Microsoft Purview Information Protection and Microsoft Purview Data Loss Prevention for your data protection needs. Purview makes it easier to set up and offers more advanced capabilities.

When customers and information technology professionals think about Microsoft 365 Enterprise plans, they usually refer to two major plans:

  • Microsoft 365 E3
  • Microsoft 365 E5

Though there are, of course, more than two Microsoft 365 plans, some that even Microsoft sometimes likes to classify as plans with Enterprise-like features:

  • Microsoft 365 F1
  • Microsoft 365 F3
  • Microsoft 365 F5

For Microsoft 365 Enterprise plans customers, several add-ons are available:

  • Identity & Threat Protection
  • Information Protection & Governance
  • Compliance
  • Insider Risk Management
  • eDiscovery & Audit
  • Security

Companies who want to bring their security posture to a higher level can decide to invest in EM+S suites, which include advanced identity and access management, endpoint management, and information protection products.

Conveniently, the following tables compare Microsoft 365 E3, E5, E5 Security, and E5 Compliance plans along with EM+S E3 and E5 plans and show their characteristics.

The following table shows the comprehensive information protection, data loss prevention, and threat protection capabilities in Microsoft 365, including a list of numerous products carrying the Microsoft Defender name:

Microsoft 365

Enterprise Mobility + Security

E3

E5

E5 Security1

E5 Compliance1

E3

E5

Information Protection

Azure Information Protection Plan 1

Azure Information Protection Plan 2

Manual, default, and mandatory sensitivity labeling in Microsoft 365 apps

Automatic sensitivity labeling in Microsoft 365 apps

Manual labeling with the AIP app and plugin

Automatic labeling in the AIP plugin

Default sensitivity labels for SharePoint document libraries

Automatic sensitivity labels in Exchange, SharePoint, and OneDrive

Sensitivity labels based on machine learning/trainable classifiers/exact data match

Sensitivity labels for containers in Microsoft 365

Basic message encryption

•2

•2

Advanced message encryption

•2

Customer Key

Personal Data Encryption

Data Loss Prevention (DLP)

DLP for emails and files

DLP for Teams chat

Endpoint DLP

Threat Protection

Microsoft Defender Antimalware

Microsoft Defender Firewall

Microsoft Defender Exploit Guard

Microsoft Defender Credential Guard

BitLocker and BitLocker To Go

Microsoft Defender for Endpoint Plan 1

Microsoft Defender for Endpoint Plan 2

Microsoft Defender for Identity

Microsoft Defender for Office 365 Plan 2

Microsoft Defender Application Guard for Edge

Microsoft Defender Application Guard for Office

Safe Documents

Cloud Access Security Broker

Microsoft Defender for Cloud Apps Discovery

Microsoft Defender for Cloud Apps

Office 365 Cloud App Security

Table 1.2 – Microsoft 365 plans Information Protection, DLP and Threat Protection features

This table shows the broad identity and access management, as well as endpoint and application management, capabilities available in Microsoft 365 suites:

Microsoft 365

Enterprise Mobility + Security

E3

E5

E5 Security1

E5 Compliance1

E3

E5

Identity and Access Management

Microsoft Entra ID P1

Microsoft Entra ID P2

User provisioning

Cloud user self-service password change

Cloud user self-service password reset

Hybrid user self-service password change/reset with on-premises write-back

Advanced security reports

Multifactor authentication

Conditional Access

Risk-based Conditional Access/Identity Protection

PIM

Access reviews

Entitlement management

Microsoft 365 Groups

On-premises Active Directory sync for SSO

DirectAccess supported

Windows Hello for Business

Microsoft ATA

Endpoint and Application Management

Microsoft Intune Plan 1

Mobile Device Management

Mobile Application Management

Windows Autopilot

3

3

Group Policy support

Cloud Policy service for Microsoft 365

Shared computer activation for Microsoft 365 apps

Endpoint analytics

Cortana management

Table 1.3 – Microsoft 365 plans IAM, and Endpoint and Application Management features

Thorough insider risk management, governance, and records management, together with discovery and auditing features in Microsoft 365 are listed in the following table:

Microsoft 365

Enterprise Mobility + Security

E3

E5

E5 Security1

E5 Compliance1

E3

E5

Data Lifecycle Management

Manual retention labels

Basic org-wide or location-wide retention labels

Rule-based automatic retention policies

Machine learning-based retention

Teams message retention policies

Records management

eDiscovery and Auditing

Content search

eDiscovery (Standard) (including Hold and Export)

