For our second stop on the journey to holistic cloud protection with the Microsoft 365 security stack we will be discussing Device security. For anyone new joining us on this journey please ensure you check out Part I: Overview and Part II: Identity Security to get caught up prior to reading Part III: Device Security which will be discussed during this article.
When speaking about devices we use to only concentrate corporate issued Windows desktops or laptops, but times have changed. Devices now could mean anything from corporate issued to personal owned devices running Windows, MacOS, iOS or Android. The diversification of platforms and ownership of devices requires a two-pronged approach to device security. During this stop we will be focusing on device management where devices are enrolled.
Microsoft Endpoint Manager:
All of these questions are common among organizations. With the Microsoft 365 security stack we leverage Microsoft Endpoint Manager (Intune + SCCM) as the device management solution. Whether your devices are cloud only or split between SCCM using co-management, you can leverage the cloud to ensure devices are protected no matter where they go. Below are some common scenarios where Microsoft Endpoint Manager increases your security posture for devices:
Issue #1: Only secure devices should access corporate data - The path to restricting access to corporate data revolves around the compliant status. If a device is capable of enrolling into Microsoft Endpoint Manager, then it has the potential to become a compliant device which leads to the potential access of corporate data.
Solution: Enforce device restrictions, apply compliance policies and require compliant devices to access corporate data.
Issue #2: Group policy management is impossible with all these remote devices - The struggle to ensure devices receive group policies that rarely come back to the office or connect back inside the domain is real. Creating solutions, workarounds or asking employees to come back into the office can be frustrating.
Solution: With Microsoft Endpoint manager there isn’t a need to come back into the office or connect back to the domain. There are built-in capabilities to deploy configuration profile settings, over 1700 administrative templates, PowerShell scripts, and 100’s of custom CSP (configuration service provider) settings that can apply the same legacy group policies settings. Common scenarios include:
Issue #3: Really wish I could do … remotely… - Ever needed to perform a remote action against a workstation or mobile device, but it was 100’s of miles away? What about force a restart so an application could install? How about wipe a device back to factory settings for someone or just remove all the corporate files to hand off the device to another user?
Solution: Multiple remote tasks are available in Microsoft Endpoint Manager which allows for quick resolution in times of security incidents or when an end user needs a helping hand. A few scenarios are below:
Microsoft Defender for Endpoints:
Malicious attackers threatening your endpoints are no longer strictly concerned with your Windows platform. The sophistication of attacks span across other platforms not only for the direct attack, but to compromise non-Windows platforms with the goal to compromise Windows devices. There is a reason Windows Defender ATP was rebranded as Microsoft Defender ATP.
Microsoft Defender for Endpoints provides next generation protection on top of an already existing AV (Microsoft Defender AV for optimized integration), multi-dimension endpoint detection plus response, and automated investigation with remediation.
Issue #1: We don’t know what we don’t know!?!?! - Many organizations and teams don’t have the visibility to see what the organization’s current security posture is. How do you prepare for attacks and reduce your threat areas with little to no visibility?
Issue #2: Need more options for response when a detection is triggered - Sometimes when a threat on an endpoint is detected you have a short amount of time to implement a remediation. Some threats require more aggressive actions while others may be more passive until the bigger picture is realized. Below is a subset of responses available in Microsoft Defender for Endpoints (may vary for each platform).
Issue #3: We are not threat experts!?!?!? - Many organizations have a limited number of real threat experts. Relying on third party ad-hoc assistance or lengthy research sessions can only get you so far.
Solution: Threat Analytics brings the knowledge of Microsoft’s security researchers straight to you with continuously updated threat reports related to emerging threats along with outbreaks as they are identified. These reports allow for you to assess the impact of these threats to your environment, learn how to detect specific threats and create an action plan to contain them. Most threat report contain the following:
As we prepare for our next adventure on our journey to holistic cloud protection with the Microsoft 365 security stack…, I want to reflect on the importance of device security. Your devices should play a huge role in your overall security posture as it allows you to define what is a safe device along with ensuring only a specific security baseline is allowed to access your organization’s data. By becoming knowledgeable in the ever-evolving threat landscape you take the power back from the malicious attackers and increase your overall security posture.
Thank you so much for joining me during this stop while we discussed device security. Our next stop in this journey will be discussing Application security and how to increase our security posture when applications are accessing our corporate data using the Microsoft 365 security stack
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.