Modern Work Security Components and Scenarios
54
Modern Work Security Components and Scenarios Bencsik László 2020.08.24
-
Upload
khangminh22 -
Category
Documents
-
view
0 -
download
0
Transcript of Modern Work Security Components and Scenarios
Modern Work
Security Components and Scenarios
Bencsik László
2020.08.24
Microsoft has competitive advantage in AI Security
630B monthly
authentications
18B+Bing web
pages scanned1B+
Azure user accounts
Enterprise security
for 90% of
Fortune 500
5B threats
detected on devices every
month
Shared threat data from partners,
researchers, and law enforcement worldwide
Botnet data from Microsoft Digital
Crimes Unit
6.5T threat signals analyzed daily
470B emails
analyzed
200+ global cloud consumer
and commercialservices
OneDrive
Xbox Live
Microsoft
accounts
Bing
Azure
Outlook
Windows
AlertsOther Security Entities*
(context, actions, …)
Common Libraries, Authentication, and Authorization
Graph Security APIFederates Queries, Aggregates Results, Applies Common Schema
Secure Score Other Graph Services
(Azure AD, O365, SharePoint,
Intune …)
IntuneAzure AD
Identity
ProtectionAzure ATP
Cloud
Application
Security
Azure Security
Center
Azure Info
ProtectionOffice 365 ATP
Windows
Defender
ATP
SIEM + log analyt ics Your custom appSecur i ty appl icat ions
Securing Privileged Access
Office 365 Security
Rapid Cyberattacks (Wannacrypt/Petya)
https://aka.ms/MCRA Video Recording StrategiesOffice 365
Dynamics 365
+Monitor
Azure Sentinel – Cloud Native SIEM and SOAR (Preview)
SQL Encryption &
Data Masking
Data Loss Protection
Data Governance
eDiscovery
Microsoft 365 Packaging
Office 365
Commercial USD ERP shown
Indicates sold as standalone
Indicates not sold standalone
Enterprise Mobility &
Security
Office 365 E3$20/u/m
Microsoft 365
E3
$32/u/m
EMS E3$9/u/m
Windows 10 Enterprise E3 per
user(Including VDA
rights)$5/u/m
Microsoft 365
E5
$57/u/m
Office 365 E5$35/u/m
EMS E5$15/u/m
Windows 10 Enterprise E5 per
user(Including VDA
rights)$10/u/m
Windows
Microsoft 365
Business
Premium
$20/u/m
Microsoft 365 Business Standard $12.50/u/m
Exchange Online Archiving $3/u/m
Azure Active Directory Plan 1 $6/u/m
Microsoft Intune $6/u/m
Azure Information Protection Plan 1 $2/u/m
Office 365 ATP $2/u/m
Windows 10 Business
Microsoft 365
F1
$4/u/m
EMS E3$9/u/m
Microsoft 365
F3
$10/u/m
Office 365 F3$4/u/m
EMS E3$9/u/m
Teams (incl. Calendar, Shifts,
Tasks, Walkie Talkie)
SharePoint Kiosk
OneDrive (2GB)
Planner
Stream (consumption only)
Yammer
Windows 10 Enterprise E3 per
user(Including VDA
rights)1
1No Windows 10 Enterprise LTSC. No MDOP. Other than the use of Windows Virtual Desktop, rights to access and use virtualized instances of Windows only apply to Licensed Users of a shared device with a Qualifying Operating System
What is Microsoft 365 Business Premium?A comprehensive security solution that is integrated with Office 365 and Microsoft 365
All the capabilities of Microsoft 365 Business Standard, plus
advanced cybersecurity, data protection, and device management
Defend against
cyberthreats
Protect
business dataSecure
your devices
+ +
Simple and Flexible paths from Microsoft 365 E3 to E5Customers can add Microsoft 365 E5 value to Microsoft 365 E3 across one or more solution area—or step-up to E5
and get all the value with extra savings.
