Powered by

# Microsoft 365 and Azure

In today's digital landscape, the utilization of cloud solutions has become increasingly prevalent, with organizations frequently opting for either Software-as-a-Service (SaaS) offerings to facilitate collaborative activities or Cloud computing solutions. These cloud-based options offer unparalleled convenience and seamless integration for both end users and IT teams, effectively alleviating the burden of infrastructure management.

However, it is crucial to recognize that even though Microsoft 365 and Azure ease the burden of managing underlying infrastructure, they demand careful consideration in terms of exposure, attack surface, and potential malicious activities. To address these concerns, Microsoft provides a plethora of settings and tools designed to assist companies in achieving compliance and attaining an optimal level of security. As a professional working in this field, it is essential to comprehend the capabilities offered by these platforms and learn how to effectively leverage them.

Before delving deeper into the security aspects of the Microsoft cloud environment, it is imperative to address a commonly asked question that arises during my work: What sets Microsoft 365, Azure, and Azure AD apart from one another? Understanding the distinctions between these platforms will serve as a solid foundation for exploring the security considerations inherent to the Microsoft cloud ecosystem.

# Know the difference

Microsoft Azure is the cloud computing service provided by Microsoft.
It allows organization to access, store and manage a multiple range of data on Microsoft services to suit needs :

  • Virtual Machines (IaaS)
  • App Services and other PaaS
  • Containers and Kubernetes
  • Azure Active Directory, but more on that later
  • External Identities
  • B2C
  • Azure Active Directory Domain Services (AADDS)
  • Azure Identity Protection
  • Azure Privileged Identity Management (PIM)
  • Firewall, WAF & Load Balancers
  • DNS
  • CDN
  • Several DB services and Azure datalake
  • Blob, Table and queue services for example
  • Automation & functions
  • Application Insight
  • Azure Devops

Azure also provide specific security services such as Microsoft Defender For Cloud or Identities related services, onpremises integration to monitor and manage infrastructures and Active Directory.

To access Azure cloud computing ressources, you need to have a subscription. A subscription is a logical container to host create ressources and process the associated billing. These subscriptions have at least one trust relationship with an Azure Active directory instance. This allows to authenticate, authorize security principals and devices access.

Microsoft 365 is a cloud based (SaaS) platform that regroups productivity, collaboration and communication tools available to user anywhere, anytime. It also offers multiple way to manage devices, compliance and security and support the administrators and decision makers to reach their objectives.

  • Office applications
  • Collaboration and employee experience platform (Microsoft Viva, Yammer and more)
  • Onedrive and Sharepoint
  • Native Email and collaboration security
  • Data protection and governance
  • Unified detection, investigation and response accross identities, email, devices and applications
  • MDM (Mobile Device Management)
  • Microsoft Teams

As a special note regarding the security capabilities of Microsoft 365 with the Microsoft 365 Defender portal. It offers a wide range of capabilities and observability along the kill chain from email to post compromise action on a device or Active Directory activities.

Now part of Microsoft Entra, the identity and multicloud access platform, Azure AD is the focus point for authentication and authorization accross Microsoft platforms like Azure and Microsoft 365. As said for Azure, subscription access is linked to a trusted Azure AD instance and for Microsoft 365, Azure AD enables the creation of users and manage the access to all ressources accross the platform.

This cloud based service empowers users to access cloud ressources, Microsoft or third party SaaS applications. It is also a service that grant IT administrator fine grained control regarding access, audit and protect identities and credentials while meeting with global business requirements. Azure AD integrate modern authentication workflows such as OpenID Connect (OIDC), including Oauth2.0, or SAML (Security Assertion Markup Language) to access underlying data accross the Microsoft ecosystem.

# Security platforms

These cloud services offer a wide range of capabilities but can they can be not used or put aside due to lack of knowledge or misunderstanding within IT Teams and decision makers. Regarding the specifics of cybersecurity, you'll find below a mind map to help you understand the main cybersecurity tools across Microsoft Cloud services.

You'll tell me that's quite a lot of tools, but there's fewer consoles to manage them that you can think of. For example, the Defender 365 portal hosts most of the security process and settings related to Microsoft 365. Regarding Azure, Defender for cloud can be integrated with Defender for Endpoint, allowing a unified management of ressources between differents endpoints.

For starter and to help reference most of the links to access Azure and Microsoft 365 consoles, you may bookmark this website made by Merill Fernando, a senior product manager @ Microsoft :

CMD.MS
https://cmd.ms/

Anyway, as practices makes perfect, I would recommend reviewing your Microsoft 365 and Azure consoles at work or if you have yourself a dedicated tenant. Also, There is a great deal of contents from webinar, documentations to formations and certifications to help you with mastering Microsoft. For this matter, you can take a look at Microsoft Learn learning path and documentations.

# Going further

On this blog, I propose some specific use cases throughout my articles, some related to cloud and some other personal projects that matters to me.
To go further on the topic, you can check out the M365 attack matrix and related investigations and hardening posts available there.

Explore Microsoft 365 common attacks
m365_attacks/
Secure your mail flow and end users
email/

To keep learning and becoming a real Microsoft ninja, you can always check these awesome ressources and training courses :

🚀 Become a Microsoft 365 Defender Ninja
https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/become-a-microsoft-365-defender-ninja
🚀 Become a Microsoft Defender for Cloud Ninja
https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/become-a-microsoft-defender-for-cloud-ninja/ba-p/1608761
🚀 Become a Microsoft Defender for Identity Ninja
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-defender-for-identity-ninja-training/ba-p/2117904
🚀 Become a Microsoft Defender for Endpoint Ninja
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/become-a-microsoft-defender-for-endpoint-ninja/ba-p/1515647
🚀 Become a Microsoft Defender for Office365 Ninja
https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/become-a-microsoft-defender-for-office-365-ninja-june-2022/ba-p/2187392
🚀 Become a Microsoft Defender for CloudApps Ninja
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-defender-for-cloud-apps-ninja-training-june-2022/ba-p/2751518
🚀 Become a Microsoft Defender Threat Intelligence Ninja
https://techcommunity.microsoft.com/t5/microsoft-defender-threat/become-a-microsoft-defender-threat-intelligence-ninja-the/ba-p/3656965

# References 

https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis

https://techcommunity.microsoft.com/t5/azure-developer-community-blog/the-azure-solution-architect-map/ba-p/689700

https://learn.microsoft.com/en-us/microsoft-365/security/defender/microsoft-365-defender?view=o365-worldwide

© Copyright 2023 – Frog (Olivier Mathieu) – All rights reserved