وبلاگ بلیان

تأمین امنیت Office 365: طراحی MDM و انطباق در ابر

Securing Office 365 : masterminding MDM and compliance in the cloud

معرفی کتاب «تأمین امنیت Office 365: طراحی MDM و انطباق در ابر» (با عنوان لاتین Securing Office 365 : masterminding MDM and compliance in the cloud) نوشتهٔ Matthew A. Katzer، منتشرشده توسط نشر Apress : Imprint: Apress در سال 2018. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.

Understand common security pitfalls and discover weak points in your organization's data security, and what you can do to combat them. This book includes the best approaches to managing mobile devices both on your local network and outside the office. Data breaches, compliance fines, and distribution of personally identifiable information (PII) without encryption or safeguards place businesses of all types at risk. In today's electronic world, you must have a secure digital footprint that is based on business processes that are designed to protect information. This book is written for business owners, chief information security officers (CISO), and IT managers who want to securely configure Office 365. You will follow the Microsoft cybersecurity road map through a progressive tutorial on how to configure the security services in Office 365 to protect and manage your business. What You'll Learn Manage security with the Azure Security Center and the Office 365 Compliance Center Configure information protection for document and electronic communications Monitor security for your business in the cloud Understand Mobile Application Management (MAM) and Mobile Device Management (MDM) Prevent data loss in Office 365 Configure and manage the compliance manager tools for NIST and GDPR Who This Book Is For IT managers and compliance and cybersecurity officers who have responsibility for compliance and data security in their business Table of Contents......Page 5 About the Author......Page 12 About the Technical Review ......Page 13 Acknowledgments......Page 14 Introduction......Page 15 Chapter 1: Why Security and Compliance?......Page 19 Compliance and Security Are a Mind-Set......Page 20 General Data Protection Regulation and Privacy Policies......Page 29 Personal Privacy and Individual Rights......Page 32 Controls and Notifications......Page 33 Transparent Privacy Policies with Data Management......Page 34 GDPR Next Steps......Page 35 Microsoft Trusted Cloud......Page 36 Exchange E-mail Gateway/Advanced Threat Protection......Page 37 Windows 10 Defender Advanced Threat Protection......Page 38 Cloud App Security......Page 41 Azure Identity Protection......Page 42 Azure Security Center......Page 44 Cloud based Advanced Threat Protection for endpoints......Page 45 Azure Log Analytics Suite......Page 46 Mobile Device Management and the Enterprise Mobility + Security Suite......Page 47 Microsoft Secure Score......Page 49 Typical Security Offerings......Page 50 Fortress: Proactive Security Class......Page 53 Secure & Compliance Center......Page 55 Summary......Page 57 Next Steps......Page 58 Reference Links......Page 59 Chapter 2: Azure and Office 365 Security......Page 60 Microsoft 365 Security and Azure Subscriptions......Page 66 Microsoft 365 Enterprise E5......Page 68 What Does Microsoft 365 E5 Contain?......Page 70 Microsoft 365 Enterprise F1......Page 71 Microsoft 365 Business......Page 73 Azure CSP Subscription......Page 74 Flat price IT Services......Page 75 Azure Security Configuration......Page 77 Building Out the Azure Security Services......Page 78 Step 1: Log in to Office 365 and Select Azure Active Directory......Page 79 Step 3: Create a Resource in the Azure Portal......Page 80 Step 4: Set Up the Log Analytics Resource......Page 83 Step 5: Setting up Log Analytics......Page 84 Step 6: Configure Log Analytics......Page 85 Step 7: Deploy the Windows Collection Agent on Desktop System......Page 87 Step 8: Load the Azure Security Center......Page 89 Step 9: Upgrade the Azure Security Center......Page 90 Step 10: Change the Data Configuration......Page 91 Data Collection Options......Page 92 E-mail Notifications......Page 93 Configuring Log Analytics: Payment Tier......Page 94 Configuring Log Analytics: Data Collection......Page 95 Step 11: Adding Azure Active Directory Identity Monitoring......Page 96 Deploying Azure AD Identity Protection......Page 98 Step 12: Adding Azure Advanced Threat Protection (optional)......Page 100 Azure Security Services Checklist......Page 102 Office 365 Security & Compliance Center......Page 104 Cloud Security Policy Setup......Page 107 Summary......Page 112 Reference Links......Page 113 Chapter 3: Microsoft Secure Score......Page 114 Security & Compliance Center......Page 120 Deploying the Windows Security Center......Page 125 Installing Windows Advanced Threat Protection......Page 126 Step 1: Log In to securitycenter.windows.com......Page 127 Step 2: Set Up the Data Repository......Page 128 Step 3: Set Up Data Retention Preferences......Page 129 Step 4: Set Up the Organization’s Data Size......Page 130 Step 5: Identify the Organization Type......Page 131 Step 6: Click Preview and Set Up the Cloud Instance......Page 132 Step 7: Download the Client Software......Page 133 Step 8: Download the Client Software for Azure Log Analytics......Page 134 Step 9: Configure the Windows 10 Environment......Page 137 Reviewing Windows Security Center Settings......Page 141 Office 365 Secure Score......Page 143 Comparison Score......Page 144 Microsoft Secure Score Target......Page 146 Increasing the Microsoft Secure Score......Page 149 Score Analyzer and Next Steps......Page 150 Compliance Manager......Page 152 Next Steps......Page 155 Step 2: Engage with a Licensing/Compliance Partner......Page 156 Step 3: Complete the Assessment......Page 157 Retrieving the Commercial ID for Windows 10 Devices......Page 158 Step 1: Select Log Analytics and Update Management......Page 159 Deploying the Commercial ID on Windows 10 Using Local Policy......Page 160 Step 2: Expand Data Collection and Preview Builds......Page 161 Step 3: Expand Telemetry......Page 162 Step 4: Enter the Commercial ID and Enable Upload......Page 163 Setting Custom OMA-URI Settings for Microsoft Intune......Page 164 Deploying DMARC/DKIM......Page 167 Step 1: Configure SPF Records......Page 168 Step 2: Publish Two CNAMEs for Records in Your Custom Domain......Page 169 Using Azure Advisor......Page 171 Next Steps......Page 172 Reference Links......Page 173 Chapter 4: Deploying Identity Management with EMS......Page 174 What Is EMS?......Page 175 Step 1: Adding Azure AD Privileged Identity Management......Page 178 Step 2: Verifying Your Identity......Page 181 Step 3: Set Up PIM......Page 183 Step 4: Configure the Initial Role......Page 185 Adding the Azure AD Identity Protection......Page 187 Step 1: Installing Azure AD Identity Protection......Page 188 Step 2: Setting Alerts in Azure Identity Protection......Page 190 Step 3: Setting Up a Weekly Digest in Azure Identity Protection......Page 191 Step 4: Configure the Risk Policy......Page 192 Azure Information Protection......Page 194 Step 1: Install Information Protection......Page 195 Step 2: Define Additional Label Classification......Page 200 Step 3: Applying the Document Classification Globally......Page 204 Step 4: Downloading the Document Classification Tool......Page 205 Step 5: Enabling the RMS Tracking Service......Page 207 Step 6: Test the Document Classification Service......Page 209 Additional Configuration......Page 211 Password Smart Lock Protection......Page 212 Adding Office 365 E-mail Encryption......Page 213 Step 1: Setting Up the Office 365 Rights Management Service......Page 216 Step 2: Enable Azure Information Protection......Page 217 Step 3: (Optional) Configure the Automatic Encryption Rules for HIPAA and PII......Page 218 Step 4: Customize the E-mail Encryption Service for Your Business......Page 223 Step 5: Download the AIP Client......Page 226 Configuring Manual Encryption for Confidential Documents (Legacy)......Page 227 Step 2: Enter the Name for the Rule ManualEncryptEmail, and Select the Conditions of the Rule......Page 228 Step 3: Add the Encryption Rule Actions......Page 229 Step 4: Test the E-mail, and Use Outlook to Send an E-mail......Page 231 Summary......Page 232 References......Page 233 Chapter 5: Mobile Device Management with EMS......Page 235 EMS: Managing Mobile Productivity......Page 238 Microsoft Intune vs. System Center......Page 243 Getting Started with Microsoft Mobile Device Management......Page 244 Deploying Multifactor Authentication......Page 246 Step 1: Enable Azure Password Self-Service Reset......Page 247 Step 2: Enable Access to the App......Page 248 Step 3: Register the User Accounts......Page 250 Step 4: Set an Authenticator App......Page 251 Step 5: Test MFA for Deployment......Page 252 Name Location 1: Create a Name Location......Page 253 Name Location 2: Set Up US as a Name Location......Page 254 Policy 1: Assign a Policy Name......Page 256 Policy 2: Assign the Users......Page 257 Policy 3: Select the Cloud Apps......Page 258 Policy 4: Select the Conditions: Device Platforms......Page 259 Policy 4: Select the Conditions: Locations......Page 260 Policy 5: Select the Conditions: Device Platforms......Page 261 Step 1: Set Up Deployment Groups......Page 263 Step 3: Set Up the Intune MDM Authority......Page 266 Step 4: Configure the Mobility (MDM and MAM) Enrollment URLs......Page 267 Step 5: Enable the Office Update Policy......Page 269 Step 6: Enable the Windows Update Ring......Page 272 Step 7: Test for Compliance......Page 273 Mobile Application and Mobile Device Management......Page 274 Simple Intune Deployment: Mobile Application Management......Page 276 Step 1: Set the MAM Deployment Rules......Page 278 Policy 1: Add the Windows 10 Application Policy......Page 279 Policy 3: Select the Windows 10 Apps You Want to Deploy......Page 280 Policy 4: Configure Windows Information Protection......Page 282 Policy 5: Set the Windows 10 Advanced Settings......Page 283 Step 3: Set Up a Windows 10 Application Policy for MAM with Enrollment......Page 285 Policy 2: Add the Office Pro Plus Exception......Page 286 Policy 3: Configure Windows Information Protection......Page 287 Policy 4: Configure the Advanced Settings......Page 288 Step 4: Set Up an iOS Application Policy for MAM......Page 289 Step 5: Set Up an Android Application Policy for MAM......Page 292 Step 6: Set Up a Default Compliance Policy......Page 295 Policy 1: Set Up a Policy for All Users......Page 296 Policy 3: Create the Conditions for the Compliance Status......Page 297 Policy 4: Set the Access Controls......Page 299 Policy 5: Set the Session Controls......Page 300 Policy 5: Enable the Policy......Page 301 Policy 1: Enable the Exchange Active Sync Connector......Page 303 Policy 2: Set the Notification to the End User That E-mail Is Being Blocked......Page 305 Policy 3: Block E-mail to Nonmanaged Devices......Page 307 Step 8: Test the Changes in the New Policy......Page 308 MAM and WIP Setup Is Complete......Page 309 Compliant Intune Deployment: Mobile Device Management......Page 310 Device Enrollment......Page 312 Step 1: Sign Up for an Apple Push Certificate......Page 314 Step 2: Sign Up for Google at Work......Page 316 Step 4: Set Up the Terms and Conditions......Page 318 Device Compliance......Page 319 Step 1: Create a New iOS Policy......Page 320 Step 3: Create the Three Other Policy Groups and Assign the Test User Group......Page 321 Step 4: Set Up the Compliance Policy......Page 322 Device Configuration......Page 323 Devices......Page 325 Client Apps......Page 327 Making Android Apps Available......Page 328 Load Apps for the Company Portal Management......Page 330 Conditional Access......Page 333 Deploying MDM......Page 334 Additional Configuration......Page 338 Using Dynamics Groups......Page 339 Step 1: Set Up a Dynamic Device Group: iOS......Page 340 Step 2: Set Up a Dynamic User Group: Service......Page 341 Step1: Add a New Office Deployment Group......Page 343 Step 2: Verify That the New Office Software Has Been Installed......Page 348 Software Updates: Windows 10 Update Rings......Page 350 Step 1: Set Up the Software Update Rings......Page 351 Legacy: Password Multifactor Authentication......Page 354 Step 1: Enable the Users......Page 357 Step 2: Set Up User Credentials......Page 358 Step 3: Authenticate Smartphones......Page 359 Summary......Page 361 References......Page 362 Chapter 6: Using Office 365 Compliance Center......Page 363 Overview of Office 365 Security & Compliance Center......Page 368 Compliance Settings......Page 372 Best Way to Proceed......Page 373 Data Governance......Page 374 Data Governance Concepts......Page 375 Audit Policy......Page 378 Information Immutability......Page 380 Office 365 Archiving and Retention......Page 382 Retention