Professional Documents
Culture Documents
Bencsik László
2020.08.24
Microsoft has competitive advantage in AI Security Shared threat data
from partners,
researchers, and law
OneDrive enforcement
Outlook
worldwide
5B
threats
detected on
devices every
month
470B
emails 6.5T
analyzed
200+
threat signals
analyzed daily
global cloud consumer Botnet data from
and commercial Microsoft Digital
services Windows Crimes Unit
Azure
Microsoft
accounts
+Monitor
Indicates sold as standalone
Microsoft 365 Packaging Indicates not sold standalone
Microsoft 365
Microsoft 365 Microsoft 365 Microsoft 365 Microsoft 365
Business
F1 F3 E3 E5
Premium
$4/u/m $10/u/m $32/u/m $57/u/m
$20/u/m
Windows 10 Windows 10
Windows 10
Enterprise E3 per Enterprise E5 per
Enterprise E3 per
Windows Windows 10 Business user
user
(Including VDA
user
(Including VDA
(Including VDA
rights) rights)
rights)1
$5/u/m $10/u/m
1No Windows 10 Enterprise LTSC. No MDOP. Other than the use of Windows Virtual Desktop, rights to access and use virtualized instances of Windows only apply to Licensed Users of a shared device with a Qualifying Operating System
+ +
Defend against Protect Secure
cyberthreats business data your devices
Microsoft 365 E5
$25/u/m Step-up from Microsoft 365 E3
Microsoft 365 E5 Security M365 365 E5 Compliance Audio Conferencing Power Bi Pro
$12/u/m add-on to $10/u/m $4/u/m $10/u/m
Microsoft 365 E3 M365 E5 eDiscovery & Audit $6/u/m
Phone System
M365 E5 Insider Risk Management $6/u/m
$8/u/m
M365 E5 Information Protection &
Governance $7/u/m
Microsoft 365 E3
$32/u/m
Commercial USD ERP shown
Microsoft 365 E5 Compliance Offers
Microsoft 365 E5 Compliance $10/u/m
Pre-req: M365 E3/A3 or Office 365 E3 + EMS E31
M365 E5 Info Protection & Governance M365 E5 Insider Risk Management M365 E5 eDiscovery and Audit
$7/u/m $6/u/m $6/u/m
Pre-req: Any M365 plan or [any Office 365 Pre-req: Any M365 or Office 365 plan3 Pre-req: Any M365 or Office 365 plan3
plan3]] + Azure Info Protection Plan 1/EMS4]
1 Maintains consistency with requirements for adding M365 A5 Compliance and protects suite discount which assumes underlying investment in A3.
2 Exact General Availability (GA) date for new value TBD
3 Includes standalone Exchange, SharePoint, or OneDrive plans. Maintains consistency with requirements for adding O365 Adv Compliance and provides a path to adding A5 Compliance value for wide variety of users
4 AIP P1 (included in EMS K/F3/E3/A3) required because M365 A5 Information Protection and Governance builds on AIP P1 value and O365 value.
5 New value now Generally Available
Microsoft Confidential: Internal and Partner Use Only Commercial USD ERP shown. See Speaker Notes for EDU pricing.
Layers of protection
Microsoft 365 E5 Security packaging
Microsoft 365 E5 Security Microsoft 365 E5 Office 365 E5 EMS E5 Windows E5
$12/u/m $57/u/m $15/u/m $6/u/m $10/u/m
Azure ATP ⚫ ⚫ ⚫
https://docs.microsoft.com/en-us/office365/admin/security-and-
compliance/secure-your-business-data
Enable MFA w/Baseline Policies
To set up Conditional Access Baseline Policies:
1. In the Microsoft Admin Center, choose Azure Active Directory in
the left-hand navigation under Admin Centers. This will open the
Azure Active Directory admin center in a new tab
2. In the Azure Active Directory admin center, click Azure Active
Directory in the left-hand navigation
3. Click Security near the top of the left menu in the Azure Active
Directory blade.
4. Click Conditional Access under the Protect heading near the top of
the left menu.
5. Select Baseline policy: Require MFA for admins (Preview)
6. Under Enable Policy select the radio button next to Use policy
immediately and then click Save
7. Select Baseline policy: Block legacy authentication (Preview)
8. Set Enable Policy to On and then click Save
To learn more, see Baseline policy: Require MFA for admins & Baseline
policy: Block legacy authentication
Enable MFA for users with Conditional
Access
To set up MFA for a subset of users:
1. In the Microsoft Admin Center, choose Azure Active Directory in
the left-hand navigation under Admin Centers. This will open the
Azure Active Directory admin center in a new tab
2. In the Azure Active Directory admin center, click Azure Active
Directory -> Security -> Conditional Access in the left-hand
navigation
3. Click +New Policy and name the policy Require MFA for Marketing
Users
4. Assignments | Users and Groups: Include the Marketing group,
exclude your admin account
5. Assignments | Cloud apps or actions: Office 365 Exchange
Online and Office 365 SharePoint Online, and Microsoft Teams
6. Access Controls | Grant | Require multi-factor authentication:
Checked
To learn more, see Quickstart: Require MFA for specific apps with Azure
Active Directory Conditional Access
Train users
there's doubt.”
sender and ask if it was legitimate.
Passwords:
—Jonas R. IT manager
Use strong passwords; or better yet, a password manager. at 70 employee manufacturing firm in
Don’t reuse passwords or share accounts with coworkers.
Los Angeles
Use dedicated admin accounts
The problem:
Admin accounts include elevated privileges and are
valuable targets for hackers and cyber criminals.
The solution:
Admins use separate account for regular use and
only use their administrative account when necessary
Tips:
• Admin only accounts do not require a license in
Microsoft 365 Business Premium
• Configure all admin accounts for MFA
• Before using admin accounts, close all unrelated
browser sessions and apps, including personal
email accounts.
• After completing admin tasks, log out of the
browser session.
Raise the level of protection
against malware in mail by
blocking risky file types
Provide message text Do not open these type of files from people you do not know because
they might contain macros with malicious code.
• Click Save
Protect against ransomware
Restore files using OneDrive ransomware recovery:
• Go to the user’s Onedrive For Business
• If you're signed in with a work or school account, select
Settings > Restore your OneDrive.
• On the Restore page, select a date from the dropdown list,
such as Yesterday, or you can select Custom date and time.
If you're restoring your files after automatic ransomware
detection, a suggested restore date will be filled in for you
• If you're selecting a custom date and time, select the earliest
activity that you want to undo. When you select an activity,
all other activities that occurred after that are selected
automatically.
• When you’re ready to restore your OneDrive, click Restore to
undo all the activities you selected.
Stop auto-forwarding for email
Stop auto-forwarding for email, by creating a mail
transport rule:
• In the Microsoft 365 admin center, click Admin
centers > Exchange
• In the mail flow category, click rules
• Click +, and then click Create a new rule
• Click More options at the bottom of the dialog box to see
the full set of options
• Apply the settings in the following table for each rule. Leave
the rest of the settings at the default, unless you want to
change these
Name Prevent auto forwarding of email to external domains
Apply this rule if . . . The sender . . . is external/internal . . . Inside the organization
Add condition The message properties . . . include the message type . . . Auto-
forward
Do the following . . . Block the message . . . reject the message and include an explanation
Provide message text Auto-forwarding email outside this organization is prevented for
security reasons
• Click Save
Enable ATP Safe Links
To enable ATP Safe Links
1. In the Security & Compliance Center, choose Threat management >
Policy > ATP Safe Links
2. Double-click the Default policy
3. In the Use safe links in section, select the option Office 365
ProPlus, Office for iOS and Android, and then click Save
4. In the Policies that apply to specific recipients section, click the plus
sign (+)
5. Specify the following settings:
• In the Name box, type a name, such as Safe Links
• In the Select the action section, choose On
• Select these options:
• Use safe attachments to scan downloadable content
• Apply safe links to email messages sent within the
organization
• Do not let users click through safe links to original URL
• In the Applied to section, choose The recipient domain is.
Then, select your domain, choose Add, and then click OK
6. Click Save
To learn more, see Set up Office 365 ATP Safe Links policies.
Enable ATP Safe Attachments
To learn more, see Set up Office 365 ATP Safe Attachments policies and Turn on
Office 365 ATP for SharePoint, OneDrive, and Microsoft Teams.
Enable ATP Anti-phishing
To learn more about your anti-phishing policy options, see Set up Office 365 ATP anti-phishing
and anti-phishing policies.
First steps to increase the security
https://docs.microsoft.com/en-us/office365/admin/security-and-
compliance/secure-your-business-data
Security related promotions, offers
Security workshop
Standalone Defender ATP
Microsoft 365 Surface Offer
Windows 7 ESU offers for E5
Microsoft 365 E5 Offer
Firstline Offer
Important sites
New name
Practice playbooks
Pro Tip:
Explore Azure cloud offerings to get
2 Which of the following is true about your Disaster
Recovery program?
your business set up with proper All critical systems and data are automatically backed up and are tamperproof
backup and recovery functions so
Our IT guy regularly conducts business continuity exercise drills
you can ensure data and services
are backed up and always available. We use a cloud based recovery service like Azure Site Recovery
Pro Tip:
You need to define a security policy
4 Do you have a security policy in place?
Yes, we do have a comprehensive security policy endorsed by
based on ISO 27001 to ensure management
compliance and alignment to best Yes, someone wrote a policy for us to follow
practices. We can help you write one
and get compliant! No, we do not have a complete security policy
We need 30+ days because it is a lot of work It sounds simple, but in business environments there are a lot of
factors at play that could delay even critical updates. Explore the
We have to patch? Don’t systems patch themselves!?
adoption of Azure Cloud and PaaS and focus on running your
applications in an always up-to-date environment.
