Introduction
My name is John Barbare and I am a Sr Customer Engineer at Microsoft focusing on all things in the Cybersecurity space. Welcome to another customer offering article to inform you about the newest threats and what protective measures from Microsoft you can utilize. In this article, we will present Premier Services Offerings around Modern Workplace Threat Protection.
Offering Overview
With the rise in Ransomware attacks and increased focus around threats facing small to large scale enterprises, we decided to take two customer offerings and combine them into one. We took the Proactive Operations Program: Protecting Against Ransomware and merged it with Modern Workplace Threat Protection to give the best overview of all the different types of attacks that enterprises are facing and include the entire M365 security stack to protect, detect, and prevent these attacks into a combined four-day customer offering. With this new update, we were able to provide a four-day customer offering to meet and exceed customer expectations.
Security: Modern Workplace Threat Protection - Fundamentals
What's Included
The content of this offering is a mix of education, governance, administration, and security best practices at the L200-L300 level which focuses on the breadth of the M365 security stack.
Modern Workplace Threat Protection is a four day engagement where you will learn about modern threat protection components and security technologies, evaluate the features and functionality, and get started in deploying in a Proof of Concept environment wherever feasible. It will also expand your understand of how different types of malware, Zero Days, and Ransomware attacks are carried out and gain improved insights into protecting, detecting, and securing your environment and users against these destructive threat measures.
Ransomware attacks are on the rise
Areas Covered
The below sections are covered in detail throughout the four-day offering and expand on each objective to maximize your understanding of each topic and focus area. Deployment methods in the offering cover Group Policy, Microsoft Endpoint Configuration Manager, and Intune.
Ransomware and Dark Market Overview - Objectives focus on Ransomware background, enterprise Ransomware mitigations, trends and observations, key principles, and the different methods Microsoft can help with.
AppLocker & Application Control – Objectives focus on AppLocker overview and Application Whitelisting, prerequisites, rules, PowerShell, event logs, troubleshooting, Windows Defender Application Control and overview, and Application Control Deployment.
Windows Defender Exploit Guard & Application Guard - Objectives focus on Exploit Guard Overview, components, setup and deployment, Application Guard overview, the anatomy of an attack and containment, and Application Guard setup and deployment.
Windows Defender Antivirus - Objectives focus on benefits & unique optics of Windows Defender Antivirus (AV), the evolving threat landscape & the role of cloud-based protection, what’s on your computer – the Windows Defender AV endpoint, Windows Defender AV Block at First Sight, and behind the scenes of using the Potential Unwanted Application feature.
Securing Privileged Access - Objectives focus on a detailed overview of virtualization-based security, Credential Guard, Remote Credential Guard, and using Restricted Admin modes.
Code Signing & Macro Controls - Objectives focus on code signing, the importance of code signing, code signing certificates, and how the signing process works.
Advanced Threat Protection - Objectives focus on the overview of the current threat landscape and how it can impact your environment. Deep dives go into using Microsoft Defender Advanced Threat Protection (ATP), Office ATP, Azure ATP, and the new Microsoft Threat Protection to showcase the latest and best technologies Microsoft is keeping its customers and employees safe.
End user, Phishing & Social Engineering - Objectives focus on social engineering, phishing attacks, spear phishing, using the O365 attack simulator, and overall end user education.
Hardening Basics, Disabling Legacy Protocols, Security Update Management, & Data Backup - Objectives focus on the importance of software updates, hardening basics, using Microsoft security baselines, disabling legacy protocols, and the importance of backups and recovery methods if an attack does occur.
Hands on/Implementation
During this offering there are multiple hands on exercises to use in a Microsoft demo tenant, your own environment, or implement in a proof of concept to deployed later after testing. The following areas are listed below:
•AppLocker
•Exploit Guard and Application Guard
•Virtualization Based Security
•Macro Controls
•Windows Defender Antivirus
•Microsoft Defender ATP
•Office ATP
•Microsoft Threat Protection
•Phishing attacks and Social Engineering -Prevention
•Backups -Azure Backup
Delivery model
The delivery model is designed to be an educational offering covering threat protection technologies within the Modern Workplace including identity, access management, and endpoint security. Proof of Concept pilot enablement of key scoped Windows Defender endpoint defenses.
Key Personnel For this Offering
Within your organization, any Business Decision Makers/Key Stakeholders, IT/Security/Networking staff and management, SecOps, Cyber Analysts, Red Team, Blue Team, or any internal Cybersecurity staff that would assist in implementing and using these security technologies detailed in this offering. Other members of the IT organization that will be engaged as needed in each technology and threat protection area as needed.
Conclusion
Cybersecurity and threat protection are a topic that is being discussed daily with all clients that Microsoft has and also with future clients. Since there is no single product that can fix everything with one click and every client’s environment is unique, Modern Workplace Threat Protection addresses and answers the tough security challenges.
Ann Johnson, Microsoft’s Chief Vice President of Cybersecurity, stated on May 18, 2020 that, “operational resilience cannot be achieved without a true commitment to, and investment in, cyber resilience. We want to help empower every organization on the planet by continuing to share our learnings to help you reach the state where core operations and services won’t be disrupted by geopolitical or socioeconomic events, natural disasters, or even cyber events.”
By selecting this offering, it is a great start to see what Microsoft security features are already in your environment and be able to gain a better understanding around the Microsoft security stack and be ready to deploy and safeguard against the newest threats and attacks.
Ask your Microsoft Account Representative, Technical Account Manager (TAM) or Service Delivery Manager (SDM) to reserve a spot and have one of Microsoft’s highly skilled Cybersecurity Customer Engineers deliver this offering to your organization very soon!
Disclaimer
As of this writing, the above modules are in scope, however, they are subject to change as M365 Security offerings and Modern Workplace Threat Protection evolve responding to customers' feedback.
Credit
Special thanks to the offering team: Paul Bergson, John Barbare, Anderson Moriya da Silva, and Joe Zerafa.
Thanks for reading and have a great Cybersecurity day!
Updated Jul 23, 2020
Version 5.0John_Barbare
Microsoft
Joined August 05, 2019
Core Infrastructure and Security Blog
Follow this blog board to get notified when there's new activity