Re: M365 Users' Group -June 11th: Microsoft Defender Security Center

[John Ramsey <000001cd0b5a1098-dmarc-request () LISTSERV EDUCAUSE EDU>]

Mark,

No particular reason except for familiarity by me.  Another feature of M365 E5/A5 licensing is the integration they 
have into Cisco WebEx, Salesforce, and AWS.  The August session will cover that type of security monitoring between 
those environments with the CASB  discussion.

For those interested, below are the events we’re going to cover through September.    All items demonstrated are 
simple, easy to implement features that have huge payoffs.  We did a full force purple team pen test in December.  Out 
of 270+ nation state replicated attacks, the E5 suite blocked or detected about 220.  We’re hoping to share best 
practices.  If you or anybody on your staff wishes to join the M365 Users’ group, send a subscription request from a 
.edu email address to m365-sec-join () lists ren-isac net<mailto:m365-sec-join () lists ren-isac net>. You do not have 
to be a REN-ISAC member to participate.

John

2021

  *   June 11th.  Microsoft 365 Security Center.  This is an overview of Windows Defender, settings, and most widely 
used components with the “biggest bang for the buck.”  
https://security.microsoft.com/homepage<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity.microsoft.com%2Fhomepage&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Ca82be6d4573d45cab44b08d929edc37d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637586923444814511%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=RRRs5lkCTNr69dHTlfnfNo%2BA7eTiI2zDlzRDg16GDSM%3D&reserved=0>
  *   July 16th .  Microsoft Defender for Identity (aka Azure ATP).   
https://www-nslc-org.atp.azure.com/<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww-nslc-org.atp.azure.com%2F&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Ca82be6d4573d45cab44b08d929edc37d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637586923444824458%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=F8DUgiFjMXCew9RE5rjXFpNo8X6htpcyAJLhsmHyFMY%3D&reserved=0>
  (Replace NSC’s domain with your domain.)  This touches on the automated security and reporting of the domain 
controllers, AKA the “keys to the kingdom”.
  *   August 13th.  Microsoft Cloud App Security.  
https://studentclearinghouse.portal.cloudappsecurity.com/#/dashboard<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fstudentclearinghouse.portal.cloudappsecurity.com%2F%23%2Fdashboard&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Ca82be6d4573d45cab44b08d929edc37d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637586923444824458%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=jfOHVqx59rbHg9%2FljKQwibkPBxAXAwstjkrdgWyS5YY%3D&reserved=0>
   (Replace NSC’s domain with your domain.)  This provides feedback on where users connect and how you can quickly via 
automation not allow access to high risk areas.
  *   September 10th.   Azure Security (which comes with Microsoft 365.)  
https://portal.azure.com/#home<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.azure.com%2F%23home&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Ca82be6d4573d45cab44b08d929edc37d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637586923444834425%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=VwII5Fyw4MLWmr0i%2FhvaLoxTcmcUGKBl2%2FAcbRdMrEQ%3D&reserved=0>
  We will look at policies for risky users, risky sign ins, and how to automate access control to counter High risks.

Difference between E3/A3 and E5/A5 licensing:

  *   Microsoft 365 Enterprise | Microsoft Licensing 
Resources<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Flicensing%2Fproduct-licensing%2Fmicrosoft-365-enterprise%3Factivetab%3Dm365-enterprise%3Aprimaryr5&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Ca82be6d4573d45cab44b08d929edc37d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637586923444834425%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=YY6HP1K%2Bn0kly4Pwag%2FcUZtSIyzps94Cj%2BE1DpFHNDQ%3D&reserved=0>
  *   Enterprise Mobility and Security Pricing Options 
(microsoft.com)<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fenterprise-mobility-security%2Fcompare-plans-and-pricing&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Ca82be6d4573d45cab44b08d929edc37d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637586923444844373%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=vw7aFYuxGIAcZxqEl8IE2cPGSWrOxWugRqRuD3yL0QQ%3D&reserved=0>
  *   Compare Office 365 Enterprise | 
Microsoft<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fenterprise%2Fcompare-office-365-plans%3Fef_id%3Dad1fb9ae3053173c2bbbd908aa2e3e45%3AG%3As%26OCID%3DAID2100137_SEM_ad1fb9ae3053173c2bbbd908aa2e3e45%3AG%3As%26lnkd%3DBing_O365SMB_Brand%26msclkid%3Dad1fb9ae3053173c2bbbd908aa2e3e45&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Ca82be6d4573d45cab44b08d929edc37d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637586923444844373%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=UMyx4dr4LMUqIFxGOn9Kt9Y2roecEDNioj3dAmv4OZ8%3D&reserved=0>
  *   Enterprise Mobility and Security | Microsoft 
Security<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fsecurity%2Fbusiness%2Fenterprise-mobility-security&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Ca82be6d4573d45cab44b08d929edc37d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637586923444854329%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=LRsHOyPJZEeylwHl64JwlFqZlxtfGRedmhoha%2Bb7Y34%3D&reserved=0>


