%3CLINGO-SUB%20id%3D%22lingo-sub-1468669%22%20slang%3D%22en-US%22%3EWhy%20remote%20workplaces%20remain%20a%20challenge%20for%20large%20enterprises%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1468669%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EMany%26nbsp%3Borganizations%20%E2%80%93%20small%2C%20large%2C%20medium%20%E2%80%93%20across%20the%20world%26nbsp%3Bare%20having%20their%20employees%20work%20from%20home%20due%20to%20COVID-19.%20For%20many%26nbsp%3Bof%20these%20companies%2C%20this%20was%20something%20they%20had%20never%20prepared%20for.%20Moving%20to%20the%20cloud%20and%20using%20online%20tools%20sounds%20simple%20and%20easy%2C%20but%20when%20it%20comes%20to%20meeting%20regulation%20and%20compliance%20regulations%2C%20you%20need%20to%20take%20extra%20care.%20Enabling%20your%20workforce%20with%20cloud-enabled%20collaboration%20tools%20is%20not%20only%20a%20technical%20challenge%20but%20also%20brings%20about%20legal%20and%20cultural%20considerations.%20Luckily%2C%20I%20have%20seen%20many%20of%20the%20challenges%20that%20IT%20faces%20when%20moving%20to%20the%20cloud.%20In%20this%20article%2C%20I%20will%20address%20some%20common%20challenges%20brought%20about%20by%20remote%20work%2C%20but%20showcase%20some%20of%20the%20ways%20they%20can%20be%20addressed%20without%20impacting%20your%20employees%E2%80%99%20ability%20to%20collaborate%20effectively%20and%20stay%20productive%20while%20maintaining%20security%2C%20compliance%20and%20privacy.%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EConsider%20the%20implications%20of%20document%20sharing%20on%20Dropbox%2C%20Google%20Drive%20and%20OneDrive%20where%20customer%20data%20is%20involved%2C%20especially%20in%20a%20highly%20regulated%20environment.%26nbsp%3B%20%3C%2FSPAN%3E%3CSPAN%3EFor%20a%20situation%20like%20this%20you%20no%20longer%20need%20to%20setup%20a%20costly%20infrastructure%20and%20wait%20for%20days.%20Today%20with%20the%20power%20of%20cloud%2C%20Office%20365%20SaaS%20service%20such%20as%20MCAS%20and%20DLP%20and%20on%20Azure%20IP%20or%20Microsoft%20IP%20can%20be%20enabled%20in%20your%20tenant%20organization%20and%20put%20tight%20controls%20to%20stop%20data%20leakage.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3ELet%E2%80%99s%20take%20Microsoft%20Teams.%20If%20an%20organization%20decides%20to%20empower%20their%20employees%20to%20work%20remotely%2C%20they%20can%E2%80%99t%20just%20turn%20this%20feature%20on%20with%20the%20same%20level%20of%20access%20as%20their%20controlled%20environment.%20Microsoft%20Teams%20enables%20and%20empowers%20users%20with%20many%20collaboration%20tools%20in%20one%20place%2C%20which%20work%20best%20in%20the%20cloud.%20However%2C%20if%20you%20have%20a%20hybrid%20cloud%20setup%20this%20becomes%20a%20technical%20challenge%20because%20the%20way%20things%20works%20and%20configure%20on-premises%20may%20break%20when%20it%20comes%20to%20the%20cloud.%20An%20organization%20may%20not%20want%20their%20customers%20or%20employee%20PII%20data%20to%20be%20hosted%20in%20cloud%20and%20when%20you%20enable%20Teams%20-you%20must%20first%20put%20all%20controls%20and%20policies%20upfront%2C%20which%20can%E2%80%99t%20be%20done%20overnight.%20%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3EOrganizations%20are%20challenged%20with%20technology%20and%20security%20controls%20are%20unable%20to%20transition%20from%20on-premises%20to%20cloud%20with%20the%20same%20security%20controls.%20As%20soon%20as%20an%20organization%20moves%20to%20the%20cloud%2C%20the%20boundaries%20of%20security%20shift%20which%20can%20introduce%20risk%20and%20potentially%20unknown%20gaps.%20For%20example%2C%20an%20organization%20may%20not%20want%20their%20employees%20to%20store%20a%20file%20on%20the%20cloud%20containing%20the%20names%20and%20email%20addresses%20of%20their%20customers.%20In%20another%20example%2C%20it%20is%20not%20easy%20to%20migrate%20data%20leak%20prevention%20control%20from%20on-premises%20platform%20to%20cloud%20platform.%20%3C%2FSPAN%3E%3CSPAN%3EThis%20is%20purely%20a%20technical%20issue%20where%20on-premises%20policy%20can%E2%80%99t%20be%20easily%20migrated%20to%20cloud%20platform.%20Some%20organizations%20may%20not%20provide%20employees%20with%20access%20to%20public%20internet%20even%20for%20email%20communication%2C%20even%20though%20public%20internet%20offers%20security%20and%20encryption%20in%20transit%20and%20features%20like%20OME%20(Office%20Message%20Encryption).%20It%20does%20not%20stop%20here%2C%20and%20there%20is%20a%20huge%20list%20of%20challenges%20and%20may%20not%20work%20in%20most%20of%20the%20scenarios.%20When%20it%20comes%20to%20remote%20work%2C%20how%20are%20they%20going%20to%20deal%20with%20un-managed%20devices%2C%20solution%20is%20available%2C%20but%20you%20can%E2%80%99t%20roll%20it%20out%20overnight%20if%20you%20are%20100%2C000%20seat%20organization.%20And%20raises%20question%20if%20they%20have%20enough%20people%20in%20IT%20support%20to%20handle%20the%20calls%20for%20any%20ad%20hoc%20changes%20made%20to%20IT%20Operations.%20Consider%20identity%20protection%2C%20how%20are%20they%20going%20to%20protect%2C%20do%20they%20have%20trained%20staff%20etc.