Microsoft Security Workshop

Engagement and
Delivery Guide

Last update: August 2, 2019

Contents
About this Guide ........................................................................................................................................ 4
About the Security Workshop ................................................................................................................. 4
Who should attend? .................................................................................................................................. 5
Customer struggles ................................................................................................................................... 5
Who should deliver the workshop?........................................................................................................ 5
Pre-work ...................................................................................................................................................... 6
Pre-engagement call ................................................................................................................................. 7
Delivering the Security Workshop .......................................................................................................... 7
MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting
the rights under copyright, no part of this document may be reproduced, stored in or
introduced into a retrieval system, or transmitted in any form or by any means (electronic,
mechanical, photocopying, recording, or otherwise), or for any purpose, without the express
written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, our provision of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.

The descriptions of other companies’ products in this document, if any, are provided only as a
convenience to you. Any such references should not be considered an endorsement or support
by Microsoft. Microsoft cannot guarantee their accuracy, and the products may change over
time. Also, the descriptions are intended as brief highlights to aid understanding, rather than as
thorough coverage. For authoritative descriptions of these products, please consult their
respective manufacturers.

© 2019 Microsoft Corporation. All rights reserved. Any use or distribution of these materials
without express authorization of Microsoft Corp. is strictly prohibited.

Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation
in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their
respective owners.
About this Guide
This document will walk you through what’s necessary to deliver the Microsoft Security
Workshop successfully. The guidance provided is intended for all roles that will deliver this
experience, from Microsoft technical specialists to Microsoft partners.

About the Security Workshop Day

The Microsoft Security Workshop Day is a full day of sessions that helps customers assess their
security landscape, address their most pressing security goals and challenges, and provides an
immersive experience that brings to life Microsoft’s security vision and capabilities.

In the workshop, customers will:

 Have security strategy documentation for their teams and stakeholders
 Better understand, prioritize and mitigate potential threats
 Have defined next steps based on their needs and objectives
 Learn how they can accelerate their security journey with Microsoft

A typical Workshop Day will feature five topics:

Deliver Microsoft Security pitch Review Threat Check findings

Covers Microsoft’s vision for security.
Microsoft Security offers an integrated
security solution that provides broad
protection while using the intelligence that
comes from Microsoft’s massive amounts of
security-related signals and insights.
Gain visibility into threats to the customer’s
cloud environment across email, identity,
and data to better understand, prioritize,
and mitigate potential vectors of
cyberattacks against the customer’s
organization.

Discovery of your customer’s state

Host an immersive security experience
of the world
Help customers experience what integrated
Expert facilitators walk customers through a
security means to Microsoft through an
detailed self-assessment of their security
immersive exercise that will give them a
landscape and identify top priorities, main
hands-on opportunity to explore new ways
influences, opportunities that will help to
of handling security needs and challenges.
define the next steps and how Microsoft
and partners can help them.
Who should attend?
The Workshop Day itself is intended for security decision-makers, which may include a variety of
leadership roles, including:

C-suite Other roles

Roles  Chief Information Security  IT Security

Officer (CISO)  IT Compliance
 Chief Information Officer (CIO)  Data Governance
 Chief Security Officer (CSO)  IT Operations
 Data Protection Officer
 Data Governance Officer

Customer struggles
 Inadequate budget
 Inability to replace legacy systems and technologies
 Inadequate in-house experience
 Integration challenges
 High volume of data and alerts to manage

Who should deliver the workshop?

Microsoft Partner

Roles  Modern Workplace Specialist  Project Manager

 Security and Compliance  Security Subject Matter Experts
Technical Specialist  Technical Specialists
 Enterprise Security Executive
Threat Check and advance setup
Preparation will ensure a successful Workshop Day. Review the following table to identify the
important steps you need to take when; and what responsibilities your participating customers
must get prepared.

Please note, you can deliver the Security Workshop with a Threat Check assessment, or without
it. If you are planning to deliver the Security workshop with the Threat Check component, be
aware that there are critical advance steps to be completed before the Workshop Day.

The Threat Check engagement starts with an remote pre-engagement call of approximately one
hour, followed by on-site or remotely delivered meetings as per following suggested timeline:

On average, allow a one-week gap between the pre-engagement call and the date for which the
kickoff meetings are scheduled. The reason for this is the time that is needed to assure the
availability of customer stakeholders as described in the “Example Schedule” section of this
document.