Commercial USD ERP shown
Compliance Calling & Meetings AnalyticsSecurity
Microsoft 365 E5 Security
$12/u/m add-on to
Microsoft 365 E3
Power Bi Pro
$10/u/m
Microsoft 365 E5$25/u/m Step-up from Microsoft 365 E3
Microsoft 365 E3$32/u/m
M365 365 E5 Compliance
$10/u/m
M365 E5 Information Protection &
Governance $7/u/m
M365 E5 Insider Risk Management $6/u/m
M365 E5 eDiscovery & Audit $6/u/m
Audio Conferencing
$4/u/m
Phone System
$8/u/m
Microsoft 365 E5 Compliance Offers
Microsoft 365 E5 Compliance $10/u/m
Commercial USD ERP shown. See Speaker Notes for EDU pricing.
M365 E5 Info Protection & Governance
$7/u/m
Information Protection and Governance:
• Records Management
• Machine Learning-based automatic
classification and retention2
• Rules-based automatic classification and
retention
Microsoft Cloud App Security (MCAS)
Communication DLP (+Teams chat)
Customer Key
Advanced Message Encryption
Pre-req: M365 E3/A3 or Office 365 E3 + EMS E31
Microsoft Confidential: Internal and Partner Use Only
Pre-req: Any M365 plan or [any Office 365
plan3]] + Azure Info Protection Plan 1/EMS4]
M365 E5 Insider Risk Management
$6/u/m
Insider Risk Management5
Communication Compliance5
Information Barriers
Customer Lockbox
Privileged Access Management
Pre-req: Any M365 or Office 365 plan3
M365 E5 eDiscovery and Audit
$6/u/m
Advanced Audit5
Advanced eDiscovery (2.0)
Pre-req: Any M365 or Office 365 plan3
1 Maintains consistency with requirements for adding M365 A5 Compliance and protects suite discount which assumes underlying investment in A3. 2 Exact General Availability (GA) date for new value TBD3 Includes standalone Exchange, SharePoint, or OneDrive plans. Maintains consistency with requirements for adding O365 Adv Compliance and provides a path to adding A5 Compliance value for wide variety of users4 AIP P1 (included in EMS K/F3/E3/A3) required because M365 A5 Information Protection and Governance builds on AIP P1 value and O365 value.5 New value now Generally Available
Layers of protection
Microsoft 365 E5 Security packagingMicrosoft 365 E5 Security
$12/u/m
Microsoft 365 E5
$57/u/m
Office 365 E5
$15/u/m
EMS E5
$6/u/m
Windows E5
$10/u/m
Office 365 ATP Plan 2• Safe Attachments• Safe Links• Anti-phishing• Threat Trackers• Auto response• Attach Simulator
⚫ ⚫ ⚫
Microsoft Defender ATP• Endpoint behavioral sensors• Cloud security analytics• Threat intelligence
⚫ ⚫ ⚫
Azure Active Directory Plan 2• Self-service password reset• Conditional Access• Identity Protection• Identity Governance
⚫ ⚫ ⚫
Azure ATP ⚫ ⚫ ⚫
Microsoft Cloud App Security ⚫ ⚫ ⚫
Commercial USD ERP shown.
Identity Governance
First steps to increase the security
1. Set up multi-factor authentication
2. Train your users
3. Use dedicated admin accounts
4. Raise the level of protection against malware
in mail
5. Protect against ransomware
6. Stop auto-forwarding for email
7. Use Office Message Encryption
8. Protect your email from phishing, malware,
and malicious links
https://docs.microsoft.com/en-us/office365/admin/security-and-
compliance/secure-your-business-data
Enable MFA w/Baseline Policies
To set up Conditional Access Baseline Policies:1. In the Microsoft Admin Center, choose Azure Active Directory in
the left-hand navigation under Admin Centers. This will open the Azure Active Directory admin center in a new tab
2. In the Azure Active Directory admin center, click Azure Active Directory in the left-hand navigation
3. Click Security near the top of the left menu in the Azure Active Directory blade.
4. Click Conditional Access under the Protect heading near the top of the left menu.
5. Select Baseline policy: Require MFA for admins (Preview)
6. Under Enable Policy select the radio button next to Use policy immediately and then click Save
7. Select Baseline policy: Block legacy authentication (Preview)
8. Set Enable Policy to On and then click Save
To learn more, see Baseline policy: Require MFA for admins & Baseline policy: Block legacy authentication
Enable MFA for users with Conditional Access
To set up MFA for a subset of users:1. In the Microsoft Admin Center, choose Azure Active Directory in
the left-hand navigation under Admin Centers. This will open the Azure Active Directory admin center in a new tab
2. In the Azure Active Directory admin center, click Azure Active Directory -> Security -> Conditional Access in the left-hand navigation
3. Click +New Policy and name the policy Require MFA for Marketing Users
4. Assignments | Users and Groups: Include the Marketing group, exclude your admin account
5. Assignments | Cloud apps or actions: Office 365 Exchange Online and Office 365 SharePoint Online, and Microsoft Teams
6. Access Controls | Grant | Require multi-factor authentication: Checked
To learn more, see Quickstart: Require MFA for specific apps with Azure Active Directory Conditional Access
”My employees are pretty good at not clicking on anything that looks weird. There is a culture of not clicking on anything where there's doubt.”
—Jonas R. IT manager at 70 employee manufacturing firm in
Los Angeles
Train users
Phishing:
Watch for signs of phishing attacks. If you receive an email that looks even slightly suspicious, do the following:
• Hover over the link and look for the name of the actual website the link is sending you to
• Search for the legitimate website instead of clicking a link
Spoofing:
A message from someone you know that looks a bit unusual could mean the sender's email account was compromised. Contact the sender and ask if it was legitimate.
Passwords:
Use strong passwords; or better yet, a password manager.
Don’t reuse passwords or share accounts with coworkers.
Use dedicated admin accounts
The problem:
Admin accounts include elevated privileges and are valuable targets for hackers and cyber criminals.
The solution:
Admins use separate account for regular use and only use their administrative account when necessary
Tips:
• Admin only accounts do not require a license in Microsoft 365 Business Premium
• Configure all admin accounts for MFA
• Before using admin accounts, close all unrelated browser sessions and apps, including personal email accounts.
• After completing admin tasks, log out of the browser session.
• Go to https://protection.office.com and sign in with your admin account credentials
• In the Office 365 Security & Compliance Center, in the left navigation pane, under Threat management, choose Policy > Anti-Malware
• Double-click the default policy to edit this company-wide policy
• Click Settings
• Under Common Attachment Types Filter, select On. The file types that are blocked are listed in the window directly below this control. You can add or delete file types later, if needed
• Click Save
Raise the level of protection against malware in mail by blocking risky file types
Warn users before opening attachments with macros, by creating a mail transport rule:
• In the Microsoft 365 admin center, click Admin centers > Exchange
• In the mail flow category, click rules
• Click +, and then click Create a new rule
• Click More options at the bottom of the dialog box to see the full set of options
• Apply the settings in the following table for each rule. Leave the rest of the settings at the default, unless you want to change these
Protect against ransomware
Name Anti-ransomware rule: warn users
Apply this rule if . . . Any attachment . . . file extension matches . . .
Specify words or phrases Add these file types:
dotm, docm, xlsm, sltm, xla, xlam, xll, pptm, potm, ppam, ppsm, sldm
Do the following . . . Notify the recipient with a message
Provide message text Do not open these type of files from people you do not know because
they might contain macros with malicious code.
• Click Save
Restore files using OneDrive ransomware recovery:
• Go to the user’s Onedrive For Business
• If you're signed in with a work or school account, select Settings > Restore your OneDrive.
