Download - Office365 security in depth
![Page 1: Office365 security in depth](https://reader035.vdocuments.mx/reader035/viewer/2022062220/5560b85ad8b42aef3b8b4b4c/html5/thumbnails/1.jpg)
Office 365 Security in depth
Alberto Pascual · Office365 MVPPeter Diaz · Lync MVP
![Page 2: Office365 security in depth](https://reader035.vdocuments.mx/reader035/viewer/2022062220/5560b85ad8b42aef3b8b4b4c/html5/thumbnails/2.jpg)
![Page 3: Office365 security in depth](https://reader035.vdocuments.mx/reader035/viewer/2022062220/5560b85ad8b42aef3b8b4b4c/html5/thumbnails/3.jpg)
Alberto Pascual · Office365 MVP
• More than 20 years in IT, 10 of them Exchange Server related
• Microsoft Community Contributor in 2013 and 2014• MCSA Windows Server 2008/2012, MS Office365 for SMB• Co-Founder of the Office365 Community in Spain
@CO365• Member of the Microsoft UC in Spanish
www.ucenespanol.com• Member of ITPro.es www.itpro.es• Experienced Office365 speaker at European level
![Page 4: Office365 security in depth](https://reader035.vdocuments.mx/reader035/viewer/2022062220/5560b85ad8b42aef3b8b4b4c/html5/thumbnails/4.jpg)
Peter Díaz · Lync MVP
• Experience over 10 years in Security and Communications area
• Lync MVP (2012-2013)• Microsoft Certified Trainer (Since 2005)• MCP Lync 2013• MCITP Lync 2010• Certified Ethical Hacking (CEH)• Certified Forensic Investigator (CHFI)• Co-Founder of the Office365 Community in Spain
@CO365• Founder of the Microsoft UC in Spanish
www.ucenespanol.com• Member of ITPro.es www.itpro.es
![Page 5: Office365 security in depth](https://reader035.vdocuments.mx/reader035/viewer/2022062220/5560b85ad8b42aef3b8b4b4c/html5/thumbnails/5.jpg)
What are the Org main concerns about IT?
Security
Performance
Availability
Costs
![Page 6: Office365 security in depth](https://reader035.vdocuments.mx/reader035/viewer/2022062220/5560b85ad8b42aef3b8b4b4c/html5/thumbnails/6.jpg)
What are the Org main concerns about CLOUD?
Availability
Compliance
Costs
Security
![Page 7: Office365 security in depth](https://reader035.vdocuments.mx/reader035/viewer/2022062220/5560b85ad8b42aef3b8b4b4c/html5/thumbnails/7.jpg)
International Standards & Controls
ISO 27001
All CustomerData Processing Agreement
SSAE 16 (Statement on standards for Attestation Engagement) SOC 1 (Type I & Type II) compliance
Industry Specific Compliance & Standards
FISMA US Government
HIPAA/BAA Healthcare Customers
FERPA EDU Customers
Geography Specific Standards
EU Safe HarborEU Customers
EU Model Clauses
Office 365 Compliance & Standards
Full details available at: Microsoft Office 365 Trust Center
![Page 8: Office365 security in depth](https://reader035.vdocuments.mx/reader035/viewer/2022062220/5560b85ad8b42aef3b8b4b4c/html5/thumbnails/8.jpg)
Active Directory
PURE CLOUD
WAAD
User
![Page 9: Office365 security in depth](https://reader035.vdocuments.mx/reader035/viewer/2022062220/5560b85ad8b42aef3b8b4b4c/html5/thumbnails/9.jpg)
Active Directory
WAAD
DIRSYNC
Active Directory
User
![Page 10: Office365 security in depth](https://reader035.vdocuments.mx/reader035/viewer/2022062220/5560b85ad8b42aef3b8b4b4c/html5/thumbnails/10.jpg)
Active Directory
ADFS
LOCAL AD
User
![Page 11: Office365 security in depth](https://reader035.vdocuments.mx/reader035/viewer/2022062220/5560b85ad8b42aef3b8b4b4c/html5/thumbnails/11.jpg)
No extra permissions
Can only change own options
User Role-Admin Global AdminFull Access to subscriptionRole specific admin
permissions (password reset, User management, billing Admin…)
Systems Administrator
Human Resources
Compliance Officer
Help Desk
User Roles:
![Page 12: Office365 security in depth](https://reader035.vdocuments.mx/reader035/viewer/2022062220/5560b85ad8b42aef3b8b4b4c/html5/thumbnails/12.jpg)
XSS Vulnerability
• https://www.cogmotive.com/blog/office-365-tips/vulnerability-in-office-365-allows-unauthorised-administrator-access
UserNew
GlobalAdmin
![Page 13: Office365 security in depth](https://reader035.vdocuments.mx/reader035/viewer/2022062220/5560b85ad8b42aef3b8b4b4c/html5/thumbnails/13.jpg)
Session hijacking
![Page 14: Office365 security in depth](https://reader035.vdocuments.mx/reader035/viewer/2022062220/5560b85ad8b42aef3b8b4b4c/html5/thumbnails/14.jpg)
Demo
![Page 15: Office365 security in depth](https://reader035.vdocuments.mx/reader035/viewer/2022062220/5560b85ad8b42aef3b8b4b4c/html5/thumbnails/15.jpg)
Server side(is up to MSFT)
Where’s your scope?
Client side(Is up to you)
![Page 16: Office365 security in depth](https://reader035.vdocuments.mx/reader035/viewer/2022062220/5560b85ad8b42aef3b8b4b4c/html5/thumbnails/16.jpg)
Some considerations
• Always use In-Private sessions depending on the info you manage
• Always use In-Private sessions when working outside the org• Secure your PC• Use Microsoft Update instead of Windows Update• Say goodbye to Windows XP and hello to Windows 8.1• Fortify your Internet Explorer, specially with addons• Try not to use other browsers that can´t offer secure browsing• Use whenever it´s possible mobile connection instead of a
public one
![Page 17: Office365 security in depth](https://reader035.vdocuments.mx/reader035/viewer/2022062220/5560b85ad8b42aef3b8b4b4c/html5/thumbnails/17.jpg)
Questions?