Microsoft 365 Security and Compliance for Administrators E-Book

Microsoft 365 Security and Compliance for Administrators

A definitive guide to planning, implementing, and maintaining Microsoft 365 security posture

Sasha Kranjac

Omar Kudović

Microsoft 365 Security and Compliance for Administrators

Copyright © 2024 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Pavan Ramchandani

Publishing Product Manager: Prachi Sawant

Book Project Manager: Ashwin Dinesh Kharwa

Senior Editor: Sujata Tripathi

Technical Editor: Irfa Ansari

Copy Editor: Safis Editing

Indexer: Hemangini Bari

Production Designer: Ponraj Dhandapani

DevRel Marketing Coordinator: Marylou De Mello

First published: March 2024

Production reference: 1140324

Published by Packt Publishing Ltd.

Grosvenor House

11 St Paul’s Square

Birmingham

B3 1RB, UK

ISBN 978-1-83763-837-6

www.packtpub.com

To my loving family. None of this would be possible and nothing would make sense without your love and support. Love you all.

– Sasha Kranjac

To my beloved wife and cherished daughter, my deepest gratitude for your support on this incredible journey. Thank you for all your support and long live Rockabilly. HZ87 forever!

– Omar Kudović

Contributors

About the authors

Sasha Kranjac is the CEO of Kloudatech and the CEO of Kranjac Consulting and Training. As a Microsoft Partner, an AWS Partner, and a CompTIA Authorized Delivery Partner, his companies specialize in IT training and consulting, cloud security architecture and engineering, civil engineering, and CAD design.

Sasha is a Microsoft Regional Director, Microsoft MVP in two categories (Security and Azure), a Microsoft Certified Trainer, MCT Regional Lead, Certified EC-Council Instructor, CompTIA Instructor, a frequent speaker at various international conferences, user groups, and events, and book author.

I want to thank my loving family for riding the roller-coaster of life together. You are the ones who give the ride meaning; it is because of you that the ride makes sense, and it is because of you the ride is fun.

Omar Kudović is a senior system engineer at SYS Company d.o.o., Sarajevo. With over 15 years immersed in the dynamic field of IT, his expertise has been focused on cloud solutions (Microsoft 365 and Azure) and security and compliance. Over the past decade, he has dedicated efforts to seamlessly integrating cloud services and application solutions within the complex landscape of business enterprises, specifically emphasizing security and compliance, endpoint protection, audio, video, voice, and messaging. During the last 12 years, Omar has been awarded the Microsoft MVP award for the Office365 Apps and Services category. He is also a regular speaker at international IT conferences, user groups, and events. On a more personal note, he finds enjoyment in the world of Hi-Fi audiophiles, rockabilly music and culture, and fine wine.

About the reviewers

Rahul Singh is a seasoned IT professional and Chief Teaching Officer at SV9 Academy, which is a Microsoft Learning Partner. Rahul has 18 years of experience in the IT field, as of 2024, and holds numerous certifications in the Microsoft technological stack. In addition, Rahul has also been an MCT since 2020. He is deeply passionate about technology and demystifying complex technical architectures using various pedagogies and a systems-based learning mechanism, making learning an enjoyable and enriching experience.

With the ever-changing technical world, testing and reviewing technical content can be a very daunting task, requiring perseverance and patience. I would like to take this opportunity to thank my lovely parents, who I have been blessed with by the Divine, as, without their support, I would not have been able to be a part of this amazing project from Packt.

Mustafa Toroman is a technology professional and the Chief Technology Officer at run.events, a company that provides a platform for organizing and managing events. He has over 20 years of experience in the IT industry and has held various technical and leadership positions in companies around the world. He has a deep understanding of software development, cloud computing, and IT infrastructure management. Mustafa is a Microsoft MVP, a frequent speaker at technology conferences and events, and also a community leader organizing meetups and events. He is also a published author and has written several books on Microsoft technologies and cloud computing.

Steve Miles, aka SMiles, is CTO at Westcoast Cloud, part of a multi-billion turnover IT distributor based in the UK and Ireland. Steve holds 25+ Microsoft certifications, one of which is Microsoft 365 Certified: Administrator Expert, he is also a Microsoft MVP (Most Valuable Professional), MCT (Microsoft Certified Trainer), as well as an Alibaba Cloud MVP. With 25+ years of technology experience, and a previous military career in engineering, signals and communications. Amongst other books, Steve is the author of Windows 11 for Enterprise Administrators.

He is also a petrolhead and can also be found tinkering on cars when he is not writing.

This is my contribution to the worldwide technical learning community, and I would like to thank all of you who are investing your valuable time in committing to reading this book and learning these skills.

Rio Hindle is a Cloud Security Microsoft MVP with 5 years of experience in this field and 8 years of experience in information technology. He also has certifications for Microsoft services in Microsoft 365, Azure, and Cybersecurity. He has delivered training on various solution areas to many organizations, from beginner to advanced-level courses. He has worked in different areas of the industry, including end user, reseller channels, and vendor spaces, with global networks, data and app security vendors, and hardware distribution. He has held roles such as cloud practice lead, service desk manager, and head of technical services. He now works for a top muti-cloud distributor in the UK and Ireland in a cloud and hybrid technology leadership role.

Thanks to Steve Miles for your valuable guidance and support. Also, a big thanks to my current employer for giving me this opportunity.

Table of Contents

Preface

Part 1:Introduction to Microsoft 365

1

Getting Started with Microsoft 365 Security and Compliance

Technical requirements

Introduction to Microsoft 365 offers, plans, and licenses

Microsoft 365 plans and components

Microsoft 365 licensing

Introduction to Microsoft 365 security

Introduction to Microsoft 365 compliance

Summary

2

The Role of Microsoft Entra ID in Microsoft 365 Security

Technical requirements

Microsoft Entra ID plans and features

Microsoft Entra ID roles and groups

Azure roles, or Azure RBAC roles

Microsoft Entra ID roles

Classic roles

Microsoft 365 roles in Microsoft Entra ID

Best practices for roles

Microsoft 365 groups

Microsoft Entra ID Protection

Summary

Part 2: Microsoft 365 Security

3

Microsoft Defender for Office 365

Technical requirements

Getting started with Microsoft Defender for Office 365

Protecting assets with Microsoft Defender for Office 365

Quarantine policy

Anti-phishing

Anti-spam

Anti-malware

Safe Attachment

Safe Links

Rules

Attack simulation training

Responding to alerts and mitigating threats

Summary

4

Microsoft Defender for Endpoint

Introducing Microsoft Defender for Endpoint

Technical and license requirements

Configuring Microsoft Defender for Endpoint

Microsoft Defender Vulnerability Management dashboard

Microsoft Defender for Endpoint Device inventory

Windows devices

Configuring advanced features in Microsoft Defender for Endpoint

Security recommendations

The Microsoft Defender for Endpoint configuration management dashboard

Microsoft Defender for Endpoint Tutorials & simulations

Microsoft Defender for Endpoint Co-management Authority

Configuring a compliance policy for Windows devices

Configuring a configuration profile for Windows devices

Windows 365

Enrollment device platform restrictions

Enrollment device limit restrictions

Configuring quality updates for Windows 10 and later in Intune

How to create a profile for update policies for iOS/iPadOS in Intune

How to create a profile for update policies for macOS in the Intune portal

How to create app protection policies in the Microsoft Intune admin portal

How to create app configuration policies

How to create policies for Office apps in the Intune admin portal

Endpoint Security

Creating a profile for a security baseline for Windows 10 and later

Creating a Microsoft Defender for Endpoint baseline

Creating a Microsoft Edge baseline

Creating a Windows 365 security baseline

Managing and creating different policies under Endpoint Security

Configuring an antivirus policy in the Intune portal

Configuring disk encryption

Configuring a firewall policy

Setting up endpoint detection and response

Configuring attack surface reduction

Configuring account protection

Configuring device compliance

Configuring Conditional Access policies

Summary

5

Getting Started with Microsoft Purview

About Microsoft Purview

How it works…

Benefits

Technical and license requirements

Configuring Microsoft Purview

Compliance Score

Classifiers in Microsoft 365 Purview

Configuring sensitive info types

Configuring content explorer

Content search

Streamlining data discovery

Enhancing data governance and compliance

Independence and objectivity

Regulatory oversight and accountability

Risk mitigation and control

A comprehensive compliance oversight

Collaboration and cross-functional alignment

Data loss prevention

Endpoint DLP settings

Summary

6

Microsoft Defender for Cloud Apps

Introducing Microsoft Defender for Cloud Apps

Discovering shadow IT with Microsoft Defender for Cloud Apps

Discovering and managing shadow IT in Microsoft Defender for Cloud Apps

Technical and license requirements

Configuring Microsoft Defender for Cloud Apps

Managing OAuth applications with Microsoft Defender for Cloud Apps

Managing files in Microsoft Defender for Cloud Apps

Managing the activity log in Microsoft Defender for Cloud Apps

Governance log

Microsoft Defender for Cloud Apps policies

Summary

7

Microsoft Defender Vulnerability Management

Getting started with Microsoft Defender Vulnerability Management

Microsoft Defender Vulnerability Management licensing and technical requirements

Key features and capabilities

Benefits of using the Vulnerability Management dashboard

Permissions

Recommendations and remediation

Security recommendations

Remediation tasks in Microsoft Intune

Remediation

Inventories and weaknesses

Inventories

Weaknesses

Summary

8

Microsoft Defender for Identity

Introducing Microsoft Defender for Identity

Technical and license requirements

Configuring Microsoft Defender for Identity

Configuring sensors for Microsoft Defender for Identity

Entity tags

Working with detection rules

Configuring Microsoft Defender for Identity and Microsoft Sentinel

Summary

Part 3: Microsoft 365 Governance and Compliance

9

Microsoft Purview Insider Risk Management

Technical requirements

Insider Risk Management

Initial setup

Resolving insider risk cases

Information barriers and access management

Microsoft Purview IB requirements

Communication Compliance

Summary

Further readings

10

Microsoft Purview Information Protection

About Microsoft Purview Information Protection

Data classification

Configuring Information Protection

Information Protection

Publishing label policies

Information Protection scanner

Installing the Microsoft Purview Information Protection scanner

Summary

11

Understanding the Lifecycle of Auditing and Records

Getting started with the lifecycle of auditing and records

The lifecycle of audits and records in Microsoft 365

Microsoft Purview Records Management

Microsoft data lifecycle management

Creating retention policies

Creating and publishing labels

Records management

eDiscovery and data holds

Configuring eDiscovery Standard and Premium

Creating and configuring eDiscovery premium cases

Auditing and alerts

Summary

Index

Other Books You May Enjoy

Part 1:Introduction to Microsoft 365

In this part, we introduce you to Microsoft 365, explaining what it can do, and what it offers. You will learn about currently available plans in Microsoft 365, licensing, and how Microsoft 365 helps you comply with various regulations and standards. Furthermore, we will cover Microsoft Entra ID plans and features, its roles and groups, as well as Entra ID protection.

This part includes the following chapters: