Microsoft 365 SMB Advanced Security

Microsoft 365 for business

New name, same great value, same price.

Office 365 Business Essentials Microsoft 365 Business Basic

Cloud services Cloud services

Office 365 Business Premium Microsoft 365 Business Standard

Cloud services and desktop apps Cloud services and desktop apps

Microsoft 365 Business Microsoft 365 Business Premium

Cloud services, desktop apps, and advanced security Cloud services, desktop apps, and advanced security

Effective on April 21st, 2020

Microsoft 365 for business
New name, same great value, same price.

Microsoft 365 Business Basic

Cloud services Exchange Teams SharePoint OneDrive

Microsoft 365 Business Standard

Exchange Teams SharePoint OneDrive Outlook Word Excel PowerPoint Publisher Access
Cloud services and desktop apps

Microsoft 365 Business Premium Exchange Teams SharePoint OneDrive Outlook Word Excel PowerPoint Publisher Access

Cloud services, desktop apps, and advanced security

Intune Azure Information Defender Conditional Windows
Protection Access Virtual Desktop

Note: Not all features/product logos shown.

Layered approach to security

Security Issues at each layer

User Device Application Email Document

10 Pro

• Compromised login • Malware/ ransomware • Users can copy/paste/save • Email malware vulnerabilities • Important documents need
(compromised device) corp data to personal apps to be protected internally
• Weak credentials • Ransomware threats/phishing
and externally
• Unmanaged device –BYOD – • Using 3rd party apps with
• Suspicious locations • Protecting sensitive data from
has your corp data weak security • Making sure only the right
being shared
people have access
• Weak pin – anyone can access
• Making sure departing
employees don’t have
access
What is Microsoft 365 Business Premium
Securing each & every layer of productivity seamlessly

Microsoft 365 Business Premium

Identity Security Device Security Application Security Email Security Document Security

User Device Application Email Document

10 Pro

• AAD Features like MFA • Microsoft Defender AV • Restrict copy/paste/save • Advanced Threat Protection • Azure Information Protection
corp data to personal apps for protection against malware protects, classifies Documents
• Self Service Password Reset • Full Centralized Management of
and zero day attacks for secure sharing
Mobile and Laptops with Intune • Accessing sensitive apps
• Conditional Access
securely (Windows Virtual • Data Loss Prevention to • Revoke access to Documents
• Remote wipe of data of lost &
Desktop) monitor sensitive data from
stolen devices • Track Sensitive documents
being transmitted
• BitLocker Encryption
• Email restrictions like “Do Not
• Enforce Strong Pin requirements Forward” or “Encrypt Email”
along with WiFi, VPN profiles
What is Microsoft 365 Business Premium
Device & Application Security Identity Security

Intune Azure AD Office 365

Self Service Password Reset Exchange Online: Email Calendar

MFA SharePoint Online: ODFB, Sites
Conditional Access New Teams: Persistent Chat
Office Client: Word, Excel PowerPoint

10 Pro External Threat Protection

Office 365 Advanced Threat Protection
Office 365 Multi-Factor Authentication
Mobile Devices Windows 10 Pro device Active Directory
Controlling Data Access
Device Management
Data Loss Prevention
Microsoft Defender AV
Preservation with Exchange Online archiving
Centralized Windows Security Enablement
Information Rights Management & Encryption
E2E MDM for iOS/Android
Wifi, VPN, Profile; Certificate Management
Email Security
Intune Application Management
Restriction on Cut/Copy/Paste on personal apps

Document Security
Azure Information Protection
Identity

Azure AD

Hybrid Configuration
AAD Connect enables a single username/password for cloud and on premises apps
1. Self Service Password Reset
Self Service Password Reset with writeback
2. Multi Factor Authentication for: Let’s your users change password easily and that’s written back to AD to maintain
• Microsoft Services uniform Password Policies
• 3rd Party Apps
MFA for additional security for:
3. Conditional Access New Microsoft Services (incl. Office services)
• User
• Location 3rd Party Apps
• Devices
• Apps Conditional Access
Enforce access controls based on location, user state, device state and apps

Active Directory
Device & Application Security

Intune does two things:

Intune
1. Device Management For Windows & Mobile Devices
MDM + MAM
2. Mobile Application Management for iOS & Android

10 Pro

Mobile Devices Windows 10 Pro device

Device Security

Intune does two things:

Intune
1. Device Management For Windows & Mobile Devices

Win 10 Auto enrollment benefits: Central Management of

windows by enabling Microsoft Defender AV, Ransomware end
point protection and BitLocker enablement

10 Pro

Windows 10 Pro device

Device Management

Intune does two things:

Intune
1. Device Management For Windows & Mobile Devices

End-to-end
• Device registration
• Certificate management
• Wifi, VPN profile
• Device wipe for stolen devices
10 Pro

