fast track to office 365: controlling access and ... · fast track to office 365: controlling...
TRANSCRIPT
Fast Track to Office 365:
Controlling Access and Protecting Data
Liam ClearyCEO / Owner & Microsoft MVPSharePlicity
Bob CordiscoSystems EngineerNetwrix Corporation
Housekeeping
Type your question
here
Click “Send”
All attendees are on mute.
Ask your questions!
Questions will be answered during the session or in the Q&A at the end.
You will receive the slides and webinar recording in a follow-up email.
The webinar should take about 60 minutes.
Let’s get started!
Agenda
Office 365 Authentication and Authorisation
Office 365 Permissionso SharePoint Online
o OneDrive for Business
Controlling Data Flow within Office 365
Protecting Data using Office 365 Serviceso Information Rights Management (IRM)
o Advanced Information Protection (AIP)
Getting accurate classification results using Netwrix Data Classification for Office 365
Office 365 Authentication and Authorisation
Office 365 Authentication
Cloud Only
Password hash sync with seamless single sign-on (On-premises Sync)
Pass-through authentication with seamless single sign-on
Federated identity with Active Directory Federation Services
Third-party authentication and identity providers
Office 365 Authentication
User navigates to Office 365 site or service
Cloud Account
External Account
On-premises Account
Access Granted
Authenticateon-premises
Authenticateexternally
Office 365 Authorisation
Conditional Access Policy
Has Assigned License
Is Member of Security Group
Is Member of Service specific
Group / Role
Validate user or device is allowed
to connectCheck IP address
to ensure is allowed
Validate user has service assigned license if needed
Is user assigned to the corresponding
security group required to access
the service or location
Is user a member of a security group
or role for the content location or content itself
Office 365 Permissions
Office 365 Permissions: Administration
• Administration Groups
– Global Administrator
– Billing Administrator
– Dynamics 365 Service Administrator
– Customer Lockbox Access Approver
– Exchange Administrator
– Helpdesk Administrator
– License Administrator
– Skype for Business Administrator
– Power BI Service Administrator
– Service Administrator
– SharePoint Administrator
– Teams Communication Administrator
– Teams Service Administrator
– User Management Administrator
• Administration Groups
– Message Center Reader
– Reports Reader
– Teams Communications Support Engineer
– Teams Communications Support Specialist
Office 365 Permissions: SharePoint / OneDrive
SharePoint Administrator
o Access SharePoint Administration Center
o Manage specific configuration and services
Site Collection Administrator
o Manage the entire Site Collection
Site Owner
o Manage a specific sub site within a Site Collection
User Account
o Can access the site collection, sub sites and content where access is granted
Office 365 Permissions
User (No Admin Access) Role
Active Directory Group Assignment
Application Role Assignment
Location / Item Permission Assignment
Controlling Data Flow within Office 365
Data Flow within Office 365: SharePoint
Libraries and Lists
Upload and Download
Internal Sharing
External Sharing
Search Workflows
Data Flow within Office 365: OneDrive
Libraries and Lists
Upload and Download
Internal Sharing
External Sharing
Search
Data Flow within Office 365: Teams
Libraries and Lists
Upload and Download
Internal Sharing
External Sharing
Search Chat Sharing
Protecting Data Using
Office 365 Services
Protecting Data: Encryption
Two types of Encryptiono Volume-level encryption, used for all services
o Service Encryption, used within Exchange Online, Skype for Business, SharePoint Online, and OneDrive for Business to encrypt customer data
Encryption in Transito Client machine communicates with an Office 365 server
o Office 365 server communicates with another Office 365 server
o Office 365 server communicates with a non-Office 365 server
Encryption for contento Information Rights Management
o Advanced Information Protection
o Office Message Encryption (OME)
o Secure/Multipurpose Internet Mail Extensions (S/MIME)
Protecting Data: Information Management Policies (IRM)
Enabled in SharePoint Admin Center
Policies applied within document librarieso Library level settings
o Controls and permissions defined for access rights
o Apply group restrictions
Office Client support ad-hoc policy creation and applying
Exchange Emailo Manually apply templates from Outlook Client
o Applied using Mail Transport Rules
o Older versions of the Outlook Client can use Protection Rules
Protecting Data: Advanced Information Protection (AIP)
Encryption Identity Authorisation
Labels
Labels that are applied force protection using Rights Management policies
Policy stays with the documents and emails, independently of the location
Protections keeps control of the data, even when it is shared with other people
Protecting Data: Advanced Information Protection (AIP)
No server infrastructure required: Azure Information Protection doesn't require the additional servers and PKI certificates that Active Directory Rights Management Services requires
Cloud-based authentication: Azure Information Protection uses Azure AD for authentication - for both internal users and users from other organizations
Built-in support for mobile devices: No deployment changes are needed for Azure RMS to support mobile devices and Mac computers
Document tracking and revocation: Azure Information Protection supports these features with the Azure Information Protection client, whereas Active Directory Rights Management Services does not
Classification and labeling: Azure Information Protection supports these features with the Azure Information Protection client that integrates with Office applications and File Explorer, whereas Active Directory Rights Management Services does not
Protecting Data: Data Loss Prevention Policies
Content Created or Changed
Search Crawls New or Changed Content
Search Index Updated
DLP Policy Query
DLP Policy Action
Blocking Policy Applied
Protecting Data: Conditional Access Policies
User navigates to Office 365 site or service
Access Granted
Access Denied
Is Member
Is Member
Approved Device
Approved Location
Protecting Data: Cloud App Security Policies
Policies defined to capture specific actions
Multiple types of policies
Protecting Data: Cloud App Security Policies
Policies can contain multiple properties and checks
Standard Account Governance can protect once problem
is identified
Alerts can utilize Email, SMS and Microsoft Flow Playbooks
Netwrix Auditor
Know Your Data. Protect What Matters.
About Netwrix Corporation
Year of foundation: 2006
Headquarters location: Irvine, California
Global user base: over 300,000
Recognition:
7 years among the fastest growing
software companies in the US
More than 140 industry awards
What’s Next?
Visit our next sessions:
‘Q&A session’ on April 2 @ 2 PM BST / 3 PM CEST
Virtual Appliance: get Netwrix Auditor up and running in minutes
netwrix.com/go/appliance
Online Demo: explore Netwrix Auditor right from your browser, without having to install the product
netwrix.com/browser_demo
Contact Sales: obtain more information about Netwrix Auditor
netwrix.com/contactsales
www. .com
Thank you!
Liam ClearyCEO / Owner & Microsoft MVPSharePlicity
Bob CordiscoSystems EngineerNetwrix Corporation