Microsoft 365 Security Training 2018
So. What do you think Matt a. Green. Screen and this, is the future of corporate filmmaking, we've. Done some really amazing, things in the past you would an airplane hangar. And. We're gonna feed her last time. To. Kind of be in a studio feels like a letdown well if it makes you feel better this is the same green screen they used to make the movie 300 really. No. But. But how. About this we're gonna try a couple tests we'll just test it out we can try a few ideas I have that way we're not locked in and you just tell me what you think all. Right all, right all right you stay right here guys let's fire it up and do some tests. There's. Never been a greater time to be an IT and there's, never been a time when world-class, IT and, world-class, IT leadership, has been needed and, so we're excited to walk you through some of the things that we have been working on to, help you to empower your organization's, to achieve more you. Know as I travel, around the world and I get a chance to talk to all of you what, I hear is that the digital estate, that you're being asked, to manage and secure is, ever-increasing. You're, being asked to protect that data whether it's behind the firewall in the cloud and increasingly, as data, moves more and more out into the cloud the traditional perimeter based security model that you've relied on is no, longer effective and the, attacks you have to deal with they, are incredibly, sophisticated we. Get a chance to see these attacks and I can tell you they are engineered by, world-class, organizations. And they are built to, be able to infiltrate and to spread quickly and, just to give you an idea what we see we. See that there are over a hundred million identities. Attacked every single month we see 50,000. Corporate, identities that are actually compromised, every single month we, take a look at these attacks like wanna cry it, was NGO to get in and once it was in it spread quickly it would spread across organizations. In less than an hour, so. What you have to deal with now is these engineered. Sophisticated. Attacks and you don't have days or weeks to react you have minutes and. So now what we've been able to do is put all of that telemetry, that we collect across Microsoft, everything that we learn from the, 450. Billion authentications, that we do every single month from, the 400, billion emails, that we scan every month from the billion pcs that we patch every month all, that now is being put to work to, help you protect you and your organization's, and that. Is the power of the Microsoft, cloud on the power of the intelligent security graph we. Have hit the point where human, minds in human hands can no longer do it on their own you. Have to have the power of intelligent, clouds helping. You and backing. You up and, I know many of you have spent incredible, amounts of dollars in efforts to build out defenses, but. They're complicated, they're brittle and one, of the things you have to keep in mind is complexity, is the absolute, enemy to security I've learned this as we built out the services here at Microsoft and so everything, that we do with costly trying to simplify and yet. I know that you deal with sophisticated. And complex organizations. And technologies. In fact, the average enterprise has more than 60, security, products deployed 60, and there's, no way that those have been engineered to work together to give you that, world-class, defend. Detect, and respond. Capabilities, and so, let's look at how we can help you simplify your organization, and there's an elegance that comes from simplicity and that elegance, IT, benefits, and it flows all the way down to the user experience. So. We're going to walk you through over the next few minutes is the, investment that we've been making in Microsoft, 365, and, Microsoft 365. Is that complete, secure, intelligent, solution, that helps you to enable your users to achieve, more with. Microsoft, 365, we've also engineered, this in a way that, enables IT to deliver that experience in a way that, also delivers what IT needs the reliability. The security the protection, we've. Integrated and engineered, this to be used holistically. There. Are capabilities that we have built through the Microsoft, cloud where, all of the piece are able to interact with each other in fact we're, able to do things like when a request for information is, made in real, time we can determine is this a trusted, user on a trusted, device using trusted applications, and help, you to defend your organizations, while empowering, your users I think, we'll look back at the release of Microsoft 365.
In The same way that we did the release of office, 25 years ago it fundamentally, changed, what, the world understood and expected, out of productivity. Microsoft. 365, will have that same effect because it will fundamentally change what, users. Expect and what organizations. Expect, out of that modern workplace for their users now. At the heart of Microsoft, 365 is intelligence. Now. In this modern world and the modern attacks, that we're all dealing with you have to have intelligent clouds backing, you and giving, you that insight to help you enable, your users while you also protect, the information and Microsoft. We have unique perspectives, here we, take what we're able to learn every, single day from all of the services the Opera but the benefit for you is all, that is now put to work on your behalf we, can now help you protect your organizations, as we learn from across the world and apply that learning to, individual users, organizations. Industries, and honestly. The world these, are unique things that Microsoft is able to do through the intelligent, cloud and specifically, leveraging, the intelligent security graph. There are four areas we're gonna suggest and recommend that you deploy and action, that you take to fully take advantage of Microsoft 365. The. First one is deploy identity driven security, the. Second one is protect, your information wherever. It is third. Deploy. The advanced threat protection capabilities. And four. Take a holistic approach to your security management so, remember we've built a solution that is both loved by users and. What. We have deliver with Microsoft, 365, is truly, unique it. Really is that solution you're looking for that, will give you that influence, in that impact, as an IT leaders. The. Most important thing for you to protect are your users identities. It. Seems like every week we're reading about a new organization, that has to come out and talk about our breach that has happened and as, we look at where that traces, back to more than 80% of these breaches are being engineered, to. Identify, and steal your usernames and passwords these, attacks are so well engineered they're so incredibly sophisticated. And I can tell you their. Buildings. They. Spent time getting to understand, their targets, and as, they build these phishing attacks it's very, hard to know and to see if this is an attack or if it's actually the real pages that you're being led to so. When a phishing attack does make it through the defenses what. We see is that 32%, of the users that actually receive, one of these emails will ultimately mail and then, 12% will actually click on the link or open the attachment, bottom. Line is we know every organization has someone, who, will click on anything and so. You have to have an assumed, breach posture, and so, what that means is while you build out the defenses and you go to great extent to make sure you're delivering that protection you also have, to have the ability to be, able to detect when there is something wrong or when you think an identity may, have been compromised and then take action to block access now. Let me give you a little more data on what we see a Microsoft, every. Single month we see over a hundred, million identities, that are attacked we actually see more than 50,000, enterprise, identities, that are actually compromised. We've. Seen a more than 300%, increase in the attacks on identities, in just the last 12 months and so. What we are now building and we've delivered is the, ability for us to take all of that knowledge in the intelligence security graph and put that to work on your behalf every, time a user, asks, for information whether that information is behind the firewall or that, information is in the cloud we've.