Litigation hold

eDiscovery (Premium)

Audit (Standard)

Audit (Premium)

Insider Risk Management

Microsoft Purview Insider Risk Management

Communication Compliance

Information Barriers

Customer Lockbox

Privileged access management

Table 1.4 – Microsoft 365 plans DLM, eDiscovery, and IRM features

Here is what the different symbols in the table mean:

  • • = Included in the plan
  • 1 - Requires Microsoft 365 E3 (or Office 365 E3 and EM+S E3)
  • 2 - Does not include an Exchange email service
  • 3 – Does not include a Windows license

Along with product and feature placement into suites and plans, it is important to know that if you have already purchased a plan license, there is a possibility to acquire a license for a product or a feature as a separate license. That way, flexible options exist to tailor and adjust licensing options and product licensing tightly to your company’s requirements and needs. Additionally, licensing is available as a monthly subscription, as well as a yearly commitment, enabling you to save additional costs.

Microsoft 365 add-ons

Microsoft 365 plans include additional options as add-ons, where this table displays add-on subscriptions for E3 and E5 plans:

Microsoft 365 Add-On Subscriptions

E3

E5

Microsoft 365 E5 Security

+

Microsoft 365 E5 Compliance

+

Microsoft 365 E5 Information Protection and Governance

+

Microsoft 365 E5 Insider Risk Management

+

Forensic evidence add-on for Insider Risk Management

N/A

Microsoft 365 E5 eDiscovery and Audit

+

Microsoft Defender for Identity

+

Microsoft Defender for Office 365 Plan 1

+

Microsoft Defender for Office 365 Plan 2

+

Microsoft Defender for Cloud Apps

+

App governance add-on for Microsoft Defender for Cloud Apps

+1

+

Microsoft Defender for Endpoint Plan 1

Microsoft Defender for Endpoint Plan 2

+

Microsoft Defender Vulnerability Management

+2

+

Premium Assessments add-on for Compliance Manager3

+

+

Priva Privacy Risk Management

+

+

Priva Subject Rights Requests

+

+

Compliance Program for Microsoft Cloud

+

+

Microsoft Purview Data Loss Prevention (for email and files)

Exchange Archiving

Microsoft Entra ID P1

Microsoft Entra ID P2

+

Microsoft Intune Plan 1

Microsoft Intune Plan 2

+

+

Microsoft Intune Suite

+

+

Microsoft Intune Remote Help

+

+

10-year audit log retention

N/A

+

Table 1.5 – Add ons for Microsoft 365 E3 and E5 plans

Here is what the different symbols in the table mean:

Microsoft has provided flexible licensing options and plans tailored to a variety of business, academic, and not-for-profit users, as well as individual licensing options. However, you should always check the current plans, products, features, characteristics, and prices whenever considering purchasing licenses for plans and products.

Microsoft 365 and Office 365 service descriptions

For an up-to-date and very detailed overview of Microsoft 365 and Office 365 service descriptions, please visit the official Microsoft page at https://learn.microsoft.com/en-us/office365/servicedescriptions/office-365-service-descriptions-technet-library.

Microsoft 365 licensing

Microsoft 365 is licensed on a User Subscription License (USL) principle, where each user that accesses Microsoft 365 services and/or software requires a license or a USL. If you meet the prerequisites for a plan, you can use any combination of Microsoft 365 plans.

Licensing Program is the name of a channel through which you can purchase Microsoft 365 licenses, and there are several Licensing Programs where you can obtain a license. One way is through Microsoft Volume Licensing (VL) where several options are available for commercial customers:

  • Enterprise Agreement (EA)
  • Enterprise Agreement Subscription (EAS)
  • Microsoft Products and Services Agreement (MPSA): This is for commercial and government customers

Additional channels, for customers with cloud-only deployments, Microsoft 365 is also available via the following services:

  • Cloud Solution Provider (CSP) program
  • Microsoft Online Subscription Program (MOSP/Web Direct)

Microsoft 365 F1/F3 and E3/E5 are available through the Enterprise Enrollment or Enterprise Subscription Enrollment as a full user subscription license. Microsoft 365 E3/E5 is also available as an add-on license, or a “From SA” USL. (SA stands for Software Assurance)

Here is the comparison table for different licensing options:

License

Who the license is for

Can be ordered

Microsoft 365 Full USL

New Enterprise Agreement/Enterprise Agreement subscription customers

Existing Enterprise Agreement/Enterprise Agreement subscription customers who are in one of two positions:

Customers who are not currently licensed

Customers who want to license net new users

Mid-term

Anniversary

Renewal

Microsoft 365 Add-on

Existing Enterprise Agreement/Enterprise Agreement subscription customers who are in one of the following positions:

Customers who are currently paying for Licenses and Software Assurance (L+SA)

Customers who want to license some or all existing users for the enterprise platform

Customers who want to maintain on-premises use rights

Mid-term

Anniversary

Renewal

Microsoft 365 “From SA”

US

Existing Enterprise Agreement/Enterprise Agreement subscription customers who are in one of the following positions:

Customers who have fully paid licenses

Customers who are currently paying for Software Assurance only

Customers who want to license existing users

Anniversary

Renewal (recommended)

Table 1.6 - Comparing different licensing options

Microsoft 365 users are entitled to on-premises rights to Productivity Servers and Office Professional Plus when purchasing through EA/EAS enrollment, but not when purchasing through Microsoft Customer Agreement or Web Direct, on the following terms:

  • While it is not a license entitlement, users have a right to install and use server and client software for the duration of the subscription; that is, they have the rights to access any licensed on-premises servers.
  • Users have the rights to install the server software on on-premises servers. Downgrade rights are included.
  • Rights to install Exchange Server, SharePoint Server, Skype for Business Server.
  • On-premises rights do not include Software Assurance benefits and are not license rights.

The Productivity Server right includes the following features:

  • Unlimited server installs
  • Access rights are granted exclusively to Microsoft 365 Enterprise users
  • Customer-dedicated hardware server deployments only
  • No rights to deploy in multi-tenant cloud scenarios

Office Professional Plus includes the following features:

  • One copy for local installation per duration of Microsoft 365 subscription
  • The rights to Full User Subscription License (FUSL) users, up to a 1:1 ratio of “From SA” USLs purchased Downgrade rights are included for Office Professional Plus software
  • No rights to deploy clients on servers with RDS

Note

Microsoft 365 E3 and E5 USL license a user for access to Windows Server but do not include a license for the Windows Server product itself.

After reviewing licensing and product options for a variety of Microsoft 365 plans, products, and features, we are now ready to explore products in Microsoft 365 related to security, protection, and governance.

Introduction to Microsoft 365 security

Microsoft 365 is a comprehensive service, spanning diverse productivity, collaboration, and communication spheres, along with wide identities, devices, and data areas that need equally comprehensive and diverse protection against malicious actors and increasingly sophisticated attacks. Obviously, such a service that spans vast endpoints, identity, and application areas cannot be protected by one product, but by using multiple specialized products and solutions.

Moreover, all these products and components need to communicate and exchange information and signals to provide complete protection across all protected points.

Microsoft 365 Defender is an integrated enterprise protection collection of solutions and products that provides protection across all areas, assessing threat signals from multiple sources or products:

  • Microsoft Defender for Office 365
  • Microsoft Defender for Endpoint
  • Microsoft Defender for Identity
  • Microsoft Defender for Cloud Apps
  • Microsoft Defender Vulnerability Management
  • Microsoft Entra ID Protection
  • Microsoft Data Loss Prevention
  • Application Governance

Most Microsoft 365 security products and features have their place under one roof – the Microsoft 365 Defender portal, available at https://security.microsoft.com. Of course, there are many places that other security-related products can call their home, but lately, this is becoming a go-to place for managing and overseeing security from one unified roof. For example, Microsoft Defender for Cloud Apps is undergoing a transition from its dedicated home portal to a unified Microsoft 365 Defender portal. Other products have their dedicated portals, such as the Entra family of products, for example. The following figure is a screenshot of the Microsoft 365 Defender portal, showing some of the dashboards and menu options available:

Figure 1.1 – Microsoft 365 Defender Portal

Figure 1.1 – Microsoft 365 Defender Portal

Microsoft Defender for Office 365 provides protection to email messages, links (URLs), and attachments across collaboration tools such as Teams, Outlook, and SharePoint. Some important protection features include the following:

  • Threat protection policies involve defining policies that establish a suitable level of protection for your organization.
  • Reports can be accessed to monitor the performance of Microsoft Defender for Office 365 in real time
  • Utilize advanced tools to investigate, comprehend, simulate, and proactively prevent threats, enhancing your threat investigation and response capabilities
  • Efficiently save time and resources by employing automated investigation and response (AIR) capabilities to investigate and mitigate threats

Microsoft Defender for Office 365 has two plans, where Microsoft Defender for Office 365 Plan 1 includes the following features:

  • Safe Attachments: This checks email attachments and provides protection against malicious content
  • Safe Links: This proactively scans for malicious links in messages and documents, allowing safe links, but blocking malicious links
  • Safe Attachments for SharePoint, OneDrive, and Microsoft Teams: This identifies and blocks malicious files in team sites and document libraries
  • Anti-phishing protection: This detects and protects user impersonation attempts
  • Real-time detections: This monitoring capability includes a real-time report that allows you to identify, analyze, and prioritize threats

Including all essential protection features in Plan 1, Microsoft Defender for Office 365 Plan 2 introduces more protection tools:

  • Threat Trackers: This provides cybersecurity intelligence issues that allow you to take proactive, timely countermeasures before threats occur.
  • Threat Explorer: A real-time report that allows users to identify and analyze recent threats.
  • AIR: This enables users to initiate automated investigation processes in response to existing, recognized threats. By automating specific investigation tasks, security operations teams can enhance their efficiency and effectiveness. Remedial actions, such as deleting malicious email messages, can be completed upon approval from a security operations team.
  • Attack simulation training: Enables the execution of authentic attack scenarios within your organization to identify vulnerabilities. These simulations assess the effectiveness of your security policies and practices while also providing training opportunities for security professionals.
  • Advanced hunting: This proactively hunts for threats using a Kusto Query Language (KQL)-based threat hunting tool.
  • Microsoft 365 Defender integration: This efficiently detects, examines, and responds to incidents and alerts.

Microsoft Defender for Endpoint provides an endpoint platform for threat protection, detection, prevention, protection, automated investigation, and response. Microsoft Defender for Endpoint P1 Plan includes the following features:

  • Unified security tools and centralized management
  • Next-generation antimalware
  • Attack surface reduction rules
  • Device control (such as USB)
  • Endpoint firewall
  • Network protection
  • Web control / category-based URL blocking
  • Device-based Conditional Access
  • Controlled folder access
  • APIs, SIEM connector, custom threat intelligence
  • Application control

Microsoft Defender for Endpoint P2 Plan contains all capabilities in Plan 1, including these features:

  • Endpoint detection and response
  • Automated investigation and remediation
  • Threat and vulnerability management
  • Threat intelligence (threat analytics)
  • Sandbox (deep analysis)
  • Microsoft Defender Experts

Microsoft Defender for Identity protects on-premises identities using cloud-based intelligence. It monitors and analyzes user behavior and activities to create a baseline for a user, and identifies suspicious identity-related activities, which helps prevent attacks.

Microsoft Defender for Cloud Apps is a cloud access security broker (CASB), a SasS cloud application protection solution that performs cloud app discovery, discovers and controls the use of shadow IT, protects against anomalous behavior across cloud apps, and assesses cloud apps’ compliance.

Microsoft Defender Vulnerability Management is a solution to identify, assess, remediate, and track vulnerabilities across critical assets, through three main ways:

  • Continuous asset discovery and monitoring: This includes the following features:
    • Security baselines assessment
    • Visibility into software and vulnerabilities
    • Network share assessment
    • Authenticated scan for Windows
    • Threat analytics and event timelines
    • Browser extensions assessment
    • Digital certificates assessment
    • Hardware and firmware assessment
  • Risk-based intelligent prioritization: This emphasizes the following points:
    • Focus on emerging threats
    • Pinpoints active breaches
    • Protects high-value assets
  • Remediation and tracking: This consists of the following actions:
    • Remediation requests sent to IT
    • Block vulnerable applications
    • Alternate mitigations
    • Real-time remediation status

Microsoft Entra ID Protection examines and assesses trillions of signals gathered daily with Microsoft Entra ID, Microsoft accounts, and from Xbox, to detect and remediate identity-based risks, ultimately securing access through policy enforcement.

Application Governance is a Defender for Cloud Apps governance add-on feature that enables you to get visibility into how OAuth-enabled applications and their users handle sensitive data in Microsoft 365.

