A Journey to Holistic Cloud Protection with the Microsoft 365 Security Stack - Part 1 - Overview
Published Feb 03 2020 06:19 AM 3,772 Views


Welcome everyone!  My name is James Key and I’ll be your guide as we take a journey through the possibilities of holistic cloud protection with the Microsoft 365 security stack.  I am a Premier Field Engineer at Microsoft who specializes in Microsoft 365 security and compliance.  During my four years I have been blessed to work for an amazing organization and alongside a stellar group of colleagues.  My passion is security and compliance, so I joke constantly about having the best job in the world where I get paid to have fun each day.  Security at each organization is a unique puzzle where you have different technologies, infrastructure, people and processes that make implementing security like trying to solve a Rubik Cube.


As organizations continue to migrate to the cloud it is imperative that everyone understand how to provide modern security against constantly evolving threats.  Data stored in the cloud has become one of the most important assets of an organization and protecting it is key.  Malicious threats can come from many different sources and having a holistic approach will increase your overall security posture.


During this six-part blog series, we will take a journey around how to protect your organization using the Microsoft 365 security stack as we deep dive into the four pillars of security, each with their own separate article.


The goal of this series is to provide a comprehensive security overview and show how the integration of security features within the Microsoft 365 security stack provide holistic security within the Microsoft eco-system and when interacting with third party solutions.  The four pillars that we will discuss are:


Identity (Click here for Part II of series):

Your identity is how you are uniquely identified in your organization and ultimately how you authenticate to access your organization’s data.  An identity could be a member within your organization or a guest like a contractor/vendor.  During the second article in this blog series we will focus on identity security and review the below topics:

  1. Conditional Access
    • Using conditional access we can enforce specific access conditions for corporate users, contractors, guests, company-owned devices, BYODs and more. Examples may be to enforce MFA, review of terms of use, block access from specific countries or give a limited browser only view when on a BYOD.
  2. Password-less Authentication
    • Go beyond insecure passwords and enforce FIDO2 authentication with security key tokens or using the Microsoft Authenticator app.


Devices: (Click here for Part III of the series)

Your device is where you access your application and your data.  Whether this is a corporate-owned device or a personal device; there must be security in place to protect what is on that device.  During the third article in this blog series we will focus on device security and review the below topics:

  1. Microsoft Endpoint Manager
    • Using Endpoint Manager we can enroll devices into Intune for device management as a fully managed corporate device or as an enrolled work profile. This allows for management of the device security like BitLocker encryption, user restrictions, device compliance, and deployment of access resources needed, such as certificates or VPN profiles.  Remote management of the devices also allows for response actions like device wipe, corporate data only wipe, virus scan and passcode resets.
  2. Microsoft Defender for Endpoints
    • Using Microsoft Defender for Endpoints across Windows and macOS, we can extend the built-in Microsoft Defender Antivirus and provide first in class endpoint detection and response. Additionally, cloud machine learning and dynamic sandbox technology can be used to provide real-time protection against zero-day attacks as they launch on your desktop.  Update: this now spans iOS, Android and Linux.


Apps: (Click here for Part IV of the series)

Your applications are where you interact with data.  This can be through platforms like Windows, Mac, iOS or Android devices while using applications like Office ProPlus or Microsoft Edge browser.  During the fourth article in this blog series we will focus on application security and review the below areas:

  1. Microsoft Endpoint Manager
    • Using Endpoint Manager we can enforce policies on applications when a corporate account is signed into them. This allows for a less restrictive security stance for BYODs where you don’t want to manage the device, but instead want to ensure you corporate data doesn’t get accessed or moved to an insecure area on a personal device.
  2. Microsoft Cloud App Security
    • Using MCAS you can prevent/block integration with third-party apps that may be considered risky or non-sanctioned. Through these policies, we can also create remediation actions when specific apps are interacted with.


Data: (Click here for Part V of the series)

Your data is where you may have sensitive information related to individuals at your organization, confidential proprietary processes, or information related to your customers.  This data may be stored in the Office 365 cloud, on devices or shared with external users through third-party solutions.  During the fifth article in this blog series we will focus on data security and review the below areas:

  1. Azure Information Protection
    • Sensitivity Labels (Unified AIP Labeling) provides persistent protection of files and emails so no matter where they go only the individuals that have the specific rights to access them can. AES 256-bit encryption is used to enforce rights management both internal users and external users plus markings like watermarks can be applied based on content and document type.
  2. Microsoft Cloud App Security
    • Using MCAS you can create policies that provide real-time scanning for sensitive information, monitor risky transferring of data, or monitor stale external sharing to take automated remediation actions. Remediation actions like notifications by email/SMS/Power Automate Flow, expire sign-in token, block sign-in or remove access to files from guests after a time period of inactivity.


After taking a deep dive into each of the four pillars of security, there will be a sixth conclusion article that showcases the integration of the Microsoft 365 security stack and how it provides increased security posture for both the Microsoft eco-system and when working with third-party solutions.

With that said, please ensure your seat belt is fastened tightly and get ready for an exciting journey into the holistic approach to cloud protection with the Microsoft 365 security stack!


1 Comment
Version history
Last update:
‎Feb 11 2021 10:55 AM
Updated by: