This article is contributed. See the original author and article here.

 

Introduction 

 

My name is John Barbare and I am a Sr Customer Engineer at Microsoft focusing on all things in the Cybersecurity space. Welcome to another customer offering article to inform you about the newest threats and what protective measures from Microsoft you can utilizeIn this article, we will present Premier Services Offerings around Modern Workplace Threat Protection. 

 

Offering Overview 

 

With the rise in Ransomware attacks and increased focus around threats facing small to large scale enterprises, we decided to take two customer offerings and combine them into one. We took the Proactive Operations Program: Protecting Against Ransomware and merged it with Modern Workplace Threat Protection to give the best overview of all the different types of attacks that enterprises are facing and include the entire M365 security stack to protect, detect, and prevent these attacks into a combined fourday customer offering. With this new update, we were able to provide a fourday customer offering to meet and exceed customer expectations.  

 

Security: Modern Workplace Threat Protection - FundamentalsSecurity: Modern Workplace Threat Protection – Fundamentals

 

What’s Included 

 

The content of this offering is a mix of education, governance, administration, and security best practices at the L200-L300 level which focuses on the breadth of the M365 security stack.  

 

Modern Workplace Threat Protection is four day engagement where you will learn about modern threat protection components and security technologies, evaluate the features and functionality, and get started in deploying in a Proof of Concept environment wherever feasibleIt will also expand your understand of how different types of malware, Zero Days, and Ransomware attacks are carried out and gain improved insights into protecting, detecting, and securing your environment and users against these destructive threat measures. 

 

Ransomware attacks are on the riseRansomware attacks are on the rise

 

Areas Covered 

 

The below sections are covered in detail throughout the fourday offering and expand on each objective to maximize your understanding of each topic and focus area. Deployment methods in the offering cover Group Policy, Microsoft Endpoint Configuration Manager, and Intune.

 

Ransomware and Dark Market Overview – Objectives focus on Ransomware background, enterprise Ransomware mitigations, trends and observations, keprinciples, and the different methods Microsoft can help with. 

AppLocker & Application Control – Objectives focus on AppLocker overview and Application Whitelisting, prerequisitesrulesPowerShell, event logs, troubleshootingWindows Defender Application Control and overviewand Application Control Deployment. 

Windows Defender Exploit Guard & Application Guard – Objectives focus on Exploit Guard Overview, components, setup and deploymentApplication Guard overview, the anatomy of an attack and containment, and Application Guard setup and deployment. 

Windows Defender Antivirus – Objectives focus on benefits & unique optics of Windows Defender Antivirus (AV), the evolving threat landscape & the role of cloud-based protection, what’s on your computer – the Windows Defender AV endpoint, Windows Defender AV Block at First Sight, and behind the scenes of using the Potential Unwanted Application feature.  

Securing Privileged Access  Objectives focus on a detailed overview ovirtualizationbased security, Credential GuardRemote Credential Guard, and using Restricted Admin modes. 

Code Signing & Macro Controls – Objectives focus on code signing, the importance of code signing, code signing certificates, and how the signing process works. 

Advanced Threat Protection – Objectives focus on the overview of the current threat landscape and how it can impact your environmentDeep dives go into using Microsoft Defender Advanced Threat Protection (ATP), Office ATPAzure ATP, and the new Microsoft Threat Protection to showcase the latest and best technologies Microsoft is keeping its customers and employees safe.  
End user, Phishing & Social Engineering – Objectives focus on social engineering, phishing attacks, spear phishing, using the O365 attack simulator, and overall end user education.  

Hardening Basics, Disabling Legacy Protocols, Security Update Management, & Data Backup – Objectives focus on the importance of software updates, hardening basics, using Microsoft security baselines, disabling legacy protocols, and the importance of backups and recovery methods if an attack does occur.  

 

Hands on/Implementation 

 

During this offering there are multiple hands on exercises to use in a Microsoft demo tenant, your own environment, or implement in a proof of concept to deployed later after testing. The following areas are listed below: 

 

•AppLocker 

•Exploit Guard and Application Guard 

•Virtualization Based Security 

•Macro Controls 

•Windows Defender Antivirus 

•Microsoft Defender ATP 

•Office ATP 

•Microsoft Threat Protection 

•Phishing attacks and Social Engineering -Prevention 

•Backups -Azure Backup 

 

Delivery model 

 

The delivery model is designed to be an educational offering covering threat protection technologies within the Modern Workplace including identityaccess management, and endpoint security. Proof of Concept pilot enablement of key scoped Windows Defender endpoint defenses. 

 

Key Personnel For this Offering 

 

Within your organization, any Business Decision Makers/Key StakeholdersIT/Security/Networking staff and managementSecOps, Cyber Analysts, Red Team, Blue Team, or any internal Cybersecurity staff that would assist in implementing and using these security technologies detailed in this offering. Other members of the IT organization that will be engaged as needed in each technology and threat protection area as needed.  

 

Conclusion 

 

Cybersecurity and threat protection are a topic that is being discussed daily with all clients that Microsoft has and also with future clients. Since there is no single product that can fix everything with one click and every client’s environment is unique, Modern Workplace Threat Protection addresses and answers the tough security challenges.   

 

Ann Johnson, Microsoft’s Chief Vice President of Cybersecurity, stated on May 18, 2020 that, “operational resilience cannot be achieved without a true commitment to, and investment in, cyber resilience. We want to help empower every organization on the planet by continuing to share our learnings to help you reach the state where core operations and services won’t be disrupted by geopolitical or socioeconomic events, natural disasters, or even cyber events. 

 

By selecting this offeringit is a great start to see what Microsoft security features are already in your environment and be able to gain a better understanding around the Microsoft security stack and be ready to deploy and safeguard against the newest threats and attacks 

 

Ask your Microsoft Account Representative, Technical Account Manager (TAM) or Service Delivery Manager (SDM) to reserve a spot and have one of Microsoft’s highly skilled Cybersecurity Customer Engineers deliver this offering to your organization very soon!  

 

Disclaimer 

 

As of this writing, the above modules are in scope, however, they are subject to change as M365 Security offerings and Modern Workplace Threat Protection evolve responding to customers’ feedback. 

 

Credit 

 

Special thanks to the offering team: Paul BergsonJohn BarbareAnderson Moriya da Silva, and Joe Zerafa. 

 

Thanks for reading and have a great Cybersecurity day!   

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

%d bloggers like this: