Hello and welcome to this Microsoft 365 Fundamentals Video course. My name is Kristen Mico, and I'm taking you through this entire thing. We're gonna be talking today about security, which is another part off module three. Let's get started with the lesson. So learning objectives for this lesson
we're gonna be learning about the key pillars of security.
So that kind of lays the foundation. What holds everything up on? Also, we're gonna talk about how Microsoft 365 protects identity I e. People on access I e getting onto things and accessing files.
We're also going to be looking at How much off? 365 protects against threats. Andi protects information. So those are key areas. Let's get started with those key pillars, shall we? Let's move over. All right, so let's start with the four key pillars. Microsoft always look at the bigger picture with this. They look at the holistic side of things.
So with this in mind,
let's have a look at what they see is the four key areas. So the 1st 1 up let me get my pen. There we go. Is identity and access management. All right, So you need to make sure that your identities are secured
to reach zero. Trust effectively. So what that means is that there is your you don't trust them until they tell you who they are. That's affecting what they mean by zero trust. Assume that everyone logging in is there. To steal things is effectively the blunt way of saying that.
All right, so until you know who they are, treat them as hostile, the next one threat protection. So this is where you look to stop any kind of attacks with intimated integrated Andi automated security. All right, so these are systems where they sit there, like
auto advanced threat protection that we discussed in the previous lesson
You don't need to worry too much about it. These are done automatically, and that's the idea. They're kind of stopped before they've even started. Hopefully, this is like your your first line of defense effectively.
All right, The next one is information protection,
so this is to locate and classify information anywhere it lives. It doesn't matter if it's on an end point if it's stored in SharePoint. If it's on someone's phone, if you know they're offline. You need to be able to protect and classify that information.
And there are ways to classify information before this. The user even realizes that that information has bean
classified and protected. All right,
the last one for this is security management. So security management is all about strengthening your security so that you have the best practice. So they say insights and guidance. I prefer to say that as best practice.
So make sure your security management is up to date with
what you know should be in place on how you should be using it effectively on that underpins everything with infrastructure security.
All right, so that that kind of creates that that level, if you will, so that once they were all in place, that then creates that security and the foundation that you can build your network upon effectively.
All right, let's move on. Them will discuss each one. So let's start with identity and access. All right, So secure authentication. Eso obviously secure authentication. How would you do this? Well, obviously the 1st 1 the most obvious one is passwords. However, they're not as secure as you think anymore. In fact, Microsoft and moving away from passwords.
And very often I am being asked no even to type my password taxes, Microsoft
organizational sections. In fact, what it does is it asks me to type my Microsoft account my usual i d on. Then it will simply pop up on my phone going. Are you trying to log in on its Got a yes or a no. I click yes, and off it goes, and that's pretty much it.
So the problem with passwords on a personal level that I found is that strong passwords obviously can always be difficult to remember. Eso that. So that's a major one, because people just get fed up of having these complex passwords. So they pick something like their favorite pet, and then they have a number that incrementally increases by one every time they reset it
on. The problem also is that users often reuse the same password on multiple different sites. So if you've ever had an account compromised,
what are the chances that that password is either fully or partially the same as another password? For your let's say you're much of 365 environment, chances are probably pretty good. Most people just use the same password or derivatives of the same password on different sites.
There's a mentioned If there's a server breach, then you're looking at exposing what's called symmetric network credentials. So credentials that are the same on Facebook as well as Microsoft. So if your password is password 123 on Facebook and someone gets hold of it,
is it password? 123 for Microsoft? Well, maybe, who knows? But that's basically the problem behind it, and they're also subject to replay attacks. A replay attack is basically where they just keep retrying over and over. The screen tries to refresh, tries to go in again
brute force. Is there another way of dealing with their of C depends on whether or not the business has their own security to deal with that side of things,
and then also, finally, users can inadvertently expose their passwords in phishing attacks. Phishing attacks are basically where people trying to get you to sign in on a site that's fake so that they get your credentials. That's effectively, What phishing attack is there?
All right, let's talk about windows. Hello, then. So that's the next one. Now the key thing with Windows Hello is that it's always tied to the device.
Eso. It's one log in system for one device that pin that password would've biometric. Whatever you use, you cannot you can, but you shouldn't use the same one on a different device. I have to desktop machines at home.
One of them uses a pin. The other one uses facial recognition.
I don't use the same thing on each of them, which means if someone sees my pin, they can only get in on the computer that has that pit doesn't work online. It doesn't work on the other devices. They would need to physically get to my computer. And that's where Windows hello really shines. So no. Yeah, okay, they they've
they've compromised my digital security, but they need to physically gain access to the machine.
Things like Mission impossible when they have to access the server room because there's no network link in that kind of thing.
and also protects the physical device. Like I mentioned, you know, they can't just log in somewhere else using my windows Hello pin or my facial recognition, hoping they fix the things now where you could just hold up a photograph of someone toe a camera and it goes, are Hello?
Hello, Bob. Welcome. And it just logs you in Another thing that works anymore.
In fact, I think Windows Hello uses infrared to scan actual three D imaging when you'd have facial recognition.
Then we have Microsoft Authenticator. Now this is We've spoken a little bit about this before. This is multi factor authentication.
Two. Factor verification. It's the standard verification method where one of your factors is your password. So to factor. Verification means you type your email. You type your password, and then you type up in that gets delivered to your phone or you open in this case, the Microsoft Authenticator, which shows you a number that you need to type
before it resets that kind of thing.
After you sign into a device, app or site using your user name and password, then you can either choose to use that code. That verification code, or what is becoming more common now, is that you receive what's called a push notification to your device, which says we recognise that someone is trying to log in
Is this you? And it just has a simple yes or no. You click Yes or no if you're not there. But hopefully you could Yes, because it is you on. Do you log in and then that will send the signal back to the server to go let these people through.
Nice and simple. We do have phone sign in as well. This is a version of two factor verification that lets you sign in without requiring a password. Just using your user name and your mobile device with things like your fingerprint or your face or your pin.
You don't even need to have a password. Effectively. That's phone sign.
All right, so let's clear. The screen will cover the next one, which is conditional access. So conditional access
evaluates each request for access using set criteria. All right, so now these policies, these criteria actually designed by an administrator there set up and configured by admissions, persist admits, Hopefully, people like you and I
So what you're looking at here it covers users, devices, locations on statuses. So with users, it's usually group memberships that get covered
devices. You need to check whether they're joined to a domain if they compliant on what type of platform are they running? Maybe you don't want anyone on IOS to access your network
application wise, you can check if it's according to the AP policy, whether it's set up correctly and also what type of client is it? Is it a Web interface? Is it a mobile app, or is it a rich client like Word or Excel or something like that? You know, you can't, you say, only allow certain types through
locations. So we're talking about really simply an I. P range here basically checks to see where you are, and it will check that I p against either a blacklist or white list, depending on how it's configured Onda. Then it will appropriately react effectively and then statuses, statuses. Oscar Boston is a risk.
So we have a session risk and the user risk.
And basically what that means is that we've discussed this before in a previous video. But what that means is is that it will check to make sure that the session you've looked in with is actually compliant. You know, have you logged in viral VPN connection or, you know, do you have anti virus on the machine, set up
that kind of thing. That's effectively what we're looking at here.
Or even if the account has been flagged for something in the past, does it look suspicious? That's where the user risk comes into play. And then from there, identity access. The conditional access environment will check
Andi based on all of these conditions here, it will say to either allow them in.
It will ask them for further credentials to enforce them. I m f a or it will just note your name is not on the list. You're not coming in
Onda, depending on how those go. If it doesn't force that my fake on it fails, then obviously it goes down there. If it does enforce them, if a and then it succeeds, then you're allowed in. So the best you can get is to allow Obviously, enforce them. FAA doesn't mean you're not allowed. It just means you need to prove one last thing
and then block is a straight up. You're not compliant at all. You're not meeting the criteria set by conditional access.
