Hello, ladies and gentlemen. And welcome back to this Microsoft 365 video training course. My name is Chris Tomiko, and we are carrying on in our next part with regards to threat protection. We've just been talking about the the security side off Windows 10 and the way that it deals with things
we're gonna carry straight on with threat protection as well.
Onda. Let's get started. Basically. All right. So for protection, attack surfaces have grown with the introduction of the cloud. Now it's really a case of not if you get hacked as a business, but when, um,
it's until they come up with some better way of dealing with security.
It is. You should assume when, rather than if you get hacked, right, so on attack surface is basically any point that people can engage your network on because of the sea.
The cloud environment is anywhere in the world. Your attack surface is pretty big if you're using a cloud environment. So this now requires a multi pronged approach to deal with threats. All right, the Microsoft do have quite a big multi pronged approach. In fact, it if it was a problem,
it would have about 10 or so 10 to 12
spiky bits on it that they could poke people with. All right, so this is their idea of threat protection now. So down the left hand side, we've got the five kind of key areas we've got identities, endpoints,
cloud APS and infrastructure. This is the five key areas that Microsoft say are the the points that create the issues on the network and kind of the what you need to deal with as a system administrator on this part here on the left hand side of the red line. Might have just drawn
Sorry. On the right hand side is the tools that they give you toe deal with the issues. We've already discussed a D up here.
That one there we've discussed in tune. We've discussed 80 Pia's well advanced threat protection. Yet we've already gone through that cloud up Security? Yes. The security center we will cover in the later date, so I'll leave that one for now. We've covered Windows 10. We haven't covered Windows server Linux.
Microsoft do, and it probably isn't something we will cover here. Microsoft do a lot of work now
using Lennox environments they actually actively support. Lynn looks in their infrastructure, which is a huge step forward. In my opinion, many years ago, it was a case of Microsoft, would never have got into bed with Linux and started working with them. But I'm really happy with the new CEO, Satya Nadella.
He has a much more visionary scope to things with Microsoft,
and I believe he's done wonders for the company
exchange. Online protection is pretty much what it says on the tin effectively. We've come across that. When we first spoke about the 365 core services
office 80 p, you can imagine what that is based on his you're a teepee as well. Threat intelligence. We haven't covered in SQL Server. We haven't covered. Generally, we won't cover those ones because they are more than just the fundamental area. All right, now these all come together with something called Microsoft graph.
Now, this is something called rest AP I now, on a p I is an applications programming interface.
It basically means that you can tap in to other interfaces, other device, other programs of ah, infrastructures on pull things out. Rest is what they call it and rest basically means interoperability.
The word rest itself actually stands for
representational state Transfer
on what that means is that this is Microsoft graph, by the way, what I've just pulled up on the screen. What that means is, is that you can log in any point on this Andi allow data to traverse from one application interface to another.
Eso, if you have, might. For example, start with a device
with the device you would log in. Let's say you log into with the usual account. Now that user then logs in Andi seamlessly. Oh my God, my lines getting really bad seamlessly connects to their emails and messages.
They didn't see that they have a few meetings scheduled, you know, and those meetings have files attached to them. And that's just one idea is that because you've logged in once through one point on the graph system, just allows you to then connect altogether and inter operate. That's what that's what we're talking about.
basically, it's a fancy way of saying interoperability. You don't need toe, have multiple things open. These all work behind the scenes. They kind of build the foundation off the 365 environment. Effectively.
All right, information protection. Let's have a quick chat about this, then. So there really is no point having a completely secure system if your users can access it,
It's kind of, you know, it kind of makes sense when you think about it. You could have Fort Knox where everything is behind the door, you know, sealed in the vault. But if you don't have the code to get through the door, then what's the point of having everything in the vault? You can't get to it anyway, so that needs to be a balance. So
you need to consider productivity versus security
on. Because of that, you need to have a strategy in place.
All right, Andi, in those situations, you need to do a few things you need to discover an issue or information on. These are the four kind of key areas of the information protection you to discover the information. What information are you protecting
you to classify the information? What sensitivity is the information you're protecting?
Then you need to physically here actually need to protect its a key point. But many people forget you don't just classify. You don't just know where it is, but you. Then go ahead and protect it, and then you need to monitor it, which usually means auditing right on. That's what we refer to with this so you can follow data throughout its life cycle here.
So this is an image I have. It's quite an old image. This is with office 365 so you can see data gets created on imported, modified across locations, that kind of thing on. Then. Users are guided to classify files with the information with Windows information protection.
All right, so it will say, Look, we think you should classify this. What is its classification? If the user forgets or doesn't know what it should be, you can also set up to automatically scan for sensitive information on Classify it. So if you have a file with, I don't know credit card information in it.
It will classify it as critical, for example,
because it now realizes and recognizes that you have financial data in that file, so it will suitably classify it based on a few automated policies, basically,
so the data then gets labelled based on that sensitivity that you got from that classification.
And then that label protects it based on a policy so it will apply a different policy, whether it's non critical, critical, personal, sensitive public or anything else. That kind of thing
on data travels across various locations. SharePoint one DR email. It could get copied toe a laptop, whatever it might be. And it just carries on checking this, and it monitors it throughout. This is where it would then Order. T wouldn't necessarily do anything against it, but it would keep her log to say
this data went here on this date at this time, and this person did it
just so that you have it all recorded. Now that could be,
uh my brain's gone. There could be a conditional access set against those labels as well, which means they might get blocked. You could still have that block monitored and audited because it would be good to know that someone tried to access that information
andan. Hopefully, eventually, when their attention period expires, data would get retired and hopefully deleted. Because with GDP are now, you cannot hold data indefinitely. It's just not allowed team to make sure that your attention periods of correct as an example.
So this is just another bit of a photo that I've got here. That basically explains where things drop in terms of how the marks off graph works on things. So it basically categorizes where things might separate.
So at the top here, you've got your child and SAS applications. So office 365 or months or 365 APS is it calls it
one Dr Other Cloud Environments, and they kind of have that cut line. They're trying to be as clear as I can. Let's cut this up, make it easier.
Then we go. All right
on then. Under that is devices. Now. Devices could be literally anything that accesses data office applications, Windows, information protection. That's where those you know that protection occurs. It occurs within the APS on within Windows. Information protection
on then, finally, is the A I. P scanner. So this basically means that the Automated Information Protection Scanner has a look to see whether things on premises are properly categorized. And, you know, a labeled correctly date has bean audited correctly. That kind of thing.
That's kind of the layers that is going in or out so
it could go either way. It doesn't have to necessarily go only one or the other. But that's what certainly what you're looking for there, anyway, right. Let me clear off these so I can
Let's get those out the way. Perfect.
All right. Excellent. All right, So this image here is mawr about the how to protect sensitive information across devices. So what we're looking at here are things that where cloud services and on premises mix effectively.
So it's just to kind of show you how things connect
on where they connect. So it's, you know, you're looking at data encryption that's built into azure and office 365 the ability to have file level encryption and permissions so you can break it down to the file rather than, say, a group or something like that.
Data level protection actions to block sharing so
you can actually say look, gray out the button to share. Don't allow people to press print that kind of thing as well. So that's very, very possible on Ben. You can also control cloud up access and usage as well
secure email with encryption and commissions.
You generally you wouldn't really need to secure emails unless something really sensitive going across them. Hopefully what you would be doing instead, rather than attaching an item to an email, is putting a link in the email to a file that's being shared with correct permissions.
And then even if that email were to get into the wrong hands, they couldn't access it because they're not logged in as that person
was probably the best way to do it.
Then you would obviously look at retaining, expiring or deleting documents. That's that retention policy that I spoke about,
as well as visual markings to indicate sensitive documents. So you might, for example, have critical files highlighted with a red background behind the text. And it's white text, you know. So it really stands out on the screen visual markings of the easiest way to get people to realize that something something important is happening, especially with humans anyway.
Then you would you know, there's policy tips to notify and educate, and users cause staff awareness and training is probably the biggest thing you can do in terms of creating a more secure network
on business data separation on devices. This is where you would basically make sure that personal if someone's using a their own device using B Y o d. Which we've discussed before. Then you know they can use their own device but is segregated from their personal items on the device
and then finally revoked acts up access.
If you're pulling licensing from a user's account, they can't use those APs anyway. And if those app so the only way to access that data, then you're effectively blocking them from accessing data they shouldn't have access to in the first place. Nice and simple. Really?
Okay, so let me get rid of these. There we go. Let's get rid of them. Done. This is the compliance, the label analytics system, and this is the kind of system that you would use now. It's not important to really read any of this, but what I want to draw attention to what this system is, the fact that it's very visual the colors
get your attention. You can pretty much figure out from what is currently colored
as to what might be more important than something else.
So it's That's kind of what we're looking out, and I'm going back to that kind of visual marking thing that I mentioned a few minutes ago.
So it's just something to keep in mind when you're looking at information protection. If you can use color to signify levels or sensitivity or labelling, you're pretty much halfway there in terms of training people to understand the system.
So just keep that in mind something toe certainly take advantage off
or it we are going to stop here because we do have another part coming up. It's a long part framed along one video series, this one we're gonna carry on with security management. So join me back here for the next video. I will see you shortly.