EMS Partners: Focus on Secure Productive Enterprise


Robb Dilallo

For partners and their customers, security is at the forefront of every conversation. At Microsoft, we continue to listen to our audience and add services to our portfolio that help protect against attacks, detect when an attack is occurring, and respond through guidance and/or automation. Many of these additions reside in the products that make up Enterprise Mobility + Security (EMS). But if you want to offer your customers a holistic, agile security platform, consider offering Secure Productive Enterprise.

Microsoft sales teams have found that starting customer discussions by acknowledging the challenges customers are facing, and explaining how Secure Productive Enterprise enables their digital transformation backed by security, expands what customers will consider. Partners that understand how to deliver multiple capabilities for digital transformation that include enterprise security, management, collaboration, and business analytics, on their own or through business relationships with other partners, will be well positioned.

This month (April 2017), we’ll use the EMS Partner call to bring you a discussion about Secure Productive Enterprise and EMS. Joining me will be my fellow community leads for Office 365 Partners and Windows Partners. We’ll explain how Secure Productive Enterprise, delivered through enterprise cloud services, supports customers in empowering their employees, and we’ll discuss the partner opportunity.

Sign up for the April 27 partner call

The partner opportunity with Secure Productive Enterprise

In today’s post, I’ll show you how Office 365, Windows 10, and Enterprise Mobility + Security can protect, detect, and respond to security threats. It’s built right in. We’ll talk about the attack vectors that enable hackers to exploit system vulnerabilities, including the human element.

Common attack vectors include:

  • Phishing, spearphishing, spoofing
  • Malware infection
  • Credential theft
  • Ransomware

Understanding these attack vectors, and the countermeasures in Secure Productive Enterprise, will enable you to build more comprehensive security solutions for your customers.

Office 365 security capabilities

Attack vector Countermeasure Description
Phishing Exchange Online Protection
More information
Cloud-based email filtering service that helps protect your organization against spam and malware, and includes features to safeguard your organization from messaging-policy violations. EOP can simplify the management of your messaging environment and alleviate many of the burdens that come with maintaining on-premises hardware and software.
Identity theft Office 365 Advanced Security Management
More information
With Advanced Security Management, you get alerts that you can set up by using policies to notify you about anomalous and suspicious activity. And you can also get Productivity app discovery, which lets you use the information from an organization’s log files to understand and act on users’ app usage in Office 365 and other cloud apps.
Identity theft Multi-Factor Authentication
More information
All privileged Office 365 users (such as global administrators or billing administrators) should use Multi-Factor Authentication. Combined with dedicated user accounts and workstations, Multi-Factor Authentication provides the most important protection for privileged accounts. Multi-Factor Authentication delivers strong two-step authentication with a range of easy verification options—phone call, text message, or mobile app notification—allowing users to choose the method they prefer.
Identity theft Secure privileged access
More information
Securing privileged access is a critical first step to establishing security assurances for business assets in a modern organization. The security of most or all business assets in an organization depends on the integrity of the privileged accounts that administer and manage IT systems. Cyberattackers are targeting these accounts and other elements of privileged access to rapidly gain access to targeted data and systems using credential theft attacks like pass-the-hash and pass-the-ticket.
Identity theft Azure AD Privileged Identity Management
More information
With Azure AD Privileged Identity Management (PIM), you can manage, control, and monitor access within your organization. This includes access to resources in Azure AD and other Microsoft online services like Office 365 or Microsoft Intune.

Just in time administrative access allows you to provide privileges on demand for a predetermined amount of time, instead of having permanent administrators.

Identity theft Azure Active Directory Password Management
More information
Allow your users to manage any password from any device, at any time, from any location, while remaining in compliance with the security policies you define.
Data loss Office Message Encryption
More information
Deliver confidential business communications with enhanced security, allowing users to send and receive encrypted email as easily as regular email directly from their desktops. Customize the email viewing portal to enhance your organization’s brand. Email can be encrypted without complex hardware and software to purchase, configure, or maintain, which helps to minimize capital investment, free up IT resources, and mitigate messaging risks.
Data loss Azure Information Protection
More information
Azure Information Protection (AIP) is a cloud-based solution that helps an organization to classify, label, and protect its documents and emails. This can be done automatically by administrators who define rules and conditions, manually by users, or a combination, where users are given recommendations.
Data loss Data Loss Prevention (DLP)
More information
To comply with business standards and industry regulations, organizations need to protect sensitive information and prevent its inadvertent disclosure. Examples of sensitive information that you might want to prevent from leaking outside your organization include financial data or personally identifiable information (PII) such as credit card numbers, social security numbers, or health records. With a Data Loss Prevention (DLP) policy in the Office 365 Security & Compliance Center, you can identify, monitor, and automatically protect sensitive information across Office 365.
Malware / Ransomware Advanced Threat Protection (ATP)
More information
Office 365 Advanced Threat Protection (ATP) is an email filtering service that provides additional protection on top of existing Exchange Online Protection. ATP helps protect against unknown malware and viruses, and provides better zero-day protection to safeguard your messaging system.

Windows 10 Enterprise security capabilities

Using the latest operating system – with all security patches and the newest security technologies built in – to address today’s threats is one of the most effective ways of protecting your users and data. Windows 10 is the most secure Windows ever, and includes the latest security technology currently available.

Attack vector

Countermeasure

Description

Identity theft

Windows Hello for Business
More information

Replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and a biometric or PIN.

