WEBVTT 1 00:00:00.080 --> 00:00:04.480 Ever feel like stepping into the digital world is like 2 00:00:04.480 --> 00:00:07.519 like navigating a minefield. I mean, with all the security 3 00:00:07.519 --> 00:00:08.119 threats out there. 4 00:00:08.160 --> 00:00:10.359 Yeah, it's a jungle out there, it really is. 5 00:00:11.160 --> 00:00:13.800 So today we're doing a deep dive into Microsoft three 6 00:00:13.960 --> 00:00:17.879 sixty five security, yeah, using Peter Rising's MS five hundred 7 00:00:17.879 --> 00:00:20.679 exam guide. Yeah, hopefully it'll give us a map to 8 00:00:20.760 --> 00:00:22.760 navigate this crazy digital world. 9 00:00:22.879 --> 00:00:24.920 It's a good one, yeah, a good roadmap. And you 10 00:00:24.960 --> 00:00:27.359 know it's not just for like acing the exam, right, 11 00:00:27.440 --> 00:00:31.239 which is great obviously, but this guide is actually jam 12 00:00:31.280 --> 00:00:34.640 packed with advice that anyone you know, responsible for Microsoft 13 00:00:34.640 --> 00:00:35.920 three sixty five security can. 14 00:00:35.960 --> 00:00:40.039 Use exactly real world practical stuff. So Peter Rising, the author, 15 00:00:40.399 --> 00:00:42.880 he's a pretty big deal right in Microsoft Security. 16 00:00:42.880 --> 00:00:45.479 Oh totally. Yeah, over twenty five years in it. He's 17 00:00:45.479 --> 00:00:47.679 seen it all, and he really knows his stuff. 18 00:00:47.759 --> 00:00:49.039 He's been there, done that, and. 19 00:00:49.000 --> 00:00:53.719 He really emphasizes understanding the why behind the what when 20 00:00:53.799 --> 00:00:55.439 it comes to security, yes. 21 00:00:55.960 --> 00:00:59.240 Which is so important absolutely, because it's not just about 22 00:00:59.320 --> 00:01:02.759 checking boxes. It's about making informed decisions right about why 23 00:01:02.799 --> 00:01:04.719 you're doing things. And so one of the things he 24 00:01:04.760 --> 00:01:07.519 talks about is hybrid identity, yes, which I have to 25 00:01:07.519 --> 00:01:09.120 admit sounds a little intimidating. 26 00:01:09.239 --> 00:01:11.799 It can be a little bit, yeah, but Rising really 27 00:01:11.799 --> 00:01:15.799 breaks it down well. Hybrid identity is basically about managing 28 00:01:15.879 --> 00:01:19.680 those user accounts both on your on premises active directory okay, 29 00:01:20.120 --> 00:01:22.840 and in the cloud with Azure Active Directory. 30 00:01:23.280 --> 00:01:25.879 Okay. So you've got these two separate systems. How do 31 00:01:25.920 --> 00:01:27.319 you make sure they're talking to each other. 32 00:01:27.640 --> 00:01:29.640 That is where directory synchronization comes in. 33 00:01:29.680 --> 00:01:29.959 Okay. 34 00:01:30.000 --> 00:01:33.159 So Azure AD Connect used to be called dursync. That's 35 00:01:33.200 --> 00:01:34.719 the tool that makes the magic happen. 36 00:01:34.840 --> 00:01:35.280 Okay. 37 00:01:35.359 --> 00:01:37.920 It makes sure that your on premises active directory data 38 00:01:38.000 --> 00:01:40.599 it's SYNCD up with Azure ad Okay, so you have 39 00:01:41.040 --> 00:01:44.200 one single source of truth for user identities. 40 00:01:44.239 --> 00:01:46.359 Ah So, no more logging in from your phone and 41 00:01:46.359 --> 00:01:48.400 having to remember a completely different password. 42 00:01:48.599 --> 00:01:52.439 Yeah exactly. It streamlines that user experience. Nice, but it 43 00:01:52.439 --> 00:01:54.439 also makes that security even stronger. 44 00:01:54.760 --> 00:01:58.879 Music to my ears, right. But let's talk about authentication 45 00:01:58.959 --> 00:02:01.640 methods because Rising gets into a few different options. 46 00:02:01.760 --> 00:02:03.879 Yeah he does, and they all have like their own 47 00:02:03.920 --> 00:02:06.840 pros and cass absolutely. So you've got password hash sync. 48 00:02:07.400 --> 00:02:09.960 That one is pretty simple to set up. It basically 49 00:02:09.960 --> 00:02:14.360 sends a secure hash of the user's password to Azure AD. 50 00:02:14.319 --> 00:02:16.879 Okay, so not the actual password, just a scrambled version 51 00:02:16.919 --> 00:02:17.719 of it exactly. 52 00:02:17.840 --> 00:02:20.680 It's efficients, but it might not be the best for 53 00:02:20.960 --> 00:02:23.479 like highly sensitive environments. 54 00:02:23.560 --> 00:02:25.599 So what's the alternative? If you want something a little 55 00:02:25.599 --> 00:02:26.560 more robust. 56 00:02:26.319 --> 00:02:29.360 Then you got passed through authentication. So with this one, 57 00:02:29.560 --> 00:02:32.680 Azure AD checks those log and attempts directly against your 58 00:02:32.680 --> 00:02:33.439 on prem ad. 59 00:02:33.680 --> 00:02:33.800 Oh. 60 00:02:33.800 --> 00:02:37.439 Okay, it's definitely more secure, but it needs a constant 61 00:02:37.439 --> 00:02:39.479 connection to those on premises servers. 62 00:02:39.520 --> 00:02:40.560 The trade off, I guess. 63 00:02:40.759 --> 00:02:44.599 Yeah, you could say that security versus complexity. Yeah, and 64 00:02:44.639 --> 00:02:48.639 then there's federation okay, often using adfs, and that one's 65 00:02:48.680 --> 00:02:51.719 kind of like your on premises AD vouching for the 66 00:02:51.840 --> 00:02:54.400 user to Azure AD. Okay, So it gives you a 67 00:02:54.400 --> 00:02:56.520 lot more control, but it can be trickier to set 68 00:02:56.599 --> 00:02:57.719 up and maintain. 69 00:02:57.639 --> 00:03:01.039 So many options. I know, right, it's clear that picking 70 00:03:01.120 --> 00:03:03.240 the right authentication method is crucial. 71 00:03:03.400 --> 00:03:03.719 It is. 72 00:03:03.960 --> 00:03:07.319 But once you have that figured out, Rising doesn't let 73 00:03:07.400 --> 00:03:08.960 up on those security measures, does he. 74 00:03:09.240 --> 00:03:09.800 No, he does not. 75 00:03:10.439 --> 00:03:13.360 He is all about multi factor authentication. 76 00:03:13.000 --> 00:03:16.159 He is. He calls it non negotiable these days, and honestly, 77 00:03:16.240 --> 00:03:18.800 I gotta agree, Yeah, because even if someone gets your 78 00:03:18.800 --> 00:03:22.919 password with MFA, they still need that second form of 79 00:03:23.039 --> 00:03:24.400 verification to get in it. 80 00:03:24.520 --> 00:03:26.199 Look a pincot they send to your phone, or a 81 00:03:26.199 --> 00:03:27.080 fingerprint scan. 82 00:03:27.000 --> 00:03:30.599 Or something exactly. That extra layer of protection can make 83 00:03:30.680 --> 00:03:33.879 all the difference. Yeah, and it's not just about those 84 00:03:34.080 --> 00:03:38.199 outside threats, you know, it's also about those risks from inside, 85 00:03:38.240 --> 00:03:40.800 like accidental data leaks or internal threats. 86 00:03:40.960 --> 00:03:43.199 Right, Because let's be honest, we've all accidentally sent an 87 00:03:43.240 --> 00:03:44.360 email to the wrong person. 88 00:03:44.439 --> 00:03:46.680 Oh, tell me about it, or clicked on a phishing 89 00:03:46.719 --> 00:03:49.879 link that seemed totally legit at the time. Oh yeah, totally, 90 00:03:50.000 --> 00:03:52.400 which is exactly why Rising's a big fan of self 91 00:03:52.439 --> 00:03:57.680 service password reset. It lets users reset their own password securely, okay, 92 00:03:57.879 --> 00:04:00.840 without having to get it involved every single. 93 00:04:00.599 --> 00:04:03.120 Time, which is good for everybody, all right, less work 94 00:04:03.159 --> 00:04:05.199 for it and less waiting around for. 95 00:04:05.199 --> 00:04:09.000 Users, exactly, everybody wins. But let's get into some of 96 00:04:09.039 --> 00:04:12.520 the more advanced security features, okay that Rising talks about 97 00:04:12.520 --> 00:04:15.759 in the guide. Okay, I think Azure AD identity protection 98 00:04:15.919 --> 00:04:16.720 is really interesting. 99 00:04:16.879 --> 00:04:18.279 I was gonna say that's the one that caught my 100 00:04:18.319 --> 00:04:19.920 eye too. It sounds very high tech. 101 00:04:20.279 --> 00:04:23.040 It sounds like something out of a spy movie. 102 00:04:23.120 --> 00:04:23.519 It does. 103 00:04:23.759 --> 00:04:29.000 It's basically always analyzing user behavior, looking for anything sus 104 00:04:29.360 --> 00:04:32.360 anything that might mean an account's been compromised. 105 00:04:32.399 --> 00:04:35.079 Okay, Like what kinds of things would it flag? 106 00:04:35.240 --> 00:04:37.600 So let's say you're logging in from a new place, okay, 107 00:04:38.079 --> 00:04:41.319 or a bunch of failed log in attempts, or even 108 00:04:41.360 --> 00:04:44.439 like it can tell if your login info has shown 109 00:04:44.519 --> 00:04:45.839 up in a data breach somewhere. 110 00:04:45.959 --> 00:04:49.319 Oh wow, It's like it knows things before you do, right, 111 00:04:49.519 --> 00:04:51.439 So what happens when it does spot something? 112 00:04:51.600 --> 00:04:53.480 That's the cool part. You can set it up to 113 00:04:53.519 --> 00:04:57.600 automatically take action. Okay, So it can block access, force 114 00:04:57.639 --> 00:05:00.879 a password reset, or even make you do extra authentication. 115 00:05:01.160 --> 00:05:03.279 Oh so it's not just telling you something's wrong, it's 116 00:05:03.319 --> 00:05:04.399 actually doing something. 117 00:05:04.199 --> 00:05:06.480 About it exactly. It's proactive security. 118 00:05:06.759 --> 00:05:07.319 I like it. 119 00:05:07.399 --> 00:05:10.759 Then you've got as your advanced threat protection or as 120 00:05:10.800 --> 00:05:14.519 your ATP. That one goes even further, monitoring your network 121 00:05:14.600 --> 00:05:18.279 for those like really sneaky threats, stuff like lateral movement 122 00:05:18.439 --> 00:05:19.839 or like data being taken out. 123 00:05:19.839 --> 00:05:21.480 Okay, hold on, what's lateral movement? 124 00:05:21.600 --> 00:05:24.240 Okay? So imagine someone breaks into your network, right, Lateral 125 00:05:24.319 --> 00:05:26.439 movement is when they try to like sneak around once 126 00:05:26.480 --> 00:05:30.439 they're in looking for valuable data or systems to attack. 127 00:05:30.639 --> 00:05:32.160 Oh so they're like casing the. 128 00:05:32.240 --> 00:05:35.439 Joint basically, and as your ATP, it's designed to catch 129 00:05:35.480 --> 00:05:38.000 them in the act. I see, even if those activities 130 00:05:38.040 --> 00:05:39.279 would normally go unnoticed. 131 00:05:39.399 --> 00:05:41.879 That's good. So that's like our network security guard, right, 132 00:05:42.160 --> 00:05:44.560 keeping an eye on things, right. But what about protecting 133 00:05:44.680 --> 00:05:48.480 the actual devices? Ah? Good, point, not just the network. 134 00:05:48.600 --> 00:05:51.319 That's where Microsoft Defender ATP comes in. 135 00:05:51.600 --> 00:05:52.000 Okay. 136 00:05:52.079 --> 00:05:55.639 It provides that extra layer of security right on the device. 137 00:05:55.759 --> 00:05:56.040 Okay. 138 00:05:56.240 --> 00:06:00.920 It has stuff like anti virus, anti malware, and endpoint 139 00:06:01.000 --> 00:06:03.480 Detection and Response EDR EDR. 140 00:06:03.600 --> 00:06:04.519 What is that exactly? 141 00:06:04.800 --> 00:06:08.319 So EDR it's all about catching and then responding to 142 00:06:08.399 --> 00:06:10.959 threats that got past your other defenses. 143 00:06:11.319 --> 00:06:12.920 So it's like our last line of defense. 144 00:06:13.040 --> 00:06:15.360 You got it, like your security team working right on 145 00:06:15.399 --> 00:06:15.839 the device. 146 00:06:16.040 --> 00:06:16.360 Okay. 147 00:06:16.920 --> 00:06:22.800 And Rising really emphasizes using features like application Guard, application control, 148 00:06:23.160 --> 00:06:24.160 and exploit Guard. 149 00:06:24.279 --> 00:06:24.639 Okay. 150 00:06:24.839 --> 00:06:26.920 They seem like small things, but they can make a 151 00:06:27.040 --> 00:06:27.879 huge difference. 152 00:06:28.000 --> 00:06:30.079 Yeah. Sometimes it's the little things right totally. 153 00:06:30.560 --> 00:06:33.879 For example, application Guard, it basically makes a safe space 154 00:06:33.920 --> 00:06:36.759 for you to browse websites that might be risky oh okay, 155 00:06:36.879 --> 00:06:39.519 so even if you click a bad link, your system 156 00:06:39.560 --> 00:06:40.279 is still safe. 157 00:06:40.399 --> 00:06:42.360 Oh, like a safety net for browsing exactly. 158 00:06:42.399 --> 00:06:45.639 And then there's Application control. That one lets you choose 159 00:06:45.759 --> 00:06:49.240 exactly which apps can run on your devices, okay, and 160 00:06:49.279 --> 00:06:51.560 it blocks everything else. It's a great way to stop 161 00:06:51.600 --> 00:06:53.319 any bad programs from causing problem. 162 00:06:53.399 --> 00:06:55.920 And then there's exploit guard right. That sounds like it's 163 00:06:55.920 --> 00:06:59.160 dealing with those weaknesses in software that hackers are always 164 00:06:59.199 --> 00:07:00.199 trying to take advantage. 165 00:07:00.439 --> 00:07:04.680 Exactly. It's a set of tools that makes it way 166 00:07:04.720 --> 00:07:06.800 harder for attackers to get into your system. 167 00:07:07.160 --> 00:07:09.120 I like it. So it sounds like we've got all 168 00:07:09.160 --> 00:07:13.800 our bases covered almost, from user identity to device security 169 00:07:13.839 --> 00:07:14.720 and everything in between. 170 00:07:14.879 --> 00:07:18.079 Yeah, but Rising doesn't stop there. He also talks about 171 00:07:18.199 --> 00:07:20.240 data loss prevention or DLP. 172 00:07:20.560 --> 00:07:24.399 Oh right, DLP because sometimes it's not hackers, right, it's 173 00:07:24.480 --> 00:07:26.360 just people making mistakes exactly. 174 00:07:26.720 --> 00:07:31.040 DLP can detect things like credit card numbers, social security numbers, 175 00:07:31.079 --> 00:07:34.040 all those sensitive data types, okay, and it stops them 176 00:07:34.040 --> 00:07:36.000 from being shared if they shouldn't be. Oh. 177 00:07:36.079 --> 00:07:38.079 So it's like it's watching over your shoulder and making 178 00:07:38.120 --> 00:07:40.920 sure you don't accidentally send something you should pretty much. 179 00:07:40.959 --> 00:07:43.720 And it's not just about those accidental leaks, Okay. It 180 00:07:43.759 --> 00:07:46.360 also makes sure you're following all those data privacy rules 181 00:07:46.399 --> 00:07:49.800 like GDPR, right, because GDPR is a big deal, huge, 182 00:07:50.319 --> 00:07:53.040 especially for companies working with data from the EU. 183 00:07:53.439 --> 00:07:53.920 Exactly. 