Today's video is sponsored by BlueTally the ultimate in it asset management for more details visit them today at Bluetallyapp.com In this video we're going to take you on a journey into Security in Microsoft 365 and give you tips and tricks on how you can be more secure and it won't cost you a fortune either check it out. [Music] Greetings fellow YouTubers how are you today welcome to the channel I really do appreciate you joining especially a big hello to my new patreon members I really do appreciate you joining me and for your support on today's episode I thought I'd talk about security it's something that concerns as all and it's something that we really do need to pay attention to and it's so easy for the bad guys to take advantage so in this episode I'm going to share with you a series of top tips and tricks on how you can be secure in the most coste effective way and really get the most out of your Microsoft 365 subscriptions and I'm going to be talking about various subscriptions as well including the business premium and some of the E plans as well now if you haven't subscribed to the channel well hell come on on board I'd love to see you bump the Subscribe button up there ring that Bell and come and join our great learning community and if you would like a little bit more then uh why not sign up to my patreon site here you'll get access to full courses as well as that monthly Zoom call so without any further Ado I think it's about time we jump in and take a look at some of these cool security features check it out so the most common questions that get asked in YouTube are how do I become secure or how can I keep my organization secure without spending a fortune so in this demo I've got a couple of tenants open I've got my own tenant actually which is running business premium and I've got this tenant here which is an E5 but everything I'm going to show you is available in both tenants so irrespective if you're a small business uh or you're a large Enterprise you're going to get the advantage of this now one of the key things or the first things that I would go for is first of all do I know if I'm being hacked or not Andy how do I know that how do I know if I'm getting attention to the bad guys so to do that I simply come up to my profile picture here I'm currently logged on as Megan and if I go into my account in my account here this is all the details about your account with Microsoft so for example what apps do you have access to the organizations that you have a relationship with and of course you can see that we also have my sign-ins here both here and across here on the left hand side so if I click into my signin typically it will show me where I'm signing in from now this particular tenant I'm currently in the UK and I'm just going to collapse down some of these entries and you can see here it's probably coming from a fairly local place and this looks good so it tells me where what I'm coming in from the operating system I'm using a Mac and I know I've heard all the stories about a Microsoft guy using a Mac remember I'm a cloud guy not a Windows guy um again the IP address where I'm coming from I'm using a Microsoft account and you can see the name of the account there and that looks all nice and it says you have a successful sign in so I can scroll down here and ultimately what I'm looking for is I'm looking for unsuccessful sign-ins now in this case I've created an unsuccessful signin but what you're looking for is to go in here and you'll see that of course your email address is public anybody can know that but they don't know your password and in this case I'm using multiactor authentication um which is absolutely awes awesome so the first thing you need to do is you need to determine your recent activity now from an admin perspective you can also do this so if I uh I'm just going to close this down here and what I will do is it from an admin I can come into the identity portal here in enter ID so in enter ID let me just make that a little bit bigger for you there uh you can scroll down into the portal here and if you click on to more you'll see that we've got monitoring and health and sure enough we have our signin logs and these will give you all the logs from your various uh users so again I can click onto the log and you can see it gives me similar information but I've got location where the location is who's the user what they're signing in from the location where they are uh the device information that they're using um the authentication so how they're authenticating and of course if conditional access is hitting them now conditional access is an awesome set of tools and this is included with P1 so if you've got a business premium or E3 or E5 you get this feature out of the box and I'm going to give you a demo of conditional access access in a moment but the key thing is know where your logs are and uh really kind of understand those logs okay now on the subject of logging here's a little mystery for you if I come into the uh office portal here I'm going to come down here and if I go into let's say reports and if I going to let's say a usage report here it's always nice to know how heavy the usage is with a particular user who are the heaviest users in your organization so if I click into the report you can see that it gives me a lot of well it's not very clear in fact the reason for this is many of the reports in entra and Azure and Microsoft 365 these for privacy reasons they're Anonymous now you might think well that's not very useful and how do I change it well it's simple simply come down uh into your settings um if you go into your organization settings if you scroll down there is an option down down here that says reports and if you click into this and you can see it display concealed user in group names simply take that checkbox out click on Save and you should now be in a good place so I'll just pop back and let's go back to this so I'm going to go back to that usage report if I scroll down now I have a look and sure enough you can now see the name of the user how cool is that so next on my list is probably the most important option it's configuring multifactor authentication now you can configure it here in enter ID or you can configure it in Microsoft 365 whichever you prefer so to configure it in Microsoft 365 Microsoft make it super easy for you so I can come into for example active users here and you can see that I can say yeah I want to go ahead and push out multiactor authentication so what this does is it starts a process a series of uh actions and what I what I can do is I can say yep okay I want to go ahead and I want to get started on this it explains all about what the template is and what it does and now essentially what we need to do is walk through this little wizard okay so here we are and you can see it's starting this wizard process so it's going to take us through MFA and it's going to say why is it really important I can tell you personally that if you enforce MFA within your organization multiactor authentication will reduce your fishing attacks by up to 99% can you imagine that 99% it's absolutely huge um now in addition you can also configure something called adaptive MFA in conditional access so what I thought I would do is I thought I'd show you how to do it in 365 and I'm going to show you how to do it in entra ID so typically we then choose our authentication method so here you can see that these two are already pre-selected so using Pho and Microsoft authenticator in other words Biometrics this is sometimes referred to as fishing resistant uh Technologies we can also use kind of medium level security so for example an oath token um or a temporary access pass and low security is SMS now to be honest Microsoft are scaring you a little bit here these authentication methods are vulnerable to sim or other hacking methods now that means that a hacker would need to have physical access to your device they couldn't perform this type of attack remotely okay so they kind of scare you in a little bit here so anyway I can choose one of these now I I'll click on next and you can see that by default it's saying hey do you want to go ahead and use an MFA template so of course I can choose to customize that if I want to but if I don't click on next boom and that will be rolled out to all of my users so that is how you can do it in Microsoft 365 there are some really nice training resources here for example there's an email that generates uh a message to your organization tells you how it works and so on and you can also ask for assistance from Microsoft's FastTrack team now in addition um if I come into enter ID I'm going to come down into the protection tab here and I'm going to come into conditional access now we also have a feature here called identity protection I've covered this in videos before identity protection um first of all it requires a P2 license and um so if your business premium or something like that you won't have access to that but it's okay it's okay so conditional access in my opinion is a core component in Microsoft's zero trust strategy so typically here I I really like configuring conditional access here rather than through that wizard in Microsoft 365 you've got a lot more control here so for example one of the first things that you would do is think about your team that work with you um you typic typically wouldn't want them to for example in if they're in the office constantly have to sign in through MFA that would be a bit of a pain right so what we can do is we can either do it by geolocation you can add in an IP address range for example your um Bergen office or your Glasgow office or whatever or you can also configure multiactor authenticated trusted IP now of course if you're not too technical then a Microsoft partner can help you with these alternatively you could go ahead and just use that um wizard in Microsoft 365 and that keeps it simple for you um so you can see I've got a couple of uh trusted locations and I've added in Norway because it's the safe place and I've added in a couple of IP addresses and so on now the other thing that you would do here is you can also configure what we call a terms of use so think about it anybody who's connecting to your network they'll get this little popup message that basically says hey these are our terms and conditions you can upload this via PDF and you know these are our terms and conditions this is our acceptable usage policy do you uh consent so you got you can force the user to consent and expand the m this is a really nice feature and you can then um deploy a template on from that so that's the the um terms of use really important by the way um the next thing then remember those authentication methods so just before you get into conditional access you can also come into the authentication methods here and you can choose which methods you're going to authenticate now if you're not sure then you can go to learn.
microsoft.com and there are some great articles on each of these bearing in mind that Pho keys are soon to be renamed as smart smart Keys yes so um you got the authenticator app there so for example if I click into this this is super easy I just enable it for all users and again I'll configure it so it says here um do you want to enable a one-time passcode so I'm sure you're familiar with this um it will ask you to put in number 25 or whatever it is then it will ask you what's the application name now some people hide this stuff I really think it's a good thing because you know hey if you get a sudden popup message that says hey are you in Adelaide Australia using Microsoft team seems um you know that somebody's trying to hack into your account all right and you could just say no that's definitely not me so you've got that geographic location these are three really super important components in uh protecting yourself here all right so those are your authentication methods as again SMS and voice call are probably the weaker ones of the bunch here um but again things like um Microsoft authenticator again multiactor authentication using two- Factor authentication or more is definitely the way to go here now what I'm going to do is I'm just going to pop over to my own temp uh my own tenant here and you can see Microsoft are currently pushing out at the moment if I come into policies they're currently pushing out what we call Microsoft managed policies so there are two policies that they're trying to push out and one is uh multiactor authentication for admins accessing the Microsoft admin portals very good security the other one is multiactor for all users um so again these are two policies now if you don't want them and you've got your own policies again you're quite within your right to go and delete them or disable them now you can see that these are running in what we call in fact if I click onto this one here you can see that it's running in what we call reporting only mode now just to show you that reporting only mode actually runs for 90 days so anything after 90 days it would then come in and be active so just be aware of that these policies uh these Microsoft managed policies are currently being deployed okay now um you can either create a policy from scratch as I said or you can create a policy from a template now depending on your license you might have more templates than others but you can see that these are typically in different categories so zero trust for example remote work protecting administrator accounts and so on now uh again you can use those ones if you want to so you can create that template um what I'm going to do though is I'm going to say you know I actually want to go ahead and create a policy on my own so um not as not to damage my own tenant I'm going to flip back onto this one here and you can see here that I'm now going to create a new policy from scratch so I'm going to call this my Budapest um conditional access policy okay and what users or groups do I want to affect with this policy so again I'm going to select some users and you can do a policy for guests I can also do one for directory roles for example admins and so on and but this time I actually want to create a policy for users and groups so um I happen to have a group here called Budapest sales so I'm going to click into next and select that group and conditional access is based on signals so with these signals I've said okay if the user is a member of this group and they're accessing all apps Cloud apps of course then they must meet these conditions okay now user risk and signin risk if you have a P1 license will not be available but that's fine um device platform so again I can click yes and I'm going to allow any device except Windows phone because let's face it the only person that would use one of those is Doc and Marty so I'm going to click on done um I'm going to say location now I'm doing a multiactor authentication policy here so I'm going to say yes I want to configure the policy but I want to exclude UD trusted locations do you remember that so that means that if you're in the Berlin office or wherever you are it won't prompt you for MFA once you've done that I can click on client apps and I can say okay and very important for security and it can this will make you so much more secure browser apps and mobile apps now these are modern authentication clients and what this means is is they support multiactor authentication they support Biometrics unlike older applications that don't so one of the first things that you might do is disable these because these only support passwords now of course you could create a separate conditional access policy for those and I do recommend that but in this case I'm just going to accept that and finally we have something called filter for devices so and this is really nice because you can say hey um a manufactur let's say equals or let's say let's say equals and let's say dell okay and I'll say Okay add an expression and I'll say hey if the model uh contains XPS okay and you can then add the model number you can say if it's personal or if it's business do you get the idea so you could actually lock your system down so much that only these devices can be connected how cool is that so those are the signals conditional access then I'm going to say okay am I going to Grant access I am going to Grant multiactor authentication and again you can determine whether the if you've got a device that's managed for for example you could check that the the device is marked that it's not um for example uh out of date with software or anything like that and then finally I really like this you can control the session as well so you can um I me I'm just little things here like you can control the signin frequency for this so I can say you know I want the user to resign in every 3 days or every hour or you could even say I want them to resign in every time imagine if you worked in a bank for example okay um the other thing you can also control the persistent browser session so have you ever signed into a browser and it says hey do you want to keep you do you want to keep me signed in so again there may be occasions where you never want them to be persistent okay again in a sensitive position okay we also have a feature called CAE again this may not be available with all versions but CAE or continuous access evaluation constantly monitors your systems for anomalies so it works with all the other secure systems and it basically says hey um anything just reprompt the user to be re-authenticated so it doesn't log you out it just says hey can you reauthenticate please all right so again really really nice feature okay um okay so there we go that's that's a a really super feature again depending on your license some of these may or may not be available to you now when you create the policy as a said it comes in reporting only and that means it comes on for 90 days and then then it will go into active use so it's a it's a way of trying before you buy okay or you could just switch the policy on of course in this case I'm just going to go ahead and create it okay so there we have it conditional access really cool so two different ways of deploying MFA so you can deploy it either through the slightly more technical way of conditional access or you can deploy it through this uh Little Wizard here um which you can find in the user portal in Microsoft 365 so now I'm moving over to the defender portal and you can get to this by simply clicking on the security pane in Microsoft 365 or by navigating to security. microsoft.com now in here you'll find everything that you need to help your
business buiness become secure so what we've done in the last section we've talked about really improving security for users getting those users in and of course it's not just a case of signing in but conditional access provides additional layers of security so before you can get access you have to meet multiple requirements now in terms of security here this is a fantastic tool so I can come into for example um threat analytics and threat analytics shows me or educates me as to what are all the latest potential threats out there so if you've got individuals in your organization who are you know pretty proactive in terms of security this can be a great Insight so for example any kind of new dangerous tools it will let you get details from the analyst what the tool actually does how it manifests itself in your organization do you have any incidence with this do you have any impacted assets and do you have any exposed end points so potential areas of exposure where this type of threat could uh obviously uh take effect and we also have kind of recommendations as well again this depends on the actual um uh alert but really really useful so definitely go in and you need to have a knowledge of first of all being able to defend these threats but you need to know what these threats are and what to look out for so that again really really important now um Defender for endpoint of course I'm currently in this is um uh business premium so if you're a small business up to 300 users this is perfect and one of the Great things about this is you all come also comes with Defender for endpoint so defender of course is Microsoft's umberella name for all of its security features now you can see here that at the moment I don't have any devices in but how do you get devices in I hear you ask super simple you simply go down to the bottom of the page click into settings here click on to endpoints and if you scroll down there's an onboarding section here you simply choose the device that you want you can see there's a whole bunch of them download that agent and you then essentially download it and you can install that app or that tool now one of the things you can also do is you can there's a little test here that you can run in Powershell Andia don't have Powershell uh but yes you do so if you come into the admin Center here up here you have got something called cloudshell and this will allow you to run that command and what that does is it just sends a pulse out essentially waking that sensor up and once you got the sensor running um it will obviously then start collecting data and then you'll be able to see that data in Def uh in Defender for endpoint so really really uh useful now what one of the annoying things that really annoys me about Microsoft is they do you'd think that if the tool or the feature is not available um in the product that it just doesn't appear but unfortunately it does appear and it's really quite frustrating so you can see that you've got a Defender for cloud apps here but if you've got a P1 license when I click onto that it's um it basically gives me an error and it says it's not available but hey would you like to upgrade very clever on behalf of Microsoft okay so um again once you've onboarded those devices um from the homepage it will then just show you how many devices are compliant for example do any devices need patched or updated and so on really really useful and it and it definitely gets your um your security up and running finally the last thing here is secure score so secure score what this does is it Compares your score with those of your let's say for example industry peers and what it does it turns up it makes a number of recommendations so for example one of the really cool features of a P1 license or a um a business premium license is that they give you additional security features so um think about where's the bad guys going to come from they're going to come from typically identity hacks but if you've deployed multiactor authentication you've improved that by 99% so what else can we do then well we've got email and collaboration and in here every customer for example if I go into threat policies here every every customer by default gets things like anti anti- fishing anti- spam anti- malware so they usual stuff okay that's great every customer gets that but what's really worth having is these two here so these two come specifically with Defender uh for 365 and safe attachments I got to tell you absolutely rocks okay and it's definitely something you want to switch on today now this is available in most business plans so business premium um uh again if you've got the lower plans you might not get this but it is available in the business plan so I'm going to create a policy here I'll just call this policy one okay and I'm going to click on next and you can do it by users I can add individual users in groups of users or your entire domain if I wanted to so for the purpose of this demo I've got a a group group here called sales and Market in fact the sales team and I want to create a policy for these guys so you can see what we have um is you've got essentially four options here so off obviously if you don't want the attachment um scan monitor so this perhaps you've got a let's say an analyst in your team who's specialist in this area you could forward any kind of dodgy attack attachments to him he could analyze them and determine if they're dangerous of course so you've got monitor here as well so this delivers the message if malware is detected and this is quite useful for tracking the results for example if you've got an on premisis individual who is perhaps specialized in this area block does exactly as it says on the tin it blocks this and all future uh messages uh with that attachment and you you've also got something called Dynamic delivery which I use it's brilliant so what this does it delivers the message it detaches the attachment scans it drops it into what we call a Sandbox and it checks the attachment is it does it contain an executable um is it trying to write any code is it trying to do anything malicious if it's not it reattaches and resends the message again um however if it is malicious it just drops it completely absolutely brilliant and it it's a integral part of Microsoft's zero trust strategy definitely take a look at that safe attachments it absolutely rocks and finally um what's the other way that potential malware or malicious software can come in it's typically through potentially a malicious link so we have this feature here called safe links and again I'm going to go ahead I'm going to create a safe links I'll just call this again I'm imaginative so I'll call this um policy one okay and in here I'm going to say okay again the same group again so you can put in you know different groups you can have different policies of course for different groups of individuals and I'm going to click next next here and you can see here what this is doing is it's checking every single link in every email message every chat message in Microsoft teams to make sure that it's not malicious now you might receive uh an email that contains a link and you see like an orange or a yellow border around the message that just means that it's being scanned okay if the border around the the message is read then you know that it was a malicious link as this is typically how hackers uh essentially get in to your infrastructure so again I'm going to go ahead and I definitely want to switch that policy on so absolutely brilliant technology a few simple clicks can really improve Security in your environment so they have it just a few of those really important security settings in both Microsoft 365 and enter ID that can make a real difference to your business and I guarantee it will keep those bad guys away now um if you enjoyed the session please give me a big thumbs up BM that like button it does make a difference and hey you know if you've got questions comments get those down below and I'll do my best for you subscribers if you want to join us i' love to see you on board bump that subscribe button ring the bell and come and join our Learning Community that's it for today I really appreciate the visit I'll see you next time take care hey thanks so much for dropping by today here's a couple of videos that you may enjoy and while you're here go ahead click on the Subscribe button and you won't miss [Music] out
2024-02-17