• On the Restore page, select a date from the dropdown list, such as Yesterday, or you can select Custom date and time. If you're restoring your files after automatic ransomware detection, a suggested restore date will be filled in for you
• If you're selecting a custom date and time, select the earliest activity that you want to undo. When you select an activity, all other activities that occurred after that are selected automatically.
• When you’re ready to restore your OneDrive, click Restore to undo all the activities you selected.
Protect against ransomware
Stop auto-forwarding for email, by creating a mail transport rule:
• In the Microsoft 365 admin center, click Admin centers > Exchange
• In the mail flow category, click rules
• Click +, and then click Create a new rule
• Click More options at the bottom of the dialog box to see the full set of options
• Apply the settings in the following table for each rule. Leave the rest of the settings at the default, unless you want to change these
Name Prevent auto forwarding of email to external domains
Apply this rule if . . . The sender . . . is external/internal . . . Inside the organization
Add condition The message properties . . . include the message type . . . Auto-
forward
Do the following . . . Block the message . . . reject the message and include an explanation
Provide message text Auto-forwarding email outside this organization is prevented for
security reasons
• Click Save
Stop auto-forwarding for email
Enable ATP Safe Links
To enable ATP Safe Links1. In the Security & Compliance Center, choose Threat management >
Policy > ATP Safe Links
2. Double-click the Default policy
3. In the Use safe links in section, select the option Office 365 ProPlus, Office for iOS and Android, and then click Save
4. In the Policies that apply to specific recipients section, click the plus sign (+)
5. Specify the following settings:
• In the Name box, type a name, such as Safe Links
• In the Select the action section, choose On
• Select these options:
• Use safe attachments to scan downloadable content
• Apply safe links to email messages sent within the organization
• Do not let users click through safe links to original URL
• In the Applied to section, choose The recipient domain is. Then, select your domain, choose Add, and then click OK
6. Click Save
To learn more, see Set up Office 365 ATP Safe Links policies.
To enable ATP Safe Attachments1. In the Security & Compliance Center, choose Threat management >
Policy > ATP safe attachments
2. Select the option Turn on ATP for SharePoint, OneDrive, and Microsoft Teams
3. In the Protect email attachments section, click the plus sign (+)
4. Specify the following settings:
• In the Name box, type Block malware
• In the response section, choose Block
• In the Redirect attachment section, select the option Enable redirect, and then specify the email address for your organization's security administrator or operator who will review detected files
• In the Applied to section, choose The recipient domain is. Then, select your domain, choose Add, and then click OK
5. Click Save
6. (Recommended additional step) As a global administrator or a SharePoint Online administrator run the Set-SPOTenant cmdlet with the DisallowInfectedFileDownload parameter set to true for your Office 365 environment. (This prevents people from opening, moving, copying, or sharing files that are detected as malicious)
To learn more, see Set up Office 365 ATP Safe Attachments policies and Turn on Office 365 ATP for SharePoint, OneDrive, and Microsoft Teams.
Enable ATP Safe Attachments
To enable ATP anti-phishing1. In the Security & Compliance Center, choose Threat management > Policy >
ATP anti-phishing
2. Click Default policy
3. In the Impersonation section, click Edit, and then specify the following settings:
a) On the Add users to protect tab, turn protection on. Then add users, such as your organization's board members, your CEO, CFO, and other senior leaders. (You can type an individual email address, or click to display a list)
b) On the Add domains to protect tab, turn on Automatically include the domains I own. If you have custom domains, add those as well
c) On the Actions tab, select Move message to the recipients' Junk Email folders for both impersonated user and impersonated domain, and turn on safety tips
d) On the Mailbox intelligence tab, make sure mailbox intelligence is turned on
e) On the Review your settings tab, after you have reviewed your settings, click Save
4. In the Spoof section, click Edit, and then specify the following settings:
a) On the Spoofing filter settings tab, make sure anti-spoofing protection is turned on
b) On the Actions tab, choose Move message to the recipients' Junk Email folders
c) On the Review your settings tab, after you have reviewed your settings, click Save. (If you didn't make any changes, click Cancel)
5. Close the default policy settings page
To learn more about your anti-phishing policy options, see Set up Office 365 ATP anti-phishing and anti-phishing policies.
