Microsoft 365 Security and Compliance for Administrators: A definitive guide to planning, implementing, and maintaining Microsoft 365 security posture

Cover....1

Title Page....2

Copyright and Credits....3

Contributors....5

Table of Contents....8

Preface....14

Part 1: Introduction to Microsoft 365....20

Chapter 1: Getting Started with Microsoft 365 Security and Compliance....22

Technical requirements....22

Introduction to Microsoft 365 offers, plans, and licenses....23

Microsoft 365 plans and components....24

Microsoft 365 licensing....36

Introduction to Microsoft 365 security....38

Introduction to Microsoft 365 compliance....43

Summary....45

Chapter 2: The Role of Microsoft Entra ID in Microsoft 365 Security....46

Technical requirements....47

Microsoft Entra ID plans and features....47

Microsoft Entra ID roles and groups....53

Azure roles, or Azure RBAC roles....55

Microsoft Entra ID roles....55

Classic roles....58

Microsoft 365 roles in Microsoft Entra ID....58

Best practices for roles....61

Microsoft 365 groups....62

Microsoft Entra ID Protection....65

Summary....68

Part 2: Microsoft 365 Security....70

Chapter 3: Microsoft Defender for Office 365....72

Technical requirements....73

Getting started with Microsoft Defender for Office 365....74

Protecting assets with Microsoft Defender for Office 365....81

Quarantine policy....81

Anti-phishing....84

Anti-spam....88

Anti-malware....92

Safe Attachment....95

Safe Links....97

Rules....99

Attack simulation training....100

Responding to alerts and mitigating threats....104

Summary....106

Chapter 4: Microsoft Defender for Endpoint....108

Introducing Microsoft Defender for Endpoint....108

Technical and license requirements....110

Configuring Microsoft Defender for Endpoint....112

Microsoft Defender Vulnerability Management dashboard....114

Microsoft Defender for Endpoint Device inventory....116

Windows devices....117

Configuring advanced features in Microsoft Defender for Endpoint....121

Security recommendations....123

The Microsoft Defender for Endpoint configuration management dashboard....125

Microsoft Defender for Endpoint Tutorials & simulations....127

Microsoft Defender for Endpoint Co-management Authority....136

Configuring a compliance policy for Windows devices....140

Configuring a configuration profile for Windows devices....140

Windows 365....141

Enrollment device platform restrictions....141

Enrollment device limit restrictions....144

Configuring quality updates for Windows 10 and later in Intune....145

How to create a profile for update policies for iOS/iPadOS in Intune....146

How to create a profile for update policies for macOS in the Intune portal....148

How to create app protection policies in the Microsoft Intune admin portal....149

