Category: Anticipating threats
-
Summary-Describe security, compliance, privacy, and trust in Microsoft 365
Read More: Summary-Describe security, compliance, privacy, and trust in Microsoft 365Thought experiment In this thought experiment, demonstrate your skills and knowledge of the topics covered in this chapter. You can find the answers to this thought experiment in the next section. Ralph is the Director of the Brooklyn datacenter at Contoso Corp. The company currently has three office buildings in the New York area with…
-
Anticipating threats-Describe security, compliance, privacy, and trust in Microsoft 365
Read More: Anticipating threats-Describe security, compliance, privacy, and trust in Microsoft 365Arguably, the most difficult part of the risk management planning process is trying to anticipate all the possible threats that could afflict the company’s data in the future. The three basic risk factors for the data—confidentiality, integrity, and availability—can be exploited in any number of specific ways, but the general threat categories are listed in…
-
Describe the capabilities and benefits of Microsoft Priva-Describe security, compliance, privacy, and trust in Microsoft 365
Read More: Describe the capabilities and benefits of Microsoft Priva-Describe security, compliance, privacy, and trust in Microsoft 365As mentioned frequently in this book, an organization’s data is its most valuable commodity, and keeping that data secure is one of the primary functions of Microsoft 365. That company data frequently includes confidential information, however, and it is the responsibility of the IT department not only to keep the data secure but also to…
-
Microsoft Advanced Threat Analytics-Describe security, compliance, privacy, and trust in Microsoft 365
Read More: Microsoft Advanced Threat Analytics-Describe security, compliance, privacy, and trust in Microsoft 365Advanced Threat Analytics (ATA) is an on-premises solution that uses information gathered from a wide variety of enterprise sources to anticipate, detect, and react to security threats and attacks. ATA receives log and event information from Windows systems and also captures network traffic generated by security-related protocols, such as Kerberos and NTLM. This traffic provides…
-
Microsoft Entra ID (Azure Active Directory Premium)-Describe security, compliance, privacy, and trust in Microsoft 365
Read More: Microsoft Entra ID (Azure Active Directory Premium)-Describe security, compliance, privacy, and trust in Microsoft 365Active Directory (AD) is a directory service that has been a part of the Windows Server product since the Windows 2000 Server release. A directory service is a database of objects, including users and computers, that provides authentication and authorization services for network resources. Authentication and authorization are essentially the front gates of information protection,…
-
Auditing-Describe security, compliance, privacy, and trust in Microsoft 365
Read More: Auditing-Describe security, compliance, privacy, and trust in Microsoft 365Microsoft Purview includes auditing capabilities that log operations for many Microsoft 365 applications and services. Administrators can search the audit log directly from the Microsoft Purview portal, providing detailed information that can be useful during security, compliance, and legal investigations. Microsoft Purview can provide two levels of audit logging, as follows: FIGURE 3-49 The Audit…
-
Service Trust Portal-Describe security, compliance, privacy, and trust in Microsoft 365
Read More: Service Trust Portal-Describe security, compliance, privacy, and trust in Microsoft 365Microsoft is aware of these trust issues and has created a central storehouse called the Service Trust Portal (STP) for information about them. STP is a website, shown in Figure 3-43, available to everyone at http://aka.ms/stp, although some parts of the site are restricted to registered users of Microsoft 365 and other products. See Figure…
-
Describe Microsoft Granular Delegated Admin Privileges (GDAP) principles-Describe security, compliance, privacy, and trust in Microsoft 365
Read More: Describe Microsoft Granular Delegated Admin Privileges (GDAP) principles-Describe security, compliance, privacy, and trust in Microsoft 365One of the recurrent problems for partners and other service providers supporting Microsoft 365 customers is the allocation of access permissions that enable the partner to work on the customer’s systems and services on their behalf. A feature called delegated administration privileges (DAP) has long made that possible, but DAP grants the partner full Global…
-
Data-Describe security, compliance, privacy, and trust in Microsoft 365
Read More: Data-Describe security, compliance, privacy, and trust in Microsoft 365All the security functions applying to the other five Zero Trust criteria essentially protect the organization’s data—its most valuable resource. Administrators must consider the data’s security in all possible states: in-motion, at-rest, and in-use. Depending on the nature and sensitivity of the data, each state might require different security measures. Microsoft 365 supports tools that…
-
Network-Describe security, compliance, privacy, and trust in Microsoft 365
Read More: Network-Describe security, compliance, privacy, and trust in Microsoft 365Networks provide users with access to the data they need, but they are also a major point of vulnerability. Dividing a network into segments with access controls at each hop can prevent attackers from moving laterally through the network once they gain access. Networks in a Zero Trust environment should also use end-to-end encryption to…
Search
Popular Posts
-
Summary-Describe security, compliance, privacy, and trust in Microsoft 365
Thought experiment In this thought experiment, demonstrate your skills and knowledge of the topics covered in this chapter. You can find the answers to this thought experiment in the next section. Ralph is the Director of the Brooklyn datacenter at Contoso Corp. The company currently has three office buildings in the New York area with…
-
Anticipating threats-Describe security, compliance, privacy, and trust in Microsoft 365
Arguably, the most difficult part of the risk management planning process is trying to anticipate all the possible threats that could afflict the company’s data in the future. The three basic risk factors for the data—confidentiality, integrity, and availability—can be exploited in any number of specific ways, but the general threat categories are listed in…
-
Classifying users-Describe security, compliance, privacy, and trust in Microsoft 365
The third element of the digital estate that must be considered when creating a risk management plan is the people who actually access the data. Whether deliberately or inadvertently, users are a constant vulnerability—if not an actual threat—to the organization’s data. After quantifying the organization’s information assets and their value and inventorying the hardware used…