Enable ATP Anti-phishing
First steps to increase the security
1. Set up multi-factor authentication
2. Train your users
3. Use dedicated admin accounts
4. Raise the level of protection against malware in mail
5. Protect against ransomware
6. Stop auto-forwarding for email
7. Use Office Message Encryption
8. Protect your email from phishing, malware, and malicious links
https://docs.microsoft.com/en-us/office365/admin/security-and-
compliance/secure-your-business-data
Security related promotions, offers
Security workshop
Standalone Defender ATP
Microsoft 365 Surface Offer
Windows 7 ESU offers for E5
Microsoft 365 E5 Offer
Firstline Offer
New name
Partner resources
Practice playbooks
Microsoft 365 for partners
Microsoft Cloud Accelerators for Microsoft 365
Magyar yammer partnercsatorna
Technical resources
Manage security with Microsoft 365
Remote work tech guide
M365 demos and labs
Microsoft 365 security documentation
Important sites
How secure are you?
Do you have a Single Sign-On
(SSO) identity framework?
Yes, an Active Directory or Azure Cloud ID
Yes, we have single sign-on from another system in place
No, we do not use a centralized identity system or have
single-sign on deployed
Quiz
Pro Tip:
Explore Azure cloud offerings to get
your business set up with proper
backup and recovery functions so
you can ensure data and services
are backed up and always available.
Pro Tip:
Explore Azure Active Directory
and Identity Protection to deploy
centralized cloud based identity for
your userbase. If possible use Multi
Factor Authentication (MFA).
Pro Tip:
We can help design an IDS
solution and tune detection
to fit your network and
business needs.
Pro Tip:
You need to define a security policy
based on ISO 27001 to ensure
compliance and alignment to best
practices. We can help you write one
and get compliant!
Pro Tip:
Evaluate Azure
Virtual Network and
Office 365 secure
portal solutions for
secure connectivity
to the cloud.
Which of the following is true about your Disaster
Recovery program?
All critical systems and data are automatically backed up and are tamperproof
Our IT guy regularly conducts business continuity exercise drills
We use a cloud based recovery service like Azure Site Recovery
Yes, we do have an intrusion detection system (IDS)
Yes, our IT guy monitors for cyberattacks daily, somehow
No, we cannot monitor for such activities
Do you have a security policy in place?
Yes, we do have a comprehensive security policy endorsed by
management
Yes, someone wrote a policy for us to follow
No, we do not have a complete security policy
How do you connect your
company to cloud services?
We use VPN and/or SSL to securely access
hybrid cloud services
We connect to the cloud via the Internet
We do not use cloud services at this time
Take this 10-question quiz to find out if you are safe and secure, or if your
organization is at risk to become a cybercrime victim.
1
2
3 Do you monitor for unauthorized intrusion activity?
5
4
Partner Logo Here
Pro Tip:
Define roles and responsibilities
and look for a technology such
as Azure AD, and deploy access
control features to effectively
manage authentication and
authorization to resources.
Pro Tip:
Updating systems on time and taking the practice seriously is
paramount to the security of your environment.
It sounds simple, but in business environments there are a lot of
factors at play that could delay even critical updates. Explore the
adoption of Azure Cloud and PaaS and focus on running your
applications in an always up-to-date environment.
Pro Tip:
Let us help you design a
comprehensive data and
information protection solution.
Azure and Office 365 can help
provide technology for both!
Pro Tip:
Identify a vulnerability management service that has
cloud and internal offerings to be deployed in your
network. Consult with us to set up and tune the
scanner and train your IT pro to handle vulnerability
reports. It requires management commitment to
remediate discovered issues.
Pro Tip:
Obtain a comprehensive solution for all
systems. Patch your systems and apps
regularly to ensure propagation of malware
using old bugs will not go far. Be aware of
zero-day potential risks by following our
bug reports and awareness campaigns.
Protect your organization from unnecessary security risks.
Most organizations don’t take action on cybersecurity until it’s too late, but a security breach could cost millions, drive away
customers, disrupt your business, and become a PR nightmare. If your answers to this simple security quiz have raised concerns
about your cybersecurity, contact us to learn how Microsoft 365 can help protect you against today’s evolving security threats.
Introducing Microsoft 365
We do have a comprehensive data protection program
in place with rule detection logic
Word of mouth, someone reported it
We cannot track or monitor for data leaks
How long does it take to deploy
critical security updates to software?
It takes us 5-30 days and we strive to patch quickly
We need 30+ days because it is a lot of work
We have to patch? Don’t systems patch themselves!?
We have access control defined based on roles and
responsibilities in AD groups
Everyone asks everyone for access to everything
We don’t have any real means to reliably restrict access to
services and data beyond authentication
Do you perform vulnerability assessments on
your environment?
We have a vulnerability management program and assessment
technology in place
We let our IT admin run some scans at times or wait for others to expose
ourgaps
We do not have a vulnerability scanner or process
Are you prepared to deal with ransomware attacks
and demands?
We patch our systems regularly, remediate any potential risks quickly and have
regular backups
We have purchased enough Bitcoins to pay for ransoms, so we’re not worried
if it happens
We are not prepared to handle malware and ransomware attacks at this point
6 How do you monitor for data leaks?
7
9
10
8 How do you limit access to resources?
Partner Logo Here
Modern WorkplaceÉrtékesítés
Bencsik László2020.08.24
Evolving partner business model
-18% +10% + +14%
Advisory& adoption
Deployment Business solutions
Managed services
Forrester 2019 Microsoft 365 Partner TEI study commissioned by Microsoft, year over year
Teamwork Security
Microsoft 365Opportunities for Partner Growth Advisory
& adoption
Business solutions
Managed services
Microsoft Teamsis the hub for teamwork in Microsoft 365
Enterprise-grade security and compliance
Calls
Chats Meetings
Office
Microsoft 365 Business Premium is stronger with security
OfficeShared Computer Activation Conditional Access
Azure Multi Factor Authentication
Self Service Password Writeback
Intune
Windows Virtual Desktop
Office Data Loss Prevention
Azure Information Protection P1
Exchange Online Archiving
Defend against
cyberthreats
Protect
business dataManage
your devices
+ +
Office Advanced Threat Protection
Microsoft Defender
Customers need technology to them meet their goals
Understand the need
Map the need to the solution
Show the solution to the customer
Implement the solution
Provide value
New PCs
bought adhoc
PCs refreshedwhen dead
Employeesusing personalmobile devices
IT purchasing
decisions
made “on the spot”
Some common problemsfor customers
Tech is “good
enough” but
not great
Security is important
but things
evolve rapidly
Hardware can
be costly
Things rarely
talk to each
other
Understand the need
Map the need to the solution
Show the solution to the customer
Implement the solution
Provide value
What needs and scenarios resonate with your customer?Need Scenario
Increase revenue through improving customer experience Communicate with customers for online meetings with groups
Manage your customers effectively by keeping everything in one place
Store and share files with customers to engage them in proposals
Become more efficient and reduce cost Collaborate effectively documents to simplify the co-creation process
Manage projects, tasks, and deadlines to meet business objectives.
