Answers to questions from Enfrasys – QA session
- How Intune manage the hybrid Azure AD join devices? Will Intune and GPO manage the devices together?
How To: Plan your hybrid Azure Active Directory join implementation
https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-planResolve Group Policy Objects (GPO) and Microsoft Intune policy conflicts
https://docs.microsoft.com/en-us/intune/resolve-gpo-and-microsoft-intune-policy-conflictsWindows 10 Group Policy vs. Intune MDM Policy who wins?
https://blogs.technet.microsoft.com/cbernier/2018/04/02/windows-10-group-policy-vs-intune-mdm-policy-who-wins/Policy CSP – ControlPolicyConflict
https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-controlpolicyconflict#controlpolicyconflict-mdmwinsovergp - For AIP log analytics, it is require to install azure monitor agent to every machine? is intune able to track the location of device (iOS/Android/Windows 10)
Central reporting for Azure Information Protection https://docs.microsoft.com/en-us/azure/information-protection/reports-aip
Locate lost or stolen iOS devices with Intune
https://docs.microsoft.com/en-us/intune/device-locate - What is the difference between managing information protection on Azure Information Protection (Azure portal) and Microsoft Information Protection (Security and Compliance Center)? What is the best practice?
Frequently asked questions for Azure Information Protection
https://docs.microsoft.com/en-us/azure/information-protection/faqsChoose which Azure Information Protection client to use
https://docs.microsoft.com/en-us/azure/information-protection/rms-client/use-client#choose-which-azure-information-protection-client-to-useHow to migrate Azure Information Protection labels to Office 365 sensitivity labels
https://docs.microsoft.com/en-us/azure/information-protection/configure-policy-migrate-labels - For Teams, is there a way to invite guest to a Teams channel? Currently the behavior the invited guest has full visibility on all teams channel. What is the best practice on this?
Guest access in Microsoft Teams
https://docs.microsoft.com/en-us/microsoftteams/guest-accessHow a guest joins a team
https://docs.microsoft.com/en-us/microsoftteams/guest-joinsAuthorize guest access in Microsoft Teams
https://docs.microsoft.com/en-us/microsoftteams/teams-dependencies - In one of my M365 deployment, some of the devices are managed under M365 Admin portal MAM and some of them managed in Intune MDM, The intention is to managed mobile devices using Intune MAM, is there a way to ensure the devices managed by Intune instead of managed in M365 Admin Portal > Devices?
Choose between MDM for Office 365 and Microsoft Intune
https://support.office.com/en-us/article/choose-between-mdm-for-office-365-and-microsoft-intune-c93d9ab9-efb2-4349-9b93-30c30562ee22Migrating mobile device management to Intune in the Azure portal
https://www.microsoft.com/en-us/itshowcase/migrating-mobile-device-management-to-intune-in-the-azure-portal - Also what is the best practice for MAM? Intune or M365 portal?
What is Microsoft Intune app management?
https://docs.microsoft.com/en-us/intune/app-managementFrequently asked questions about MAM and app protection
https://docs.microsoft.com/en-us/intune/mam-faq - When is the expected date for audit log 1 year retention? Sorry I missed this out during the online training session.
SIEM server integration with Microsoft 365 services and applications (to keep audit logs)
https://docs.microsoft.com/en-us/office365/securitycompliance/siem-server-integrationMicrosoft Increases Audit Storage Period for Office 365 E5 (But Still Struggling with a Truncation Problem)
https://office365itpros.com/2018/10/22/longer-retention-office365-auditdata/Quadrotech Radar for Security and Audit
https://www.quadrotech-it.com/solutions/office-365-security-auditing-and-compliance/radar-for-security-audit/ - For Advanced eDiscovery, is OCR doable with scanned document? is there any limitation?
Office 365 Advanced eDiscovery
https://docs.microsoft.com/en-us/office365/securitycompliance/office-365-advanced-ediscoveryPrepare search results for Office 365 Advanced eDiscovery
https://docs.microsoft.com/en-us/office365/securitycompliance/prepare-search-results-for-advanced-ediscovery - Is there any Office 365 Official backup solution for Exchange (inbound and outbound mail)?
Backing up email in Exchange Online
https://docs.microsoft.com/en-us/exchange/back-up-email - for Azure ATP Alert, how long the alert will send to administrator?