Actually Leveraged, our own experiences, as we have built Microsoft, 365, and how we protect access to all the office data and all the office information that's. Where we learn and then we've taken that and extended, that to the rest of the industry we. Now can take our knowledge and our intelligence and put that to work on your behalf and, ensure. That it only is your users, coming through and getting, access to your information, let. Me give you an idea of just how fast, these solutions have to be when. A user requests information. We have about 200 milliseconds, each time access, is requested, information to, determine if this user, device, application. Location, meets your conditional, access policies. If we, go past 200 milliseconds, the user starts to see a lag and the user experience is compromised, now. At, the root of identity driven security, is what, we call conditional access and, conditional. Access allows, you to express policy. Around. Information, around, services. Around, devices. Around users, and then in real time what we're able to do is take a look at the policies, that you tell us that, you will want to enforce about when you will allow access and when you want to block access and in, real time we can enforce these policies, and the, great thing about conditional, access is I can apply different policies. To different data and different users based, upon the value, of that data that value information as well as based, upon the value of the individuals, and the access, that they have so. What I want to walk you through here is to start with some of the things that we do around Identity Protection then show you how we build this into a conditional, access policy. So. The first thing that you're looking at here this. Is in Microsoft, 365, and what we call identity protection, and what, this allows us to do is we can show you the types of events that we can look at and we monitor on those 450, billion authentications. Every month to, look for those suspicious, kinds of activities that tell us that a user account may be compromised, so, you can see here there are four different kinds of risks here that we're giving here as an example first. Of all at high risk, these compromised, credentials these, are individuals, that we know for a fact that, their username, and password, are currently up for sale on the internet you, know as a part of our Digital Crimes Unit for years we've gone out and scanned the, places on the web write entities are put up for sale and what, we do now if you are a Microsoft, 365, user, is we just put all your domain names into that scan and we can actually come back and tell you when you've had an identity go up for sale you. Know for most organizations you can literally find an identity for less than a thousand dollars you. Can see here we do things like when we see a user authenticating. From a device's trying to hide its IP address from us well normally users don't do that so we automatically, mark that user as medium-risk. You see this impossible travel, scenario this is where a user authenticated. From one physical location, and then, authenticated, from another physical, location in an impossible, timeframe like I authenticated, in New York than an hour later try, to authenticate from London, and then, finally here you can see this last one is when a user signs it from an unfamiliar, location you. Might want to take action just to verify that it is who the user says they are so. What this now allows you to do you can see the kind of things that we can now track every. Single second, every single minute around your, identities and you can now start to apply policy, so, now you're literally looking at the list of users that we're telling you you should be concerned about because we have seen something in their authentication, and the, way that they're working that tells us these user accounts may have been compromised, I'm, going to take a look at the one here that for example that has marked as high and I can see why Microsoft, in the intelligent security graph is saying that this user account has, a high risk to it as I, drill into this you can see that we know that this user account is currently up for sale on the Internet the user name of the password is up for sale think about that for most organizations this is the first time you've ever been able to get this kind of data now. What you want to do is you want to take this information, you want to build your unique, policies. That, are unique for your organization's. Need and then have Microsoft, and force those every. Time a user request access, or information, and that's what we call conditional access so. Let's take a look now at how you actually go out and build the policy, here and what, I'm looking at now is a policy, that's been built of the, actions, that I want to have automatically, taken any time a user requests, access to information and that, user, identity, is flagged as high-risk in the intelligent security graph and so, you can see here the policy that I've got built is I want to enable access but.
I Only want the user to be given access after they've passed a multi-factor, authentication now, the beauty, of this is you don't have to do anything aside, from just to find the policy you, define the policy, then literally, every, single time a user requests access information in, real. Time we'll, take a look at that user risk and then, we will go and enforce the conditional access policies, that you have expressed, and again, we can applies to your on-premise, information, as well as to your information in the cloud but. You know it's, fantastic. To have that solution with identity but. What organizations. Really want to do is they want to take the risk factors, coming in from the identity from, the device that is requesting, information as well as the app that is and. Some organizations literally. Want to be able to understand, that risk factor then have policies, automatically, take effect given. The risk profile coming from the user the device and the app that is requesting accessed information and, this, is one of the unique things that Microsoft, has built because we built the Microsoft, 365, solution. To work together not as disparate parts and so, we've taken our identity as a service, and then we've married that with our mobile device management mobile application, management to. Give you conditional, access that takes look at all of those different vectors and all those different threats in a, holistic way and so now what I'm able to do here is I can go build a holistic, conditional, access policy, that takes into consideration all, that risk now, we call this protecting at the front door because every organization, wants, to be able to ensure that when that information request, is made they. Can validate that the user is in a trusted environment before, they give access to that met and open up the front door so. Now let's go build that policy, and so, you're looking to hear the the integrated, experience for building conditional, access policies, across all these different threat vectors that come in and here. Is where you can go build a policy, that allows us to understand, the risk coming from the user of this requesting the information the, device they're using the, app they're using and their, physical location you. Can have different policies to, different, data based upon how secure, or how valuable. That data is you can have different policies to, different individuals, and groupings you may for example have a different policy on the executive, staff then, you have on a regular worker out in a store for example but, in real time now we're able to enforce these conditional, access policies, that you express, for us that, is unique to your organization and unique to your organization's. Information, so. Here you can see this integrated, experience and right here I'm now building out a policy that allows me to go and express the, risk and the actions, I want taken, on identity, on. Device. I can go right in here for example and say what platforms, I'm going to allow access and what this is really keying off of is does this device meet my mobile device management policy and is it compliant I can. Then go and assign policies, based upon the application. That is being used is it, an own app is it an unknown app is it, a native app is it a web app one, of the most common, places that people use this is they want to enable access to the rich office, applications, in the web the web applications. But, they want to have a different set of policies apply to those then, to the native apps, on compliant, devices you. Can also not take into consideration, location, I think the team did a wonderful job on this as we, look at location, we actually do this based upon country, coding so we can actually understand, where the user request is being made and then, in real time assign, these policies, and enforce these policies based upon what you want us to do now. You can go and assign different policies, at different apps and so here you're looking at the list of sass apps that I can assign policies, to and. Again here here I'm going to sign up a policy to one of the office 365 web, apps but, these policies can be applied to your on-premises.
