我是苏珊·布拉德利,这里是CSO在线。我在这里告诉你一些我认为你需要添加到任何全球管理帐户的东西。Office 365或Microsoft 365。以便跟踪访问。首先讲一点背景知识。我想让你们多花点时间和精力来保护你们的全局管理员帐户的原因是他们已经成为了目标。最近,在Krebs关于安全的文章中,他指出,一个托管服务提供商成为攻击其客户的目标。正如文章所指出的,攻击者窃取了MSP用来管理Office 365客户端帐户的管理凭证。那么你能做些什么来为自己和你的客户提供更多的保护呢?我有一些想法。 Microsoft already has some ideas. They're going to mandate the use of multi factor authentication for any cloud service providers. But I have one more idea that I think you should look into. This is a service called. Cloud application security. Now you can add it to an existing subscription or if you happen to have an E5 subscription it's default. You can purchase a single subscription and add it to any global administrative account. The way to set it up if you have a subscription to it is go into alerts. Click on manage advanced alerts. And you want to turn on Office 365 cloud app security. As you can see there is many different policies. The built in policies that are actually quite effective. We're going to do a special custom policy and it's quite easy to do. We're first going to start out by clicking on create policy. And as you can see there's many different templates that you can build on. There's access policy activity. App discovery. Cloud Discovery bio policy. OAuth. App policy and social policy. We're going to choose that type of custom alert we want to set. You can build an alert from an existing template or leave it blank to build a totally custom. If you want to block Loggins from a certain geographic region. You click on create policy and then we're going to click on activity policy. We're going to leave the policy template blank. We could choose a template but we're going to leave it blank. We're going to call the policy a name. In our case we're going to call it geo blocking.
我们要写一个描述。我们要把严重程度调高。我们将选择威胁探测。
我们将在创建过滤器上选择单个活动。现在我们要选择一个过滤器。你可以看到这里有很多不同的过滤器。我们要选择位置。你可以看到,我们可以选择各种不同的国家。或者我们想要阻止的区域。我无意冒犯任何人。所以,如果你的国家被选到这里来,我无意冒犯你。我要选,哦,我们选吧。马耳他。 Again no disrespect intended. Then you want to create the type of alert. Send an email. Send a text message. You can even send an alert to something called Flow. I'll go into that in an upcoming episode. For now I'll just send a text message. You put your phone number in there. And then you're going to pick what action occurs. In my case I'm going to pick Office 365 and. I'm going to say that it's five times something comes in from this country and I don't want it to be I'm going to suspend the user. And then once I'm done I'm going to hit create. You can also come up here and say edit and preview the results to see if any one is going to be impacted by this policy. We're going to create.
这就是答案。这是特定地理位置的客户警报。如你所见,这是一个非常强大的工具。我再次建议任何Office 365的管理员考虑添加到订阅中,如果你还没有启用,请这样做。云应用安全还可以用于监控不同的云应用。找出你网络中隐藏的或秘密的it事件。例如,如果有人正在使用一些他们不应该或没有授权的应用程序,这将告诉这一点。检查出来。微软云应用程序安全是一个非常强大的工具,您可以将其添加到您的识别和检测武器库中。到此为止。 This is Susan Bradley for CSO Online.