Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

FW: [SECURITY] M365 Users' Group -July 16th: Microsoft Defender for Identity (Protecting the Crown Jewels)

From: John Ramsey <000001cd0b5a1098-dmarc-request () LISTSERV EDUCAUSE EDU>
Date: Fri, 16 Jul 2021 11:11:20 +0000
Friendly reminder for those interested, please feel free to attend this afternoon’s users’ group on M365 security.  Our 
focus is leveraging the Microsoft 365 stack easily to identify threats and protect the domain controllers.  The session 
is from 1:00-3:00pm EST at 
https://studentclearinghouse.webex.com/meet/joramsey<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fstudentclearinghouse.webex.com%2Fmeet%2Fjoramsey&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Cdaa43fe2e3d147bd64c008d946bc205c%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637619496407420376%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4O64nThdg0fcAsAbbn5xWUVIA2A1V1dNBa0u0FEXOVY%3D&reserved=0>.
John

Good afternoon,
Friendly reminder that there is a M365 Users’ Group session scheduled for this Friday, July 16th from 1:00-3:00pm EST.  
This second session will cover Microsoft Defender for Identity (aka Azure ATP) settings.  If you get anything up and 
running, this is a pretty big ticket item to enable with minimal impact to your users.  I will record this session, 
similar to what we did last month for anybody that can’t make it.  Location is 
https://studentclearinghouse.webex.com/meet/joramsey<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fstudentclearinghouse.webex.com%2Fmeet%2Fjoramsey&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Cdaa43fe2e3d147bd64c008d946bc205c%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637619496407420376%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4O64nThdg0fcAsAbbn5xWUVIA2A1V1dNBa0u0FEXOVY%3D&reserved=0>.
High level agenda is below.

  *   Microsoft 365 Defender for Identity overview and what it does.   
https://www-nslc-org.atp.azure.com/<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww-nslc-org.atp.azure.com%2F&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Cdaa43fe2e3d147bd64c008d946bc205c%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637619496407420376%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=YKc5prLFP0Pa9nijxSA3Lno6ZJVvUN4OEQ0m7xFxOTg%3D&reserved=0>
  (Replace NSC’s domain with your domain.)
  *   Timeline.  Why is this important?  Will show types of attacks detected.
  *   Reports.  Schedule these and set.  We’ll look at each of the types.
  *   Health
  *   Settings.  We’ll dive into each and what they accomplish.

  *   Cloud App Security and Identity Security Posture
  *   Azure Identity Secure Score
  *   Q&A

Please don’t hesitate to reach out with any questions at any time.  If you wish to join the M365 Users’ group, send a 
subscription request from a .edu email address to m365-sec-join () lists ren-isac net<mailto:m365-sec-join () lists 
ren-isac net>.  You should receive notification of your approval within a few days of the request.   While REN-ISAC is 
hosting this email list, you do not have to be a member to participate. All interested parties with a valid .edu email 
address are invited. Please note, list participants are not considered members of REN-ISAC and are not vetted in the 
traditional manner, and acceptance into the mailing list does not confer REN-ISAC membership status. 

John

 Future sessions:
2021

  *   June 11th.  Microsoft 365 Security Center.  This is an overview of Windows Defender, settings, and most widely 
used components with the “biggest bang for the buck.”  
https://security.microsoft.com/homepage<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity.microsoft.com%2Fhomepage&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Cdaa43fe2e3d147bd64c008d946bc205c%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637619496407430336%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=oJjTOrM2AZPs8TyeQ%2B%2BTSTC66FpssEwKwYoHu%2Ba3oq8%3D&reserved=0>
  *   July 16th . Microsoft Defender for Identity (aka Azure ATP).   
https://www-nslc-org.atp.azure.com/<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww-nslc-org.atp.azure.com%2F&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Cdaa43fe2e3d147bd64c008d946bc205c%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637619496407430336%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=6PK3TrwjPOzAijyKsSmyN3I7Vg9Obt4uKQlGA3pKeRc%3D&reserved=0>
  (Replace NSC’s domain with your domain.)  This touches on the automated security and reporting of the domain 
controllers, AKA the “keys to the kingdom”.
  *   August 13th.  Microsoft Cloud App Security.  
https://studentclearinghouse.portal.cloudappsecurity.com/#/dashboard<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fstudentclearinghouse.portal.cloudappsecurity.com%2F%23%2Fdashboard&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Cdaa43fe2e3d147bd64c008d946bc205c%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637619496407440290%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=AvLGa3Qy6aZUz60cRJbzRK0fnutHrdu2zzIEfpU2R10%3D&reserved=0>
   (Replace NSC’s domain with your domain.)  This provides feedback on where users connect and how you can quickly via 
automation not allow access to high risk areas.
  *   September 10th.   Azure Security (which comes with Microsoft 365.)  
https://portal.azure.com/#home<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fportal.azure.com%2F%23home&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Cdaa43fe2e3d147bd64c008d946bc205c%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637619496407450248%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=vYvcYtRtlQCelx3le45CQRIMsKQeSIJ9PvJCKSWnZfo%3D&reserved=0>
  We will look at policies for risky users, risky sign ins, and how to automate access control to counter High risks.
  *   October 8th.
  *   November 12th.
  *   December 10th.

