Browsers are
difficult
Please wait, loading your map...
Control devices security
M365 security
hardening services
Secure endpoints : 10%
of breaches involved
ransomeware. (Verizon
2021 DBIR)
Endpoint management
intune (Licence
required)
Link to Intune interface
Secure O365 app
Link to O365 interface
Microsoft Defender for
Endpoin (Licence
required)
Link to intune interface
Secure access : 25%
attacks are reusing
stolen credentials
(verizon 2021 DBIR) -
34% of data breaches in
2018 involved internal
actors (Verizon).
Secure connection
MFA
Link to O365 interface
Azure conditionnal
access policies (licence
required)
Link to Azure Ad
interface
Block legacy
authentication
protocols
Link to Azure Ad
interface
Secure Authorization
Administrators roles
Link to O365 interface
Third party applications
Azure AD application
permissions
Link to Azure AD
interface
Scope MS graph
Permission to access
mailboxes
Office 365 service
accounts permissions
Teams apps permissions
Link to O365 interface
Scope access to
Exchange web service
"Application
Impersonation" right
Scope access to
Exchange Web service
"full_access_as_app"
right
Temporary
administrator access
(licence required)
Link to Azure AD
interface
Guest access
Link to Azure AD
interface
Scoping Azure AD
application rights to
somes users. To not
allow an app to access
the data of all O365
users
Azure AD app accessing
exchange online
Azure AD app accessing
teams/skype
Azure AD app accessing
sharepoint ; site vs
site.selected rights
Can also navigate to a
site, generate client id
using /_layouts/15/
AppRegNew.aspx at end
of url of site and grant
access to this client by
adding /_layouts/15/
appinv.aspx at end of
site and following this
link it
Scoping impersonation
access given to O365
account in Exchange
Online
Link to MSFT doc
Secure documents
sharing : 23% of data
breaches are caused by
human error (IBM)
Onedrive / Sharepoint
sharing options
Sharing links
configurations
Link to O365 interface :
sharepoint admin
center > Policies >
Sharing
Sites permissions
Teams sharing options
Link to external access
interface
Data loss prevention
(DLP) (licence required)
Azure information
protection
Link to O365 interface
O365 DLP rules
Link to O365 interface
Protection against
unauthorized e-mails
forwarding
Link to O365 interface
Guest access
Link to Azure AD
interface
Secure e-mailing :
36% of successfull
databreach started
with a phishing
(verizon 2021 DBIR)
Protect against known
commercial spams
Link to O365 interface
Protect against "display
name" impersonnation
attack (licence required)
Link to O365 interface
Protect against "e-mail
address impersonnation
attacks" and phishers
detection
SPF
Secure
emailing
services
DKIM
DMARC
Protection against
unknown malicious
URLs in e-mails (licence
required)
Link to O365 interface
Protection against
unknown attachments
in e-mails (licence
required)
Link to O365 interface
Portection against
unknown commercial
spam
Link to O365 interface
Protection against virus
Link to O365 interface
Protection against
potentially dangerous
executable
Link to O365 interface
Helping users to report
phishing
Link to O365 interface
Protection against
unauthorized e-mails
forwarding
Link to O365 interface
Protection against fake
e-mail servers spoofing
your MX records in DNS
caches
Protection against "app
consent" phishing
attacks
Link to O365 interface
Enhance filtering if EOP
is not the first in line
Antispam
Link to O365
Non-repudiation of
actions : M365 and
Azure AD logs are kept
90 days. This is not
enought since the
average time to identify
a breach in 2020 was
228 days (IBM)
Inspect audit logs and
manage logs retention
Exchange audit logs
Cloud SaaS SIEM
managed by Oppidum
Security
Azure AD audit logs
Cloud SaaS SIEM
managed by Oppidum
Security
M365 Audit logs
Cloud SaaS SIEM
managed by Oppidum
Security
MS cloud app security
(licence required)
Link to O365
Incident response : The
average time to contain
a breach was 80 days
(IBM)
Detecting an attacks
Security dashboards
Link to O365 interface
O365 security alerts
alerts
Link to O365 interface
users feedbacks
Scoping an attacks
Azure AD audit logs
Link to Azure AD
interface
O365 audit logs
Link to O365 interface
Exchange audit logs
Link to O365 interface ;
compliance > auditing
Link to email threat
explorer
Data search
Link to O365 interface
Stopping an attack
Azure AD disabling
users
Link to Azure AD
Sender blacklisting
Link to O365
URL blacklisting (licence
required)
Link to O365
Mass deletion of
malicious e-mails
Management of false
positives
×
Created using
MindMup.com
