Supercharge the Security in Your Microsoft E5 License

Hello everyone. My name is Michael Leggett.
I’m a principal security solutions architect here at Avertium.
So the purpose of today’s sort of walk through and giving some education around the Microsoft E5 security suite in the ways that you can help maximize that while also driving towards things that are compliance and regulatory needs as well.
So Samir, if you don’t mind starting up the slide deck here at 4:00, we’ll just get things started.

This is me and I’ll come back at the end and let you know that I’m still around.
Real quick, as an overview, I want to talk about what we do for clients here at aver DM and ultimately our goal is to help you get to your level of acceptable risk, which is your target state. And we do that through a holistic approach that starts with.
An understanding of your environment from an assessment standpoint at your baseline and then we look at it in two ways, a strategic way and then a tactical way.
So from a strategic standpoint, what are the business initiatives that you’re driving towards? What are the Regulatory compliance. Things that your company is faced with that you need to adhere to and then from a technical standpoint, what can we do to help get you to that point by leveraging existing technologies that you have by helping clean up the processes that might exist, the policies and procedures around those so that we can provide proper context to the necessary parties that are going to be determining what is an acceptable level of risk.

If we go to the next one here, the approach for us is 3 pronged. It’s assess design and protect, so from an assessment standpoint, that’s things like.
Your overview from a risk standpoint, or if you have a particular framework that you’re adhering to, something that we can do to get a baseline understanding of where you’re at.

The design comes in because from that assessment there may be gaps and you might need help addressing those gaps, whether that’s from a strategy standpoint or actually hands on keyboard. We have consultants that can come in and handle that and then we also offer 24/7 protection services around that.
So if we move forward one here, I call that out because the Microsoft ecosystem aligns very well with what our methodology is and clients are asking us a lot.
Hey, how do I take advantage of what the E5 licensing or E3 or business premium or whatever level you’re at?
How do I take advantage of that with my company?
So we recommend following a similar approach a lot of times. This begins with a baseline assessment. Understanding what is afforded to you within your LIC.
Understanding where you’re at today from, excuse me from what you’ve already implemented and how that can be improved upon, both from a Microsoft standpoint, but also from a CIS or CSF, or how this ties into the other compliance frameworks that you have.
And then we look at improving things through the intra sweet, which is your identity and access management, Intune for how you’re going to be navigating those spaces and pushing out patches and just generally handling how things are going to be deployed into your environment.
And then from there, clients look at the defender suite and purview defender, which is their detection, response capabilities and purview, which is around their data loss prevention. And then finally, a lot of clients are now starting to explore AI in the ecosystem.
How do I adopt this responsibly and if I decide to go with copilot specifically, how do I align my Microsoft ecosystem to make sure that I’m adopting Microsoft Copilot, which really begins again with that cyclical motion and starts over at an assessment standpoint?
We need to make sure all these other things are buttoned up so that we can properly leverage copilot.
That leaves us a lot of times with is working with clients from a programmatic standpoint, working on competing workloads.
Things that are going on in parallel to help improve their overall security posture in their program.
So this manifests itself in different ways.
Different clients have different needs, but ultimately we can meet them where they’re at and help get them where they’re trying to go.
A lot of that work ends up being optimizing Microsoft, but also taking into consideration, hey, how does compliance play a part of this?
So for us, and really the crux of what brought about this conversation today comes from what is driving conversation.
So on this next slide, I have sort of four things highlighted that summarize effectively the four reasons why people come to us and ask us for help.
Thus the reason why we’re speaking today around Microsoft and compliance far away far away.
Reasons number one and two.
Why folks come to us and they need help are going to be Microsoft in compliance.
So the reason for that.
A lot of times I’ll say people don’t do what they should do.
They do what they have to do and I don’t necessarily mean that in a in.
There’s a lot of things going on in a day-to-day from a business standpoint and a lot of times people who are making the ultimate decisions on what to do with the cybersecurity program are not the cybersecurity team. They’re looking at how risk is impacting their environ.
How to make the most from their investments? Where should they spend their time?
Where should they spend their money? And a lot of the decision making ultimately comes down to what do I have to do.
So with Microsoft, that really means, hey, I’ve spent a lot of money on this licensing.
And I need to get the most out of that.
So clients come to us to assist with that and probably 1A from that standpoint comes down to compliance.
Hey, there are things that I have to do in order to keep my doors open in order to keep my vendors happy.
So what do I need to do to help get up to snuff from that standpoint? And what we’ll be focusing on here today is how you can sort of marry those two things.
Because they can go hand in hand if rolled out properly to not only drive towards getting the most from your licensing level, creating a secure mature program, but also driving towards that compliance.
So I thought it would be helpful to just take a look at Microsoft in the marketplace today and sort of what they’re doing in the space because a lot of clients that we’re working with are still trying to determine, hey, is Microsoft the right fit for me does?
This make sense with what I’m doing.
And a big part of that is, hey, do I want to consolidate all of these toolsets down and put all my eggs in the Microsoft Basket?
Another thing that I hear a lot is Microsoft going to continue to make an investment in this space?
So I thought it’d be helpful just to call out a few things here to give you some insight into what we’re seeing in the space.
We work really closely with Microsoft.
I was just down in Dallas with them a few weeks ago meeting with their leadership, specifically around what they consider to be their primary initiatives as they head into their new fiscal year.
In no uncertain terms, Microsoft is continuing to make a massive investment in these security space.
And this is largely driven because Microsoft sees security as a means to drive towards their ultimate business goals, which are Azure consumption revenue.
So for them, they’ve over the last five years spent a lot of money into R&D into the security space and they’re going to continue to do so. And from a top down standpoint, security continues to be something that they want to continue to invest in.
But also say that there’s a renewed focus on the mid market.
And by mid-market I mean.
Not sure Joe’s bait and tackle and not your Fortune 500, but basically everything in the middle there.
And this has been shown in a few different ways from Microsoft.
Number one is their approach to the go to market has changed.
So they have now put new emphasis on these sorts of mid-market accounts, how they’re going to assign.
Account representatives, how they’re going to work these accounts. They want to be more involved in the mid-market space.
They see this as a means for them to continue to grow, and if they don’t continue to make services and products more attractive to folks in the mid-market, that’s going to cap what they’re able to do.
The other thing and sort of in tandem with that is a continued XDR development. So for years and years, different product shops have been saying, hey, we have an XDR platform and then you sort of start looking at it and you’re like, do you or do you?
Just have bits and bytes of this and then they can sort of connect to each other in some quasi means and it doesn’t really make sense.
What Microsoft has really been able to do because of their bankroll, because of their investment in the space and because they have the native identity within your suite. And then so many of the business products as well, they’ve gotten closer to actually pulling off a true X.
Platform than any other competitor has up to this point and they see that as their golden ticket to continue to develop, continue to capture that mid-market.
Having one holistic security tool suite that can make it.
Easier for clients to not have to learn 50 different things.
50 different products have new hires.
Learn all the different insurance and outs. All these different tool sets and then their goal is to continue to add on ancillary products around that that make it more attractive. Some of those ancillary products are copilot and purview which go hand in hand, right? Copilot as we.
All know that’s their artificial intelligence.
In purview, which is their data loss prevention.
And as clients continue to adopt copilot, they lost prevention becomes more and more important, and thus purview is getting more and more attention from the Microsoft side of the House as well.
They want to make this a league leader, as it were, because they understand that when folks are trying to responsibly adopt artificial intelligence, there’s a need to monitor and track sensitive information in their environment, which is largely done through purview.
We’re also seeing a continued emphasis on defender for cloud.
As they are looking to modernize workspaces and have full sort of lens into your environment and what those workloads look like moving forward.
So moving forward here.
I also think it’s helpful just to specifically call out xdar and what this looks like again, they want to have a means for easier consolidation.
What I’ve seen in the space over the last five years is that there’s no longer.
The discussion of should we make investment in cybersecurity?
In fact, a lot of folks in the mid-market space, which is where we predominantly focus, have made good investments, but they’ve been making investments in point solutions that maybe aren’t driving towards the outcomes they want because they’re siloed.
It’s hard to gain insight from all these siloed, disparate tool sets when Microsoft is offering is OK.
What if we had a means to have the entirety of the tools tool set from a detection response?
Built in integrations between these tools.
Let’s make it easier for our clients to use your identity already lives within Microsoft.
Let’s make a singular platform that makes it easier for our clients to get to the outcomes that they want.
And this is really what they’re betting on moving forward.
They’ve had a lot of success up to this point.
So I’ll call out here on this next slide. Just a real wall of text here, but ultimately what I want to call out is that this methodology is working and it’s working for a few reasons.
Number one, Microsoft’s go to market is largely around how they handle licensing. As many of you I’m sure know.
So if you have E3 licensing or you have E5 licensing or you have business premium licensing, you’re afforded all these different.
Abilities within your security tool suite.
And Microsoft’s approach is, well, let’s say you bought E5 for one particular reason.
Maybe you really like defender for endpoint, which is now basically one out of every five endpoints. Endpoint protections on the market is dependent for endpoint.
Maybe you really liked it for that.
With that E5 suite, you’re also giving an absolute laundry list of tools. Some of them are very good, and some of them are good enough.
And the idea for them is well, as long as we can have our clients.
And adopt this.
There’s a compelling reason to take advantage of this locked in effect.
Do I really want to purchase another tool if the one that I’m already giving to my license is serving its purpose?
Going back to what I was saying about the shift over the last five years, more and more clients are looking for outcomes from tools.
It doesn’t necessarily have to be the best in breed.
They just want to be able to maximize it. What we find, quite frankly, especially in the mid-market space is people have adopted tools.
They bought these tools, but they haven’t rolled them out to completion.
So in in practice, they’re only getting maybe thirty 4050% of what that tool could even offer.
So Microsoft’s go to market strategy is, hey, with this license you get all these things.
And they’ve done some things exceptionally well.
So if you look at Gartner ratings for a variety of different tool sets, they are already in the Magic Quadrant and they continue to push forward with this development to add additional products to be considered as sort of leaders in the space.
So moving forward here, just to just to sort of visualize what I was speaking to from a CASB standpoint from a SIM standpoint, from access management, endpoint protection, these are things they’ve already developed.
They’re already coming to light.
Here I’ll spend a little bit of time later in this presentation walking through like the five or six things that most clients want to take advantage of from the E5 suite.
And sort of give you a little glimpse as to what the road map looks like for those and how clients are taking advantage of it.
But as it sits today, they’re already within the C5 suite.
They’re doing a lot of things that are not just good enough.
There are some things they’re doing exceptionally well and that’s showcased here.
Again, the idea for Microsoft is consolidation holistic.
Look at all these things that we could do if you if you put it into our Microsoft Security suite on the next slide here though, I think.
Speaks this in a slightly different way, which is OK, great.
I have all these things available to me. Doesn’t make sense.
What I will say is for folks looking to adopt E5, if you’re comfortable with the technology platform and that’s where your business is headed.
What we find is a lot of times just through duplicative spend, you’re able to sunset existing tool sets in your environment and take advantage of what E5 gives you and come out with some net savings.
So this is a client that we worked with ended up having.
About $20,000 of savings per month. Just taking advantage of the licensing they already had, because for years they’ve been buying point solutions to handle the same things that Microsoft could afford them through their licensing. Does this happen?
Every single time.
No, of course not.
But what we see a lot in the space if folks have been going out and purchasing best to breed is there is a very good chance of at least a break even if not some cost savings.
That’s all well and good, but I have this license.
Now what?
And this is something that our team here at M speaks with clients about every day.
So going back to that road map, that long term strategy for us, if we decide to go down to Microsoft or if we have Microsoft and we want to optimize it, how does that align with my road map?
How does this help me with those drivers that the business owners care about, which are our compliance in our cyber insurance?
What could I do away with in my environment? Because there’s duplication of what’s happening.
Taking advantage of this licensing, sometimes folks are still in the camp of like, should I even make this purchase?
What do I get if I buy it?
What is performing very well versus what’s performing?
Just OK and for my specific environment, does this make sense for me? Or maybe you’ve purchased something and you’re thinking how can I optimize this?
You’ve got this sweet, but you’re struggling with rolling out Intune because it’s competing with your existing GP OS, which is a common thing that we hear so.
For us, we’re working with clients to help them address these.
These questions and paint a picture of what it might look like if they wanted to move forward and provide assistance to do so.
So on this next slide here.
One of the things that is very common for us. We, and I’ve heard and we don’t handle licensing, but because of the involvement that we have in so many clients asking us about how to best take advantage of what they’ve purchased, licensing considerations are always at the.
Top of mind.
So if you have an environment that has 300 users or less, business premium is incredible bang for your buck.
It offers a lot of the feature sets that are in E3 and some additional ones that are only afforded to you if you had E5.
E5 is obviously the high level one that includes every single thing in the security suite.
And then just to make things fun, they also offer a la carte licensing.
So if you have E3 but you also want to do some versions of step up or business premium will step up and so on and so forth. You can also purchase it through a la carte licensing and helping folks think through and navigate. That is a big part.
Of what we do.
Ultimately, what we want to call out here is there’s a phased approach that needs to happen. If you want to take advantage of these things.
So you know, we always recommend starting with identity and getting your role based access controls tightened up, making sure intra is clean before we rotate over to Intune so that you can manage those things properly. Then having proper policies and procedures in place so we know how to.
Best take advantage of what we’re doing with that defender suite and then looking at things like DLP via your purview.
If to maintain proper controls around your sensitive information.
And make that determination around whether or not you want to adopt copilot and AI and those things moving forward.
OK.
So let’s into the meat and potatoes of this here.
So over the next few slides, I want to talk a little bit about these six products set within Microsoft and some of the things they do well. Some of the common challenges that clients face. And then I want to take that and then align these against common compliance, DRI.
And show that there’s mappings within that so that we can kill those two birds with one stone.
So starting things off here, Intune tends to be a sticking point for a lot of clients and Intune. You know, if you do a quick Google search a lot of times it’ll pull up.
It’s an it’s an MDM, which is true, but it doesn’t really speak to the impact that Intune has into the Microsoft ecosystem. If you want to take advantage of all things that Microsoft affords you.
You have to have identity tightened up and you have to have Intune tightened up.
This is the primary means for management within the environment.
And it’s also from an IT standpoint really helpful for things like, you know, onboarding procedures and like so Intune is a is a very common challenge for folks because they may be used to handling things through SCCM or some other sort of product set and it is truly.
A necessity if we want to take full advantage of what this licensing can give us.
I spoke to this previously, but it’s really easy to have this compete with existing GP OS clients can struggle with proper creation of profiles or how we’re handling conditional access and the like.
So Intune is a very powerful tool.
Set it truly is like an enterprise management solution.
But it is also an area that’s very easy for people to trip up.
Intra which is your identity piece.
The artist formerly known as Azure AD.
As people continue to advance in their ecosystems and become more cloud centric or take more advantage of Microsoft, I always call out a couple different features within intro.
Because a lot of times clients will say well, I need privilege. I didn’t need management and I’m going out and I’m buying a Pam tool, not knowing that they have PIM.
Within their E5.
Also, this is sort of the baseline. These things have to be tightened up if you want to go forward. So the more things change, the more they stay the same.
It really comes down to access controls and ensuring least privilege. A lot of times when we’re starting with clients, we’re really zooming out before we can zoom in and get particularly granular around, hey, what does your overall identity and access management program look like?
Because whether it’s Microsoft or it’s another tool suite.
Making sure that we’re enforcing that at least privilege and ensuring proper confidentiality is going to be paramount.
The good news is within this inter sweep, which will be afforded to with the licensing levels either E3 or E5, there’s a lot of work that can be done here so you don’t have to overhaul.
I wanted to call out some of the road map items. Some of what is expected to become of all these different product sets, because I think it’s helpful to get a lens.
For what tomorrow may bring, as it were, for intra, this is really being.
Championed as the central hub for all things Zero trust network access.
Like I think in the eyes of Microsoft and how they want this to be looked at, it is not simply Active Directory 2.0 it’s a way to.
Advance how we’re handling editing and access management as landscapes continue to change.
So some of the features that are currently existing and that are going to be developed moving forward are things like continuous access evaluation or basically serving as a software defined perimeter for all of your SaaS applications and the interest suite today they want to serve as the.
Primary means for all identity and access.
Whether it’s Microsoft or otherwise.
And as they continue to gain market share and as more and more folks are looking at adopting Microsoft.
They understand the need to have intra be the primary means of access control for things that are outside the suite as well.
So if you have applications living in other cloud infrastructures, intra can still be the means that you’re handling all of that least privileged work.
So the defender suite.
So at one point in time.
All things detection response had their own specific names.
And some point along the way, they were like, that’s too confusing.
We need to consolidate that down. So now it’s just defender for fill in the blank, which quite honestly is also confusing and clients really struggle with that so.
The highlights here from the defender suite, especially within the E5, are going to be defender for endpoint.
Which as it sits today, I would position along with crowd strike and signal one as the three endpoint protection platforms before it drops off and it becomes kind of everyone else. So definitive endpoints of flagship product, it’s a far cry from the defender that we were used to.
Ten years ago, it really is for the best in breed now, and this was a flagship product that as they were developing their security suite, they knew they needed to get right and it has certainly done that.
And some other feature sets. The clients aren’t necessarily as familiar with include things like defender for cloud apps, which is their CASB platform defender for identity, which allows for managing and monitoring of how different folks within your environment are accessing certain applications.
Are they trying to move laterally and allows you to?
Sort of disable accounts or reset passwords and like from those alerts as they’re coming in.
There are also things like defender for cloud, defender for office, defender for threat intelligence, et cetera, et cetera.
And this is the crux of their overall XDR platform.
So making sure that this is set up properly, that you’re getting the right types of alerts and allowing for the proper responses is paramount. If you want to take advantage of this licensing level.
But as far as client swapping out.
Sort of legacy tool sets to make the most out of what their licensing affords them.
The defender suite is one of the primary ways that that can be found because it is so broad reaching and because they have invested so much to this to make it best of breed.
I called out defender for cloud apps because I think from if you look at the overall defender landscape, this is one that clients seem to not be as familiar with, but I think could be very powerful.
So SSPM or SAS security posture management is a big focus into the development of this CASB solution, which is defended for cloud apps.
And the idea is to be able to be notified and remedy when things within your SAS environment are falling out of specs.
So whether that would be things like best practices for one particular type of application or CIS benchmarking, you can be notified of that and then be able to remedy that in real time.
And that’s across the entire landscape that not just with within the Azure environment. And the other thing is again they try to develop this entire suite to serve as more of AA0 trust network architecture that continuous access evaluation so.
The idea is if a user is.
Correctly logging into and accessing SaaS applications, but then say they’re using unsecured public Wi-Fi to start doing that. That access can be revoked in real time and that would be done through defender for cloud apps.
They also continue to have more and more integrations within this as they continue to develop and expand outside of the Azure footprint.
Cindere identity is another area within the defender suite that I think clients take a lot of advantage of once they realize it’s there and some of it is relatively, it’s seemingly in low level.
Things that are available within this product set that actually save a ton of time for clients. So for one thing, service account insights or the ability to look at stale accounts, those things can be identified within defender for identity. So.
You create an account for temporary workers, let’s say, and they’re supposed to have access for three months, and then they leave the environment Active Directory clean up can be a real headache. We know that.
So there are still accounts that are out there.
What defender for identity allows you to do is get a notification when accounts have been stale for a set amount of time and then through a couple clicks of a button remove those accounts for example.
So it’s not like the craziest, most ground breaking thing of all time, but in practice that saves.
Lot of time and headaches for clients.
There’s also a lot of integrations that this has. If you are an Okta shop or a ping shop, etc., you can still take advantage of this and it allows for additional insights for hunting as we’re looking into your environment to determine, hey, how did bad actors get in?
Here what are some of the things they’re doing around lateral movement etcetera to defend it for identity is another key aspect of the defender suite that I think is worth exploring a little bit more. If you’re looking to shore up.
Your environment.
I just spent a little time on Sentinel as well. So with the exception of maybe defender for Endpoint, Sentinel is the flagship product within this XDR suite.
But this is their SIM solution.
Was really in some ways created to be a Splunk killer.
What Sentinel has done a really good job of is because it has been developed over the last handful of years, it doesn’t have to face the challenges of going from a legacy on Prem application to try to become a cloud first application.
This is cloud native and because of all the tie insurance within the XDR suite, signal not only serves to do what legacy Sims did, I’ve always done, which is sort of collect that information and give oversight. But there are all these native tie insurance within that underlying defe Suite. So there are a variety of sets of rules and sort of analytics that can go on as all these disparate tools are being fed into Sentinel.
All the logs from your environment get put into this into Sentinel and it serves as the primary.
Way that analysts begin identifying any threats that are in your environment.
What are the anomalies?
What are things we need to look for?
What are things we need to correct?
Signals done.
It’s an really impressive job over the last few years around R&D. So you know, obviously at Avertium we’re agnostic from a tool set we manage and monitor a variety of different Sims, variety of different endpoints, et cetera.
One of the things that can be said without question is that the development around Sentinel has been far and away more rapid than everything else in the space.
Just the sheer volume of enhancements that come quarterly are more akin to what other folks are doing on a yearly basis. And that really goes back to the need that Microsoft sees to continue to have a security investment. And as folks are looking to go towards a.
More consolidated approach. There has to be means for these log aggregators to extend beyond just simply collection and detection. So.
What signal really allows companies like Avertium to do is become very custom and very bespoke on how we need to handle all these alerts that are within the environment and serves as a great jumping off point into tying into all the other things that the defender suite offers as well.
Review for data loss prevention.
This is a. This is a product set that was better in better as an idea than it was in practice for a while there and over the last I’d say about year and a half, it’s really, really made strides.
And what purview affords you is the ability to protecting govern your sensitive information.
So if you have compliance drivers or you just want to minimize insider risk or you know have a better sense of where the sensitive information lives into your environment.
Purview is the means to do so, and this comes with the E5 suite.
So if you look at the next slide here, again, going back to the development of this for, for purview, there were some challenges, some kind of like wonky things about purview for a while there. Like you weren’t able to label PD FS, for example.
And again over the last about 18 months, this has continued to be an area of focus and growth because of the adoption of artificial intelligence and how much that.
Responsible adoption really comes down to what can be afforded to you through purview. So as they’ve continued to see a need for purview, they responded by.
A lot of development that’s gone into this, so here’s a laundry list of different things that they’ve already added to this platform. And as they continue to promote copilot within the environment.
Purview will be in lock step as well, continuing to get a lot of care and feeding.
So let’s talk copilot for a minute here.
I think we’re all familiar with what copilot is. Ultimately, Microsoft sees copilot as an extension of what you’re already doing to make things easier for you as it pertains to security.
There are really two questions that we hear a lot around this space.
Number one, how can we leverage copilot or artificial intelligence just in general?
How can we leverage copilot to gain an advantage in the marketplace?
And then #2, how do we protect ourselves from?
Artificial intelligence and that protection piece is not necessarily from outside the four walls of their environment.
A lot of it comes down to insider risk and insider threat.
Because what copilot allows folks to do is more easily gain access to information.
Makes your life easier, right?
That’s great, but what it does is effectively eliminates security through obscurity.
So maybe folks didn’t even know they had access to something and they would never try to get access to that.
And now that they’re typing in the request, they’re getting access to things they would never have asked for before.
So we really need to tighten up those access controls in your environment if you’re going to responsibly adopt artificial intelligence.
So on this next slide, here I sort of call out like just in a general overview of the ways that we go about doing that and things that I would encourage everyone on this call to do if they want to adopt copilot.
It really is looking at the totality of the suite that they’ve already made a purchase of?
So looking at things like intra Defender, Sentinel, Intune, teams, exchange SharePoint, I cannot stress SharePoint enough.
SharePoint is usually one of the major sticking points for this over permissions and over access and the like.
Looking at all that and then going through methodically to say, OK, are these tightened up in accordance with what our acceptable level of risk is because all of these things in your environment are now at everyone’s fingertips effectively?
So really taking a methodical look at the overall program health, making sure those things are buttoned up so that when you do adopt this, so that you can gain a competitive advantage, you’re doing so in a responsible fashion.
So we’ve, we’ve covered a little bit of why people are going towards Microsoft.
What Microsoft is doing in the in the space, some features and functionality that most people take advantage of if they go into that E5 space or E3 with step ups or business premium even.
And that is one major driver that we talked about as to why people are sort of making the decisions that they’re making is maximizing that investment.
But the other piece of that is around compliance.
So these are things that people have to do. They have to maintain compliance.
So knowing what we know about the Microsoft space and what’s afforded to us, how can we also tie that into what we need to do from a compliance standpoint? So over the next few slides, I’ll sort of speak to those and then I’ll leave some time at the.
End for some questions here.
So at Avertium we are a cybersecurity and compliance services shop only and we deal with a wide variety of different compliance frameworks.
I’ve called out five here and really combined two of them together and this is not the totality of the compliance frameworks that we work with.
We also do a lot of, you know, ISO work.
Excuse me, we work with FFIEC. Just general nist, et cetera, et cetera.
But for the purposes of this exercise, I just wanted to call out some alignment.
With folks in the health care space, how this pertains to sort of hip and high trust to PCI for anyone taking credit card transactions.
Cmmc for those that have government contracts.
The DoD and then SoC 2, which is usually brought about because of vendor or someone you’re doing contracting with, is saying, hey, you need to do ISOC 2 Type 2.
So starting off with PCI, there’s a handful of requirements here that are specifically asked for that the defender suite or just in general, the E5 licensing can take care of.
So from requirement 3, you’re looking at things like purview and BitLocker and the like.
From requirement 5, that’s your defender for endpoint. For your access to cardholder data, there’s a variety of different mechanisms you can use, but most of those run through intra for role based access controls.
MFA, privileged access, etcetera.
And then we’re leveraging the defender suite in Sentinel for that unauthorized access and threat detection.
You can leverage the vulnerability management capabilities for your vulnerability scanning and then purview and defender and Sentinel in total can handle that requirement 12.
So for high trust and HIPAA sort of combined these down into.
One slide here because as we know, HIPAA isn’t like overly prescriptive on exactly what you have to do.
But in general, the things that are covered within this space are going to be around your access controls, your auditing, your encryption, and your manage detection response, which is largely intra PIM. Sentinel purview, those are the primary players here.
To help folks within the high trust and HIPAA space.
And there’s also some prequel alignment if you want to work towards high trust and how you can leverage that security center to sort of pull a lot of that information together for you.
For cmmc again.
You know, there’s a lot of overlap between these different.
Requirement frameworks because all of them are effectively trying to drive towards secure maturity.
So when it comes to again access controls, accountability, configuration management, those things are some of the ones we already touched over.
Configuration management. Again, Intune is such a huge part of that, both for everything in the Microsoft ecosystem. But then it can also provide a really nice consolidated means.
Just look at your environment as a whole and ensure things like.
Do I want this set of people handling this job role to access the same things?
I want this other set of people in that job role and you can get granular on how you do that.
So that could be which applications you allow them to access or which parts of which applications you want them to access, for example.
For your identification and authentication, again, that’s a lot of the intra and Intune sweep defender and signal handling, IR purview and BitLocker handling media protection. A couple different items within the defender suite for your risk management and then defender and Sentinel for your system and information integrity.
Last but not least, we’ll talk SoC 2, which is the highest level because for those that have been through a SoC two Type 2 before. You know that depending on your CPA firm all the requirements are slightly different and depending on which of the trust principles you.
Leveraging the assign going to be slightly different, but I called out security, confidentiality and availability here as these are the three most common ones that we see.
And again, a lot of intra for your identity and access management, a lot of the defender suite for your detection response and Sentinel.
Which can help ensure that the data is available and that there are any intrusions they can be detected against.
So you know, if you’re looking at your landscape here and you have this Microsoft investment or you’re considering a Microsoft investment and you’re also looking at aligning with a particular framework, whether that’s something that’s brought about by cyber insurance or a regulatory body Or maybe you just want to adopt as a best practice.
There’s a lot of marriage between how we can optimize the investment that you have while also driving towards those compliance goals. And I hope this painted a little bit better picture of what that might look like for your environment.

Thanks for reading!