Pro Tip:
Define roles and responsibilities
8 How do you limit access to resources?
We have access control defined based on roles and
and look for a technology such responsibilities in AD groups
as Azure AD, and deploy access Everyone asks everyone for access to everything
control features to effectively
manage authentication and We don’t have any real means to reliably restrict access to
authorization to resources. services and data beyond authentication
Pro Tip:
Obtain a comprehensive solution for all
10 Are you prepared to deal with ransomware attacks
and demands?
systems. Patch your systems and apps We patch our systems regularly, remediate any potential risks quickly and have
regularly to ensure propagation of malware regular backups
using old bugs will not go far. Be aware of
zero-day potential risks by following our We have purchased enough Bitcoins to pay for ransoms, so we’re not worried
bug reports and awareness campaigns. if it happens
We are not prepared to handle malware and ransomware attacks at this point
Forrester 2019 Microsoft 365 Partner TEI study commissioned by Microsoft, year over year
Microsoft 365
Opportunities for Partner Growth Advisory
& adoption
Business
solutions
Teamwork Security
Managed
services
Microsoft Teams
is the hub for teamwork in
Microsoft 365
Chats Meetings
Calls Office
+ +
Defend against Protect Manage
cyberthreats business data your devices
Provide value
Employees
Understand
using personal the need
for customers
IT purchasing when dead
decisions Implement the solution
made “on the spot”
Provide value
Security is important
but things
evolve rapidly
New PCs
bought adhoc
Tech is “good
enough” but
not great
Things rarely
talk to each
Hardware can other
be costly
Understand the need
What needs and scenarios resonate with your customer? Map the need to the solution
Show the solution to the customer
Need Scenario Implement the solution
Increase revenue through improving customer experience Communicate with customers for onlineProvide
meetingsvalue
with groups
Become more efficient and reduce cost Collaborate effectively documents to simplify the co-creation process
Ensure security and compliance Guard against external threats, including ransomware and phishing
Ensure that the team stays connected and in sync Communicate with Firstline workers to connect them to the organization
Ensure employees stay productive whether remote or on the go, on any device
Understand the need
Map need to solution Map the need to the solution
Show the solution to the customer
Need Solution Implement the solution
Increase revenue through improving customer experience Provide value
Teams with customer guest access enabled
Files stored in channels with appropriate guest access for customer collaboration
Teams meetings for professional meetings
Become more efficient and reduce cost All files in Teams and OneDrive to ensure effective internal document collab
PowerApps and Flow to automate common tasks and integrate into Teams
Ensure security and compliance Microsoft Defender AV and Office 365 ATP to protect against cyber threats
Ensure that the team stays connected and in sync Teams implemented for FLW, including use of Shifts to manage scheduling
How Microsoft 365 improves productivity in your specific industry: Microsoft Productivity Library
Understand the need
Map the need to the solution
Customer Digital Experiences Show the solution to the customer
Implement the solution
Provide value
What is it?
• Your one place for digital experiences for customers
• Split into demos and customer immersion experiences
• Product scenarios across Teams and Security
What is it?
• Digitized deployment plan
• Set by step guide on implementing solution
Available at aka.ms/partnerlaunchpad
Adoption is the most forgotten step
Understand the need
Map the need to the solution
Show the solution to the customer
Implement the solution
Provide value
Microsoft Modern Workplace Rebranding
New name Old name
For small and medium Microsoft 365 Business Premium Microsoft 365 Business
businesses
Microsoft 365 Apps
Office 365 Business
for business
Microsoft 365 Apps
Office 365 ProPlus
for enterprise
Indicates sold as standalone
Microsoft 365 Packaging Indicates not sold standalone
Microsoft 365
Microsoft 365 Microsoft 365 Microsoft 365 Microsoft 365
Business
F1 F3 E3 E5
Premium
$4/u/m $10/u/m $32/u/m $57/u/m
$20/u/m
Windows 10 Windows 10
Windows 10
Enterprise E3 per Enterprise E5 per
Enterprise E3 per
Windows Windows 10 Business user
user
(Including VDA
user
(Including VDA
(Including VDA
rights) rights)
rights)1
$5/u/m $10/u/m
1No Windows 10 Enterprise LTSC. No MDOP. Other than the use of Windows Virtual Desktop, rights to access and use virtualized instances of Windows only apply to Licensed Users of a shared device with a Qualifying Operating System
Partner Incentives
https://www.microsoft.com/microsoft-365/partners/resources