Okay, let's clear the screen one more time on Let's discuss identity protection.
So identity protection. Most breaches occur from identity theft. That's that's just known. I think nowadays it's the easiest way to breach any network. The weakest element of a network I've always found as a sys. Admin is the people that use it.
That's not to be anything derogatory against the staff,
because obviously we are here. System at means to help the staff. That's our job. When you say to someone, how can I help? What you're effectively saying to them is, How do I help you do your job? That's effectively. What you do is Aziz Korea, a system administrator. So what you need to do with identity protection is to
protect all the identities, no matter the level of the account.
It doesn't matter if that account is a global administrator or ISA guest access with the tiniest, tiniest amount of access to the network. You need to make sure that all the accounts are proactively protected
Okay, so again, going in with the proactive element, you need to make sure that you prevent compromised identities from being abused proactively. So there needs to be MF a in position that needs to be conditional access. You need to make sure that the right policies air connected to those accounts. And
people are using passwords from a well known list like
there are certain blacklist definitions that you can get online that you can tell Marks off. 365 Don't allow any permutation of a password in this file as an example or any other custom ones you know, say, don't use don't allow people to use their names or or actual words. You don't don't allow it
then we have your identity. A D identity protection on what we can do with this is that we can actually identify any unusual behavior that's occurring.
That's probably the biggest one with identity protection. Whether it's, you know, weird I P addresses being accessing user accounts or the user being in London one minute and then five minutes later, longing logging in from Singapore.
How is that user physically got to Singapore in five minutes?
That's that's a unreasonable and unusual behavior.
Then we have Microsoft Cloud app security.
This is basically and it's it's easiest level, a analytical tool for cloud applications. It just means that it will do the same thing that identity protection does for accounts with applications that at its very heart, you don't need to know pretty much anything more than that.
We then have as your 80 p. We've talked about 80 p already a little bit. Eso This goes through a few things here. There's three major ones. It will identify a problem.
It will then detect any issues that occur from that problem on. Then it will also investigate that said problem. You use that tool to do all three of those without issue.
Okay, and then finally with identity protection is the operating it system itself. It has a number of features now with the modern best top with Windows 10 that can actually stop them, you know, can actually deal with these issues with identity. The biggest one that I keep harping on about because I'm a huge proponent of it
So it deals with pens, facial recognition, fingerprinting picture passwords. There's a whole world of different things that you can do with it on this one, so that's that's the top one. You can also use physical security keys so you can design USB keys that need to be in position in order for you to then
do things on the system, including booting up and
on da, you know, logging in that kind of thing.
And I did also mention picture passwords with windows. Hello.
Picture passwords aren't technically a part of windows. Hello. But they get lumped in under the same security settings within Windows 10. So that's something to keep an eye out for this. Put here, not
Keep that in mind if you ever do the exam or something like that. If picture password comes up, it is not a Windows Hello feature.
It is just part of the operating system.
Dynamic clock is quite a cool item to finish off with. Basically, dynamic clock will allow you. This is generally only used for things like laptops or anything that has, like, a Bluetooth connection because you want a small area of effect. The reason being is that what it will do is you can set it so that your phone
needs to be within a certain proximity to the device
in order for it to allow you to lock and unlock the device s O. If you are working on your laptop and you decide that you're going to go for a walk on your lunch break. You get up, you grab your phone and you forget to lock your laptop. Lo and behold, you've just caused a huge vulnerability to the network of your organization.
Don't even worry, because if dynamic clock is on the fact that you picked up your phone and walked away with it means that your laptop will recognize that the device is no longer in signal range using Bluetooth and it will automatically lock. It's a very, very cool feature.
All right, let's move on to threat protection. In fact, what we'll do is we'll stop there will start a new video because this is quite a long one. Onda will come back for the next part. I will see you there.