Allow between a one and two-week gap between the initial meetings and the Workshop Day of
the engagement to allow tools used in the Threat Check engagement to discover security
threats to the customer’s organization. Two weeks is recommended for most organizations.
During this period, avoid including extensive holidays, vacations, etc. as some threats might be
exposed (observed) when customer’s users perform their usual activities at work (sign-in, open
emails, share data). For organizations, that don’t have very tight security policies, or where user
awareness of information security is not very high, allowing for a gap closer to one week is
acceptable, but you should agree to that on an exception basis.
Threat Check engagement, in this case, is delivered as part of Security Workshop engagement.
The results will be presented in the “Threat Check Results” on the Workshop Day as in the above
suggested timeline.

Pre-engagement call
Activity Description Outcome Customer Time
attendees

Pre- Provides an opportunity Scope defined. Selected 60

engagement for a brief overview of the Stakeholders members of minutes
call engagement and identified. Day 1 the customer’s
alignment on scheduled. project team
expectations, followed by
the definition of scope,
identification of
stakeholders, and
scheduling Day 1 and Day
if they include Threat
Check.
It’s important to use this
call to better understand
customer’s profile to be
better prepared for day 3.
Use as guide tab “2.
Organization type” of
the RASER spreadsheet)
to collect the information.

Asset: Please use the Customer Deck to explain the Security Workshop details, expectations,
timeline, and scope.

If the customer wants to do the Threat Check, download the Microsoft Threat Check Toolkit
within the delivery files at https://aka.ms/securityworkshopkit.

Delivering the Security Workshop Day

Microsoft Security
We’ll kick off the day by exploring today’s cybersecurity landscape: the challenges and the
opportunities to better protect ourselves against threats. We’ll introduce Microsoft’s security
vision as well as outline Microsoft’s unique approach to providing integrated security. This
approach offers broad protection while using the intelligence that comes from Microsoft’s
massive amounts of security-related signals and insights.
Objective: Deliver Microsoft Security pitch and hero demos
Duration: 1h

What you will need to deliver this session

1. Microsoft Secure L100 deck

2. Delivery Sample video

Discovery Session
During this session, you will walk your customer through an interactive activity to better
understand their strategic objectives, influences, and priorities. This activity will be crucial to
understand the solutions’ fit and will define the next steps.

Here are the specific areas that will be covered:

1. IT objectives: Catalog strategic, operational, and infrastructure initiatives occurring in
the customer’s organization
2. Influences: List the factors that will help or hinder the customer’s security outcomes
3. Security priorities: Assess customer’s current maturity levels and priorities for the
upcoming years
4. Defining next steps: Detail the next steps, who is responsible, and when will they
happen

Don’t forget:
• Discovery is the most important part of the workshop
• Customers love to talk about themselves
• It’s an opportunity for the customer to look at their program through a fresh lens
• Be engaged and a challenger, not just a note taker
• Utilize insights immediately throughout workshop delivery and overall sales motion

Objective: Learn about customer’s priorities, initiatives, and key influences on their security
strategy.
Duration: 2hs

What you will need to deliver this session

1. Until September 1, please use the RASER tool

2. After September 1, an online tool will be available at OnRamp

Threat Check
Review the Threat Check report to understand better, prioritize, and mitigate potential vectors of
cyberattacks against your organization.

Objective: Showcase how Microsoft 365 security products can help customers mitigate and
protect against the threats found during the period of this engagement with real data
Duration: Pre-work: 2 days; Threat Check Results: 45 min
What you will need to deliver this session

See complete guide and documentation within the Microsoft Threat Check Toolkit.

Security Immersion Experience

Experience what integrated security means to Microsoft through an immersive exercise that will
give you a hands-on opportunity to explore new ways of handling security needs and
challenges.

Objective: Demonstrate key scenarios – both end-user and SecOps – that brings to life how
Microsoft solutions works
Duration: 2hs

What you will need to deliver this session

Access the Security Customer Immersion Experience here.

Microsoft 365 Security Design Architecture Session

This is an optional module if the audience requires deep technical content instead of the CIE.

Go deeper and have a whiteboard session with security experts. If your customer is expecting
deep technical content, please:
1. Engage CSG team, or
2. Request a Microsoft 365 Security Design Architecture Session from the MTC Catalog