Identity theft

Credential Guard
More information

Aims to isolate and harden key system and user secrets against compromise, helping to minimize the impact and breadth of a pass-the-hash style attack if malicious code is already running via a local or network based vector.

Malware

Windows Defender Advanced Threat Protection
More information

A security service that enables enterprise customers to detect, investigate, and respond to advanced threats on their networks.

Malware

Device Guard
More information

Lets organizations lock down devices in a way that provides advanced malware protection against new and unknown malware variants as well as advanced persistent threats. It provides better security against malware and zero days for Windows 10 by blocking anything other than trusted apps. To help protect users from malware, when an app is executed, Windows decides on whether that app is trustworthy, based on IT’s decision and notifies the user if it is not. Device Guard can use hardware technology and virtualization to isolate that decision-making function from the rest of the Windows operating system, which helps provide protection from attackers or malware that have managed to gain full system privilege. This gives it a significant advantage over traditional anti-virus and app control technologies like AppLocker, Bit9, and others which are subject to tampering by an administrator or malware.

Malware

Secure Boot
More information

A security standard developed by members of the PC industry to help make sure that PCs boot using only software that is trusted by the PC manufacturer. Support for Secure Boot was introduced in Windows 8 and is a key point of security on devices with Windows 10. When the PC starts, the firmware checks the signature of each piece of boot software, including firmware drivers (Option ROMs), EFI applications, and the operating system. If the signatures are good, the PC boots, and the firmware gives control to the operating system.

Data loss

Windows BitLocker
More information

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.

Data loss

Windows Information Protection (WIP)
More information

Helps protect against potential data leakage without otherwise interfering with the employee experience. WIP helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps.
Azure Information Protection works alongside WIP to extend data protection for data that leaves the device, such as when email attachments are sent from an enterprise aware version of a rights management mail client.

Enterprise Mobility + Security

Within Enterprise Mobility + Security, Microsoft protects the identity, the data, and the device through services like Azure Active Directory, Azure Information Protection, Cloud App Security, Advanced Threat Analytics, and Microsoft Intune.

Attack vector

Countermeasure

Description

Identity theft

Azure Active Directory Identity Protection
More information

A feature of Azure AD Premium P2 edition that provides a consolidated view into risk events and potential vulnerabilities affecting an organization’s identities. More than just a monitoring and reporting tool, Azure AD Identity Protection uses risk events to calculate a user’s risk level, enabling configuration of risk-based policies to automatically protect the identities of an organization.

Identity theft

Azure Multi-Factor Authentication (MFA)
More information

The Microsoft two-step verification solution that helps safeguard access to data and applications while meeting user demand for a simple sign-in process. It delivers strong authentication via a range of verification methods, including phone call, text message, or mobile app verification.

Identity theft

Microsoft Advanced Threat Analytics
More information

Provides a simple and fast way to understand what is happening within a network by identifying suspicious user and device activity with built-in intelligence and providing clear and relevant threat information on a simple attack timeline.

Identity theft

Conditional access in Azure Active Directory
More information

Conditional access control capabilities offer simple ways for companies to secure resources in the cloud and on-premises. Conditional access policies can protect against the risk of stolen and phished credentials with Multi-Factor Authentication. You can also enforce conditional access policies to keep company data safe. For example, only devices enrolled in a mobile device management system like Microsoft Intune are granted access to sensitive services.

Data loss

Azure Information Protection
More information

Control and help secure email, documents, and sensitive data that shared outside a company’s walls. From easy classification to embedded labels and permissions, enhance data protection at all times with Azure Information Protection, no matter where it’s stored or with whom it’s shared.

Data loss

Cloud App Security
More information

A comprehensive solution that helps organizations as they move to take full advantage of the promise of cloud applications while providing improved visibility into activity. It helps increase the protection of critical data across cloud applications. With tools that help uncover shadow IT, assess risk, enforce policies, investigate activities, and stop threats, an organization can more safely move to the cloud while maintaining control of critical data.

Malware

Microsoft Intune
More information

Assure mobile and lightly managed device compliance. Set device protection policies. Lookout integration adds malware protection for Android and IOS devices. Lookout provides visibility into the app, network, and device-based risks, and through our deep integration with EMS, organizations can use that risk data to enforce conditional access on mobile devices.

Malware

Mobile application management
More information

Use Microsoft Intune mobile application management policies to help protect a company’s data. Microsoft Intune mobile application management policies can be used independent of any mobile device management solution, you can use it to protect data with or without enrolling devices in a device management solution. By implementing application-level policies, you can restrict access to company resources and keep data within the purview of the IT department.

Security comparisons

Compare Azure Information Protection plans

Compare Multi-Factor Authentication

Security features from Office 365 to EMS

Resources

Sign in to the Drumbeat partner website for access to these partner- and customer-ready materials

Partner opportunity

For those of you that have been focused on selling and deploying EMS, adding Office 365 and Windows 10 to your offerings will enable you to build more comprehensive security solutions. If you’ve been selling Office 365, you know how many customers are using it – and every one of them can benefit from adding EMS and Windows 10 to their solution.

Better Together - Secure Productive Enterprise

Community call about Secure Productive Enterprise on Thursday, April 27

Discover more about Secure Productive Enterprise on the April 27 community call for Office 365 and Voice Partners. The value of SPE goes beyond EMS, and my fellow community leads for Windows Partners and Office 365 Partners will join me to talk about this offering to give you an in-depth look at your opportunity to provide a comprehensive solution to customers.

Sign up for partner calls about Secure Productive Enterprise

Enterprise Mobility + Security Partner Community

 

Comments (0)

Skip to main content