Policy......Page 384 Alert Structure......Page 387 Alert Types......Page 388 Threat management......Page 390 Step 1: Select the Campaign......Page 393 Step 2: Customize the Offer......Page 394 Step 4: Select the Distribution List for the Campaign......Page 395 Step 6: Execute the Campaign......Page 396 Search and Investigate......Page 399 Setting Up an Office 365 Discovery and a Retention Policy......Page 401 Step 1: Log In to Office 365 and Click the Security Icon......Page 403 Step 2: Select Search & Investigation, and Review Logs......Page 404 Step 3: Verify That a Case Has Been Created to Place Data on Hold......Page 405 Step 4: Start the Content Search......Page 407 Step 5: Preview the Data......Page 408 Step 6: Export the Documents......Page 409 Step 7: Bates-Stamp the Discovery Production......Page 414 Building Discovery Searches......Page 417 Summary......Page 418 References......Page 419 Chapter 7: Step-by-Step Migration......Page 420 Purchasing Office 365......Page 421 Configuring Office 365......Page 427 Step 1: Purchase Your Office 365 Services......Page 428 Step 2: Validate Your Domains to Microsoft and Add DNS Records......Page 432 Step 3: Configure Skype for Business (S4B) for Teams......Page 444 Step 4: (Optional) Configure Yammer Enterprise for Office 365......Page 447 Step 5: Link Office 365 into Azure Active Directory and EMS......Page 448 Step 6: Load Users, Install Azure Active Directory Connector, and Assign Licenses......Page 452 Federation Migration......Page 454 Cutover or Hybrid: Which One?......Page 455 Bulk-Load Users Through Azure AD Connect......Page 458 Manually Bulk-Load Users......Page 459 Installing the Azure AD Connect......Page 460 Step 7: (Optional) Deploy the Hybrid Configuration Wizard for Exchange Federation for staged migrations......Page 464 Connector Validation......Page 467 Bypass the Spam Filter......Page 468 Step 8: Adjust the Mail Flow (Coexistence)......Page 469 Internal Relay Mail Flow (and Test Groups)......Page 471 Coexistence E-mail Flow......Page 472 Step 9: (Optional) Manually Install PowerShell......Page 474 E-mail Migration......Page 477 Exchange Server: Mailbox Changes......Page 480 Step 11: Finalize All DNS records......Page 481 Cutover Migration and Hybrid......Page 482 Configure Desktop Services......Page 483 Step 13: Configure the External Devices......Page 484 Step 14: Clean Up......Page 485 Final Check List......Page 486 Test Group or Staged Migration......Page 488 Outlook Client Autodiscover Record Changes......Page 489 DNS Troubleshooting......Page 490 Onboarding E-mail......Page 491 Export Outlook 2010, 2013, or 2016 Mailbox Information......Page 492 Import Outlook 2010, 2013, or 2016 Mailbox Information......Page 494 Migrating E-mail with BitTitan’s MigrationWiz......Page 496 Using MigrationWiz......Page 498 Microsoft Mail Migration......Page 499 Configuring Azure AD Connect......Page 503 Hybrid Migration with Exchange 2007......Page 510 Deploying the Hybrid Configuration Wizard to support Exchange Server 2007 federation move......Page 511 Summary......Page 512 Reference Links......Page 513 Chapter 8: Managing Office 365......Page 514 Office 365 Administration Overview......Page 518 Preparing to Administer Office 365......Page 522 Office 365 Configuration Completion Checklist......Page 523 Office 365 Security Configuration Completion Checklist......Page 525 Admin Centers......Page 526 Office 365 Administration Center......Page 530 Administrator Roles......Page 534 Config: Overview......Page 538 Config: Domains......Page 540 Config: Domain: Troubleshooting......Page 543 Config: Adding/Changing and Decreasing Licenses......Page 544 Config: Password Expiration......Page 547 Config: Completing Company Configuration......Page 549 Config: Partner Administrators......Page 551 Users: Adding Office 365 Users via the Office 365 Admin Center......Page 553 Step 2: Add Password Information......Page 555 Step 3: Assign Administration Roles......Page 556 Step 4: Assign the Licenses to the User......Page 557 Users: Deleting......Page 559 Users: Restoring......Page 561 Users: Renaming......Page 562 Config: Groups (Office 365 and Security Groups)......Page 563 Config: External Sharing......Page 565 Config: External Sharing, Sites......Page 566 Config: External Sharing, Teams......Page 570 Admin Center: OneDrive for Business......Page 571 Admin Center: Teams & Skype......Page 576 Teams: Federation......Page 578 Step 1: Add Phone Numbers......Page 579 Step 2: Add an Emergency Response Location......Page 581 Step 3: Add Phone Numbers......Page 582 Step 4: Verify That Voice Has Been Provisioned......Page 584 Step 5: Port the Phone Numbers......Page 586 Skype for Business: Conferencing Add-on......Page 587 Admin Center: Exchange......Page 588 Exchange Administration Roles......Page 589 Default User Role Defined......Page 592 Exchange: Conference Room, Configuration......Page 593 Exchange: Conference Room, PowerShell Modification......Page 596 Exchange: Changing a User E-mail Account Primary Domain......Page 597 Exchange: Adding Shared Mailbox......Page 598 Exchange: Shared Mailbox, Using with a Smartphone and Outlook......Page 599 Exchange: Shared Mailbox, Using Only with Outlook......Page 600 Step 2: Add Mailbox Access Permissions......Page 601 Exchange: Adding a Distribution Group......Page 602 Step 1: Create the Distribution Group......Page 603 Step 2: Define the Distribution Group......Page 604 Step 1: Create the Distribution Group......Page 606 Step 2: Configure the Group Being Added......Page 607 Step 3: Enable the Group for External Access......Page 608 Step 4: Grant Permission to the User......Page 609 Step 5: Verify Outlook Configuration......Page 610 PowerShell......Page 612 PowerShell: Setting Up Teams and SharePoint......Page 614 PowerShell: Using the Standard Header for Microsoft Online Services and Exchange......Page 615 PowerShell: Not Remotely Sign Error......Page 616 PowerShell: Verification of Audit Logs......Page 617 PowerShell: Enable Litigation Hold–No Notice......Page 618 PowerShell: Change Mailbox Permissions......Page 619 PowerShell: Assign License to a User Account......Page 620 PowerShell: Extend the Purges Folder to Greater Than 14 Days......Page 621 Troubleshooting: Autodiscover......Page 622 References......Page 624 Glossary......Page 625 Index......Page 638 Understand common security pitfalls and discover weak points in your organization's data security, and what you can do to combat them. This book includes the best approaches to managing mobile devices both on your local network and outside the office. Data breaches, compliance fines, and distribution of personally identifiable information (PII) without encryption or safeguards place businesses of all types at risk. In today's electronic world, you must have a secure digital footprint that is based on business processes that are designed to protect information. This book is written for business owners, chief information security officers (CISO), and IT managers who want to securely configure Office 365. You will follow the Microsoft cybersecurity road map through a progressive tutorial on how to configure the security services in Office 365 to protect and manage your business. What You'll Learn: Manage security with the Azure Security Center and the Office 365 Compliance Center Configure information protection for document and electronic communications Monitor security for your business in the cloud Understand Mobile Application Management (MAM) and Mobile Device Management (MDM) Prevent data loss in Office 365 Configure and manage the compliance manager tools for NIST and GDPR This book is for IT managers and compliance and cybersecurity officers who have responsibility for compliance and data security in their business. Matthew Katzer created KAMIND in 1998 to supply solutions using Microsoft and Intel Technologies for small- and medium-sized businesses. Prior to creating KAMIND, Matt worked for Intel Corporation for 17 years managing engineering development, IT projects, and working with the Intel security group. After leaving Intel, Matt pursued the development of technology-related inventions and holds 19 domestic and international patents in related areas. Matt's focus with cloud solutions started in 2009, looking at ways for businesses to improve productivity and manage and secure digital business assets. Matt holds a BSEE degree from the University of Michigan and an Executive MBA from the University of Oregon
دانلود کتاب تأمین امنیت Office 365: طراحی MDM و انطباق در ابر