Office 365 Security - How to Secure Access Control in Office 365 EnvironmentsHow to mitigate risks in a complex Hybrid Directory environment

Confidential2

oMarket Trendso Infrastructure security challengesoThe solution

Agenda

Market Trends

Organizations have used AD to authenticate since 2001

2003

2013-TODAYOrganizations begin taking the cloud seriously

2007Collaboration heats up

2009Server 2008R2 -new forest level

2001AD replaces NT

2008Add new resource forest for security

2010Upgrades, M&As,BYOD, security risks

TODAYFuture-ready Windows Infrastructure

2004Email is now business critical

Office 365 adoption is growing rapidly

22 million consumers ( 55% YOY growth from 12.4 M) and 70 million commercial customers who have active Office 365 subscriptions.

In the commercial segment, Office 365 had a 57 percent month-over-month jump in the latest 2016 quarter

Year over year growth about 1 million subscribers a month adopting O365

Audience Poll – Office 365 Adoption

Confidential7

• Reduce infrastructure, licensing and maintenance costs eliminating on premise infrastructure and finding storage efficiencies

• Empower workforce to operate from anywhere from any device

• Increase scalability and business continuity

Why do organizations move to the cloud?

Confidential8

Why do organizations move to the cloud?

• Office 365 *requires* an Azure AD instance

• Azure AD provides the Directory Service for Office 365 applications

• Azure AD integrates with on-prem AD creating a HYBRID Directory environment

Hybrid Environment: Azure AD Connect Synchronization Workflow

9

Confidential10

Summary: How Hybrid Directory was ‘created’

90% of Companies use AD-On prem

O365 Adoption Growing at %70 YoY

AAD has over 10M tenants

75% of Orgs. > 500 users synch on-prem

AD AAD

How important is protecting on-prem AD resources?

75% of enterprises with more than 500 employees sync their on prem. AD accounts to AzureAD/O365 (AD on prem. is authoritative)

Hybrid Directory Security Challenges

What is the surface attack area? AD On prem

Active AD licenses

500Million

Companies using AD to authenticate

90%

95 million of those accounts are under attack every single day (Microsoft )

Daily Authentic-

ations

10 Billion

Accounts under

attack each day

95 Million

What is the surface attack area? Azure AD

Number of Azure AD accounts

Number of Azure AD tenants

Microsoft’s user identity management systems, process over 13 billion login attempts, over 10 million (per day) of these logins are cyber-attacks

Dailylogons

MS Cloud daily

Cyberattacks

10 Million

700 Million

1.3 Billion

10 Million

Business challenges

• Data Exfiltration• Insider threats• Compliance Failures• Prolonged Operational Downtime • Revenue loss due to downtime,

loss of productivity and potentially fines

• No Permission Baselining• No automatic remediation• Lack of Detailed auditing• Labor-intense/error-prone• Lack of granular delegation• Disjointed administration• Manual DR Processes

Technical challenges

Dangers and pitfalls if you don’t secure AD on-prem

Hybrid Directory Challenges faced by businesses

What’s the solution?

Quest Software AD Security Lifecycle Methodology

Continually Assess

• Who has access to what sensitive data and how did they get that access?

• Who has elevated privileged permissions in AD, servers and SQL DBs?

• What systems are vulnerable to security threats?

Detect and Alert

• How will I know if any suspicious privileged account activities have occurred?

• Have any changes occurred that could be significant of an insider threat?

• How will I know, quickly, if an intrusion has happened?

• Could we be under brute-force attack right now?

Remediate and Mitigate

• Is access control allowing those whitelisted in and blacklisted out?

• Do my users have the lowest level of user rights possible to do their jobs?

• Are my sensitive resources protected?

• How much time will it take me to manually remediate unauthorized changes?

Investigate and Recover

• How can I be sure that ‘it’ doesn’t happen again?

• How can I test my business continuity plan without going off line?

• How long will it take us to recover from an AD security incident, manually?

• What is my AD RTO after a disaster?

• Can I secure access to my DC before next time?

Active Directory Security Suite componentsIT Security Search & Recovery Manager FE• Investigate AD security Incidents

• Continuously test your AD business continuity plan

• Recover from a security incident

• Improve your RTO after a disaster

• Secure access to AD DC data

Enterprise Reporter• Report on elevated permission in

AD

• visibility of open shares across servers

• Understand Which servers have vulnerable security settings

Active Roles & GPOAdmin• Enforce permission

blacklisting/whitelisting in AD

• Implement AD least-privilege access model

• Prevent unauthorized access to sensitive resources

• Auto-Remediate unauthorized activities

Change Auditor for AD• Detect suspicious privileged AD

activities

• Alert on potential AD insider threats

• Notify in real time of unauthorized intrusions against AD

• Detect and alert on brute-force attacks

Hybrid Directory Solution protects all the way around

Confidential24

• Organizations moving to Office 365 have real and significant security challenges around Active Directory

• On-premises AD remains the core of security even in a cloud/hybrid environment

• Quest offers the only end to end AD Security solution in the market

• Don’t let your on-premises AD be your Hybrid Achilles Heel!

Secure your Active Directory to Mitigate risk in O365

Confidential25

• OnDemand Webcasts:• Alvaro Vitta and Nathan O'Bryan MSFT MVP - by Redmond magazine: What you need to know about Active Directory Hybrid Governance• Alvaro Vitta and Sherwin McAdams of NIST - Hybrid Management Strategies for Securing a Hybrid Environment

Learn more today

Azure Active Directory and Office 365 Security - Don’t Let Your On-Premises AD Be Your Achilles Heel

Managing the Insider Threat with Active Directory Security

Thank You!

Watch the On Demand Webcast: http://bit.ly/2jRat2b