Introduction to Microsoft Security
If you’ve found this article, then you’re probably one of the many people in the Microsoft network wondering or interested in security regarding your Microsoft Network.
Allot has happened since the release of Windows 10, the launch of Office 365 and the rise or Azure. And even as we speak things keep evolving at an ever-increasing pace.
You as an IT administrator, manager or architect are continuously busy coping with new business demands and trying to come up with new innovative ideas to use Microsoft products to help them.
However, one of the most overlooked and underrated topics is security in Microsoft products.
Microsoft has recognized this feat and has come up with some incredible security features that will not only protect your environment but also give you new insights into your security stack.
To make life a little bit easier, I have taken the liberty of writing this article and give a little bit more insights in allot of the security products Microsoft currently offers to their customers.
So first of all, I would like to point towards the following image. This gives a great overview of the current Microsoft Security Assets alive and kicking today:
As can been seen, Microsoft has divided up their security stack into several areas:
- Cloud & Datacenter
Microsoft has recognized the ever-changing threat landscape and has come up with several solutions, each focusing on one or more of these security areas.
Since allot of these features can fill books worth of content to write about, I shall give an overview of the main characteristics in the following chapters.
This Article will be written in a series of articles. This one will focus on the Data and Cloud & datacenter part. In the next upcoming parts, the other areas shall make their introduction.
First, I would like to give and overview of the offerings that protect the data stack of a company. In allot of companies, data is one of their most valuable assets.
Currently the data stack is made up out of two components. Namely:
- Azure Information Protection (AIP)
- Azure Rights Management (ARM)
Azure Information Protection
- Azure Information Protection can control and help secure email, documents, and sensitive data that you share outside your company
- No matter where it’s stored or who it’s shared with
- This is a part of the Microsoft Enterprise Mobility + Security solution
Azure Rights Management
- This solution is a combination of Information Rights Management (IRM) and Office 365 Message Encryption.
- IRM: policy-based permissions rules
- O365 Message Encryption: send and receive encrypted email
Information Rights Management (IRM)
- Help protect emails against unauthorized access by applying different IRM options to your email messages.
- Enhance the security of your SharePoint libraries by using IRM to set up appropriate permissions.
- Help keep your information safe–online or offline–because your files are protected whether they’re viewed using Office Online or downloaded to a local machine.
- Seamless integration with all Office documents helps guard your organization’s intellectual property.
- Apply custom templates based on your business needs in addition to using default Rights Management Services templates.
Office 365 Message Encryption
- Safely share files in email or Microsoft OneDrive, independent of which mail service the recipient uses.
- Grow your organization’s brand by enhancing the contents of the mail and your users’ experience with your custom logo or disclaimer.
- Strong integration with Exchange transport rules allows you to set up encryption/decryption using a single action.
- The clean Office 365 user interface makes it easier to read, review, respond to encrypted mail.
- Help protect the entire conversation by encrypting an entire email thread without requiring any service subscription for recipients.
Cloud and datacenter stack
Cloud and datacenter stack consists out of the Operations Management Suite (OMS) and Azure Security Center.
For organizations that enable and configure OMS Security, leadership will have a holistic view of their security state—from on-premises to cloud and across Windows and Linux systems.
Operations Management Suite (OMS)
The Operations Management suite (OMS) consist out of the following components:
- Insight & Analytics: Gain Visibility across workloads with access to all the information needed on what’s happening in the environment
- Automation & Control: Enable consistent control and compliance through configuration, update management, and advanced change tracking
- Protection & Recovery: Ensure the availability of important applications and data, and keep critical data protected with integrated cloud backup and site recovery
- Security & Compliance: Drive security across the environment, with sophisticated threat intelligence capabilities, malware detection, and indicators of compromise
By configuring OMS Security and Compliance, organizations can meet the following objectives:
- View the security posture of the organization’s entire environment and quickly identify issues such as missing security updates, outdated antimalware, vulnerable OS configurations, and unusual access or network activity
- Leverage advanced security analytics and Microsoft threat intelligence to detect attacks in near real-time
- Reduce investigation time with built-in threat intelligence and rapid search of the organization’s security data
- Use security data and insights to demonstrate compliance and easily generate evidence for auditors
Azure Security Center (ASC)
The Azure security center is in allot of ways similar to the OMS feature as it includes the following OMS options as well:
- Secure data collection, search, and analysis
- Notable events driven by predefined and custom queries
- Security assessment dashboards, including system update status, antimalware protection state, OS baseline configurations, and identity and access
- Inventory of connected computers
- Advanced threat detection
- Interactive threat intelligence map
However, in addition, the azure security center also offers:
- Security policies to ensure compliance with company and regulatory security standards
- Actionable security recommendations to help mitigate security vulnerabilities
- Automatic discovery and monitoring of new Azure resources
- Additional security assessments for Azure services, including monitoring of VM, network, storage, and SQL configurations
- Adaptive application and just-in-time access controls for Azure virtual machines
- Security incidents and streamlined investigation for rapid threat response
OMS vs ASC
Now when do I use each product? The following provides an overview of the OMS vs ASC feature:
- ASC Is primarily focused on security
- OMS is the “Power BI” for infrastructure engineers
- OMS also relies on input from ASC
As said the article is part of a series. In the next couple of days the next article should be posted. If you have any questions or remarks on this article, please don’t hesitate to contact us!
*All images and information mentioned in this article has been retrieved from Microsoft Technet articles.