Following on from my email last week, I wanted to describe how you can build a complete Security Information and Event Management (SIEM) solution completely with Microsoft offerings. My philosophy is two-fold: 1) make the most of the Microsoft 365 licencing you already have and, 2) remove much of the third-party security infrastructure you have that subsequently becomes redundant. The result is a simpler security management environment that is more effective [I believe] at preventing, detecting and handling security incidents.
A good place to start are the security setup items in the Microsoft 365 Admin Center. Here, you can enable Microsoft’s recommended security defaults and conditional access policies (inc MFA). Before you get started though, it’s a good idea to setup at least 1 or 2 break-glass accounts and monitor access of these accounts through Azure Monitor. These will ensure that you don’t ever get locked out through misconfiguration.
Then, check out the Microsoft 365 Defender Center, and in particular, the recommendations under your Microsoft Security Score. If you are like most organisations, you’ll be presented with a long list of recommended remediation tasks. Click on any one of these to get handy implementation instructions.
To go further, look at Microsoft Defender for Endpoint – comprehensive device security pushed out through Endpoint Manager, and Microsoft Defender for Office 365 (the welcome [and far cheaper] replacement for products like Mailguard). If you have workloads in Azure, also check out the Azure Security Center. In addition, Microsoft Purview (was known as Security and Compliance Center) provides content classification, audit and deep data investigation functions. With Purview, you can also apply policies for automating the detection of potential compliance breaches (eg credit card numbers in the clear).
And as with everything Microsoft, all roads lead to Rome. Go ahead and choose a path to a better security posture that best suits you and your organisation.
And remember, security is, as one of my favourite 80s movies suggested, one [persons] struggle to take it easy.
Across the Industry
Mobile point-of-connect (POI) trailer trialled in Traralgon, Gippsland
Hubble image captured in 2010 includes a supanova
Live captioning, 3D models in construction, and more in the 2022 InnovationAus Awards
AI-driven early detection system for epidemics developed in Australia
Essential digital transformation ideas for organisations
Recent Government Tenders
Townsville City Council: Waste Management Software (VendorPanel)
Peak Services Group: Request for Tender for ICT Managed Services Provider (VendorPanel)
City of Stonnington: FOGO RFID Trial (VendorPanel)
Austin Health: Implementation Planning Study (IPS) on the Department of Health Oracle E Business Suite (Buying for Victoria)
SA Health: Central Adelaide Local Health Network (CALHN) Digital Front Door (Consolidated Tender)
Regional Development Australia Yorke and Mid North Inc: Development of an Economic Modelling Tool (Consolidated Tender)
Yorke Peninsula Council: Enterprise Resource Planning (ERP) Solution Replacement (Consolidated Tender)
The Arnott’s Group utilises Microsoft Sustainability Manager
The ABC looks to retire its Private Automatic Branch Exchange (PABX) systems