filmov
tv
Securing the Remote Workforce-Auditing and Reporting
Показать описание
1. Enable Auditing
-Tenant Auditing with rolling 90 day retention, e5 allows you to do custom 1 year retention
-Could export to csv on quarterly basis with all actives you want to store locally.
-It can take up to 30 minutes or up to 24 hours after an event occurs for the corresponding audit log record to be returned in the results of an audit log search.
-Not on by default, takes a few hours after turning on to get data
2. Enable Mailbox Auditing
-Audit user mailbox activity in the audit log search if you have E5. Otherwise can search via powershell
-On by default as as of Jan 2019
-Doesn't contain scope of all audit log activity you might want such as Mailbox login activity
3. Review Mailbox FW Rules
-Auto-forwarding to external domain can be blocked with mailflow rule but users can still enable in OWA
-Create Alert for OWA Inbox rule, edit existing alert in the Security and Compliance center
4. Set Alert for Elevation of Prviledged
-Can tie to psa or support email to notify when someone elevates their privileges to global admin
5. Review the Mailbox Access by Non-Owners Report
-Can view non-owners of mailboxes via Exchange Admin Center (Compliance Management, Auditing, Run Non-Owner Report) or with Powershell
6. Configure Custom Alerts
-Custom Alerts can be generated in the Security and Compliance Center for certain insights to be more proactive such as unusual volume of DLP matches, unique users contributing to incidents, phish mails delivered due to whitelisted users/domains
-Custom Alerts can tie to PSA or ticketing system
7. Link Reports to PSA
-Security and Compliance Center contains mail flow, threat protection, and reports dashboard.
-Can create scheduled reports on monthly/quarterly basis that route to your PSA to consolidate and avoid having to login to these accounts to view reports like malware trends, DLP matches, spoofing, and more.
8. Review Usage Reports (Optional)
-In the 365 admin portal, you can see usage trends across the solution stack such as Exchange, OneDrive, SharePoint, and Teams.
-Trends could help you predict support calls or review activity after a training initiative on one of the offerings to see adoption rates.
9. Review Sign-In Logs
-Only Available with AD P1 plan (comes with M365 Business Premium, EMS+E3)
-View certain sign inactivity such as failed attempts and also logins with legacy authentication protocols such as IMAP/POP
-Can connect to log analytics to export data for more than 30 day retention.
-If exporting to log analytics, can query the data and create alerts
10. Device Management Reports
-If you are adopting Intune you can view reports in the Endpoint management portal such as encryption reports, noncompliant devices, and configuration profiles that have failed.
-Tenant Auditing with rolling 90 day retention, e5 allows you to do custom 1 year retention
-Could export to csv on quarterly basis with all actives you want to store locally.
-It can take up to 30 minutes or up to 24 hours after an event occurs for the corresponding audit log record to be returned in the results of an audit log search.
-Not on by default, takes a few hours after turning on to get data
2. Enable Mailbox Auditing
-Audit user mailbox activity in the audit log search if you have E5. Otherwise can search via powershell
-On by default as as of Jan 2019
-Doesn't contain scope of all audit log activity you might want such as Mailbox login activity
3. Review Mailbox FW Rules
-Auto-forwarding to external domain can be blocked with mailflow rule but users can still enable in OWA
-Create Alert for OWA Inbox rule, edit existing alert in the Security and Compliance center
4. Set Alert for Elevation of Prviledged
-Can tie to psa or support email to notify when someone elevates their privileges to global admin
5. Review the Mailbox Access by Non-Owners Report
-Can view non-owners of mailboxes via Exchange Admin Center (Compliance Management, Auditing, Run Non-Owner Report) or with Powershell
6. Configure Custom Alerts
-Custom Alerts can be generated in the Security and Compliance Center for certain insights to be more proactive such as unusual volume of DLP matches, unique users contributing to incidents, phish mails delivered due to whitelisted users/domains
-Custom Alerts can tie to PSA or ticketing system
7. Link Reports to PSA
-Security and Compliance Center contains mail flow, threat protection, and reports dashboard.
-Can create scheduled reports on monthly/quarterly basis that route to your PSA to consolidate and avoid having to login to these accounts to view reports like malware trends, DLP matches, spoofing, and more.
8. Review Usage Reports (Optional)
-In the 365 admin portal, you can see usage trends across the solution stack such as Exchange, OneDrive, SharePoint, and Teams.
-Trends could help you predict support calls or review activity after a training initiative on one of the offerings to see adoption rates.
9. Review Sign-In Logs
-Only Available with AD P1 plan (comes with M365 Business Premium, EMS+E3)
-View certain sign inactivity such as failed attempts and also logins with legacy authentication protocols such as IMAP/POP
-Can connect to log analytics to export data for more than 30 day retention.
-If exporting to log analytics, can query the data and create alerts
10. Device Management Reports
-If you are adopting Intune you can view reports in the Endpoint management portal such as encryption reports, noncompliant devices, and configuration profiles that have failed.
0:26:28
0:29:49
0:29:16
0:29:09
0:18:38
0:08:43
1:30:45
0:26:17
1:40:19
0:35:33
0:34:10
0:43:09
0:52:46
0:36:16
0:20:16
0:52:24
0:57:50
0:10:38
0:01:29
0:59:34
0:44:07
0:57:17
1:03:55
0:39:58