We have briefly described the main Microsoft 365 security features and products, mainly the ones that we will talk about more deeply and thoroughly in the next chapters. Now is the time to briefly look at Microsoft 365 compliance products and capabilities, primarily the ones that we will discuss in this book.

Introduction to Microsoft 365 compliance

Microsoft provides a range of robust compliance and data governance solutions to assist organizations in effectively handling risks, safeguarding, governing sensitive data, and meeting regulatory obligations.

Microsoft 365 has thorough compliance and data governance solutions to protect valuable data across multiple clouds, applications, and endpoints while being able to detect and address significant risks within small and medium businesses and large enterprises. With these tools, compliance professionals are able to examine and address legal obligations using pertinent data, as well as evaluate compliance and address regulatory requirements.

The Microsoft Purview compliance portal is a central place for all compliance tools and organizational needs. It is available to users with one of the following roles: Global Administrator, Compliance Administrator, and Compliance Data Administrator:

Figure 1.2 – Microsoft Purview compliance portal

Figure 1.2 – Microsoft Purview compliance portal

Microsoft Purview is now the common prefix for Microsoft 365 compliance and risk management solutions, for protecting and governing sensitive data and addressing regulatory standards requirements.

Microsoft Purview Data Loss Prevention is a solution that detects and prevents sensitive organizational data loss via DLP policies across multiple locations, using deep content analysis:

  • Teams, Exchange, SharePoint, and OneDrive accounts and other Microsoft 365 services
  • Office applications such as Word, Excel, and PowerPoint
  • Windows 10, Windows 11, and macOS (three latest released versions) endpoints
  • Non-Microsoft cloud apps
  • On-premises file shares and on-premises SharePoint libraries
  • Power BI

Microsoft Purview Information Protection is an all-inclusive solution that enables organizations to do the following things:

  • Know their data or understand the data landscape, identify sensitive information types using trainable classifiers, custom regular expressions, or functions, and gain data classification information
  • Protect organizational data by applying sensitivity labels automatically, encrypting data end email messages, applying access restrictions, and using Customer Key
  • Prevent data loss through detecting risky behavior that is extended to endpoints and extend DLP monitoring on-premises and Teams
  • Govern data via automatic actions

Microsoft Purview has numerous components and features used for governance and compliance. Here, we have introduced and described some of the most important parts:

  • Data Lifecycle Management enables customers to retain content using event-based retention, for example, when employees are leaving the company, when their contract expires, or when the retention is tight to a product lifetime.
  • Message Encryption: By utilizing Advanced Message Encryption in Office 365, customers can effectively fulfill compliance requirements that necessitate enhanced control over external recipients and their ability to access encrypted emails. This feature empowers users to regulate sensitive emails shared outside the organization through automated policies, while also providing the capability to track these activities via access logs in the encrypted message portal.
  • Communication Compliance: Microsoft Purview Communication Compliance is a solution designed to mitigate communication risks originating from within your organization. It assists in identifying, capturing, and taking action on potentially inappropriate messages, enabling compliance personnel to proactively address any concerning communication incidents.
  • Customer Lockbox: With Customer Lockbox, you retain full control over your content, as Microsoft is unable to access it for service operations without your explicit consent. It involves you in the approval workflow utilized by Microsoft to guarantee that only authorized requests grant access to your content.
  • Microsoft Purview Audit: The audit feature within Microsoft Purview offers organizations enhanced visibility into a wide range of audited activities across various Microsoft 365 services. The audit functionality allows for comprehensive monitoring and tracking of different types of activities within the organization.
  • Compliance Manager: Microsoft Purview Compliance Manager is a component within the compliance portal of Microsoft Purview that assists in automating the evaluation and oversight of compliance throughout your multi-cloud environment, enabling you to efficiently assess and manage compliance requirements across multiple cloud platforms.
  • Customer Key: This helps you meet regulatory or compliance obligations for controlling root keys and provides extra protection against accessing data by unauthorized parties.
  • Insider Risk Management: Microsoft Purview Insider Risk Management is a compliance solution designed to mitigate internal risks by empowering you to identify, investigate, and take appropriate action against both malicious and unintentional activities occurring within your organization, aiding in proactively addressing potential threats originating from within the organization.
  • Information Barriers: To establish necessary restrictions to prevent unauthorized or undesired interactions within your organization, Microsoft Purview Information Barriers (IB) is a compliance solution that provides the capability to limit bidirectional communication and collaboration between groups and individual users.
  • eDiscovery: The eDiscovery feature presents a comprehensive workflow that covers the entire process of preserving, collecting, analyzing, reviewing, and exporting relevant content for internal and external investigations conducted by your organization. Furthermore, it provides legal teams with the ability to effectively manage the complete workflow for legal hold notifications and communication with custodians involved in a case.