App Your line and businesses application, that you've been using for years as well and, then, here's where the power comes in here are the controls and so, now I can express the controls when I see this integrated, experience I can, now express one holistic, set of policies, based, upon that risk of identity device, app and location, and the, system will automatically, enforce it for me in some, case I may want to trigger a multi-factor, authentication in some cases I may want to block access, in some cases, I may want to grant access only after, the device is compliant, with my policies, but, this is where you get to see that Union, and that marriage of the integration that we have done across all these different solutions, in Microsoft, 365, and, again, we pioneered, this concept of conditional access to the cloud services, as we learn and built this with office 365 but then we've taken that learning and shared that with the rest of the industry so we can now apply this to, thousands. Of cloud apps around the world as well, as to all your arm premises, apps that, you have behind the firewall so you get that complete holistic solution, that protects access, at the front door and then we will only grant access if, the conditions, are met that you've defined here in this admin experience let's. Now take a look at this from the end-user perspective, and. So the first thing that we want to show you here is the, fact that with Windows we can actually eliminate passwords. And so you're looking at Windows hello here and I. Come up to the screen it actually recognizes Who I am the facial recognition and, I'm authenticated, into the screen without even have to put a password in you know you want to protect your identities the best way to do it is to use things like Windows hello what. Now has happened it's taken me right into office, 365 and I want to point out there that that was a single sign-on I wasn't, requested for username a password once. It was identified by my face that it was Brad when, I went to these services I got that great single sign-on experience and I'm off and running so. Now let's go take a look what happens when I to access one of the applications, in this case I'm going to go access, Salesforce, and what happens right now is the user device, application. Meets all the criteria and, I'm, on Ematic lis taken in this into Salesforce, again single, sign-on it's a great user experience, and this is all automated, because all the conditional access policies are being met and it's just this wonderful user experience, let's. Now go take a look and kind of build one-by-one, what happens, when the conditional access policies, are not, compliant, and let's, start with identity so, I'm gonna go log in now it's a separate user I'm, gonna go put my username and password in and you know you're gonna see again this great experience where I get that single sign-on into office 365 and all the apps that I have access to this.
Time When I go to access, Salesforce, because, the intelligent security graph has sense that there is something wrong with my identity it's. Gonna automatically, challenge me with a multi-factor, authentication and, just, like that I can fill my phone ring and what's, happening here is it's asking me for a multi-factor, authentication which in my case is just, my thumbprint on my phone and just like, that I'm given access, into the application, because it's verified, that it is Brad and not somebody who's trying to use Brad's username and password. Multi-factor. Authentication and, putting that layer of protection on your identities is critical. It's, one of the things that we require across all the engineering teams here at Michael not anybody who's working on a service it is one of the fundamental, core building blocks of an, identity driven security, model, so. Let's go take a look at the next scenario. Which. Is going to be a trusted, user who's working on an unknown, or untrusted, device and, so here I have an iPad, this device has not been enrolled for management so it's currently not under MDM management, I'm, gonna go in and attempt, to access email, and. What I want you to notice here it's just the depth of integration, we've done across Microsoft, 365, when I go to access, email as, a user I, actually get guide and I get let on what I need to do so here I understand that IT has a policy, that, the device has to be managed, and compliant to access email and right, here it automatically, takes me under the process, to, get this device enrolled for management get a complaint so I can access my email this. Is an example of that end and engineering, that we've done across Microsoft, 365, to, make sure that your users love the experience we help them to take whatever actions, they need to do in order to get access to the things they need to do their jobs let's. Take a look at another scenario this, time I'm going to try to go access, email, from, an untrusted, or an unapproved, application. And you, know one of the things that we hear day in and day out right now is organizations saying we actually want a restrict corporate email to Outlook so we get all those rich policies, that Microsoft, 365 can can deliver on Outlook so let's walk you through the experience so, I'm gonna go and attempt to access email, from the inbox email. App on my, iPad and notice. That basically says listen your, IT organization requires, Outlook, in order to access company, email and so it will take you right to the store and help you get Outlook downloader so you can get access to mail and. Here you can see I've now downloaded, outlook I get access to all my email and this is now managed, by all those mobile application, management policies. And protected by conditional, access but. Again it's engineered. To make sure that we help guide the users, to do what they need to do to get access to get their jobs done so. Let's look at another scenario.
Let's. Say that the operating system vendor has come out with a new release and you deem that release critical in order to get access to your organization's, information well. Using conditional, access you can go set a minimum, OS version, so, then what happens is when a user attempts, to access information and, we look at the conditional. Access policies, we'll. See that the device does not meet the minimum operating, system version and then we will encourage and guide the user on what they have to do to bring the device up to the new version and therefore be compliant, with your policies, again. It's all about you, to express those policies, and then have us enforce that in real time as access. Is requested, to data on pram and in the cloud now. Let's take a look at another fun scenario what, if I'm a trusted, identity, on an, untrusted. Device this is the classical, I'm at Grandma's house and I, need to go get some work done I'm gonna use her PC, what. We've now been able to do with conditional, access is we can actually enable, users, to work in that kind of environment but, we can assure that the data never, leaves, the browser and, what's fundamental, here is you do want to enable your users to access data. For example using the Office Web Apps but. What you want to be able to guarantee is there is never anything left there's no information left, on that device when, the user logs out or when the session is is terminated, and so we do this through what we call session based conditional, access so. Here you're looking at sharepoint online you, can see all the other files i have access to so. I'm gonna highlight one of the files here and when, I select that when you can see here that on the toolbar the things like synchronized, data, or copy data is not enabled if you take a look here at I say open I can only open into the web version of The Office happens for example Excel, online by. Not being able to open to excel I'm able to keep all the data in the browser and so, now as I T I can enable my users, to be productive on any device even untrusted, devices and guarantee. That that data never leaves the browser look here's another example if I try to copy and paste that data from, the browser notice that the copy function has been disabled. Likewise. I can't print there's, no way for me to take this data outside of the browser and. So we talked about this modern workplace that is loved by users and trusted by IT this. Is such a wonderful experience of enabling users to get their job done on any device in the world even untrusted devices, in a way that, guarantees that there's no corporate information left on the device now. One of the things by the time you're watching this will be in preview, is we will give you this exact same thing with exchange online and the request there is I want, to enable my users to get access to exchange online but, I want to guarantee that the, data the attachments, never, leaves the browser and the, work that we don't exchange online you can open up those attachments into Excel, online in the word online but, the data is always kept in the browser just like, you saw with SharePoint Online so. The great thing about conditional, access is it allows you to express, the, conditions, under, which you will allow access and the conditions under which you want to block access and then. In real-time were able to make a determination on, the risk factors on the identity the, device the, app the, user's physical location, and back, all of that with the intelligent security graph and the intelligence of the Microsoft, cloud and ensure. That only when those conditions are met are, your users granted, access to the data now, we've talked about identity driven security, and at the core of identity driven security, is the concept, of conditional access, that enables us to apply policy. In real time that. Only grants access to your organization's, information underneath, the conditions that you tell us are the, right conditions, so. You may be asking why Microsoft, and why now. Hopefully. It's been clear to you as you've seen these demos how, we are putting to work the unique data that Microsoft, has. Beautiful. This is looking really really, good, this is a lot of fun so there's a couple more things I want to test on the green screen all right so stay right here and I'm gonna go watch on the monitor and tell you what to do you got it all right. So. First off I want you to give me skiing, think skiing. What. Does this have to do with anything just picture it in your mind this is the Alps, you're flying down a mountain, you are scathed. Beautiful. Now, watch, out behind you cuz the mountain is covered in monsters. It's, beautiful.
Now. Sit down on that box you're, in a river it's, a raging river. Okay. Brad now we have a t-rex find you what. They'll just run from it look scared what, does this have to do with anything they said Robin Anderson, what, does this have to do with Microsoft, 365. Let's. Now talk about information protection, you. Know we talk about security, and the industry talks about security but it ultimately, is about protecting, your information these, attacks are all trying to get access to your information whether, that's financial whether that's customer information whether that's innovation, and patents. Information. Protection, is key to protecting and enabling your organization, to progress to its next level now, one of the interesting things about information, protection is historically. We've used this metaphor of building walls around the data and. So we started with building these VPN, and these network walls around all information, and that was our security, but as the data now moves out into the cloud that perimeter based security model, is just, ineffective, and so. The industry is resorted to well let's build smaller fences, let's build a fence around the device of the data is on I try to protect at the device level and then let's build around the application and try to keep all that app all the data contained in the application, well, ultimately, files. Should, be self protecting, files. Should know who, have rights to open them and what rights they have the. Ultimate information. Protection is when the information, protects itself this. Is incredible innovation, what. We've actually enabled, here is at. The time when a user creates a new document they. Can actually classify a label that document, and it automatically, gets encrypted and automatically, has all the, rights assigned, to it the file knows but. We also know that users sometimes. Forget to do things and so we also have the ability for that file to automatically, be classified, and labeled based upon the rules that, you define for your organization.
You Know, 58%. Of enterprise users actually admit to, having sent sensitive, information to the wrong person well, if you're using Microsoft 365. In our information protection, capabilities, you, know those things don't matter because the file actually knows, who. Has rights to it and who, can open it and what, they can do with. Microsoft, 365 what, we've engineered, again. Is a way for file, and information that becomes self-protecting. So, all the needs of IT are met but it's done in a way that makes sense for the user and it's, a simple easy and fluid experience for the user again this concept loved by users and trusted. By IT let's. Actually take a look at how it works. Now. The innovation, and the value. Here is we want to enable users at the time of creation to be able to classify and, label documents, you know really who knows better than the user at the time of creation what the classification should be but, we also again know that users often forgets we want to back that up with automation, but, let's show you what the experience looks like so here I am in word and the first thing I want to draw your attention to is this bar the top where. You actually see the labels those labels, are customizable. You as an organization, you can have you know different labels, you can have different classifications. You, know and this is something we use broadly, across Microsoft. Because it does fundamentally change how you secure data when, information becomes self-protecting, so, what I'm going to do here now is I'm gonna go label this document, as confidential. And when, I label it as confidential, notice, what happens so first of all there's the watermark, that's placed across the document, the, second thing notice that a header is put in place the, document has also been encrypted, now. What's really cool about this is now with this document, I can, now assign, who has rise to this and as, I do that only those individuals, will have access to the document, now. We know that sometimes users forget let me show you what the automation looks like here, I am in Excel and I'm gonna go ahead and copy and paste colors. Into the Excel spreadsheet now. What happens on the file save action is all, of the policies, are looked at and we see here that there's a policy that my organization has put in place that says when I see credit card numbers or social. Security numbers I automatically. Want to classify that, document, as confidential, and so, we give you that backup so even in the case where humans, forget to do it we, can automatically, enforce that policy through, automation. Now. These files are self protecting, now, the beauty of this as well as we understand, that people use our applications. In their personal life and in their business life and in, this specific case this spreadsheet that I'm working on is actually a personal, document, and so, right here I can basically say hey this, does not apply because this is a personal document you have to give it a justification because everything is logged when one of the Paul is overridden. By the user but. This ability to be able to use these applications in my personal, life on my business life and have the business of policies only apply when it's a business talk is key to everything that we do at Microsoft, one. Of the fascinating quest I asked just about every customer I meet with is what, percentage of the documents, that get created and shared in your organization, are office. Documents, commonly. I hear it's 85, 90, % and so I'll ask the question well okay over in above office what's the next application, or document, type that you use and without. Exception it's Adobe one, of the great things about this is the ecosystem, is building around Microsoft, 365, and these, same capabilities.
Now Apply, to Adobe. As well and so, inside of Adobe I can do the exact same things where documents, can be classified rights, can be assigned the, document, becomes self protecting, and, so for most organizations, because. We're now able to do this to office, and to Adobe and there's an SDK, that allows you to apply these same, kind of policies, to any application that you build or any ISV that you have you. Can now protect your data your files can become self protecting, across, any application. Now, one of the things I love about what we've built here is how all these pieces actually work together and so, we talked about identity driven security a few minutes ago on the concept of conditional access, let's. Show you how we now apply conditional, access to, the labeling, in the class of Haitian that comes here with Microsoft 365, so. Let's go back to that same scenario I'm on an untrusted, device and I'm trying to access corporate. Information. I'm gonna go access a particular document here on SharePoint Online so. Now when I request, access to that file, because. The conditional, access policy, requires, me, to pass an MFA if I'm on an untrusted, device my. Phone is now asking me to pass or give that second factor authentication so. Just like that I give it my thumbprint and I'm, given access into the document, you. See how all these pieces are now working together that gives that beautiful experience, and that empowering experience, for users we, guide them to get their job done but. It also meets all the needs of IT because IT has that security, whether it's a cloud data whether, it's data behind the firewall you, now have the ability to have this level of information protection across all that. You need now, one of these I love about what we've done in Microsoft 365, is, we also now give you the ability to track, usage and if necessary revoke. Access to, these documents you. Know I have to tell you there's often times I've sent out a document I bought and often asked myself how, many people actually open it and read it here. I get that now, just a couple other key snares here to kind of help put in your mind on this how. Many times have you worried about an individual leaving your organization, and taking a bunch of files with him or her well if you're using Microsoft 365. As soon as their identity is disabled, they can no longer access the files that they had access to so even in that case your information, is secure protected, how. Often have you worried about an individual, leaving data on a thumb drive that gets lost well, again because it's all it's centered on identity, and because, the files are self protecting, even. In the case where those, files are left on a thumb drive or they're somehow sent, to the wrong person because. The files know your information, is secure and safe and protected, this. Is unique innovation, to Microsoft, that Microsoft, has been working years on in, a way that we've embedded this natively into the experience, again the delights users and delivers. What IT needs, now. Here's another interesting scenario. That, has been impossible in the past how. Many times have you needed to send an email to somebody outside of your company and even, someone to a consumer, email service you.
Know I've been nervous about this in the past where I've needed to send somebody information, but, historically when you've sent that information an email you've now lost control you have no idea where that information gets sent and how it gets used, now. One of the great innovation with Microsoft, 365, is we have the ability to secure, your email, even, when you're sharing that to, consumer email services let me show you how it works here. I'm creating an email that I need to send to somebody's gmail account this. Email, contains confidential, information, and I do not want it to be forwarded. Historically. I could not do this but. Let me show how easy it is now I simply, create the email and, because. I'm using Microsoft 365. And the secure email capabilities, I'm now, able to send it to people confident. That, the rights and the privileges that I need to have enforced, aren't in fact enforced, I'm, now gonna go take a look at this particular inbox, in Gmail you can take a look here I open the email and it says hey you need to read this message you need to open it up in the envelope. Of Microsoft, 365, I authenticate. With my gmail account and just, like that I then get to see the email, now. Take a look here I go when I try to actually forward. It and notice. That the forward option, has been blocked. You, know the innovation, on this is remarkable, because I can now share information. Securely, and confident. That, the rights and the policies that I need to have enforced, are enforced, even when. It's outside of my organization now, one of the other things that we've done here is we've done a significant, amount of integration, across the, Microsoft, 365, capabilities, and specifically, the, Microsoft, 365 Cosby. Cosby. Allows us to look at how information is being used in cloud services, around the globe and one of the amazing things about Microsoft, 365, is we've done innovation, with literally, you, know thousands. Tens of thousands, of cloud apps to deliver this kind of capability now. Look at how amazing this is the. First thing I want to do is I want to see of all, the cloud services, that my end-users are using whether they're sanctioned or unsanctioned, where. There is confidential. Information information. That's been flagged and labeled as confidential stored, you, can take a look here I can see that information you, know I gotta tell you for the first time for most organizations this, is the first time they've ever had this view where they can actually see within all the cloud apps their users are using where, confidential, information is being stored at here, I can see that this particular document which, is labeled confidential, is being shared and the, sad thing about this is this document, is accessible to anybody on the web without even requiring a username and a password right. Here I can take action, ensure that that document is no longer accessible in this kind of a forum now, this is great once that's happened but what did it also be great if, when somebody tried to copy up one of these confidential, documents, up into the cloud we were able to block the copy well. That again it's one of those integrations, across Microsoft, 365, where we've now done that, integration where based upon classifications. We. Can now allow or block the, upload, of documents, into these different cloud services again, helping you to protect the data and the, innovations, that we've done in Microsoft, 365, that enable us to protect your data protect your information at the file level is, just, incredibly. Unique because, if you think about it you know to do this in a way that feels natural and fluid for users it has to be engineered, into the way that the applications, work you. Can now be. Confident. That your. Users, can be able to share data your, day can be protected where there's on-premise whether it's in the cloud whether it's an email whether, that's in motion whether. It's lost on a thumb drive the. Information, protection capabilities, of Microsoft 365, are simply unsurpassed, because, the files become self protecting, and it builds upon all the identity driven security and all, the conditional access policies.
That Are so broadly being used right now. Okay. That was really, really good I'm, not quite sure sometimes, it feels like it's going well but other times it's not quite sure no no it's really really good I want to tweak the hair and makeup a little bit but no really, really good I. Like. This I. Like. This a lot it's. Subtle it's tasteful. Yet it's, bold. So. This is a yes. So. This is not a yes. It's. A question I have for you if, you, were to be breached today how. Long would it be before you, knew and then. How long would it be before you're, able to respond, and ensure. That everything was safe again the, realities that most organizations, just simply cannot find the people in the expertise, nor, do they have the sophistication, to have these world-class detection. And response. Capabilities. And this. Is why it is so important, to partner, with organizations like, Microsoft. With solutions like Microsoft, 365, who. Are taking all of that intelligence from the cloud and applying. That day in and day out every. Minute of every day to help you protect your organization's. Let's. Just talk about some of the challenges associated with this first. Of all as we look at the malware that comes in right now. 93%. Of the malware is polymorphic, what that means is every time we see it it's, different, and so, you have to have capabilities. That, are again based upon that intelligence, that comes from that Ani machine learning in the cloud to, be able to combat that kind of an attack this. Is why these solutions have to be engineered to work together you can't just take a bunch of disparate products, put, them together and, have, both the security, and the end-user. Experience, that is necessary, and so with Microsoft, 365, if you could get a picture of how the backend, works you'd be amazed at the amount of engineering that's gone into this all, these Microsoft, 365, services, are constantly, in communication with each other and we, understand, and communicate when, we see things and so even in the case where a breach happens, the, first service that identifies, that is able to alert all the other services, through the intelligent security graph and the system can work in a holistic manner, this. Is how IT is, able, to simplify, and as, you simplify, you, get more secure and you, deliver that better end user experience. Now. Let's talk about some of the things that we've done from a threat protection, first. Of all there's a whole list, of things that we've done to just harden the platforms, himself like Windows, 10 and office, 365 you. Know Windows 10 we built it to be the modern operating system that is aware of and understands, how to block and defend against modern attacks we. Have ways to store your credentials, in the hardware, so it's harder to get access to you, can actually use one is hollow so you don't have to use usernames and passwords and, you, know things like the ability to have an application run, in a container so that application. Is contained, and even, if something were to come through an application that cannot affect the rest of the operating system core, fundamental, security investments. That we made to protect against threats in, the modern world, likewise. In office 365 there's, a couple of mazing things that we've built first. One is this concept of a detonation, chamber what. The detonation chamber does is whenever an email comes in that has a URL, in it or an attachment it, automatically, gets placed in the detonation chamber then. We let it go and execute we watch what it does and if we and if it does something that it's one of those telltale, signals, of a piece of malware then.
We Automatically, quarantine, that and keep it out of the inboxes, but then we learn from that and start to apply that to the rest of the world, you, know as we build this detonation, chamber one of the fascinating things to watch is once, all the attackers understood, there was a detonation, chamber the, actions, that they took to try to get around it and so, it's this continual innovation as, they innovate we innovate, and, the whole world gets more and more secure, but, the reality, is the attacks will get ever more sophisticated and so the defenses have to be constantly innovating as well and that's, what you get with Microsoft, 365, we. Have these wonderful capabilities, that help us to understand, phishing. Attacks and attacks against your identities, against the devices, against your information, let. Me just give you a quick view of what we do inside the office to give you guidance. On where your next steps should be because that's actually one of the biggest challenges that we hear from organization, is we don't know where to start and so, you're looking here at the office 365 dashboard. And what the office 365 dashboard. Does is it gives me a view of my security, posture, I can, see it relative, to others in the industry and the average, but, more importantly it shows me here the next steps I should take to start to raise my score and make, me more secure, and in this case you know notice the first thing that points out is to enable mfa again, going back to identity, driven security, and the need to protect your identities, and, so here you have your basically a punch list and if, you just follow what, office 365 says, you should do here you can increase your security posture and make your organization more, secure, and remember we've engineered this, in a way so that IT gets what they need but we deliver to the users in a way that feels familiar and just, natural, to users, but. No matter how much we do to help you protect your organization's, the, realities, will all get breached. You know jokingly people will say there are two kinds of organizations, in the world those who have been breached and those who haven't admitted it you. Know as the, the attacks continue, to get more and more sophisticated they, innovate, just like what we do, you. Must, have. World-class, detection. Capabilities, in world-class response, capabilities, because you literally have, to be able to do this in real time now so. Let's walk you through now some of the things that we've done is we've connected all of the pieces in Microsoft. 365, through, the intelligent security graph and again. The piece that I want you to see is we're going through all of this is how all of the services are all working together we've. Talked about the need to simplify, we've talked about the need to have, these integrated, solutions that have been engineered to work together it's the only way you're, going to be able to take action fast, enough against these threats so here I'm in in my mice a cop's console, and what, I see here is that first I get a prioritization, of the things that I should be looking at so I see right here based, in priority, based on risk there, are a number of high priority issues that I need to go take a look at so, I'm gonna go drill into this in the first place I'm gonna go look at as I'm doing my investigation, I'm gonna look at the PCs so.
Here I have a list of the pcs that are being that are being flagged for me as having, some kind of an event that has happened on it I'm, gonna go drill into this one particular PC and right here I notice right off is, there's a process, running on this particular PC, has been flagged for me as high-risk and there's. A process, that it's being escalated, due to a kernel exploit, I I know there's, something here I need to go look at so, I'm actually to go take a look at this particular process, and what you see here is it now gives me a timeline, of all, the things that are happening and. As I scroll down through this I noticed that it looks like there was some kind of an attachment that came through Outlook, and so, I want to go explore on that and do some further investigation on, that so, I can take a look here what the attachment, was and sure, enough if I go take a look here office, 365, has already, flagged this now as malware now. The thing I want to point out to you here this, is literally patient. Zero this particular PC is the first patient in this organization, to, see this attack it, was identified by Windows. Windows. Then communicated, with office 365 that this particular attack was coming through a particular email what. Office did is that then went looked at that email if it went to anywhere else in the organization and, if it did it took it out of the inboxes. Offices then gonna learn I started, to apply this policy automatically. Around the globe to every other organization, so. The beauty of this is we can see these attacks, and as we see it in one part of the world we automatically, apply our learning to the whole world to protect everybody, this, is the power of what, you get when you go with a solution like Microsoft, 365, because, of all that intelligent, that's constantly, coming into our service and just, the the continual, learning that we do now. I'm concerned, that the user who may have been on this particular PC, may also have be having issues and so, I'm now gonna go actually go take a look at the identity again we come back to identity, and I, can see right here that this particular identity has now been added into a particular group that. He actually has no right being a part of but, it's clear to me that this particular identity has been compromised, and this identity is now about trying to spread now, this is amazing, types of investigation. What, I just showed you here in what two minutes for. Most organizations would, have taken months, to get to because. What most organizations that, do not have this kind of detection, and response capabilities. Would, have to do is they'd have to go start pulling logs generally. Speaking they pull on a third party to come and help them do the investigation. But. It literally is like trying to find a needle in the haystack to get to this level of detail, but. Because Microsoft, has built all of the Microsoft 365, services, to work together, building. Upon all that knowledge all that intelligence that comes into the Microsoft, cloud this. Is the kind of detection cables that you get when, you're using the solution from Microsoft. Now. Would it be amazing if you could have actions, automatically. Taken you could have responses. That, were pre-configured. So that when these attacks come, in and when these breaches, happen they, can be detected and automatically, responded, to and stopped. In its tracks, literally. What Microsoft 365 does there as well so, we talked about the need for speed here given. The current and the modern attacks you have minutes, to respond not days and not, weeks and. So I'm going to go back into the console here and show you how we can automate, all of this so. First of all I'm looking here at my Security, Operations dashboard. What, I love about this experience, is is I can actually watch the automation, in action, so, looking at the top right here I can see that there are currently ten active, investigations, three. That are awaiting some kind of approval, if, you take a look at that next set of data down below there I can see that there have been 206. Investigations. That have been completed, 189. Were successfully, remediated. And the, amazing thing is look at that number right next to the 189 the average. Time to remediate, those 109. Investigations. Was, one minute and six, seconds, that. Is the kind of automation, that is the kind of automated. Process, you have to have to, it to defend, against, today's attacks, but. I'm curious about what the active investigations. Are so let's go take a look at a little more information here so.
Now You're looking at the list of the active investigations. I can see which are running you, know when one changes from running to fully remediate, I can actually go see what happened let's. Go take a look at the one on this bottom here and actually see what happened, what the process, was to remediate, this so. I love this administrative, experience because. While everything, is being automated, in the backend I can, actually come in I can see what has happened what is happening and I can learn so. First I can see that in this particular alert in this particular investigation, the initial, alert came in from Windows Defender ATP, then, going counterclockwise I, can see that this particular process. Or this soft was detected on two endpoints and then. I can look at the investigation what happened, how many files were analyzed, how many processes, how many services, over. At three o'clock I can see where data was pulled at where intelligence, and information was collected in order to make sure I understood what was going on and then, down at the bottom I can see exactly what happened, this was a real threat this was a Trojan, I can, see that I needed to have some approval and I waited for 36, seconds for that approval to come in but, the result here is that this was fully remediated, in an automated way and it was done in minutes, this. Is the kind of world-class, detection. And response, capabilities, you, absolutely, must have these. Attacks, have been engineered to get in quick to get in fast and to spread and if you don't have solutions. That automatically respond you're, vulnerable. But. This is the value that comes from using this integrative solution from Microsoft 365. Because this is how all these services work together, look. At what this does for you it simplifies. Your IT it, makes, you more secure, and it does it in a way that it's just lightning-fast now, the reality is even with. All of this they're going to be times when. A piece of malware, ataque mixing in and causes damage one. Of the most recent things we've all dealt with in the last calendar year with some of these ransom wares let's. Take a look at some of the innovation, now that Microsoft, 365 is done to, even help you in the case where ransomware, made it through and, compromised. Your files so, this is a real-life snare that that, far too many people saw last year I'm working, along on my desktop and you know boom just like that I see the wanna cry come up and and and my files have been encrypted they're, unusable, to me you. Know there's my personal life or my business life this. Is a devastating, event but. Microsoft 365, is done some amazing things to help us even in the case where these things make it through and take action, that's detrimental force we, can recover so. What you're looking at here is in onedrive for business I can actually take a look at the, actions, and the things that have happened on my on, my files, that are stored in onedrive for business and notice. In this timeline send a team - kind of a model and you can see the NT - three four five six those days there, was a tremendous, amount of action that happened, on my files far more than his average that. Is when all the files were being encrypted by wanna cryin, so what I can do now is I can just go back to t minus seven, and restore, back to that last known good state it, asked me here are you sure you want to restore your onedrive if I do and then, you can say here you can watch as your, files are restored notice here they all have the wanna cry extension. On them as your, files are restored back to that last known good state all, your files come back and you're, off and running back, as if it had never happened again it's, just another world-class example, of having to have world-class defense. Detection. And response, capabilities. You. Have to have a model where you assume that you've been breached while you do everything you can to defeat it to defend, this. Is such an amazing scenario, you see how all the pieces are working together to. Even help in the case where something makes it through and takes actions, we can help you recover so, your users in your organization continues. To press forward. That. Was great, you look great I got an idea for what we do next all, right I'm thinking, something like a training montage, this.