184 00:07:54.040 --> 00:07:57.120 Rising actually has a whole section on GDPR. He talks 185 00:07:57.160 --> 00:08:00.480 about how tools like the GDPR dashboard, the tool, and 186 00:08:00.519 --> 00:08:04.160 the Service Trust Portal can really help organizations deal with 187 00:08:04.240 --> 00:08:05.240 those requirements. 188 00:08:05.480 --> 00:08:09.279 So it's all about being responsible with data, not just 189 00:08:09.360 --> 00:08:11.560 protecting it from attacks, exactly. 190 00:08:11.959 --> 00:08:15.120 And then there's E discovery. Okay, might sound a bit technical, 191 00:08:15.160 --> 00:08:18.439 but it's really important for legal and compliance stuff. 192 00:08:18.519 --> 00:08:20.920 Okay, what is E discovery. I'm not really familiar with 193 00:08:20.959 --> 00:08:21.240 that one. 194 00:08:21.319 --> 00:08:24.360 So imagine you're involved in a legal case, okay, and 195 00:08:24.439 --> 00:08:28.560 you need to find every email, document, everything related to 196 00:08:28.600 --> 00:08:30.879 a specific person or topic. 197 00:08:31.160 --> 00:08:31.480 Okay. 198 00:08:31.680 --> 00:08:34.240 E discovery lets you search across all your Microsoft three 199 00:08:34.240 --> 00:08:38.039 sixty five stuff to find exactly what you need really quickly. 200 00:08:38.279 --> 00:08:41.240 So it's like a superpowered search engine for lawyers basically. 201 00:08:41.320 --> 00:08:44.120 Yeah, and it's not just for legal cases, right, you 202 00:08:44.120 --> 00:08:46.840 can use it for internal investigations too or audits. 203 00:08:46.960 --> 00:08:47.679 Oh, very cool. 204 00:08:47.720 --> 00:08:48.600 It's a handy tool. 205 00:08:48.639 --> 00:08:51.200 So Microsoft three sixty five security. That's a lot. 206 00:08:51.320 --> 00:08:53.240 It is more than meets the eye, right. 207 00:08:53.240 --> 00:08:55.360 Yeah, there's so many different aspects to it. 208 00:08:55.399 --> 00:08:57.879 There are it's like peeling back layers of an onion. 209 00:08:58.120 --> 00:09:00.679 But I think there's a common thread here. It's not 210 00:09:00.759 --> 00:09:02.799 a set and forget it kind of thing. You got 211 00:09:02.799 --> 00:09:06.399 to be on it constantly, monitoring, adapting, staying ahead of 212 00:09:06.440 --> 00:09:06.879 the bad guy. 213 00:09:07.000 --> 00:09:08.519 Always be one step ahead. 214 00:09:08.559 --> 00:09:12.399 Exactly because those threats they're always changing, and so should 215 00:09:12.440 --> 00:09:13.120 your defenses. 216 00:09:13.279 --> 00:09:15.159 So it's a journey, not a destination exactly. 217 00:09:15.200 --> 00:09:16.679 You got to keep moving or you'll get. 218 00:09:16.600 --> 00:09:20.320 Left behind, right, And the bad guys are not slowing down, No. 219 00:09:20.279 --> 00:09:22.879 They are not. One thing I really like about Rising's 220 00:09:22.879 --> 00:09:26.279 approach he doesn't get all technical on you. Yeah, you know, 221 00:09:26.639 --> 00:09:28.879 he explains things in a way that makes sense even 222 00:09:28.879 --> 00:09:31.480 if you're not like a cybersecurity pro. 223 00:09:31.600 --> 00:09:34.600 Exactly, because at the end of the day, security is 224 00:09:34.600 --> 00:09:35.279 everybody's job. 225 00:09:35.399 --> 00:09:37.840 Everybody's not just the IT department, right. 226 00:09:37.840 --> 00:09:39.440 It's like everybody's got to do their part. 227 00:09:39.639 --> 00:09:41.399 And you know something that really surprised me. 228 00:09:41.919 --> 00:09:42.279 What's that? 229 00:09:42.519 --> 00:09:46.639 Just the sheer number of apps in the Microsoft app catalog. 230 00:09:46.879 --> 00:09:48.879 Oh yeah, how many are we talking. 231 00:09:48.759 --> 00:09:51.759 Over sixteen thousand. You're kidding, it's crazy. 232 00:09:51.919 --> 00:09:53.039 That is a lot of apps. 233 00:09:53.200 --> 00:09:55.159 It's a lot of potential ways for things to go 234 00:09:55.279 --> 00:09:56.720 wrong if you're not careful. 235 00:09:57.039 --> 00:09:59.960 Yeah, for sure, more apps, more problems. 236 00:10:00.080 --> 00:10:02.679 Pretty much, it's like having a million doors to your house, 237 00:10:02.919 --> 00:10:05.159 you know. Yeah, you got to make sure they all lock. 238 00:10:05.440 --> 00:10:07.240 Yeah, that's a good point, which. 239 00:10:07.039 --> 00:10:10.360 Is why Rising talks about cloud app security. It's all 240 00:10:10.399 --> 00:10:13.360 about knowing what apps your users are accessing in the 241 00:10:13.399 --> 00:10:14.960 cloud and how to manage them. 242 00:10:15.080 --> 00:10:18.120 So it's like having a security guard for the cloud exactly. 243 00:10:18.600 --> 00:10:20.840 You can check out each app, see how risky it is, 244 00:10:20.919 --> 00:10:23.360 set some rules for how to use it, even block 245 00:10:23.399 --> 00:10:24.039 the bad ones. 246 00:10:24.240 --> 00:10:27.080 I like it sounds like Rising's guide is pretty comprehensive. 247 00:10:27.120 --> 00:10:27.879 It's really good. 248 00:10:28.080 --> 00:10:30.480 If our listeners could take away just one thing from 249 00:10:30.480 --> 00:10:33.120 our little deep dive here, what would you want that 250 00:10:33.159 --> 00:10:33.360 to be? 251 00:10:33.720 --> 00:10:36.360 That security? It's not a one and done deal, Okay, 252 00:10:36.399 --> 00:10:39.039 It's got to be an ongoing thing, right, Always adapting, 253 00:10:39.200 --> 00:10:41.600 always learning, always stay in one step ahead. 254 00:10:41.679 --> 00:10:44.159 So no matter how secure you think you are, don't 255 00:10:44.159 --> 00:10:44.919 get complacent. 256 00:10:45.240 --> 00:10:49.720 Exactly, never stop learning, never stop questioning, and never ever 257 00:10:49.759 --> 00:10:51.120 stop testing your defenses. 258 00:10:51.519 --> 00:10:54.000 Wise words and that brings us to the end of 259 00:10:54.039 --> 00:10:57.759 our deep dive into Microsoft three sixty five security. We 260 00:10:57.879 --> 00:11:02.799 covered a lot today hybrid identity, multi factor authentication, data 261 00:11:02.879 --> 00:11:06.120 loss prevention, e discovery. Wow, I feel like I need 262 00:11:06.159 --> 00:11:08.679 to nap me too. Hopefully you're walking away feeling a 263 00:11:08.679 --> 00:11:11.320 little more confident, a little more prepared to tackle your 264 00:11:11.399 --> 00:11:12.600 organization's security. 265 00:11:12.799 --> 00:11:15.799 Absolutely, and if you're looking for a complete guide to 266 00:11:15.879 --> 00:11:18.600 walk you through it all, I highly recommend checking out 267 00:11:18.639 --> 00:11:23.279 Peter Rising's book Microsoft three sixty five Security Administration MS 268 00:11:23.320 --> 00:11:25.960 five hundred Exam Guide. It's a mouthful, it is, but 269 00:11:26.000 --> 00:11:28.399 it's worth it. It's a must read. If you're serious 270 00:11:28.440 --> 00:11:30.679 about keeping your data safe, consider. 271 00:11:30.360 --> 00:11:35.000 It your security bible, and remember knowledge is power, Stay informed, 272 00:11:35.320 --> 00:11:37.000 stay aware, and stay safe. 273 00:11:37.000 --> 00:11:38.600 Out there could have said it better myself.