How to create app configuration policies....156

How to create policies for Office apps in the Intune admin portal....157

Endpoint Security....158

Creating a profile for a security baseline for Windows 10 and later....160

Creating a Microsoft Defender for Endpoint baseline....162

Creating a Microsoft Edge baseline....162

Creating a Windows 365 security baseline....164

Managing and creating different policies under Endpoint Security....166

Configuring an antivirus policy in the Intune portal....167

Configuring disk encryption....171

Configuring a firewall policy....173

Setting up endpoint detection and response....174

Configuring attack surface reduction....176

Configuring account protection....177

Configuring device compliance....178

Configuring Conditional Access policies....179

Summary....182

Chapter 5: Getting Started with Microsoft Purview....184

About Microsoft Purview....184

How it works…....185

Benefits....185

Technical and license requirements....186

Configuring Microsoft Purview....188

Compliance Score....188

Classifiers in Microsoft 365 Purview....202

Configuring sensitive info types....203

Configuring content explorer....209

Content search....211

Streamlining data discovery....211

Enhancing data governance and compliance....212

Independence and objectivity....213

Regulatory oversight and accountability....213

Risk mitigation and control....213

A comprehensive compliance oversight....213

Collaboration and cross-functional alignment....213

Data loss prevention....220

Endpoint DLP settings....225

Summary....227

Chapter 6: Microsoft Defender for Cloud Apps....230

Introducing Microsoft Defender for Cloud Apps....231

Discovering shadow IT with Microsoft Defender for Cloud Apps....231

Discovering and managing shadow IT in Microsoft Defender for Cloud Apps....232

Technical and license requirements....233

Configuring Microsoft Defender for Cloud Apps....234

Managing OAuth applications with Microsoft Defender for Cloud Apps....247

Managing files in Microsoft Defender for Cloud Apps....253

Managing the activity log in Microsoft Defender for Cloud Apps....259

Governance log....263

Microsoft Defender for Cloud Apps policies....265

Summary....269

Chapter 7: Microsoft Defender Vulnerability Management....272

Getting started with Microsoft Defender Vulnerability Management....273

Microsoft Defender Vulnerability Management licensing and technical requirements....273

Key features and capabilities....273

Benefits of using the Vulnerability Management dashboard....274

Permissions....276

Recommendations and remediation....286

Security recommendations....286

Remediation tasks in Microsoft Intune....290

Remediation....291

Inventories and weaknesses....293

Inventories....293

Weaknesses....295

Summary....297

Chapter 8: Microsoft Defender for Identity....298

Introducing Microsoft Defender for Identity....299

Technical and license requirements....300

Configuring Microsoft Defender for Identity....302

Configuring sensors for Microsoft Defender for Identity....305

Entity tags....309

Working with detection rules....311

Configuring Microsoft Defender for Identity and Microsoft Sentinel....317

Summary....327

Part 3: Microsoft 365 Governance and Compliance....328

Chapter 9: Microsoft Purview Insider Risk Management....330

Technical requirements....331

Insider Risk Management....331

Initial setup....332

Resolving insider risk cases....338

Information barriers and access management....347

Microsoft Purview IB requirements....347

Communication Compliance....350

Summary....354

Further readings....354

Chapter 10: Microsoft Purview Information Protection....356

About Microsoft Purview Information Protection....356

Data classification....360

Configuring Information Protection....362

Information Protection....362

Publishing label policies....373

Information Protection scanner....375

Installing the Microsoft Purview Information Protection scanner....382

Summary....382

Chapter 11: Understanding the Lifecycle of Auditing and Records....384

Getting started with the lifecycle of auditing and records....384

The lifecycle of audits and records in Microsoft 365....385

Microsoft Purview Records Management....386

Microsoft data lifecycle management....391

Creating retention policies....392

Creating and publishing labels....395

Records management....397

eDiscovery and data holds....401

Configuring eDiscovery Standard and Premium....406

Creating and configuring eDiscovery premium cases....411

Auditing and alerts....413

Summary....416

Index....418

Other Books You May Enjoy....429

In today's hostile cyber landscape, securing data and complying with regulations is paramount for individuals, businesses, and organizations alike. Learn how Microsoft 365 Security and Compliance offers powerful tools to protect sensitive data and defend against evolving cyber threats with this comprehensive guide for administrators.

Starting with an introduction to Microsoft 365 plans and essential compliance and security features, this book delves into the role of Azure Active Directory in Microsoft 365, laying the groundwork for a robust security framework. You'll then advance to exploring the complete range of Microsoft 365 Defender security products, their coverage, and unique protection services to combat evolving threats.

From threat mitigation strategies to governance and compliance best practices, you'll gain invaluable insights into classifying and protecting data while mastering crucial data lifecycle capabilities in Microsoft 365.

By the end of this book, you'll be able to elevate the security and compliance posture of your organization significantly.

What you will learn

• Maintain your Microsoft 365 security and compliance posture
• Plan and implement security strategies
• Manage data retention and lifecycle
• Protect endpoints and respond to incidents manually and automatically
• Implement, manage, and monitor security and compliance solutions
• Leverage Microsoft Purview to address risk and compliance challenges
• Understand Azure Active Directory's role in Microsoft 365 Security

Who this book is for

This book is for security professionals, security administrators, and security responders looking to increase their knowledge and technical depth when it comes to Microsoft 365 security and compliance solutions and features. However, anyone aiming to enhance their security and compliance posture within the Microsoft 365 environment will find this book useful. Familiarity with fundamental Microsoft 365 concepts and navigating and accessing portals, along with basic Microsoft 365 administration experience is assumed.