Customer Offerings: Modern Workplace Threat Protection
Published Jul 22 2020 07:15 PM 3,241 Views




My name is John Barbare and I am a Sr Customer Engineer at Microsoft focusing on all things in the Cybersecurity space. Welcome to another customer offering article to inform you about the newest threats and what protective measures from Microsoft you can utilizeIn this article, we will present Premier Services Offerings around Modern Workplace Threat Protection. 


Offering Overview 


With the rise in Ransomware attacks and increased focus around threats facing small to large scale enterprises, we decided to take two customer offerings and combine them into one. We took the Proactive Operations Program: Protecting Against Ransomware and merged it with Modern Workplace Threat Protection to give the best overview of all the different types of attacks that enterprises are facing and include the entire M365 security stack to protect, detect, and prevent these attacks into a combined four-day customer offering. With this new update, we were able to provide a four-day customer offering to meet and exceed customer expectations.  


Security: Modern Workplace Threat Protection - FundamentalsSecurity: Modern Workplace Threat Protection - Fundamentals


What's Included 


The content of this offering is a mix of education, governance, administration, and security best practices at the L200-L300 level which focuses on the breadth of the M365 security stack.  


Modern Workplace Threat Protection is a four day engagement where you will learn about modern threat protection components and security technologies, evaluate the features and functionality, and get started in deploying in a Proof of Concept environment wherever feasibleIt will also expand your understand of how different types of malware, Zero Days, and Ransomware attacks are carried out and gain improved insights into protecting, detecting, and securing your environment and users against these destructive threat measures. 


Ransomware attacks are on the riseRansomware attacks are on the rise


Areas Covered 


The below sections are covered in detail throughout the four-day offering and expand on each objective to maximize your understanding of each topic and focus area. Deployment methods in the offering cover Group Policy, Microsoft Endpoint Configuration Manager, and Intune.


Ransomware and Dark Market Overview - Objectives focus on Ransomware background, enterprise Ransomware mitigations, trends and observations, keprinciples, and the different methods Microsoft can help with. 

AppLocker & Application Control – Objectives focus on AppLocker overview and Application Whitelisting, prerequisitesrulesPowerShell, event logs, troubleshootingWindows Defender Application Control and overviewand Application Control Deployment. 

Windows Defender Exploit Guard & Application Guard Objectives focus on Exploit Guard Overview, components, setup and deploymentApplication Guard overview, the anatomy of an attack and containment, and Application Guard setup and deployment. 

Windows Defender Antivirus - Objectives focus on benefits & unique optics of Windows Defender Antivirus (AV), the evolving threat landscape & the role of cloud-based protection, what’s on your computer – the Windows Defender AV endpoint, Windows Defender AV Block at First Sight, and behind the scenes of using the Potential Unwanted Application feature.  

Securing Privileged Access - Objectives focus on a detailed overview ovirtualization-based security, Credential GuardRemote Credential Guard, and using Restricted Admin modes. 

Code Signing & Macro Controls Objectives focus on code signing, the importance of code signing, code signing certificates, and how the signing process works. 

Advanced Threat Protection Objectives focus on the overview of the current threat landscape and how it can impact your environmentDeep dives go into using Microsoft Defender Advanced Threat Protection (ATP), Office ATPAzure ATP, and the new Microsoft Threat Protection to showcase the latest and best technologies Microsoft is keeping its customers and employees safe.  
End user, Phishing & Social Engineering Objectives focus on social engineering, phishing attacks, spear phishing, using the O365 attack simulator, and overall end user education.  

Hardening Basics, Disabling Legacy Protocols, Security Update Management, & Data Backup Objectives focus on the importance of software updates, hardening basics, using Microsoft security baselines, disabling legacy protocols, and the importance of backups and recovery methods if an attack does occur.  


Hands on/Implementation 


During this offering there are multiple hands on exercises to use in a Microsoft demo tenant, your own environment, or implement in a proof of concept to deployed later after testing. The following areas are listed below: 



•Exploit Guard and Application Guard 

•Virtualization Based Security 

•Macro Controls 

•Windows Defender Antivirus 

•Microsoft Defender ATP 

•Office ATP 

•Microsoft Threat Protection 

•Phishing attacks and Social Engineering -Prevention 

•Backups -Azure Backup 


Delivery model 


The delivery model is designed to be an educational offering covering threat protection technologies within the Modern Workplace including identityaccess management, and endpoint security. Proof of Concept pilot enablement of key scoped Windows Defender endpoint defenses. 


Key Personnel For this Offering 


Within your organization, any Business Decision Makers/Key StakeholdersIT/Security/Networking staff and managementSecOps, Cyber Analysts, Red Team, Blue Team, or any internal Cybersecurity staff that would assist in implementing and using these security technologies detailed in this offering. Other members of the IT organization that will be engaged as needed in each technology and threat protection area as needed.  




Cybersecurity and threat protection are a topic that is being discussed daily with all clients that Microsoft has and also with future clients. Since there is no single product that can fix everything with one click and every client’s environment is unique, Modern Workplace Threat Protection addresses and answers the tough security challenges.   


Ann Johnson, Microsoft’s Chief Vice President of Cybersecurity, stated on May 18, 2020 that, “operational resilience cannot be achieved without a true commitment to, and investment in, cyber resilience. We want to help empower every organization on the planet by continuing to share our learnings to help you reach the state where core operations and services won’t be disrupted by geopolitical or socioeconomic events, natural disasters, or even cyber events. 


By selecting this offeringit is a great start to see what Microsoft security features are already in your environment and be able to gain a better understanding around the Microsoft security stack and be ready to deploy and safeguard against the newest threats and attacks 


Ask your Microsoft Account Representative, Technical Account Manager (TAM) or Service Delivery Manager (SDM) to reserve a spot and have one of Microsoft’s highly skilled Cybersecurity Customer Engineers deliver this offering to your organization very soon!  




As of this writing, the above modules are in scope, however, they are subject to change as M365 Security offerings and Modern Workplace Threat Protection evolve responding to customers' feedback. 




Special thanks to the offering team: Paul BergsonJohn BarbareAnderson Moriya da Silva, and Joe Zerafa. 


Thanks for reading and have a great Cybersecurity day!   

Version history
Last update:
‎Jul 23 2020 06:53 AM
Updated by: