Securing Microsoft 365
by Joe Stocker
- Length: 178 pages
- Edition: 1
- Language: English
- Publisher: Publishing Xpert
- Publication Date: 2021-11-04
- ISBN-10: 1956630015
- ISBN-13: 9781956630015
- Sales Rank: #46341 (See Top 100 Books)
Learn how to defend against the top cybersecurity threats targeting Microsoft 365 including attacks on Identity, Email and Devices.
About the Author Introduction The Urgency of Security Chapter One – Securing the Identity in M365 Identity: The new security perimeter MFA Authentication Method #1: Text Message (SMS) MFA Authentication Method #2: Mobile App Push Notification MFA Authentication Method #3: Mobile App Verification Code MFA Authentication Method #4: Hardware tokens MFA Authentication Method #5: Passwordless Attack Simulator Local Administrator Password Solution (LAPS) Blocking Legacy Authentication MFA App Password Gotcha Redirecting oAuth for Administrator Approval Continuous Access Evaluation (CAE) Security Defaults Privileged Identity Management (PIM) Risk-Based Authentication Myth: Passwords are synced to the Cloud Network Session hijacking proxy theft MFA Authentication Method #6: IP Fencing Device-Based Authentication MFA Authentication Method #7: Intune Compliance MFA Authentication Method #8: Hybrid Domain Join MFA Authentication Method #9 Certificate-Based Authentication (CBA) Linux Considerations Zero Trust Identity Security Best Practices Licensing Azure AD Conditional Access Policy Design Naming Convention Combined Registration Migrate ADFS to Azure AD Chapter Two – Securing Email in M365 Email Security Fundamental #1 Block Dangerous Attachments by File Extension Email Security Fundamental #2 Email Authentication Records DKIM SPF TIPS DMARC Deployment Strategy DMARC Gotchas DMARC Monitoring Email Recon Script Email Security Fundamental #3 Exchange Transport Rules Rule 1 Block Executable Attachments Rule 2 Block Auto Forwarded Emails Rule 3 Block Password Protected attachments Rule 4 Block Encrypted Emails Rule 5 Block Hyperlinks with IP Addresses Rule 6 Quarantine DMARC Failures Rule 7 Set Disclaimers to Reject Rule 8 Block Open Redirect Email Security Fundamental #4 Blocking Redirects Best Practice Analyzer Tools for Email Security ORCA Configuration Analyzer Strict Security Policies Beyond the Basics Safe Attachments When configuring the Safe Attachment policy, you will notice Global settings in the top navigation. Safe Links Anti-Impersonation Mailbox Intelligence FIDO2 U2F Origin Binding Why Microsoft Defender for Office 365? Evaluating Microsoft Defender for Office 365 Message Header Forensics Phishing Simulation Security Awareness Training Office Message Encryption (Standard vs. Advanced Features) Chapter Three – Securing the Corporate Endpoint in M365 Why Enable Tamper Protection Steps to Block Manual Intune Unenrollment Enable Attack Surface Reduction Rules (ASR) Enable “Block at First Site” Enable MDE Sample sharing for all files Enable MDE Automatic Investigation and Remediation Enable EDR Block Mode Enable Network Protection Protecting against Drive-By Attacks with SmartScreen Web Browser Isolation Troubleshooting Tips Malicious Office Macros Hardware-based Isolation of Zero-Day Vulnerabilities in Microsoft Office Endpoint Manager Endpoint Security Testing Test Results Defender for Servers Deployment Antivirus Client Configuration Management Managing Exclusions Unified Installer Defender for iOS / Android Chapter Four - Securing BYOD in M365 Intune App Protection Policies for Personal Devices Azure AD Conditional Access Policies for Personal Devices Securing Personal Devices with Microsoft Cloud App Security access and session policies Securing Personal Devices with Azure Virtual Desktop or Cloud PC Securing Personal Devices with Azure AD Proxy Chapter Five – Detecting Anomalies in M365 Azure Identity Protection Unfamiliar Sign-In Suspicious Browser Atypical Travel Anomalous Token Token Issuer Anomaly (SAML Only) Microsoft Cloud App Security Azure Sentinel Microsoft Defender for Identity Insider Risk Management Chapter Six – Defending against Human Operated Ransomware in M365 Facts Microsoft Solutions for Ransomware: Recommendations Chapter Seven – Auditing M365 Reporting Advanced Audit License Mailbox Search Events SharePoint Search Events Alerting Audit Log Bypass PowerShell Modules Chapter Eight - Responding to a Security Event in M365 AIR Playbook Recovering from a privileged account takeover Chapter Nine – Security Operations in M365 Ninja Training Daily, Weekly, and Monthly Security Tasks Daily Tasks Weekly Task List Monthly Task List Metrics and KPI O365 SOC Operational References Chapter Ten – Build a Cyber Defense Lab Step 1 - Create your M365 lab environment Step 2 –Prepare a Workstation Step 3 – Configure Microsoft Endpoint Manager (Intune) Step 4 – Enroll your VM into Intune Getting Started Sign in to your Lab Lab 1 – Microsoft Zero Trust Security Defaults vs Conditional Access Policies Lab 2 – Email Security Block Executable Attachments Detonate Email Attachments Detonate Email Hyperlinks Block Impersonated Emails Email Security Best Practice Analyzer Advanced Transport Rules Lab 3 – Windows 10 Security Endpoint Detection and Response (EDR) Microsoft Defender Firewall Tamper Protection EDR Block Mode Block at First Sight Controlled Folder Access Attack Surface Reduction (ASR) Malicious Macros Network Protection Hunting for Threats GitHub Repo for additional hunting queries Appendix I Microsoft Security Baselines Appendix II Protecting Remote Access against Ransomware Threats Appendix III – Additional Zero Trust Policies for Production Environments Need Help? How you can help solve the Cybersecurity Staffing Problem
Donate to keep this site alive
To access the Link, solve the captcha.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.