%26nbsp%3B%20You%20may%20implement%20MFA%20and%20what-if%20it%20breaks%20your%20application%20which%20does%20not%20support%20MFA.%20These%20are%20just%20few%20examples%2C%20in%20this%20situation%20IT%20leaders%20needs%20to%20come%20up%20with%20short%20term%20and%20long-term%20strategy.%20Organization%20do%20also%20need%20to%20re-develop%20their%20security%20controls%20with%20this%20sudden%20change.%20I%E2%80%99d%20say%20develop%20Cloud%20Security%20Policies%20and%20Information%20Governance%20around%20Cloud%20Architecture%20because%20existing%20policies%20dates%20back%20to%20pre-cloud%20computing%20era%20and%20causes%20many%20issues.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EEmployees%20are%20already%20collaborating%20across%20the%20organization%2C%20so%20it%20would%20be%20worthwhile%20considering%20adding%20an%20extra%20layer%20on%20top%20of%20existing%20monitoring%20and%20auditing%20tools%20to%20detect%20and%20remediate%20suspicious%20activity%20on%20the%20fly%20using%20Azure%20Security.%20Azure%20has%20a%20built-in%20AI%20algorithm%20which%20can%20trigger%20an%20alert%20if%20a%20user%20sign-in%20looks%20suspicious%20or%20falls%20into%20an%20atypical%20scenario.%20And%20again%2C%20this%20solution%20may%20not%20work%20for%20many%20organizations%20if%20they%20are%20not%20cloud%20ready%20and%20may%20need%20some%20time%20to%20implement%20such%20controls.%26nbsp%3B%20In%20order%20to%20enable%20full%20functionality%20for%20real-time%20collaboration%20may%20not%20be%20possible%2C%20however%20there%20are%20workaround%20where%20it%20can%20be%20enabled%20with%20limited%20features%20capabilities%20avoiding%20in%20risk%20to%20organizations.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSTRONG%3ESome%20best%20practices%20for%20WFH%20from%20IT%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3EEducate%20employees%20to%20use%20strong%20password-%20strong%20long%20password%20(25%20characters)%20are%20hard%20to%20break%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3EEmail%20phishing%20awareness%20%E2%80%93%20run%20email%20phishing%20compaign%20to%20educate%20your%20employees%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3EEnable%20multi-factor%20authentication%20MFA%20%E2%80%93%20this%20is%20a%20must%20have%20enabled%20for%20any%20cloud%20identity%20platform%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3EEnforce%20location-based%20sign-in%20if%20possible%20%E2%80%93%20if%20you%20don%E2%80%99t%20do%20business%20outside%20USA%20why%20would%20you%20want%20to%20allow%20signing%20from%20everywhere%2C%20just%20lock%20it%20down%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3EImplement%20blocked%20country%20list%20%E2%80%93%20Follow%20FBI%20list%20of%20banned%20country%20list%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3EMonitor%20malware%20and%20spyware%20%26nbsp%3Benable%20end-point%20protection%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3EUse%20jump%20boxes%20where%20as%20possible%20%E2%80%93%20don%E2%80%99t%20allow%20direct%20RDP%20access%20to%20the%20server%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3EEnhance%20policies%20and%20leverage%20cloud%20capabilities%20whereas%20possible%20%E2%80%93%20must%20enable%20AI%20and%20ML%20feature%20for%20risk%20signin%20and%20conditional%20based%20policies%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EAdnan%20Rafique%20%7C%20Global%20Security%20Architect%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%40iMentorCloud%20%7C%20-ERR%3AREF-NOT-FOUND-%3CA%20href%3D%22http%3A%2F%2Fwww.ExchangeITPro.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ewww.ExchangeITPro.com%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1468669%22%20slang%3D%22en-US%22%3E%3CP%3EGuest%20blogger%20Adnan%20Rafique%20outlines%20security%20%26amp%3B%20compliance%20considerations%20for%20enabling%20remote%20work.%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Woman%20working%20remotely%20from%20home.png%22%20style%3D%22width%3A%20999px%3B%22%3E-ERR%3AREF-NOT-FOUND-%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1468669%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECommunity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ECompliance%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EEnabling%20Remote%20Work%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1470666%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20remote%20workplaces%20remain%20a%20challenge%20for%20large%20enterprises%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1470666%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20for%20sharing%20%2C%20normally%20education%20is%20essentials%20but%20we%20need%20to%20enforce%20users%2C%20so%20we%20enforce%20them%20to%20setup%20strong%20password.%20Not%20only%20we%20should%20educate%20them%20about%20cyber-threats%20but%20we%20also%20should%20teach%20them%20how%20to%20react%20like%20marking%20email%20as%20Junk.%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20don't%20think%20blocking%20country%20is%20wise%20decision%20because%20hackers%20are%20everywhere%20and%20we%20need%20to%20block%20and%20blacklist%20IPs%20instead.%3C%2FP%3E%0A%3CP%3EAI%20and%20ML%20are%20good%20but%26nbsp%3B%3CSTRONG%3Edon't%3C%2FSTRONG%3E%20trust%20them%20much.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1472815%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20remote%20workplaces%20remain%20a%20challenge%20for%20large%20enterprises%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1472815%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Reza%20thanks%20for%20sharing%20you%20insightful%20information%20and%20I%20do%20agree%20with%20you.%20Yes%20I%20do%20encourage%20people%20and%20customer%20to%20run%20phishing%20campaign%20which%20refer%20to%20your%20junk%20email%20suggestion.%20I've%20seen%20improvement%20running%20phishing%20comping%20and%26nbsp%3B%20educating%20employees.%20There%20are%20many%203rd%20party%20tools%20available%20but%20the%20good%20thing%20is%20that%20now%20M365%20do%20also%20have%20this%20tool%20freely%20available.%20Not%20sure%20if%20you%20have%20seen%20it%20or%20now%20but%20I'd%20highly%20recommend%20it%20and%20there%20are%20different%20types%20of%20campaign%20available.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENow%20going%20back%20to%20the%20blocking%20the%20countries%2C%20blocking%20IP%20addresses%20is%20good%20but%20never%20ending%20and%20this%20is%20where%20you%20need%20more%20than%20one%20approach.%20So%20blocking%20countries%20applies%20to%20those%20companies%20who%20needs%20to%20meet%20compliance%20specially%20in%20US%20and%20UK%2FEU.%20US%20has%20some%20regulation%20where%20certain%20countries%20are%20blocked.%20In%20Azure%20you%20can%20leverage%20blocked%20countries%20option%20which%20automatically%20take%20cares%20of%20that.%20Moreover%20when%20attackers%20comes%20from%20malicious%20IP%20addresses%20AZURE%20AI%20and%20ML%20take%20cares%20of%20that%20but%20of%20course%20they%20may%20not%20be%20accurate%20all%20the%20time%20but%20I've%20found%20it%20good%20so%20far.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFeel%20free%20share%20your%20thoughts%20and%20anything%20you%20have%20seen%20and%20improved%20protection%20your%2Fcustomers%20environment.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20again%3C%2FP%3E%3CP%3EAdnan%26nbsp%3B%40iMentorCloud%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1474119%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20remote%20workplaces%20remain%20a%20challenge%20for%20large%20enterprises%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1474119%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F33084%22%20target%3D%22_blank%22%3E%40Adnan%20Rafique%3C%2FA%3E%26nbsp%3Band%20thank%20you%20for%20follow%20up.%3C%2FP%3E%0A%3CP%3EIn%20case%20of%20phishing%2C%20we%20normally%20ask%20end%20user%20mark%20items%20as%20phishing%20and%20they%20also%20share%20their%20concern%20with%20us%20and%20we%20keep%20monitor%20and%20investigate%20issues%20and%20try%20to%20improve%20our%20protections.%20Normally%20we%20handle%20everything%20with%20Microsoft%20365%20and%20there%20was%20not%20need%20to%20use%20third-party.%20Microsoft%20Defender%20ATP%20was%20also%20helpful%20in%20many%20cases.%3C%2FP%3E%0A%3CP%3ERegarding%20to%20block%20country%2C%20I%20agreed%20when%20you%20need%20to%20compliance%20with%20local%20policy%2C%20but%20I%20look%20into%20it%20from%20cybersecurity%20point%20of%20view%20(not%20legal%20point%20of%20view)%20and%20attackers%20could%20be%20from%20any%20country.%20Machine%20Learning%20and%20AI%20are%20helpful%20but%20I%20observed%20so%20many%20failure%20and%20we%20are%20more%20relay%20on%20define%20policies%20and%20on-going%20monitoring%20and%20response%20to%20threats.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1484669%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20remote%20workplaces%20remain%20a%20challenge%20for%20large%20enterprises%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1484669%22%20slang%3D%22en-US%22%3E%3CP%3EYes%2C%20and%20that's%20why%20there%20is%20no%20such%20out%20of%20the%20box%20solution%20and%20every%20organization%20must%20do%20tweaking%20based%20on%20on%20their%20business%20needs.%20This%20is%20where%20you%20need%20people%20to%20train%20and%20teach%20the%20machines.%20I'm%20glad%20you%20put%20together%20time%20reading%20my%20blog%20and%20appreciate%20your%20feedback%20and%20your%20experience%20deploying%20tools%20and%20policies%20to%20protect%20the%20users%20and%20data.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Many organizations – small, large, medium – across the world are having their employees work from home due to COVID-19. For many of these companies, this was something they had never prepared for. Moving to the cloud and using online tools sounds simple and easy, but when it comes to meeting regulation and compliance regulations, you need to take extra care. Enabling your workforce with cloud-enabled collaboration tools is not only a technical challenge but also brings about legal and cultural considerations. Luckily, I have seen many of the challenges that IT faces when moving to the cloud. In this article, I will address some common challenges brought about by remote work, but showcase some of the ways they can be addressed without impacting your employees’ ability to collaborate effectively and stay productive while maintaining security, compliance and privacy.