Azure ATP Security Alerts
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/suspicious-activity-guideAzure ATP frequently asked questions
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-technical-faqWhat’s new in Azure ATP
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-whats-new
Answers to questions from Enfrasys
What is Mobile Threat Defense integration with Intune?
https://docs.microsoft.com/en-us/intune/mobile-threat-defense
Super-User access after files have been protected
https://docs.microsoft.com/en-us/azure/information-protection/configure-super-users
https://www.terminalworks.com/blog/post/2018/08/02/azure-aip-super-user-access
Manage mailbox auditing
https://docs.microsoft.com/en-us/office365/securitycompliance/enable-mailbox-auditing
SIEM server integration with Microsoft 365 services and applications (to keep audit logs)
https://docs.microsoft.com/en-us/office365/securitycompliance/siem-server-integration
Microsoft Increases Audit Storage Period for Office 365 E5 (But Still Struggling with a Truncation Problem)
https://office365itpros.com/2018/10/22/longer-retention-office365-auditdata/
Third party solution
https://blog.hubstor.net/office-365-audit-log-archiving-why-it-matters
Module 1
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-connectors
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-whichversion
Answers to questions in Module 1
Single sign-on to applications in Azure Active Directory
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on
Integrating Azure Active Directory with applications getting started guide
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/plan-an-application-integration
Configure single sign-on to non-gallery applications in Azure Active Directory
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications
Module 2
Securing privileged access for hybrid and cloud deployments in Azure AD
https://docs.microsoft.com/en-au/azure/active-directory/users-groups-roles/directory-admin-roles-secure
Using Azure AD Privileged Identity Management for elevated access
https://www.microsoft.com/itshowcase/Article/Content/887/Using-Azure-AD-Privileged-Identity-Management-for-elevated-access
What is Azure AD Privileged Identity Management?
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
Appendix C: Protected Accounts and Groups in Active Directory
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/appendix-c–protected-accounts-and-groups-in-active-directory
Microsoft Password Guidance
https://www.microsoft.com/en-us/research/publication/password-guidance/
NIST Special Publication 800-63B
https://pages.nist.gov/800-63-3/sp800-63b.html
5 steps to secure your identity infrastructure
https://docs.microsoft.com/en-au/azure/security/azure-ad-secure-steps
Module 3
Azure Information Protection helps you to be more secure by automatically discovering credentials
https://techcommunity.microsoft.com/t5/Azure-Information-Protection/Azure-Information-Protection-helps-you-to-be-more-secure-by/ba-p/360181
Learn more about spoof intelligence
https://docs.microsoft.com/en-us/office365/securitycompliance/learn-about-spoof-intelligence
What is Azure Advanced Threat Protection?
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/what-is-atp
Email encryption in Office 365
https://docs.microsoft.com/en-us/office365/securitycompliance/email-encryption
Module 4
Microsoft Advanced Threat Analytics Sizing tool
https://gallery.technet.microsoft.com/Advanced-Threat-Analytics-03e1339f
ATA Suspicious Activity Playbook
https://gallery.technet.microsoft.com/ATA-Playbook-ef0a8e38/view/Reviews
Advanced Threat Analytics suspicious activity guide
https://docs.microsoft.com/en-us/advanced-threat-analytics/suspicious-activity-guide
Skeleton Key Malware Remote DC Scanner
https://gallery.technet.microsoft.com/Aorato-Skeleton-Key-24e46b73
KRBTGT Account Password Reset Scripts now available for customers
https://www.microsoft.com/security/blog/2015/02/11/krbtgt-account-password-reset-scripts-now-available-for-customers/
SAMRi10 – Hardening SAM Remote Access in Windows 10/Server 2016
https://gallery.technet.microsoft.com/SAMRi10-Hardening-Remote-48d94b5b
Pass The Hash whitepapers 1 & 2
https://www.microsoft.com/en-us/download/details.aspx?id=36036
LAPS
https://www.microsoft.com/en-us/download/details.aspx?id=46899
Module 5
Protect apps with Microsoft Cloud App Security Conditional Access App Control
https://docs.microsoft.com/en-us/cloud-app-security/proxy-intro-aad
Deploy Conditional Access App Control for Azure AD apps
https://docs.microsoft.com/en-us/cloud-app-security/proxy-deployment-aad
Step 7. Discover shadow IT and take control of your cloud apps
https://www.microsoft.com/security/blog/2019/03/26/step-7-discover-shadow-it-and-take-control-of-your-cloud-apps-top-10-actions-to-secure-your-environment/
Step 8. Protect your documents and email
https://www.microsoft.com/security/blog/2019/04/09/step-8-protect-documents-email-top-10-actions-secure-environment/
Secure Access to your enterprise
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2Oght
Module 6
Microsoft on GDPR
https://www.microsoft.com/en-us/trustcenter/privacy/gdpr/gdpr-overview
Compliance Manager
https://servicetrust.microsoft.com/ComplianceManager
Use Compliance Manager
https://docs.microsoft.com/en-us/office365/securitycompliance/meet-data-protection-and-regulatory-reqs-using-microsoft-cloud
Service Trust Portal
https://servicetrust.microsoft.com/
