In today’s fast-paced digital landscape, staying ahead of cybersecurity threats is paramount. Microsoft’s suite of security solutions plays a pivotal role in safeguarding your organization. To help you make the most of these tools, we’ve compiled a Security Modernization FAQ. Let’s dive in and address some common questions about securing your digital ecosystem.
1. If I use secure score, will I be penalized for not using a Microsoft product like ProofPoint?
No, one cool thing about secure score is that it allows you to satisfy controls by saying you are mitigating by third party product.
2. What if my secure score doesn’t update after making the recommended change?
I would probably double check that the change is implemented properly, then be patient. Secure score updates every day, but there are some controls that take up to 48 hours to reflect.
3. What security features does Microsoft offer for hybrid and on-premises environments?
Businesses with hybrid environments (mix of on-premises and cloud) often use lots of solutions like Microsoft Defender, which secures both cloud and on-premises resources. An example of this would be using Defender to protect on prem workstations and feed all the data to Microsoft 365 Defender.
4. Is Microsoft Sentinel only a SIEM or does it have SOAR capabilities?
Sentinel is also a both a SOAR and SIEM. You can use their Incident Workflows to create customized playbooks for responses. It also has the ability to automate the threat detection and response, which could be as little as sending a notification to a user or as complicated as adding an offending IP to a conditional access policy.
5. What are some common security challenges and best practices for Microsoft Teams and collaboration tools?
I think Guest access to Teams and M365 is the biggest challenge I see in companies. There are well established policies for what you can and cannot do in Email, but those don’t all apply to collaboration tools that have things like DRM and download prevention capabilities. How I usually approach this with customers is to review which of the business use cases they want to start with. Is it Partner collaboration, vendor management, or maybe even an personal external file sharing.
6. There are a lot of products in the security stack, which ones do you typically start implementing?
Yes, that is a great question. Its kind of why we put together this webinar today, to help break down a methodology for implementation. We usually will start with the tools that are already deployed like Entra ID, and harden your IAM posture first. Intune is also a quick win, giving your company piece of mind on devices without a massive upfront project. But we would typically leave Sentinel and Defender for Cloud.
7. What services does Microsoft offer to replace some of our security awareness tools like KnowBe4?
First one that comes to mind is Attack Simulator. It is part of Microsoft365 and can be used to simulate phishing attempts and other malicious emails. It also has the ability to assign training for those that fail the simulation. The training is pretty cool because you can target it based on the actions they took, for example did they click a bad link, did they not report the phishing attempt, etc.
In the ever-changing world of cybersecurity, staying informed and utilizing the right tools is essential. Microsoft’s suite of security solutions offers a robust framework to protect your organization, and with these FAQs, you’re well on your way to enhancing your security posture. Keep evolving, stay vigilant, and secure your digital future.