Consider the implications of document sharing on Dropbox, Google Drive and OneDrive where customer data is involved, especially in a highly regulated environment.  For a situation like this you no longer need to setup a costly infrastructure and wait for days. Today with the power of cloud, Office 365 SaaS service such as MCAS and DLP and on Azure IP or Microsoft IP can be enabled in your tenant organization and put tight controls to stop data leakage.

 

Let’s take Microsoft Teams. If an organization decides to empower their employees to work remotely, they can’t just turn this feature on with the same level of access as their controlled environment. Microsoft Teams enables and empowers users with many collaboration tools in one place, which work best in the cloud. However, if you have a hybrid cloud setup this becomes a technical challenge because the way things works and configure on-premises may break when it comes to the cloud. An organization may not want their customers or employee PII data to be hosted in cloud and when you enable Teams -you must first put all controls and policies upfront, which can’t be done overnight.  Organizations are challenged with technology and security controls are unable to transition from on-premises to cloud with the same security controls. As soon as an organization moves to the cloud, the boundaries of security shift which can introduce risk and potentially unknown gaps. For example, an organization may not want their employees to store a file on the cloud containing the names and email addresses of their customers. In another example, it is not easy to migrate data leak prevention control from on-premises platform to cloud platform. This is purely a technical issue where on-premises policy can’t be easily migrated to cloud platform. Some organizations may not provide employees with access to public internet even for email communication, even though public internet offers security and encryption in transit and features like OME (Office Message Encryption). It does not stop here, and there is a huge list of challenges and may not work in most of the scenarios. When it comes to remote work, how are they going to deal with un-managed devices, solution is available, but you can’t roll it out overnight if you are 100,000 seat organization. And raises question if they have enough people in IT support to handle the calls for any ad hoc changes made to IT Operations. Consider identity protection, how are they going to protect, do they have trained staff etc.  You may implement MFA and what-if it breaks your application which does not support MFA. These are just few examples, in this situation IT leaders needs to come up with short term and long-term strategy. Organization do also need to re-develop their security controls with this sudden change. I’d say develop Cloud Security Policies and Information Governance around Cloud Architecture because existing policies dates back to pre-cloud computing era and causes many issues.

 

Employees are already collaborating across the organization, so it would be worthwhile considering adding an extra layer on top of existing monitoring and auditing tools to detect and remediate suspicious activity on the fly using Azure Security. Azure has a built-in AI algorithm which can trigger an alert if a user sign-in looks suspicious or falls into an atypical scenario. And again, this solution may not work for many organizations if they are not cloud ready and may need some time to implement such controls.  In order to enable full functionality for real-time collaboration may not be possible, however there are workaround where it can be enabled with limited features capabilities avoiding in risk to organizations. 

 

Some best practices for WFH from IT

  • Educate employees to use strong password- strong long password (25 characters) are hard to break
  • Email phishing awareness – run email phishing compaign to educate your employees
  • Enable multi-factor authentication MFA – this is a must have enabled for any cloud identity platform
  • Enforce location-based sign-in if possible – if you don’t do business outside USA why would you want to allow signing from everywhere, just lock it down
  • Implement blocked country list – Follow FBI list of banned country list
  • Monitor malware and spyware  enable end-point protection
  • Use jump boxes where as possible – don’t allow direct RDP access to the server
  • Enhance policies and leverage cloud capabilities whereas possible – must enable AI and ML feature for risk signin and conditional based policies

 

Adnan Rafique | Global Security Architect

@iMentorCloud | www.ExchangeITPro.com

 

 

 

 

4 Comments
Super Contributor

Thank you for sharing , normally education is essentials but we need to enforce users, so we enforce them to setup strong password. Not only we should educate them about cyber-threats but we also should teach them how to react like marking email as Junk. 

I don't think blocking country is wise decision because hackers are everywhere and we need to block and blacklist IPs instead.

AI and ML are good but don't trust them much.

Occasional Contributor

Hi Reza thanks for sharing you insightful information and I do agree with you. Yes I do encourage people and customer to run phishing campaign which refer to your junk email suggestion. I've seen improvement running phishing comping and  educating employees. There are many 3rd party tools available but the good thing is that now M365 do also have this tool freely available. Not sure if you have seen it or now but I'd highly recommend it and there are different types of campaign available. 

 

Now going back to the blocking the countries, blocking IP addresses is good but never ending and this is where you need more than one approach. So blocking countries applies to those companies who needs to meet compliance specially in US and UK/EU. US has some regulation where certain countries are blocked. In Azure you can leverage blocked countries option which automatically take cares of that. Moreover when attackers comes from malicious IP addresses AZURE AI and ML take cares of that but of course they may not be accurate all the time but I've found it good so far. 

 

Feel free share your thoughts and anything you have seen and improved protection your/customers environment. 

 

Thank you again

Adnan @iMentorCloud

 

Super Contributor

Hi @Adnan Rafique and thank you for follow up.

In case of phishing, we normally ask end user mark items as phishing and they also share their concern with us and we keep monitor and investigate issues and try to improve our protections. Normally we handle everything with Microsoft 365 and there was not need to use third-party. Microsoft Defender ATP was also helpful in many cases.

Regarding to block country, I agreed when you need to compliance with local policy, but I look into it from cybersecurity point of view (not legal point of view) and attackers could be from any country. Machine Learning and AI are helpful but I observed so many failure and we are more relay on define policies and on-going monitoring and response to threats.

Occasional Contributor

Yes, and that's why there is no such out of the box solution and every organization must do tweaking based on on their business needs. This is where you need people to train and teach the machines. I'm glad you put together time reading my blog and appreciate your feedback and your experience deploying tools and policies to protect the users and data.