Mobile Devices Windows 10 Pro device

Application Security

Intune does two things:

Intune
2. Mobile Application Management
MAM for iOS & Android

Restricting Cut/Copy/Paste/Save on Personal

Ring fencing Apps
apps

Corp @contsoso.com

Personal @hotmail.com

Email attachment Copy Paste Save

OneDrive
for Business

Can’t paste to Can’t save to

personal apps personal storage
Email Security

1. External Threat Protection

Office 365 Office 365 Advanced Threat Protection
2. Controlling Data Access
Data Loss Prevention
Exchange Online: Email Calendar
Preservation with Exchange Online archiving
SharePoint Online: ODFB, Sites Information Rights Management & Encryption

Teams: Persistent Chat

Office Client: Word, Excel PowerPoint

Advanced Security
1. External Threat Protection
Office 365 Advanced Threat Protection
2. Controlling Data Access
Data Loss Prevention Protection against unknown malware/Viruses
Preservation with Exchange OnlineOffice
archiving
365 • Behavioral analysis with machine learning
Sender
Information Rights Management & Encryption • Admin alerts
Multiple filters + three antivirus engines
with Exchange Online protection Time-of-click Protection
Detonation chamber • Real-time protection against
(sandbox)
Suspicious malicious URLs
Executable?
attachment
Registry call? • Growing URL coverage
Elevation?
……?
Malicious links Rich Reporting and Tracing
• Built-in URL trace
Recipient
Unsafe Safe • Reports for advanced threats
Safe Links rewrite
Advanced Security
2. Controlling Data Access
Data Loss Prevention

Data Loss Prevention

• Offers Policy Tips to prevent users from

sharing sensitive content
• Detects sensitive content based on pattern
matching engine for various sensitive data
• Bank Routing Numbers
• SSNs
• PHI
• Takes Action
• Blocks
• Reports to admin
Advanced Security
2. Controlling Data Access
Exchange Online Archiving

Exchange Online Archiving

• Unlimited archiving mailbox

• eDiscovery features to help produce
data/content
• Provides long term retention of content
based on compliance requirement
• Retains even deleted items for long term
retention & eDiscovery
Advanced Security
2. Controlling Data Access
Information Rights Management & Encryption

Information Rights Management and

Encryption

• Set Permissions like ‘Do Not Forward’

• Enable External Encryption – where
recipients get fully encrypted emails
Document Security

Azure Information
Protection Azure Information Protection
• Classification & labeling:
• Manually classify documents based on labels like “Highly
Confidential” that is associated with a certain group access
• Encryption: The encryption follows classification labels
• Tracking: who/where document is accessed
• Revoke access previously granted

User 1 User 2

Document
Classification & labeling: “Highly Confidential”
Encryption
Tracking
Revocation
What is Microsoft 365 Business Premium
Securing each & every layer of productivity seamlessly

Microsoft 365 Business Premium

Identity Security Device Security Application Security Email Security Document Security

User Device Application Email Document

10 Pro

• AAD Features like MFA • Microsoft Defender AV • Restrict copy/paste/save • Advanced Threat Protection • Azure Information Protection
corp data to personal apps for protection against malware protects, classifies Documents
• Self Service Password Reset • Full Centralized Management of
and zero day attacks for secure sharing
Mobile and Laptops with Intune • Accessing sensitive apps
• Conditional Access
securely (Windows Virtual • Data Loss Prevention to • Revoke access to Documents
• Remote wipe of data of lost &
Desktop) monitor sensitive data from
stolen devices • Track Sensitive documents
being transmitted
• BitLocker Encryption
• Email restrictions like “Do Not
• Enforce Strong Pin requirements Forward” or “Encrypt Email”
along with WiFi, VPN profiles
What is Microsoft 365 Business Premium
Device & Application Security Identity Security

Intune Azure AD Office 365

Self Service Password Reset Exchange Online: Email Calendar

MFA SharePoint Online: ODFB, Sites
Conditional Access New Teams: Persistent Chat
Office Client: Word, Excel PowerPoint

10 Pro External Threat Protection

Office 365 Advanced Threat Protection
Office 365 Multi-Factor Authentication
Mobile Devices Windows 10 Pro device Active Directory
Controlling Data Access
Device Management
Data Loss Prevention
Microsoft Defender AV
Preservation with Exchange Online archiving
Centralized Windows Security Enablement
Information Rights Management & Encryption
E2E MDM for iOS/Android
Wifi, VPN, Profile; Certificate Management
Email Security
Intune Application Management
Restriction on Cut/Copy/Paste on personal apps

Document Security
Azure Information Protection
Thank You!
SMB Technical Community: aka.ms/smbtc

© Copyright Microsoft Corporation. All rights reserved.