Educause Security Discussion mailing list archives
Re: M365 Users' Group -June 11th: Microsoft Defender Security Center
From: John Ramsey <000001cd0b5a1098-dmarc-request () LISTSERV EDUCAUSE EDU>
Date: Wed, 9 Jun 2021 13:25:46 +0000
Mark, No particular reason except for familiarity by me. Another feature of M365 E5/A5 licensing is the integration they have into Cisco WebEx, Salesforce, and AWS. The August session will cover that type of security monitoring between those environments with the CASB discussion. For those interested, below are the events we’re going to cover through September. All items demonstrated are simple, easy to implement features that have huge payoffs. We did a full force purple team pen test in December. Out of 270+ nation state replicated attacks, the E5 suite blocked or detected about 220. We’re hoping to share best practices. If you or anybody on your staff wishes to join the M365 Users’ group, send a subscription request from a .edu email address to m365-sec-join () lists ren-isac net<mailto:m365-sec-join () lists ren-isac net>. You do not have to be a REN-ISAC member to participate. John 2021 * June 11th. Microsoft 365 Security Center. This is an overview of Windows Defender, settings, and most widely used components with the “biggest bang for the buck.” https://security.microsoft.com/homepage<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity.microsoft.com%2Fhomepage&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Ca82be6d4573d45cab44b08d929edc37d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637586923444814511%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=RRRs5lkCTNr69dHTlfnfNo%2BA7eTiI2zDlzRDg16GDSM%3D&reserved=0> * July 16th . Microsoft Defender for Identity (aka Azure ATP). https://www-nslc-org.atp.azure.com/<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww-nslc-org.atp.azure.com%2F&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Ca82be6d4573d45cab44b08d929edc37d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637586923444824458%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=F8DUgiFjMXCew9RE5rjXFpNo8X6htpcyAJLhsmHyFMY%3D&reserved=0> (Replace NSC’s domain with your domain.) This touches on the automated security and reporting of the domain controllers, AKA the “keys to the kingdom”. * August 13th. Microsoft Cloud App Security. https://studentclearinghouse.portal.cloudappsecurity.com/#/dashboard<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fstudentclearinghouse.portal.cloudappsecurity.com%2F%23%2Fdashboard&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Ca82be6d4573d45cab44b08d929edc37d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637586923444824458%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=jfOHVqx59rbHg9%2FljKQwibkPBxAXAwstjkrdgWyS5YY%3D&reserved=0> (Replace NSC’s domain with your domain.) This provides feedback on where users connect and how you can quickly via automation not allow access to high risk areas. * September 10th. Azure Security (which comes with Microsoft 365.) https://portal.azure.com/#home<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.azure.com%2F%23home&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Ca82be6d4573d45cab44b08d929edc37d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637586923444834425%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=VwII5Fyw4MLWmr0i%2FhvaLoxTcmcUGKBl2%2FAcbRdMrEQ%3D&reserved=0> We will look at policies for risky users, risky sign ins, and how to automate access control to counter High risks. Difference between E3/A3 and E5/A5 licensing: * Microsoft 365 Enterprise | Microsoft Licensing Resources<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Flicensing%2Fproduct-licensing%2Fmicrosoft-365-enterprise%3Factivetab%3Dm365-enterprise%3Aprimaryr5&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Ca82be6d4573d45cab44b08d929edc37d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637586923444834425%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=YY6HP1K%2Bn0kly4Pwag%2FcUZtSIyzps94Cj%2BE1DpFHNDQ%3D&reserved=0> * Enterprise Mobility and Security Pricing Options (microsoft.com)<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fenterprise-mobility-security%2Fcompare-plans-and-pricing&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Ca82be6d4573d45cab44b08d929edc37d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637586923444844373%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=vw7aFYuxGIAcZxqEl8IE2cPGSWrOxWugRqRuD3yL0QQ%3D&reserved=0> * Compare Office 365 Enterprise | Microsoft<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fenterprise%2Fcompare-office-365-plans%3Fef_id%3Dad1fb9ae3053173c2bbbd908aa2e3e45%3AG%3As%26OCID%3DAID2100137_SEM_ad1fb9ae3053173c2bbbd908aa2e3e45%3AG%3As%26lnkd%3DBing_O365SMB_Brand%26msclkid%3Dad1fb9ae3053173c2bbbd908aa2e3e45&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Ca82be6d4573d45cab44b08d929edc37d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637586923444844373%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=UMyx4dr4LMUqIFxGOn9Kt9Y2roecEDNioj3dAmv4OZ8%3D&reserved=0> * Enterprise Mobility and Security | Microsoft Security<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fsecurity%2Fbusiness%2Fenterprise-mobility-security&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Ca82be6d4573d45cab44b08d929edc37d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637586923444854329%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=LRsHOyPJZEeylwHl64JwlFqZlxtfGRedmhoha%2Bb7Y34%3D&reserved=0> John Ramsey, Chief Information Security Officer National Student Clearinghouse Certified: CISSP, CISM, PMP, CSSLP, CRISC, CGEIT 2300 Dulles Station Blvd., Suite 220 Herndon, VA 20171 703.742.4428 | studentclearinghouse.org<http://www.studentclearinghouse.org> LinkedIn<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnational-student-clearinghouse&data=02%7C01%7Cdugan%40studentclearinghouse.org%7Cc37208aebac64fd76e8508d84f636448%7C8cc02fea054043a688b6069d3eac0119%7C0%7C0%7C637346635590166954&sdata=MdT45I1n7Hwbp8Zlkxlm0wEd0LdLnq5Cpr91ybCEjHw%3D&reserved=0> | Twitter<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fnsclearinghouse&data=02%7C01%7Cdugan%40studentclearinghouse.org%7Cc37208aebac64fd76e8508d84f636448%7C8cc02fea054043a688b6069d3eac0119%7C0%7C0%7C637346635590171933&sdata=idMHM8D4VdMRpIa2H1YUTmwMgC4ZU0L2jqL3VjVNs4s%3D&reserved=0> | Facebook<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.facebook.com%2FNSClearinghouse&data=02%7C01%7Cdugan%40studentclearinghouse.org%7Cc37208aebac64fd76e8508d84f636448%7C8cc02fea054043a688b6069d3eac0119%7C0%7C0%7C637346635590176915&sdata=ILW%2BPdv1fgHooOkbQlkP9ei%2BJOsk7YlCMzYNU572flU%3D&reserved=0> | Blog<https://www.studentclearinghouse.org/nscblog/> | Instagram<https://www.instagram.com/NSClearinghouse/> Serving Education Since 1993 This message is proprietary to the National Student Clearinghouse, is intended only for the addressee and may contain confidential or privileged information. If you receive this message in error, please contact the sender and delete all copies. From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Hopkins, Mark Sent: Monday, June 7, 2021 8:07 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] M365 Users' Group -June 11th: Microsoft Defender Security Center EXTERNAL MESSAGE John, Is there any particular reason why the web meeting is using WebEx instead of MS Teams? Mark Mark Hopkins Senior Programmer Analyst, Information Services Palomar Community College 1140 West Mission Road San Marcos CA 92069 United States of America [Description: Description: clrscrn] DO NOT provide your username, password, or any personal information requested by any email. INFORMATION SERVICES WILL NEVER ask you for your username or password via email. DO NOT CLICK links or attachments unless you are positive the content is safe. CONFIDENTIALITY NOTICE: This email, including applicable attachments, may include legally protected information. If you are not the intended recipient of this message, you may not disclose, print, copy, save, or disseminate this information. If you have received this email in error, please notify the sender by replying to this message and immediately delete this message From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of John Ramsey Sent: Monday, June 07, 2021 1:30 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] M365 Users' Group -June 11th: Microsoft Defender Security Center *This message is from an external email address.* Good afternoon, For those interested, the M365 Users’ group is having our first session this Friday from 100-300pm EST at https://studentclearinghouse.webex.com/meet/joramsey<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fstudentclearinghouse.webex.com%2Fmeet%2Fjoramsey&data=04%7C01%7Cjramsey%40STUDENTCLEARINGHOUSE.ORG%7C502a478531764c2c703108d92a12bf5d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637587082278028110%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=X4%2Bb5%2B9%2FetoF4uR2lYr1pm%2FPrlQGlNUscEEyZP6p4kg%3D&reserved=0> . The first session will cover Microsoft 365 Security Center and what a security team of any size can do with the “out of the box” settings. Feel free to forward to your IT and security staffs if they wish to participate in the discussion. Agenda. * Microsoft 365 Security Center. This is an overview of Windows Defender, settings, and most widely used components with the “biggest bang for the buck.” https://security.microsoft.com/homepage<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity.microsoft.com%2Fhomepage&data=04%7C01%7Cjramsey%40STUDENTCLEARINGHOUSE.ORG%7C502a478531764c2c703108d92a12bf5d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637587082278038065%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=yAnr0WiecuuKf2GPn8nIE1pt4%2Bb6iQg40s1C9I8Q7lo%3D&reserved=0> * Review Settings and Discuss Impact * Action Center * Threat Analytics * Endpoints * Search * Device Inventory * Vulnerability Management--> Dashboard, Recommendations, and Software Inventory * Health * Secure Score * Q&A If you wish to join the M365 Users’ group, send a subscription request from a .edu email address to m365-sec-join () lists ren-isac net<mailto:m365-sec-join () lists ren-isac net>. You should receive notification of your approval within a few days of the request. While REN-ISAC is hosting this email list, you do not have to be a member to participate. All interested parties with a valid .edu email address are invited. Please note, list participants are not considered members of REN-ISAC and are not vetted in the traditional manner, and acceptance into the mailing list does not confer REN-ISAC membership status. John John Ramsey, Chief Information Security Officer National Student Clearinghouse Certified: CISSP, CISM, PMP, CSSLP, CRISC, CGEIT 2300 Dulles Station Blvd., Suite 220 Herndon, VA 20171 703.742.4428 | studentclearinghouse.org<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.studentclearinghouse.org%2F&data=04%7C01%7Cjramsey%40STUDENTCLEARINGHOUSE.ORG%7C502a478531764c2c703108d92a12bf5d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637587082278038065%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=INdLAF67VE7G76SX26yAPGTA9rc7gWj1oK1x6RadEnQ%3D&reserved=0> LinkedIn<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnational-student-clearinghouse&data=04%7C01%7Cjramsey%40STUDENTCLEARINGHOUSE.ORG%7C502a478531764c2c703108d92a12bf5d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637587082278048014%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=pmYvSfSlI4J8fLXAhLTKRfM8vyrMlk5En0TE7jo9sPk%3D&reserved=0> | Twitter<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fnsclearinghouse&data=04%7C01%7Cjramsey%40STUDENTCLEARINGHOUSE.ORG%7C502a478531764c2c703108d92a12bf5d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637587082278048014%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=YgW9VP736WZFh8tbFhPOePlb41lyCJ6aEye%2Frz1iSYk%3D&reserved=0> | Facebook<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.facebook.com%2FNSClearinghouse&data=04%7C01%7Cjramsey%40STUDENTCLEARINGHOUSE.ORG%7C502a478531764c2c703108d92a12bf5d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637587082278057973%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=FJX8lIVc17bFiAcbIHF9k55eSNUL356ZNg2rvo7YnWc%3D&reserved=0> | Blog<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.studentclearinghouse.org%2Fnscblog%2F&data=04%7C01%7Cjramsey%40STUDENTCLEARINGHOUSE.ORG%7C502a478531764c2c703108d92a12bf5d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637587082278057973%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=6rPCUi66FQCVJT7vwknEPFLQ2l5UBcI1rRX3WCRaQFo%3D&reserved=0> | Instagram<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.instagram.com%2FNSClearinghouse%2F&data=04%7C01%7Cjramsey%40STUDENTCLEARINGHOUSE.ORG%7C502a478531764c2c703108d92a12bf5d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637587082278067930%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=EhGkqV%2FbUiqbY7ChHEffJtsFHwJczOdGispILc7r2O4%3D&reserved=0> Serving Education Since 1993 This message is proprietary to the National Student Clearinghouse, is intended only for the addressee and may contain confidential or privileged information. If you receive this message in error, please contact the sender and delete all copies. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cjramsey%40STUDENTCLEARINGHOUSE.ORG%7C502a478531764c2c703108d92a12bf5d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637587082278067930%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=7A9wKbFX6%2BACNaKT6cmlbB0fAVhGqPzz9gEyoNy3kZw%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cjramsey%40STUDENTCLEARINGHOUSE.ORG%7C502a478531764c2c703108d92a12bf5d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637587082278077895%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=F5Cqx88s%2B21rDMkRZCQMwunfhONr1IGZTcyLlmiH1ug%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- M365 Users' Group -June 11th: Microsoft Defender Security Center John Ramsey (Jun 07)
- Re: M365 Users' Group -June 11th: Microsoft Defender Security Center Hopkins, Mark (Jun 07)
- Re: M365 Users' Group -June 11th: Microsoft Defender Security Center John Ramsey (Jun 09)
- Re: M365 Users' Group -June 11th: Microsoft Defender Security Center Hopkins, Mark (Jun 07)