Flashcards in Implement Microsoft 365 security and threat management Deck (18)
What is CAS?
Cloud App Security helps you mitigate different risks in the cloud
Policies allow you to define the way you want your users to behave in the cloud. They enable you to detect risky behavior, violations, or suspicious data points and activities in your cloud environment. If necessary, you can integrate remediation work flows to achieve complete risk mitigation. There are multiple types of policies that correlate to the different types of information you want to gather about your cloud environment and the types of remediation actions you may want to take.
What is access control? Who can access what from where?
Continuously monitor behaviour and detect anomalous activities, including high-risk insider and external attacks, and apply a policy to alert, block, or require identity verification for any app or specific action within an app. Enables on-premises and mobile access control policies based on user, device, and geography with coarse blocking and granular view, edit, and block. Detect suspicious login events, including multi-factor authentication failures, disabled account login failures, and impersonation events.
Compliance: Are your compliance requirements breached?
• Catalog and identify sensitive or regulated data, including sharing permissions for each file, stored in file-sync services to ensure compliance with regulations such as PCI, SOX, and HIPAA
Configuration control: Are unauthorized changes being made to your configuration
Monitor configuration changes including remote configuration manipulatio
Cloud Discovery: Are new apps being used in your organization? Do you have a problem of Shadow IT apps being used that you don't know about?
• Rate overall risk for each cloud app based on regulatory and industry certifications and best practices. Enables you to monitor the number of users, activities, traffic volume, and typical usage hours for each cloud application.
DLP: Are proprietary files being shared publicly? Do you need to quarantine files?
On-premises DLP integration provides integration and closed-loop remediation with existing on-premises DLP solutions
Privileged accounts: Do you need to monitor admin accounts?
Real-time activity monitoring and reporting of privileged users and admins.
Sharing control: How is data being shared in your cloud environment?
Inspect the content of files and content in the cloud, and enforce internal and external sharing policies. Monitor collaboration and enforce sharing policies, such as blocking files from being shared outside your organization.
Threat detection: Are there suspicious activities threatening your cloud environment?
Receive real-time notifications for any policy violation or activity threshold via text message or email. By applying machine learning algorithms, Cloud App Security enables you to detect behavior that could indicate that a user is misusing data.
What is endpoint behavioural sensor?
Embedded in Windows 10, these sensors collect and process behavioral signals from the operating system and sends this sensor data to your private, isolated, cloud instance of Microsoft Defender ATP.
What is Azure AD Identity protection?
Identity Protection is a tool that allows organizations to accomplish three key tasks:
Automate the detection and remediation of identity-based risks.
• Investigate risks using data in the portal.
• Export risk detection data to third-party utilities for further analysis.
What is an access policy?
Access policies provide you with real-time monitoring and control over user logins to your cloud apps.
What is an activity policy?
Activity policies allow you to enforce a wide range of automated processes using the app provider’s APIs. These policies enable you to monitor specific activities carried out by various users, or follow unexpectedly high rates of a certain type of activity.
What is an anomaly detection policy?
Anomaly detection policies enable you to look for unusual activities on your cloud. Detection is based on the risk factors you set to alert you when something happens that is different from the baseline of your organization or from the user's regular activity.
What is an app discovery policy?
App discovery policies enable you to set alerts that notify you when new apps are detected within your organization.
What is a cloud discovery anomaly detection policy?
Cloud Discovery anomaly detection policies look at the logs you use for discovering cloud apps and search for unusual occurrences. For example, when a user who never used Dropbox before suddenly uploads 600 GB to Dropbox, or when there are a lot more transactions than usual on a particular app.
What is a file policy?
File policies enable you to scan your cloud apps for specified files or file types (shared, shared with external domains), data (proprietary information, personal data, credit card information, and other types of data) and apply governance actions to the files (governance actions are cloud-app specific).