Microsoft 365 Security, Compliance, and Identity Administration

Microsoft 365 Security, Compliance, and Identity Administration

by Peter Rising
Released August 2023
Publisher(s): Packt Publishing
ISBN: 9781804611920

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Explore expert tips and techniques to effectively manage the security, compliance, and identity features within your Microsoft 365 applications Purchase of the print or Kindle book includes a free PDF eBook

Key Features

  • Discover techniques to reap the full potential of Microsoft security and compliance suite
  • Explore a range of strategies for effective security and compliance
  • Gain practical knowledge to resolve real-world challenges

Book Description

The Microsoft 365 Security, Compliance, and Identity Administration is designed to help you manage, implement, and monitor security and compliance solutions for Microsoft 365 environments.

With this book, you’ll first configure, administer identity and access within Microsoft 365. You’ll learn about hybrid identity, authentication methods, and conditional access policies with Microsoft Intune. Next, you’ll discover how RBAC and Azure AD Identity Protection can be used to detect risks and secure information in your organization. You’ll also explore concepts such as Microsoft Defender for endpoint and identity, along with threat intelligence. As you progress, you’ll uncover additional tools and techniques to configure and manage Microsoft 365, including Azure Information Protection, Data Loss Prevention (DLP), and Microsoft Defender for Cloud Apps.

By the end of this book, you’ll be well-equipped to manage and implement security measures within your Microsoft 365 suite successfully.

What you will learn

  • Get up to speed with implementing and managing identity and access
  • Understand how to employ and manage threat protection
  • Manage Microsoft 365’s governance and compliance features
  • Implement and manage information protection techniques
  • Explore best practices for effective configuration and deployment
  • Ensure security and compliance at all levels of Microsoft 365

Who this book is for

This book is for IT professionals, administrators, or anyone looking to pursue a career in security administration and wants to enhance their skills in utilizing Microsoft 365 Security Administration. A basic understanding of administration principles of Microsoft 365 and Azure Active Directory is a must. A good grip of on-premises Active Directory will be beneficial.