Is A rehearsal well, you know what is a rehearsal except, a training montage for, the rest of the film I don't, understand what you trying to do think about it you're a fit dude it makes sense. Awesome. Right nope, you. Sure absolutely. Not. Let's. Not talk about the fourth area of suggestion, that we've given to you about how you can use Microsoft 365. To. Increase your security posture and make your organization more secure and more safe and we've taken a lot of this learning from what we've done here at Microsoft as we built out these incredible services that we operate around the globe and just, to kind of give you some of the data points on this we have close to a billion identities, now in Azure Active Directory we. Have 120, million monthly active users of office 365, these. Are services, that are used every, single day by organizations. Around the globe of all sizes and in all industries they are mission-critical, what. That also means is that we have to do a world-class job of protecting them and give, you an idea of the investment, here we spend more than a billion dollars in just R&D. On security. For. Us security, this has to be a part of everything that we build and so a mantra, for us as security has to be built in not, a bolt on and far. Too often we see when we work with our customers if, security. That isn't integrated, in the same way that it is in these cloud services that we've built from the ground up so. As you think about what your security, posture is going forward and think about how you do in a modern, way, bringing. Intelligence from the cloud and having, the cloud provide you automation, and intelligence, has, to be core and has to be fundamental, to everything you do from, a security picture as you move forward and this. Is where Microsoft 365, brings. You intelligence, brings you actions, that can be taken automatically. But, it also simplifies, for, you what you have to do as, you build out these services and as you build out a security environment complexity. Is the absolute, enemy, to, security, with. Complexity, there's more moving parts to configure, there's more things that can go wrong there's more things to integrate, and. So what we have found in our own services, that we have built is, simplicity. As a printable. Also. Has made us more secure and, we. See this playing out with customers around the globe we, see as organizations, are moving to Microsoft, 365, they're, able to reduce the number of moving parts that they have to build deploy, manage to. A much more finite, number it's easier and that simplicity, is great for IT but that simplicity also feeds its way all the way out to the user experience, you. Know IT professionals. Are amazing, but, it's just about impossible to hide complex back-end to. Your end users and so. With Microsoft, 365, we have spent years, and during, these solutions to think holistically, to act holistically.
And To, give you that security that you need to really defend your organizations in them in the light of the, modern threats and. Let me give you this one example of the stuff that I'm going through right now with a customer, this. Customer is getting ready to move to Microsoft, 365, and they share with me a deck a few days ago that showed, on their Windows 7 and Windows 8 deployments, the number of agents the number of configurations that they have deployed it was 50, different things that they did on a device before it was sent to the user as they. Are moving to Microsoft, 365 that. Number reduces down to 12. Fewer. Agents, fewer, things to have to worry about fewer things to have to keep healthy better, battery, life faster. Login, for your users you know there's such a win-win, that comes with simplicity for IT and for users and so as we think about how we have built this, simplicity. Has been a pillar, and an architectural, principle, we. Believe it as we've walked through all the investment that we made over the last half an hour with you and you see some of the additional pieces you. See how we have thought holistically, about how we secure, your environment, how we manage your identities, your devices. Your files, your cloud services, how we protect information, whether it's behind the firewall on devices. In the cloud in transit, being sharing. Security. Has to be holistic, because. What's happening is the attackers are looking for that little chink in the armor looking for that piece where there is a seam between. Solutions, and so these solutions that are integrated that are holistic are far, more secure. So. Let's start with showing you some of the innovations, that we've done looking. At the ways that we give you guidance on how to think about security holistically, here. You're looking at a security dashboard and in this dashboard look at all the things that we bring together each. One of those bars, right there is a separate, security solution for most organizations but, in Microsoft, 365 it's. One integrated whole so, your anti-malware, your, software, updates all those, pieces are brought together on one dashboard and as, you look we give you an overall score so you can benchmark how you are doing relative, to the industry, we, also give you in each one of those categories, the next step that you should take to, make yourself more secure, now. One of the fundamental things here is OS, security, updates, I just, cannot express enough and cannot overstate the importance, of staying current this. Mantra of get current and stay current has this got to be foundational, to how you think about your security yes. I think about wanna cry in 2017. The, particular update that would have prevented organizations, from being affected by wanna cry was released close to 60 days before the attack was leveled you. Have to stay current with us one. Of your fundamental, architectures. One of your fundamental pillars of all your investment has to be stay current so let's look at some of the things that we're doing to help you stay current so, I'm gonna walk you through now what the experience looks like in in, tune okay this is our solution. From the cloud for managing all of your devices, but I'm going to focus on what we do to help you to employ patches, in this case or updat
2018-03-19 12:57