Let's have a deeper look at the roadmap.

In the following sections we will look at the functionality of each of the steps but then map the requiremsnts to the Microsoft technology. 

 
 
ATA.JPG

Step 1: Protect your Active Directory. 

Nearly everyone has on premises Active Directory (AD) and for now, it's the source of nearly all our users identities. If an attacker gets inside your network they will look to attack your user accounts in AD.  A username and password is all you need to get a session ticket, so we really need to get some kind of Intrusion Detection System (IDS) in play to identify nefarious behavior on your network. 

Considering "identity is the new control plane" we need to look to the source of all our identities; your AD and make sure we can feel secure about the security health of our AD.  Yes this is all on-prem and I know it's supposed to be all cloud based but ATA and Windows 10 are the two on-prem parts of this suite. 

 
 

Step 2: Protect your endpoints.

Advanced persistent threat's present a serious risk to our users at so many levels. AV companies look for new malware, write a signature and then you need to get it out to your machines.  Windows Defender Advanced Threat Protection or ATP looks for behaviors on the machine, track the attack and allow us to isolate the machine. 

This tool is so amazing it's the second step on our roadmap, learn more about it below.

ATP.jpg
 
 
15662066_l.jpg

Step 3: Protect your email from Ransomware, Malware & Phishing.

A well crafted email that was spoofed to look like it came from the CEO just arrived in the CFO's inbox. The URL he has to click, to make a payment, is spoofed and false, right now you are in hot water, very hot water. But guess what, the attackers didn't plan on you having deploying O365 ATP. The intelligent security graph has caught the attack, Exchange Online has prevented the click through, and you look like a hero.  Welcome to the world of advanced threat protection in O365. 

 
 
 

Step 4: The future of Identity Management - Azure AD. 

Keeping users safe in our new word, while allowing them to access new resources outside of our old world is just not possible when you only have on-premise directory services.  Azure AD is the largest most secure cloud based directory in the world.  If you already have O365 then you are already using Azure AD, even if you are going to stay with Exchange On-Prem or gmail (best of luck if you are still on notes), you can avail of many of the security features from brokering your access management through Azure AD. 

52117439_l.jpg
 
 
 
52117366_l.jpg

Step 5: Protect your users identities with hyperconnected security,  Azure Identity Protection.

We need advanced security for our users, but applying this security all the time when its not needed just gets in the way! Imagine the airbag in your car going off when you start the car, MFA all the time is akin to this analogy.   With Azure Identity Protection we can apply additional security measures on a user only when the risk level increases. 

 
 
 

Step 6: Give your admins "just in time" administration access. 

Your IT admins are prize accounts, hackers look to latterly traverse your network to find admins. So how can you remove people from full time admin group membership, to an environment whereby they get access just when they need it. 

Privileged Identity Management is the Azure AD tool that allows you to do just that.  This toolset only applies to your admins so its deployment won't have a negative impact on the larger end user estate. 

 
34179165_l.jpg
 
 
 

STEP 7: Protect your user and data in the SaaS apps.

With more and more use of SaaS based apps that can be bought with a credit card and suddenly store company data or develop into a critical business function how can you discover and control these services. 

How can you discover what apps are in use in your company? How can you discover unusual behaviour to SharePoint Online or Exchange Online and what happens if someone is sending personal identified data from Dropbox to an outside group or a competitor. 

Step 8: I have to protect my users with greater security, I need to get MFA in place. 

Microsoft have your MFA needs met in two formats, cloud and on-premise.  Phonefactor is the hybrid solution for your AD, AAD and VPN services.  With the SaaS based version we can get users to register for MFA and they can verify the MFA challenge with 4 different methods. 

52117366_l.jpg
 
 
42355720_l.jpg
 

Step 9: You need to protect your data, everywhere, on every device and throughout the world. 

There are so many data protection challenges we need to address, and it needs to be done yesterday. The GDPR regulation train is firing down the track at you as we speak and we need to get ready for this now. Azure Information Protection is the number 1 place for you to start this journey. 

 
 

Step 10: We need to protect our devices outside of the corporate network, and enable conditional access to my resources.

Intune is a central component to your security stance, and something that is going to be pivotal to controlling access to your most precious resources.  Intune can manage your laptops and tablets and phones. Chosing the apps that people are allowed to use to access our data puts you in the driving seat for controling your data. 

28640556_l.jpg
 
 
44100550_l.jpg

Step 11: We have a hybrid environment that we need to secure across all clouds including AWS and Google.

The Operations Management Suite (OMS) give you the ability to secure your resources across your data centers, Azure and AWS.   

 
 
 

Step 12: Our company is growing our footprint in Azure.

Both IaaS and PaaS, how do we keep it all safe? Azure has a security assessment and configuration tool set called Azure Security Center.

18457017_l.jpg