Summary

This chapter covered Microsoft 365 offers, plans, and their component products, as well as licensing options for various components. Although anyone and any business can purchase any licenses available, it is important to know which plans and products are available on the market, and what is the most suitable and beneficial Microsoft 365 plan and add-on option for you, without breaking the bank and compromising on productivity or security capabilities. After introducing and describing Microsoft 365 security and compliance products, we are now ready to dive deeper into a fundamental part of any Microsoft-based cloud environment today – Microsoft Entra ID.

Left arrow icon Right arrow icon

Key benefits

  • Protect and defend your organization with the capabilities of the Microsoft 365 Defender family
  • Discover, classify, and safeguard sensitive organizational data against loss, leakage, and exposure
  • Collaborate securely while adhering to regulatory compliance and governance standards
  • Purchase of the print or Kindle book includes a free PDF eBook

Description

In today's hostile cyber landscape, securing data and complying with regulations is paramount for individuals, businesses, and organizations alike. Learn how Microsoft 365 Security and Compliance offers powerful tools to protect sensitive data and defend against evolving cyber threats with this comprehensive guide for administrators. Starting with an introduction to Microsoft 365 plans and essential compliance and security features, this book delves into the role of Azure Active Directory in Microsoft 365, laying the groundwork for a robust security framework. You’ll then advance to exploring the complete range of Microsoft 365 Defender security products, their coverage, and unique protection services to combat evolving threats. From threat mitigation strategies to governance and compliance best practices, you’ll gain invaluable insights into classifying and protecting data while mastering crucial data lifecycle capabilities in Microsoft 365. By the end of this book, you’ll be able to elevate the security and compliance posture of your organization significantly.

Who is this book for?

This book is for security professionals, security administrators, and security responders looking to increase their knowledge and technical depth when it comes to Microsoft 365 security and compliance solutions and features. However, anyone aiming to enhance their security and compliance posture within the Microsoft 365 environment will find this book useful. Familiarity with fundamental Microsoft 365 concepts and navigating and accessing portals, along with basic Microsoft 365 administration experience is assumed.

What you will learn

  • Maintain your Microsoft 365 security and compliance posture
  • Plan and implement security strategies
  • Manage data retention and lifecycle
  • Protect endpoints and respond to incidents manually and automatically
  • Implement, manage, and monitor security and compliance solutions
  • Leverage Microsoft Purview to address risk and compliance challenges
  • Understand Azure Active Directory's role in Microsoft 365 Security

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Mar 29, 2024
Length: 432 pages
Edition : 1st
Language : English
ISBN-13 : 9781837638864
Category :
Concepts :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Product Details

Publication date : Mar 29, 2024
Length: 432 pages
Edition : 1st
Language : English
ISBN-13 : 9781837638864
Category :
Concepts :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just zł20 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just zł20 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 605.97
Mastering Microsoft Intune
zł221.99
Microsoft Intune Cookbook
zł181.99
Microsoft 365 Security and Compliance for Administrators
zł201.99
Total 605.97 Stars icon

Table of Contents

16 Chapters
Part 1:Introduction to Microsoft 365 Chevron down icon Chevron up icon
Chapter 1: Getting Started with Microsoft 365 Security and Compliance Chevron down icon Chevron up icon
Chapter 2: The Role of Microsoft Entra ID in Microsoft 365 Security Chevron down icon Chevron up icon
Part 2: Microsoft 365 Security Chevron down icon Chevron up icon
Chapter 3: Microsoft Defender for Office 365 Chevron down icon Chevron up icon
Chapter 4: Microsoft Defender for Endpoint Chevron down icon Chevron up icon
Chapter 5: Getting Started with Microsoft Purview Chevron down icon Chevron up icon
Chapter 6: Microsoft Defender for Cloud Apps Chevron down icon Chevron up icon
Chapter 7: Microsoft Defender Vulnerability Management Chevron down icon Chevron up icon
Chapter 8: Microsoft Defender for Identity Chevron down icon Chevron up icon
Part 3: Microsoft 365 Governance and Compliance Chevron down icon Chevron up icon
Chapter 9: Microsoft Purview Insider Risk Management Chevron down icon Chevron up icon
Chapter 10: Microsoft Purview Information Protection Chevron down icon Chevron up icon
Chapter 11: Understanding the Lifecycle of Auditing and Records Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Full star icon 5
(8 Ratings)
5 star 100%
4 star 0%
3 star 0%
2 star 0%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by




