Zero Trust – At Scale

Umbrellar Connect

Zero Trust is the modern methodology we need for the post-pandemic hybrid workforce. It offers enhanced security across all devices and applications, including BYOD (Bring Your Own Device) and delivers a frictionless employee experience regardless of location. Revisit our first article in the Zero Trust series to get a refresher on the three principles.

Zero Trust Architecture with Microsoft 365 E5

The Microsoft 365 E5 licence includes tools that help you scale your Zero Trust architecture with ease. We’ll outline the five main security enhancements, and show you how to minimise your cost impact.

Defender for Endpoint

Defender for Endpoint P1 is included in the E3 license and provides a suite of tools to protect your devices including anti-malware, endpoint firewall, web filtering, controlled folder access and device control. However, employees are fallible human beings so it is inevitable that some devices will get compromised.

When that happens, the ability to detect, analyse, investigate and remediate the threat is critical. Defender for Endpoint P2 is included in the E5 license and provides these additional capabilities:

  • Endpoint detection and response
  • Automated investigation and remediation
  • Threat and vulnerability management
  • Threat intelligence (Threat Analytics)
  • Sandbox (deep analysis).

Identity and Access Management

Azure AD Premium P1 is included in the E3 license and includes Conditional Access, multiple methods for MFA, the Authenticator app, Trusted IPs and Fraud Alert. Azure AD Premium P2 is included in the E5 license and provides the following additional capabilities:

  • Risk-based Conditional Access
  • Access Reviews
  • Identity Protection (risky sign-ins, risky users)
  • Entitlements Management
  • Privileged Identity Management (just-in-time access).

Defender for Cloud Apps

Defender for Cloud Apps (formerly Microsoft Cloud App Security) is only available in E5.

Most companies use far more cloud apps than they realize. Many of these apps are unapproved and not compliant with security policies. Since employees are working remotely and accessing cloud apps from BYO devices, the risk of shadow IT is very real. Defender for Cloud Apps gives you the ability to:

  • Assess your app risk profile with a framework of 80 risk factors
  • Expose any compliance violations (HIPAA, GDPR etc)
  • Approve or deny the addition of new apps in your environment
  • Apply Conditional Access App Control (reverse proxy)
  • Protect sensitive data stored in cloud apps.

Information Protection

E3 enables you to classify data and manually apply labels to sensitive data. You can then assign policies to those labels to trigger protective actions, such as encryption or limiting access to third-party apps.

E5 enables you to fully automate this process with integration to Office 365 documents and data so you can protect sensitive information, regardless of where it is stored or who it is shared with (persistence). You can also monitor, track and report on access to sensitive data and revoke access if needed.

E5 also allows the sharing of data externally with partners and clients by defining permissions to view, edit, print or forward. Plus you can also manage your encryption keys with Bring Your Own Key (BYOK) and Hold Your Own Key (HYOK).

For data outside Microsoft 365, use Azure Purview to automatically discover and map Azure data sources, on-premises, and SaaS data sources.

Compliance Management

E3 enables you to manually apply retention labels and company-wide retention policies, and perform litigation hold so you can perform a basic audit. E5, on the other hand, lets you automatically apply retention policies with the following capabilities for advanced audits:

  • Rules-based automatic retention policies and records management with machine learning for retention.
  • Insider risk management, customer lockbox, privileged access
  • Advanced eDiscovery and advanced audit
  • Address regulations and assess compliance with a risk-based score.
  • Third-party connections for external.

Minimising the cost

Sure, E5 comes with a higher price tag, but the uplift from E3 is a small price to pay when you think about the potential $9 million expense of your average cybersecurity breach.  To minimise the cost impact, Mobile Mentor suggests:

  • Start with a small number of E5 licences for the IT team to get visibility of shadow IT and associated threats.
  • Consider E5 licences for the highest risk users (think your C-Suite) who receive the highest volume of phishing emails.
  • Evaluate licence needs for frontline workers to see if any users can be downgraded from E3 to F3.

In part 4 of our Zero Trust series, we’ll summarise Mobile Mentor’s “The Six Pillars of Modern Endpoint Management” and link you to the complete whitepaper.

Get your regular fix of thought leadership from Mobile Mentor by joining their newsletter.

Read the rest of the Zero Trust series to round out your knowledge:

Part 1: Underlying principles of Zero Trust
Part 2: Getting started with Zero Trust
Part 4: 6 transformations to disrupt your legacy IT operations

Schedule a call

Mobile Mentor