Microsoft 365 Threat Intelligence

Microsoft 365 Threat Intelligence

Prepared by: [Vulugho Temaah Valentine]

Objective

Demonstrate various security and compliance features of M365 for KCoder.

The recommended format is to provide screenshots incorporated within the written narrative. No external sources are required for this phase of the project; however, the screenshots must be your own. Screenshots from external sources are not permitted and all screenshots must include current data and time.

Task 1: Implement a Safe Attachments Policy

• Step 12: Safe Attachments Policy

Task 2: Implement a Safe Link Policy

• Step 11: Safe Link Policy

Task 3: Create Anti-phishing Policy

• Step 3: Anti-phishing policy

Task 4: Create a Malware Policy

• Step 3: Malware policy

Task 5: Attack Simulator – Spear Phishing

• Step 10: Spear Phishing Simulation
• Step 16: Credential Harvest

Task 6: Data Loss Prevention

• Step 9: Data loss prevention

Opportunity: Zero-Trust

Most of the breaches occur due to credential theft that bad actors exploit using various different methods. In two to three paragraphs, discuss the different M365 services that can deter bad actors. Research and explain the concept of zero-trust.

M365 services that can deter bad actors

• Office 365 Advanced Threat Protection: Safe Attachments
• Office 365 Advanced Threat Protection: Safe Links
• Office 365 Advanced Threat Protection: Spoof Intelligence
• Office ATP Anti-Phishing Capabilities in Office 365
• Office 365 Advanced Threat Protection for SharePoint, OneDrive, and Microsoft Teams

Zero Trust

Zero Trust is a security framework that requires all users, both inside and outside of an organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or maintaining access to applications and data.

Explanation:

M365 services that can deter bad actors

 

Office 365 Advanced Threat Protection: Safe Attachments

The Office 365 Advanced Threat Protection Safe Attachments feature verifies that any email attachments that arrive in your inbox are not malicious. If you have Office 365 Advanced Threat Protection enabled in your Office 365 environment, Safe Attachments automatically opens the file and tests it in a virtual environment that does not affect your real-time environment whenever someone checks an email with an attachment included. If the file is found to be safe, it will open normally. However, if the file is determined to be malicious, it is automatically deleted.

 Office 365 Advanced Threat Protection: Safe Links

Enter Office 365 Advanced Threat Protection Safe Links, which verifies website addresses in email messages and Office documents at the moment of click. When you click on a link in an email that contains a URL, ATP Safe Links will automatically check the URL before opening it. This URL will be classified as either prohibited, malicious, or safe. If the URL is safe, it will open normally without any additional procedures. Instead of exposing your user to the potentially harmful link, it will open a warning page if the URL has been blocked or detected as malicious. When a link within an Office document is clicked, a similar process occurs.

Office 365 Advanced Threat Protection: Spoof Intelligence

There are occasions when spoofing is important. For example, if you have third-party vendors sending bulk mail on your behalf, or if you’ve hired an assistant who needs to send emails from another person within your organization, or if you’ve hired an external company to do lead generation, product updates, or send sales emails that appear to be from you. For these reasons, it’s critical not to eliminate spoofing from your company. But how can you be sure that these emails claiming to be from your company are legitimate? More significantly, as phishers frequently utilize spoofing to determine user credentials, how do you ensure that folks spoofing your domain are not phishers?

Office ATP Anti-Phishing Capabilities in Office 365

Office 365 Advanced Threat Protection Anti-Phishing uses machine learning models and impersonation detection algorithms to keep your organization safe from potential phishing attacks. Your security team can set up Office 365 ATP’s Anti-Phishing to check all your incoming communications for any sign that it could be a phishing attempt using the Anti-Phishing capabilities.

Office 365 Advanced Threat Protection for SharePoint, OneDrive, and Microsoft Teams

Once a file has been identified as harmful, Office 365 Advanced Threat Protection helps to detect and restrict it from entering your document libraries or team sites, as well as locking it and preventing anyone from accessing it once it has been detected as dangerous. The prohibited file will not be able to be opened, moved, copied, or shared, even though it will still appear on your site (but you can delete it). They will also appear on a quarantined objects list, allowing your security team to download, release, report and delete them from the system.

 

Zero Trust Concept

Zero Trust is a security framework that requires all users, both inside and outside of an organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or maintaining access to applications and data.

Resources

Bulk create users in the Azure Active Directory portal | Microsoft Docs

Assign licenses to a group – Azure Active Directory | Microsoft Docs

References

These sample citations use the IEEE style. Ensure you use in-text citations in the body of your paper as appropriate.

[1] “Microsoft 365 for enterprise overview.” 09, September 2020 [Online]. Available: https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-overview?view=o365-worldwide [Accessed January 1, 2020].