Pablo Cepeda May 16, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Feefo Verified review Feefo
Artist Aug 22, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Microsoft 365 Security and Compliance for Administrators" appears to be a comprehensive and valuable resource for IT professionals tasked with managing and securing Microsoft 365 environments. The book covers a wide range of topics, from the fundamentals of Microsoft 365 and licensing to in-depth discussions on security features and compliance tools.The inclusion of practical examples and tutorials is a notable strength, as it allows readers to apply the concepts they learn directly to real-world scenarios. This hands-on approach can be particularly helpful for those who are new to Microsoft 365 or who want to deepen their existing knowledge.The book's focus on security and compliance is timely, given the increasing importance of these issues in today's business landscape. The authors' expertise in the field is evident throughout the book, and they offer valuable insights and best practices for safeguarding sensitive data and ensuring regulatory compliance.While the book's technical nature may be challenging for some readers, it is well-organized and written. The authors have done a commendable job of breaking down complex topics into manageable chunks, making the material accessible to a broad audience.Overall, "Microsoft 365 Security and Compliance for Administrators" is a highly informative and practical guide that can benefit anyone responsible for managing Microsoft 365 security and compliance. It is a valuable addition to the library of any IT professional working in this domain.
Amazon Verified review Amazon
Weary Deluge Aug 23, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
As a Security Engineer and Consultant specializing in Microsoft 365 Security, I found this book to be an exceptional resource.This book covers a tremendous amount of information in details, but navigates the complexities of the Microsoft 365 environment in a way that makes it easy for administrators and technicians to follow, effortlessly blending a strong expertise with the ability to clearly explain technical content to readers of all levels.For anyone who is responsible for M365 administration, security, or auditing, this book serves as both a comprehensive guide and a reference point. Beginners and seasoned admins alike, this book will serve you well. I highly recommend it to anyone looking to enhance their knowledge and expertise in Microsoft 365 Security and Compliance.
Amazon Verified review Amazon
Rajesh Oct 05, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
If you are looking to learn M365 and its security features and compliance you can give a try to this book where you will learnWhat is M365 security and why it can be a game changer for Eterprises?You will get a good knowladge about M365 security features and about its licesing plan.You will learn about the role of AAD (Entra ID) w.r.t Security. RBAC role, EntraID pricing and its plan and many more.This book will give you and good insight about M365 security features like MDE (Microsoft Defender for Endpoint) its feature, Advantages and configurations.App protection policy to secure enterprise applications across various platform.Reporting on MDE dashboardYou will also learn about MS Pureview, its features, Configuration and most important topic on DLP (Data Loss protection).This books give very good inshigt on M365 Governance model and its best practice, Information Protection. Auditing etc.Conclusion :- If you are a tech sevy and specially loves MS technology like Security and Compliance and want to start your hands on upgrading yourself on M365 security, this is a good book to start with which will give you super idea about M365 security and compliance in details.If you are familier with M365 and its products you are the right person to add additional security skills in your portfolio by reading this books.Thank you very much to the author of this book for putting hard effort in writting this book on M365 Security and Compliance.
Amazon Verified review Amazon
Jim Parsons Jun 19, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I've certified in both M365 security and compliance. However, the rapid pace with which Microsoft is evolving their cloud platforms means that my learning journey is constant and not a final destination. The book carves the Defender product in a way that will help anyone develop a strong security perimeter quickly. Learning the key capabilities and deployment techniques is essential. I've seen countless people set up M365 tenants and think they are safe because the put up the front and side walls, but then leave the back completely exposed. The Purview (part 3) section is critically important. My statement is that all roads lead to Purview. Your data has left the building, you need to protect your company data where it lives now. Setting up Information Protection, Data Loss Prevention, and Cloud Application Security are more important than I can convey in a blob. This book is a strong recommendation to help you on your way. Your business is your data. Learn how to protect it - or - go out of business when you lose it.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.