Module 7 AIP
AIP Deployment Acceleration Guide
http://aka.ms/AIPDAG
AIP Webinars Recordings
https://techcommunity.microsoft.com/t5/Azure-Information-Protection/AIP-Webinar-Recordings/m-p/364014
AIP Webinars Q and A
https://techcommunity.microsoft.com/t5/Azure-Information-Protection/AIP-Webinar-Q-amp-A/m-p/368311
MIP Team Github repository
https://github.com/InfoProtectionTeam/Files
Admin Guide: File types supported by the Azure Information Protection client
https://docs.microsoft.com/en-us/azure/information-protection/rms-client/client-admin-guide-file-types
Microsoft Information Protection SDK 1.2
https://techcommunity.microsoft.com/t5/Microsoft-Information-Protection/Microsoft-Information-Protection-SDK-1-2/ba-p/447638
Create richer reports with Microsoft Information Protection and Azure AD login data
https://techcommunity.microsoft.com/t5/Azure-Information-Protection/Create-richer-reports-with-Microsoft-Information-Protection-and/ba-p/392713
After Module 7 News
Unified Labeling client released
https://techcommunity.microsoft.com/t5/Azure-Information-Protection/The-Azure-Information-Protection-unified-labeling-client-is-now/ba-p/459259
The client side of Azure Information Protection
https://docs.microsoft.com/en-us/azure/information-protection/rms-client/use-client
Module 8
Windows 10 Information Protection (WIP)
https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip
Create a Windows Information Protection (WIP) policy using Microsoft Intune
https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/overview-create-wip-policy
Windows Hello for Business
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-identity-verification
Announcing Windows 10 Insider Preview Build 18358 (Chrome & Firefox WDAG extensions)
https://blogs.windows.com/windowsexperience/2019/03/15/announcing-windows-10-insider-preview-build-18358/
Microsoft BitLocker Administration and Monitoring 2.5
https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/mbam-v25/
BitLocker Group Policy settings
https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings
Helping customers shift to a modern desktop
https://www.microsoft.com/en-us/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop/
Module 9
What’s new in Microsoft Intune
https://docs.microsoft.com/en-us/intune/whats-new
Windows security baseline settings for Intune
https://docs.microsoft.com/en-us/intune/security-baseline-settings-windows
What can Intune do for my company?
https://docs.microsoft.com/en-au/intune/get-started-evaluation
Azure AD Password Protection is now generally available!
https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Azure-AD-Password-Protection-is-now-generally-available/ba-p/377487
Intune device license
https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/Microsoft-Intune-announces-device-only-subscription-for-shared/ba-p/280817
News after Module 9
Microsoft Cloud App Security @RSAC 2019
https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/Microsoft-Cloud-App-Security-RSAC-2019/ba-p/360860
Microsoft Edge on iOS and Android now supports conditional access and single sign-on
https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/Microsoft-Edge-on-iOS-and-Android-now-supports-conditional/ba-p/476091
LDAP Reconnaissance – the foundation of Active Directory attacks
https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/LDAP-Reconnaissance-the-foundation-of-Active-Directory-attacks/ba-p/462973
Detecting LDAP based Kerberoasting with Azure ATP
https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/Detecting-LDAP-based-Kerberoasting-with-Azure-ATP/ba-p/462448
Secure your mobile email with Microsoft EMS and Microsoft Outlook for iOS and Android
https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/Secure-your-mobile-email-with-Microsoft-EMS-and-Microsoft/ba-p/393072
What’s new in System Center Configuration Manager and Microsoft Intune: Spring 2019 Edition
https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/What-s-new-in-System-Center-Configuration-Manager-and-Microsoft/ba-p/369852
Announcing general availability for Microsoft Edge mobile app integration with Microsoft Intune
https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/Announcing-general-availability-for-Microsoft-Edge-mobile-app/ba-p/365620
Microsoft Intune security tasks extend Microsoft Defender ATP’s Threat & Vulnerability Management
https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/Microsoft-Intune-security-tasks-extend-Microsoft-Defender-ATP-s/ba-p/369857
Unified SecOps Investigation for Hybrid Environments
https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/Unified-SecOps-Investigation-for-Hybrid-Environments/ba-p/360850
Module 10
Microsoft Security Compliance Manager 4.0
https://www.microsoft.com/en-us/download/details.aspx?id=53353
Microsoft Security Compliance Toolkit 1.0
https://www.microsoft.com/en-us/download/details.aspx?id=55319
Security Compliance Manager (SCM) retired; new tools and procedures
https://blogs.technet.microsoft.com/secguide/2017/06/15/security-compliance-manager-scm-retired-new-tools-and-procedures/
Module 1 & 2 Videos
Module 3 Videos
Module 5 Videos
Module 6 Videos
Learn how Microsoft Enterprise Mobility + Security supports your GDPR compliance journey
https://channel9.msdn.com/Events/Ignite/Microsoft-Ignite-Orlando-2017/BRK2013
Advanced Security Management
https://youtu.be/gWTSTqNHgSg
Module 8 Videos
Module 9 Videos
Module 10 Videos
Tell IT as IT is 