John Ramsey, Chief Information Security Officer
National Student Clearinghouse
Certified: CISSP, CISM, PMP, CSSLP, CRISC, CGEIT
2300 Dulles Station Blvd., Suite 220
Herndon, VA 20171
703.742.4428 | studentclearinghouse.org<http://www.studentclearinghouse.org>
LinkedIn<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnational-student-clearinghouse&data=02%7C01%7Cdugan%40studentclearinghouse.org%7Cc37208aebac64fd76e8508d84f636448%7C8cc02fea054043a688b6069d3eac0119%7C0%7C0%7C637346635590166954&sdata=MdT45I1n7Hwbp8Zlkxlm0wEd0LdLnq5Cpr91ybCEjHw%3D&reserved=0>
 | 
Twitter<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fnsclearinghouse&data=02%7C01%7Cdugan%40studentclearinghouse.org%7Cc37208aebac64fd76e8508d84f636448%7C8cc02fea054043a688b6069d3eac0119%7C0%7C0%7C637346635590171933&sdata=idMHM8D4VdMRpIa2H1YUTmwMgC4ZU0L2jqL3VjVNs4s%3D&reserved=0>
 | 
Facebook<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.facebook.com%2FNSClearinghouse&data=02%7C01%7Cdugan%40studentclearinghouse.org%7Cc37208aebac64fd76e8508d84f636448%7C8cc02fea054043a688b6069d3eac0119%7C0%7C0%7C637346635590176915&sdata=ILW%2BPdv1fgHooOkbQlkP9ei%2BJOsk7YlCMzYNU572flU%3D&reserved=0>
 | Blog<https://www.studentclearinghouse.org/nscblog/> | Instagram<https://www.instagram.com/NSClearinghouse/>

Serving Education Since 1993

This message is proprietary to the National Student Clearinghouse, is intended only for the addressee and may contain 
confidential or privileged information. If you receive this message in error, please contact the sender and delete all 
copies.

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Hopkins, Mark
Sent: Monday, June 7, 2021 8:07 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] M365 Users' Group -June 11th: Microsoft Defender Security Center


EXTERNAL MESSAGE
John,

Is there any particular reason why the web meeting is using WebEx instead of MS Teams?

Mark


Mark Hopkins
Senior Programmer Analyst, Information Services
Palomar Community College
1140 West Mission Road
San Marcos CA 92069
United States of America

[Description: Description: clrscrn]

DO NOT provide your username, password, or any personal information requested by any email.
INFORMATION SERVICES  WILL NEVER ask you for your username or password via email.
DO NOT CLICK links or attachments unless you are positive the content is safe.

CONFIDENTIALITY NOTICE: This email, including applicable attachments, may include legally protected information.  If 
you are not the intended recipient of this message, you may not disclose, print, copy, save, or disseminate this 
information. If you have received this email in error, please notify the sender by replying to this message and 
immediately delete this message



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of John Ramsey
Sent: Monday, June 07, 2021 1:30 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] M365 Users' Group -June 11th: Microsoft Defender Security Center

*This message is from an external email address.*
Good afternoon,

For those interested, the M365 Users’ group is having our first session this Friday from 100-300pm EST at 
https://studentclearinghouse.webex.com/meet/joramsey<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fstudentclearinghouse.webex.com%2Fmeet%2Fjoramsey&data=04%7C01%7Cjramsey%40STUDENTCLEARINGHOUSE.ORG%7C502a478531764c2c703108d92a12bf5d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637587082278028110%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=X4%2Bb5%2B9%2FetoF4uR2lYr1pm%2FPrlQGlNUscEEyZP6p4kg%3D&reserved=0>
 .  The first session will cover Microsoft 365 Security Center and what a security team of any size can do with the 
“out of the box” settings.  Feel free to forward to your IT and security staffs if they wish to participate in the 
discussion.

Agenda.

  *   Microsoft 365 Security Center.  This is an overview of Windows Defender, settings, and most widely used 
components with the “biggest bang for the buck.”  
https://security.microsoft.com/homepage<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity.microsoft.com%2Fhomepage&data=04%7C01%7Cjramsey%40STUDENTCLEARINGHOUSE.ORG%7C502a478531764c2c703108d92a12bf5d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637587082278038065%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=yAnr0WiecuuKf2GPn8nIE1pt4%2Bb6iQg40s1C9I8Q7lo%3D&reserved=0>
  *   Review Settings and Discuss Impact
  *   Action Center
  *   Threat Analytics
  *   Endpoints

     *   Search
     *   Device Inventory
     *   Vulnerability Management--> Dashboard, Recommendations, and Software Inventory

  *   Health
  *   Secure Score
  *   Q&A


If you wish to join the M365 Users’ group, send a subscription request from a .edu email address to m365-sec-join () 
lists ren-isac net<mailto:m365-sec-join () lists ren-isac net>.  You should receive notification of your approval 
within a few days of the request.   While REN-ISAC is hosting this email list, you do not have to be a member to 
participate. All interested parties with a valid .edu email address are invited. Please note, list participants are not 
considered members of REN-ISAC and are not vetted in the traditional manner, and acceptance into the mailing list does 
not confer REN-ISAC membership status. 

John

John Ramsey, Chief Information Security Officer
National Student Clearinghouse
Certified: CISSP, CISM, PMP, CSSLP, CRISC, CGEIT
2300 Dulles Station Blvd., Suite 220
Herndon, VA 20171
703.742.4428 | 
studentclearinghouse.org<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.studentclearinghouse.org%2F&data=04%7C01%7Cjramsey%40STUDENTCLEARINGHOUSE.ORG%7C502a478531764c2c703108d92a12bf5d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637587082278038065%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=INdLAF67VE7G76SX26yAPGTA9rc7gWj1oK1x6RadEnQ%3D&reserved=0>
LinkedIn<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnational-student-clearinghouse&data=04%7C01%7Cjramsey%40STUDENTCLEARINGHOUSE.ORG%7C502a478531764c2c703108d92a12bf5d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637587082278048014%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=pmYvSfSlI4J8fLXAhLTKRfM8vyrMlk5En0TE7jo9sPk%3D&reserved=0>
 | 
Twitter<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fnsclearinghouse&data=04%7C01%7Cjramsey%40STUDENTCLEARINGHOUSE.ORG%7C502a478531764c2c703108d92a12bf5d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637587082278048014%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=YgW9VP736WZFh8tbFhPOePlb41lyCJ6aEye%2Frz1iSYk%3D&reserved=0>
 | 
Facebook<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.facebook.com%2FNSClearinghouse&data=04%7C01%7Cjramsey%40STUDENTCLEARINGHOUSE.ORG%7C502a478531764c2c703108d92a12bf5d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637587082278057973%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=FJX8lIVc17bFiAcbIHF9k55eSNUL356ZNg2rvo7YnWc%3D&reserved=0>
 | 
Blog<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.studentclearinghouse.org%2Fnscblog%2F&data=04%7C01%7Cjramsey%40STUDENTCLEARINGHOUSE.ORG%7C502a478531764c2c703108d92a12bf5d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637587082278057973%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=6rPCUi66FQCVJT7vwknEPFLQ2l5UBcI1rRX3WCRaQFo%3D&reserved=0>
 | 
Instagram<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.instagram.com%2FNSClearinghouse%2F&data=04%7C01%7Cjramsey%40STUDENTCLEARINGHOUSE.ORG%7C502a478531764c2c703108d92a12bf5d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637587082278067930%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=EhGkqV%2FbUiqbY7ChHEffJtsFHwJczOdGispILc7r2O4%3D&reserved=0>

Serving Education Since 1993

This message is proprietary to the National Student Clearinghouse, is intended only for the addressee and may contain 
confidential or privileged information. If you receive this message in error, please contact the sender and delete all 
copies.


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cjramsey%40STUDENTCLEARINGHOUSE.ORG%7C502a478531764c2c703108d92a12bf5d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637587082278067930%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=7A9wKbFX6%2BACNaKT6cmlbB0fAVhGqPzz9gEyoNy3kZw%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cjramsey%40STUDENTCLEARINGHOUSE.ORG%7C502a478531764c2c703108d92a12bf5d%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637587082278077895%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=F5Cqx88s%2B21rDMkRZCQMwunfhONr1IGZTcyLlmiH1ug%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community