这是苏珊·布拉德利CSO在线。我在这里要告诉你的东西,我认为你需要添加任何全局管理员帐户。为Office 365或Microsoft 365.为了跟踪访问。第一关的背景一点点。现在我为什么要你带多一点时间和精力来保护您的全局管理员帐户的原因是,他们正在有针对性的。最近在克雷布斯安全,他指出,管理服务供应商是有针对性的攻击他们的客户。随着故事的笔记,袭击者抢走管理凭据的MSP使用与Office 365来管理客户帐户所以,你能做些什么来提供自己带着一点点更多的保护自己和客户。嗯,我已经有了一些想法。微软已经有了一些想法。他们打算强制使用多因素身份验证的任何云服务提供商。 But I have one more idea that I think you should look into. This is a service called. Cloud application security. Now you can add it to an existing subscription or if you happen to have an E5 subscription it's default. You can purchase a single subscription and add it to any global administrative account. The way to set it up if you have a subscription to it is go into alerts. Click on manage advanced alerts. And you want to turn on Office 365 cloud app security. As you can see there is many different policies. The built in policies that are actually quite effective. We're going to do a special custom policy and it's quite easy to do. We're first going to start out by clicking on create policy. And as you can see there's many different templates that you can build on. There's access policy activity. App discovery. Cloud Discovery bio policy. OAuth. App policy and social policy. We're going to choose that type of custom alert we want to set. You can build an alert from an existing template or leave it blank to build a totally custom. If you want to block Loggins from a certain geographic region. You click on create policy and then we're going to click on activity policy. We're going to leave the policy template blank. We could choose a template but we're going to leave it blank. We're going to call the policy a name. In our case we're going to call it geo blocking.
我们打算把一个描述。我们将严重性设置为高。我们要选择的威胁检测。
我们要选择单上的活动创建过滤器。现在,我们要选择一个过滤器。正如你可以看到有许多不同的过滤器到这里。我们要挑选位置。正如你可以看到现在我们可以挑选各种不同的国家。或地区,我们希望阻止。我的意思是不尊重任何人。所以,如果你的国家正在选择到这里我的意思是不尊重你。所以我只是要挑哦,让我们挑。马耳他。 Again no disrespect intended. Then you want to create the type of alert. Send an email. Send a text message. You can even send an alert to something called Flow. I'll go into that in an upcoming episode. For now I'll just send a text message. You put your phone number in there. And then you're going to pick what action occurs. In my case I'm going to pick Office 365 and. I'm going to say that it's five times something comes in from this country and I don't want it to be I'm going to suspend the user. And then once I'm done I'm going to hit create. You can also come up here and say edit and preview the results to see if any one is going to be impacted by this policy. We're going to create.
有你有它。有客户警惕某个地理位置。正如你可以看到这是一个非常强大的工具。又一次的东西,我建议任何管理员Office 365的考虑添加到您的订阅,或者如果您还没有启用,请这样做。云应用的安全性,也可用于监测不同的云应用。并找出隐藏的或秘密的资讯技术事件您的网络。例如,如果有人使用一些应用程序,他们不应该或不授权这样做,这将告诉。看看这个。微软云应用的安全性是一个非常强大的工具,你可以添加到您的身份证明和检测库。 That's it for now. This is Susan Bradley for CSO Online.