- The fundamental principles of a Zero Trust environment are verify explicitly, use least-privilege access, and assume breach.
- Microsoft 365 includes security technologies divided into four areas: Security Management, Identity-Based Protection, Information Protection, and Threat Protection.
- An identity is a logical representation of a user in a network environment. To users, an identity is a name they type to sign in to the network. To administrators, an identity is a collection of attributes associated with a particular individual.
- A hybrid identity is an account that exists in a cloud-based directory service such as Entra ID and an on-premises directory service such as Active Directory.
- There are three basic means of authenticating an individual’s identity. The individual must supply one or more of the following: something you know, something you are, or something you have. Multifactor authentication requires two or more of these.
- The process of creating a security plan for an enterprise is known as risk management.
- Unified endpoint management (UEM) is a management platform that can work with both on-premises and cloud-based devices and be extendable to include new technologies as they develop, such as the Internet of Things (IoT).
- To achieve a true Unified Endpoint Management solution with Microsoft products, a combination of Microsoft Intune and Configuration Manager is needed in an arrangement called co-management.
- The Microsoft Defender applications (Defender for Endpoint, Defender for Office 365, Defender for Identity, and Defender for Cloud Apps) all exchange information with the central Microsoft 365 Defender engine.
- Microsoft Sentinel is a combined SIEM and SOAR product that provides an overall view of an enterprise network’s security posture and can automatically remediate common security problems when detected.
- The Service Trust Portal (STP) is a central storehouse for information about cloud trust and standards compliance issues.
- Microsoft Purview is a combined data risk, compliance, and governance tool and the interface to features such as security auditing and eDiscovery.
Thought experiment
In this thought experiment, demonstrate your skills and knowledge of the topics covered in this chapter. You can find the answers to this thought experiment in the next section.
Ralph is the Director of the Brooklyn datacenter at Contoso Corp. The company currently has three office buildings in the New York area with 600 users. There are datacenters in all three buildings, all based on Microsoft server products and managed using Microsoft Configuration Manager. The three datacenters are jammed with equipment and have no room for further expansion. Ralph is convinced that it would be better for the company to expand into the cloud and purchase Microsoft 365 subscriptions for the 600 users rather than purchase an additional property and build a fourth datacenter from scratch.
With the cost of real estate and construction in New York being what it is, the financial aspect of a cloud expansion is amenable to the company. However, there is still significant opposition to Ralph’s proposal from the other two datacenter directors and the chief technology officer:
None of the IT management staff—including Ralph—has much experience with cloud technologies.
Some fear that storing company data in the cloud will not be secure.
There are concerns that the performance of the company’s customer portal—a catalog database that took a great deal of effort to develop—will suffer because of cloud service downtime and Internet latency issues.
Ralph must prepare a presentation that promotes his cloud project and addresses these three concerns. Using what you have learned about cloud service trust and deployment issues, propose a solution for each of the three concerns Ralph must address in his presentation.
Thought experiment answer
Ralph can address the concerns of the other directors and the CTO in the following ways:
Microsoft’s FastTrack program is designed to provide free support for new cloud subscribers during their infrastructure design and implementation processes and ongoing support for the management staff.
Microsoft 365 includes tools such as Entra ID Protection, Azure Information Protection, and Microsoft Defender for Office 365 that enable administrators to protect user identities and elevate the security of the company data stored in the cloud based on its sensitivity.
Microsoft contracts include a service level agreement guaranteeing 99.9 percent uptime. The Microsoft 365 deployment process also includes a networking phase in which the company evaluates its Internet access infrastructure to ensure that all Microsoft 365 clients and administrators have sufficient Internet connectivity to regularly access the cloud resources they require.
Leave a Reply