2022

  *   January 21st (this is deviation from second Friday.)
  *   February 11th.
  *   March 11th.
  *   April 8th.
  *   May 13th.

 Difference between E3/A3 and E5/A5 licensing:

  *   Microsoft 365 Enterprise | Microsoft Licensing 
Resources<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Flicensing%2Fproduct-licensing%2Fmicrosoft-365-enterprise%3Factivetab%3Dm365-enterprise%3Aprimaryr5&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Cdaa43fe2e3d147bd64c008d946bc205c%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637619496407450248%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=kpTkRTLhNx8QYfTypRUQCx14AOjFATQdQrXzi99RMnQ%3D&reserved=0>
  *   Enterprise Mobility and Security Pricing Options 
(microsoft.com)<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fenterprise-mobility-security%2Fcompare-plans-and-pricing&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Cdaa43fe2e3d147bd64c008d946bc205c%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637619496407460204%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=EJS64H5NFeTJ6GWV4PR9DlQUcJpZTx1oCmoabJgpRUM%3D&reserved=0>
  *   Compare Office 365 Enterprise | 
Microsoft<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fenterprise%2Fcompare-office-365-plans%3Fef_id%3Dad1fb9ae3053173c2bbbd908aa2e3e45%3AG%3As%26OCID%3DAID2100137_SEM_ad1fb9ae3053173c2bbbd908aa2e3e45%3AG%3As%26lnkd%3DBing_O365SMB_Brand%26msclkid%3Dad1fb9ae3053173c2bbbd908aa2e3e45&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Cdaa43fe2e3d147bd64c008d946bc205c%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637619496407460204%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=5tVIMJUnj6LSvP4XtPlsdKdJT6k4ePsdPWtWwrNheho%3D&reserved=0>
  *   Enterprise Mobility and Security | Microsoft 
Security<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fsecurity%2Fbusiness%2Fenterprise-mobility-security&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Cdaa43fe2e3d147bd64c008d946bc205c%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637619496407470159%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4Z1hZt%2B3Ql4n3G5LGfdj1gMgF3QzZ1hIjTOmOXcztVE%3D&reserved=0>


-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-
- Do not delete or change any of the following text. -

Join my Webex Personal Room meeting.
Join 
meeting<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fstudentclearinghouse.webex.com%2Fmeet%2Fjoramsey&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Cdaa43fe2e3d147bd64c008d946bc205c%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637619496407480117%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=0D4YZbAM3cYQRZm%2By%2BK0YRk5I3gEQ1ji2%2B8v7oBwUgU%3D&reserved=0>

Meeting link: 
https://studentclearinghouse.webex.com/meet/joramsey<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fstudentclearinghouse.webex.com%2Fmeet%2Fjoramsey&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Cdaa43fe2e3d147bd64c008d946bc205c%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637619496407480117%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=0D4YZbAM3cYQRZm%2By%2BK0YRk5I3gEQ1ji2%2B8v7oBwUgU%3D&reserved=0>

Meeting number (access code): 790 211 691

Join by phone

Tap to call in from a mobile device (attendees only)

1-866-469-3239<tel:1-866-469-3239,,*01*790211691##*01*> USA Toll Free

+1-650-429-3300<tel:+1-650-429-3300,,*01*790211691##*01*> USA Toll
Global call-in numbers 
<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fstudentclearinghouse.webex.com%2Fstudentclearinghouse%2Fglobalcallin.php%3FserviceType%3DMC%26eventID%3D895104342%26tollFree%3D1&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Cdaa43fe2e3d147bd64c008d946bc205c%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637619496407490075%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Ubrll581e2pjGO8nrnkAgIwdUPQpWvlPpwWzTRAkPLQ%3D&reserved=0>
 | Toll-free calling 
restrictions<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.webex.com%2Fpdf%2Ftollfree_restrictions.pdf&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Cdaa43fe2e3d147bd64c008d946bc205c%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637619496407490075%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=sMMPU7ZISUG7jeF%2FZETQbJza8nZ8xqG3yWUn4n0D9YA%3D&reserved=0>

Join from a video conferencing system or application

Dial joramsey () studentclearinghouse webex com<sip:joramsey () studentclearinghouse webex com>

Skype joramsey.studentclearinghouse () lync webex com<sip:joramsey.studentclearinghouse () lync webex com>

You can also dial 173.243.2.68 and enter your meeting number.

© 2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved. 2.4.0.0




**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cjramsey%40studentclearinghouse.org%7Cdaa43fe2e3d147bd64c008d946bc205c%7C8cc02fea054043a688b6069d3eac0119%7C0%7C1%7C637619496407500027%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=U7aB5c8D9RMHgD1wCGATIJPBYv9u95YXMJPv9nHoE%2Fo%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community
Previous By Date Next
Previous By Thread Next

Current thread: