My Day two at #MSTechSummit was focused around Office 365, in particularly the security aspects of the service. Security and compliance of these services are quickly become and equal to availability, people are not just interested in whether the service is going to be up 99.999% of the time, but how they deal with security and compliance
You can see that Microsoft are extremely aware that their threat footprint is huge, and they are spending huge amounts of effort providing the right features to protect their customers.
Security score is a dashboard which gives Office 365 customers with their security score based on the features which are enabled. This score is given out of the maximum features available based on your subscription license. This dashboard also provides assistance on what features can be enabled to increase your score.
One really clever feature on this is ‘Compare your score’ this will allow you to compare your score against all other Office 365 customers. Whats clever about this feature is the comparisons. If your Office 365 tenant has 25 mailboxes you may not be as security focused as an enterprise with ten thousand mailboxes, so it’s not useful to compare the score. So you have the option to compare against similar size tenants. In the example above this is a tenant with 25 mailboxes, which has score of 210. The average across similar tenants in 40, and the overall Office 365 average score is 38
Advanced Threat Protection
Advanced Threat Protection or ATP, is another new feature within Office 365. This completes multiple actions to help protect your Office 365 tenants. Features include reputation checking against known malicious URLs. This prevents users from directing to URLs that are known to ATP.
Email attachments are the primary cause of malicious or Ransomware from entering your business. Office 365 ATP follows a procedure to help your users staying protected. All attachments are stripped from the Office 365 mail and run through a scanning process to see if anything harmful. Furthermore these attachments are sent to a ‘Detonation Chamber’ to execute the file in a secure location and report what the file is attempting to complete. If anything harmful or unusual occurs, the file is deleted and replaced with a text file informing the user that ATP has stripped the attachment
This is my favourite security feature of Office 365. These set of features allows you to perform simulation attacks against your user base. The attack simulator includes phishing attacks, brute force password attacks and password spray attacks.
Simulated phishing attacks will send your users emails that mirror normal phishing emails. The feature then reports back and informs you which users fell of the attack. You can then target those users and provide some training on how to spot phishing attacks in the future.
Brute force password attacks will stress test the user base against a set of common passwords. Again this will provide a report on the weak users so you can educate them on password security!
Cloud App Security
Another really cool feature of the security suite in Office 365. Cloud App Security monitors the users for abnormal behaviour. This can be really useful for large scale attacks or disgruntled users!
In this picture Cloud App Security has picked up that the user is an administrator and is now trying to login from a new external IP and new ISP. Additionally there was three failed logon attempts before the successful logon. They’ve not performed an admin change to forward mail to an external address, which hasn’t happened since 82 days ago. All this information tied together indicates that something strange is going on and will allow admins to disable to account and investigate the issue further