Table of contents

  1. Microsoft 365 Security, Compliance, and Identity Administration
  2. Contributors
  3. About the author
  4. About the reviewers
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. Conventions used
    4. Get in touch
    5. Share Your Thoughts
    6. Download a free PDF copy of this book
  6. Part 1: Implementing and Managing Identity and Access
  7. Chapter 1: Planning for Hybrid Identity
    1. Planning your hybrid environment
    2. Authentication methods in Azure AD
      1. Multi-factor authentication
      2. Self-service password reset
      3. Conditional Access
      4. Passwordless authentication
    3. Synchronization methods with Azure AD Connect
      1. Password hash synchronization
      2. Pass-through authentication
      3. Federation
      4. Azure AD Seamless Single Sign-On
    4. Azure AD Connect cloud sync
    5. Event monitoring and troubleshooting in Azure AD Connect
    6. Summary
    7. Questions
    8. Further reading
  8. Chapter 2: Authentication and Security
    1. Implementing Azure AD dynamic group membership
      1. Creating a dynamic group in Azure AD using the Azure portal
      2. Creating dynamic groups with Azure AD PowerShell
      3. Using group-based licensing in Azure AD
    2. Implementing password management
      1. Setting up SSPR
      2. Registering for SSPR
      3. Using SSPR to reset passwords
      4. Combined registration for SSPR and MFA
    3. Implementing and managing external identities
    4. Implementing and managing MFA
      1. Enabling MFA
      2. Service settings
      3. Configuring secondary authentication methods
    5. Planning and implementing device authentication methods
    6. Summary
    7. Questions
    8. Further reading
  9. Chapter 3: Implementing Conditional Access Policies
    1. Explaining Conditional Access
      1. Creating a Simple Conditional Access policy
    2. Conditional Access and Microsoft Intune
    3. Introducing the types of Conditional Access
      1. Device-based Conditional Access
      2. App-based Conditional Access
    4. Monitoring Conditional Access events
    5. Summary
    6. Questions
    7. Further reading
  10. Chapter 4: Managing Roles and Identity Governance
    1. Planning and configuring PIM
      1. Planning PIM
      2. Configuring PIM
      3. Monitoring PIM
    2. Planning and configuring entitlement management
    3. Planning and configuring access reviews
    4. Summary
    5. Questions
    6. Further reading
  11. Chapter 5: Azure AD Identity Protection
    1. Understanding Identity Protection
    2. Protecting users with risk and registration policies
      1. Configuring user risk and sign-in risk policies
      2. Configuring MFA registration policies
    3. Configuring alert options
      1. Users at risk detected alerts
      2. Weekly digest
    4. Managing and resolving risk events
      1. Examining users at risk
      2. Examining risky sign-ins
      3. Examining risk detections
      4. Risky workload identities (preview)
      5. Risk-based Conditional Access policies
    5. Summary
    6. Questions
    7. Further reading
  12. Part 2: Implementing and Managing Threat Protection
  13. Chapter 6: Configuring a Microsoft Defender for Identity Solution
    1. Identifying the organizational need for MDI
      1. Understanding suspicious activity
      2. Exploring advanced attacks and malicious activities
    2. Understanding the MDI architecture
    3. Setting up MDI
      1. Prerequisites for MDI
      2. Installing and configuring MDI
      3. Additional configuration options
    4. Managing and monitoring MDI
      1. Entity tags
      2. Excluded entities
      3. Monitoring MDI
    5. Summary
    6. Questions
    7. Further reading
  14. Chapter 7: Configuring Device Threat Protection with Microsoft Defender for Endpoint and Intune
    1. Planning and implementing MDE
      1. Onboarding devices
    2. Managing and monitoring MDE
      1. Vulnerability management
      2. Partners and APIs
      3. Evaluation & tutorials
      4. Configuration management
    3. Implementing Microsoft Defender Application Guard, Application Control, and exploit protection
      1. Configuring Microsoft Defender Application Guard
      2. Configuring Microsoft Defender Application Control
      3. Configuring Microsoft Defender Exploit Guard
    4. Encrypting your Windows devices using BitLocker
    5. Implementing application protection policies
    6. Summary
    7. Questions
    8. Further reading
  15. Chapter 8: Configuring Microsoft Defender for Office 365
    1. Protecting users and domains with anti-phishing protection and policies
      1. Setting up an anti-phishing policy
    2. Configuring Safe Attachments options and policies
      1. Creating a Safe Attachments policy
      2. Creating a Safe Attachments policy using Windows PowerShell
    3. Configuring Safe Links options, blocked URLs, and policies
      1. Creating a new Safe Links policy
      2. Creating a Safe Links policy using Windows PowerShell
    4. Monitoring and remediating with Microsoft Defender for Office 365 reports
    5. Running simulated attacks with Microsoft Defender for Office 365
    6. Further attack simulation configuration options
    7. Summary
    8. Questions
    9. Further reading
  16. Chapter 9: Using Microsoft Sentinel to Monitor Microsoft 365 Security
    1. Planning and configuring Microsoft Sentinel
      1. Connecting Microsoft Sentinel to a workspace
      2. Connecting Microsoft Sentinel to data sources
    2. Configuring playbooks in Microsoft Sentinel
      1. Creating a simple playbook
      2. Creating a playbook using templates
    3. Creating and using automation rules to manage responses
    4. Managing and monitoring your Microsoft Sentinel instance
    5. Summary
    6. Questions
    7. Further reading
  17. Chapter 10: Configuring Microsoft Defender for Cloud Apps
    1. Planning your MDA implementation
    2. Configuring MDA
    3. Managing Cloud App Discovery
    4. Managing the MDA catalog
    5. Managing apps and app connectors in MDA
    6. Configuring policies and templates
    7. Using Conditional Access App Control with MDA
    8. Reviewing and interpreting alerts, reports, and dashboards
    9. Summary
    10. Questions
    11. Further reading
  18. Part 3: Implementing and Managing Information Protection
  19. Chapter 11: Managing Sensitive Information
    1. Planning a sensitivity label solution for your organization
    2. Creating and managing SITs
    3. Setting up sensitivity labels and policies
      1. Setting up labels
      2. Setting up label policies
      3. Using sensitivity labels
    4. Configuring and using Activity explorer
    5. Using sensitivity labels with Teams, SharePoint, OneDrive, and Office apps
    6. Summary
    7. Questions
    8. Further reading
  20. Chapter 12: Managing Microsoft Purview Data Loss Prevention
    1. Planning and implementing DLP
    2. Managing DLP policies for Microsoft 365 workloads
      1. Creating a DLP policy
      2. Testing your DLP policy
      3. Editing your DLP policy
    3. DLP reporting and alerting capabilities
      1. Using PowerShell with DLP reporting
      2. Required permissions for DLP reports
      3. Further alerting capabilities
    4. Implementing Endpoint DLP
    5. Summary
    6. Questions
    7. Further reading
  21. Chapter 13: Managing Microsoft Purview Data Lifecycle Management
    1. Planning for data lifecycle management
      1. Records management
    2. Analyzing reports and dashboards
      1. Content explorer
      2. Activity explorer
    3. Configuring retention labels and policies
      1. Creating a retention label
      2. Creating a retention label policy
      3. Applying retention labels
    4. Creating a retention policy
    5. Planning and implementing adaptive scopes
    6. Finding and recovering deleted Microsoft 365 data
      1. User mailboxes
      2. OneDrive
    7. Summary
    8. Questions
    9. Further reading
  22. Part 4: Managing Compliance Features in Microsoft 365
  23. Chapter 14: Monitoring and Analyzing Audit Logs and Reports in Microsoft Purview
    1. Planning for auditing and reporting
    2. Investigating compliance activities by using audit logs
      1. Performing an audit log search
    3. Reviewing and interpreting compliance reports and dashboards
    4. Configuring alert policies
    5. Configuring audit log retention policies
    6. Summary
    7. Questions
    8. Further reading
  24. Chapter 15: Planning For, Conducting, and Managing eDiscovery Cases
    1. Recommending eDiscovery (Standard) or eDiscovery (Premium)
    2. Planning for content searches and eDiscovery
    3. Delegating the required permissions to use search and discovery tools
    4. Creating eDiscovery cases
    5. Managing eDiscovery cases
      1. Adding custodians
      2. Collecting data
      3. Analyzing the review set results
      4. Exporting and downloading case data
      5. Additional tasks
    6. Summary
    7. Questions
    8. Further reading
  25. Chapter 16: Managing Regulatory and Privacy Requirements
    1. Planning your regulatory compliance journey in Microsoft 365
    2. Managing regulatory compliance in Microsoft Purview Compliance Manager
      1. Access to Compliance Manager
      2. Improvement actions
      3. Assessments and assessment templates
    3. Exploring Microsoft Priva
      1. Implementing privacy risk management
      2. Implementing and managing Subject Rights Requests with Microsoft Priva
    4. Summary
    5. Questions
    6. Further reading
  26. Chapter 17: Managing Insider Risk Solutions in Microsoft 365
    1. Implementing Customer Lockbox
    2. Implementing and managing Communication Compliance policies
    3. Implementing and managing insider risk management policies
      1. Getting started with Insider Risk Management policies
      2. Creating Insider Risk Management policies
    4. Implementing and managing Information Barriers policies
      1. Segments and policies for Information Barriers
    5. Implementing and managing Privileged Access Management
    6. Summary
    7. Questions
    8. Further reading
  27. Answers
    1. Chapter 1
    2. Chapter 2
    3. Chapter 3
    4. Chapter 4
    5. Chapter 5
    6. Chapter 6
    7. Chapter 7
    8. Chapter 8
    9. Chapter 9
    10. Chapter 10
    11. Chapter 11
    12. Chapter 12
    13. Chapter 13
    14. Chapter 14
    15. Chapter 15
    16. Chapter 16
    17. Chapter 17
  28. Index
    1. Why subscribe?
  29. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Share Your Thoughts
    3. Download a free PDF copy of this book

Product information

  • Title: Microsoft 365 Security, Compliance, and Identity Administration
  • Author(s): Peter Rising
  • Release date: August 2023
  • Publisher(s): Packt Publishing
  • ISBN: 9781804611920