Automate repetitive tasks to save time
Ensure security and compliance Guard against external threats, including ransomware and phishing
Protect sensitive business and personal information to reduce risk
Help achieve compliance with industry and geographical standards
Ensure that the team stays connected and in sync Communicate with Firstline workers to connect them to the organization
Ensure employees stay productive whether remote or on the go, on any device
Understand the need
Map the need to the solution
Show the solution to the customer
Implement the solution
Provide value
Map need to solutionNeed Solution
Increase revenue through improving customer experience Teams with customer guest access enabled
Files stored in channels with appropriate guest access for customer collaboration
Teams meetings for professional meetings
Become more efficient and reduce cost All files in Teams and OneDrive to ensure effective internal document collab
Planner integration into Teams to track projects and ensure completion
PowerApps and Flow to automate common tasks and integrate into Teams
Ensure security and compliance Microsoft Defender AV and Office 365 ATP to protect against cyber threats
Azure Information Protection to protect internal information
DLP, Exchange Online Archiving, AIP to improve compliance posture
Ensure that the team stays connected and in sync Teams implemented for FLW, including use of Shifts to manage scheduling
Teams video meetings implemented to allow effective remote participation
Understand the need
Map the need to the solution
Show the solution to the customer
Implement the solution
Provide value
Productivity Library
How Microsoft 365 improves productivity in your specific industry: Microsoft Productivity Library
What is it?
• Your one place for digital experiences for customers
• Split into demos and customer immersion experiences
• Product scenarios across Teams and Security
What you need to know
• Option to create new tenants
• Some demo scenarios have demo scripts
• Demo PPT walk throughs for select scenarios
Customer Digital Experiences
Understand the need
Map the need to the solution
Show the solution to the customer
Implement the solution
Provide value
Showing the product best practicesDemo the product using the Customer Digital Experiences (CDX)
Encourage Play
Learning best occurs when a
customer feels comfortable and
interested in what they’re doing
Follow Interest
Preserve your agenda but be
prepared to follow customer
interest
Whiteboard
Have a story and use the
whiteboard to share with the
key points with your customer
Ask Questions, Listen
Ask open ended and obvious
questions. Get your audience
interacting and leading
Replace Slides
Substitute slides with a demo of
the product to show how the
solution could work
Cold Read
Understand your audience
through body language,
disposition and tone
Encourage Interaction
Sales insights are a product of
listening to peers discuss
friction in the status quo
Parking Lot
I don’t know is a good answer for
licensing and technical questions.
Don’t let the air go dead
Understand the need
Map the need to the solution
Show the solution to the customer
Implement the solution
Provide value
Give them confidence with a deployment plan
Microsoft 365 Launchpad Secure Deployment Planning
What is it?
• Digitized deployment plan
• Set by step guide on implementing solution
What you need to know
• Covers basic deployment guidance (client, policies, devices)
• Deep dive into Security planning
• Deep dive into Windows 10 deployment
• Output in CSV or PDF
Available at aka.ms/partnerlaunchpad
Understand the need
Map the need to the solution
Show the solution to the customer
Implement the solution
Provide value
Adoption is the most forgotten step Understand the need
Map the need to the solution
Show the solution to the customer
Implement the solution
Provide value
New name Old name
For consumers
Microsoft 365 Family Office 365 Home
Microsoft 365 Personal Office 365 Personal
For small and medium
businesses
Microsoft 365 Business Basic Office 365 Business Essentials
Microsoft 365 Business Standard Office 365 Business Premium
Microsoft 365 Business Premium Microsoft 365 Business
Microsoft 365 Apps
for businessOffice 365 Business
Microsoft 365 Apps
for enterpriseOffice 365 ProPlus
Microsoft Modern Workplace Rebranding
Microsoft 365 Packaging
Office 365
Commercial USD ERP shown
Indicates sold as standalone
Indicates not sold standalone
Enterprise Mobility &
Security
Office 365 E3$20/u/m
Microsoft 365
E3
$32/u/m
EMS E3$9/u/m
Windows 10 Enterprise E3 per
user(Including VDA
rights)$5/u/m
Microsoft 365
E5
$57/u/m
Office 365 E5$35/u/m
EMS E5$15/u/m
Windows 10 Enterprise E5 per
user(Including VDA
rights)$10/u/m
Windows
Microsoft 365
Business
Premium
$20/u/m
Microsoft 365 Business Standard $12.50/u/m
Exchange Online Archiving $3/u/m
Azure Active Directory Plan 1 $6/u/m
Microsoft Intune $6/u/m
Azure Information Protection Plan 1 $2/u/m
Office 365 ATP $2/u/m
Windows 10 Business
Microsoft 365
F1
$4/u/m
EMS E3$9/u/m
Microsoft 365
F3
$10/u/m
Office 365 F3$4/u/m
EMS E3$9/u/m
Teams (incl. Calendar, Shifts,
Tasks, Walkie Talkie)
SharePoint Kiosk
OneDrive (2GB)
Planner
Stream (consumption only)
Yammer
Windows 10 Enterprise E3 per
user(Including VDA
rights)1
1No Windows 10 Enterprise LTSC. No MDOP. Other than the use of Windows Virtual Desktop, rights to access and use virtualized instances of Windows only apply to Licensed Users of a shared device with a Qualifying Operating System
Microsoft 365 Business Plan ComparisonMicrosoft
365 Apps
for
business1
$8.25/u/m
Microsoft
365
Business
Basic1
$5/u/m
Microsoft
365
Business
Standard1
$12.5/u/m
Microsoft
365
Business
Premium1
$20/u/m
Microsoft 365 Apps
Install Word, Excel, PowerPoint, Outlook, OneNote, Access2, and Publisher2 and on up to 5 PCs/Macs
+ 5 tablets + 5 smartphones per user⚫ ⚫ ⚫
Commercial use rights for Office mobile apps and Office for the web ⚫ ⚫ ⚫ ⚫
Email & Calendar Exchange Plan 1 (50 GB mailbox) ⚫ ⚫ ⚫
Social & Intranet SharePoint, Yammer ⚫ ⚫ ⚫
Meetings, Calling &
Collaboration
Microsoft Teams⚫ ⚫ ⚫
Files & ContentOneDrive (1 TB) ⚫ ⚫ ⚫ ⚫
Microsoft Stream, Sway for Microsoft 365, Microsoft Forms3⚫
4⚫ ⚫ ⚫
Task ManagementPlanner, To-Do ⚫ ⚫ ⚫
Bookings ⚫ ⚫
Power Platform Power Apps for Microsoft 3655, Power Automate for Microsoft 3655⚫ ⚫ ⚫
Device & App
Management
Mobile Device Management for Microsoft 3656⚫ ⚫ ⚫ ⚫
Microsoft 365 Admin Center, Microsoft Intune, Windows AutoPilot, Fine Tuned User Experience ⚫
Security and
Identity
Windows Hello, Credential Guard and Direct Access7, Azure Active Directory Plan 1, Microsoft
Advanced Threat Analytics, Defender Antivirus and Device Guard6, Azure Information Protection
Plan 1, Windows Information Protection, BitLocker⚫
Multi-factor authentication ⚫
Compliance Content Search, manual sensitivity and retention labels ⚫
Analytics Insights by MyAnalytics (Outlook plug-in) ⚫ ⚫ ⚫
See Speaker Notes for footnotes. Commercial USD ERP shown.
Microsoft 365 Commercial Plan ComparisonM365 Apps for
enterprise1
$12/u/m
M365 F1
$4/u/m
M365 F3
$10/u/m
M365 E32
$32/u/m
M365 E52
$57/u/m
Operating System Windows 10 Enterprise upgrade ⚫ ⚫ ⚫
Microsoft 365 AppsInstall Word, Excel, PowerPoint, OneNote, Outlook, Access3, and Publisher3 on up to 5 PCs/Macs + 5 tablets + 5 smartphones per user ⚫ ⚫ ⚫
Commercial use rights for Office mobile apps and Office for the web ⚫ Read-only ⚫4
⚫ ⚫
Email & CalendarExchange email ⚫
5⚫ ⚫
Exchange calendar ⚫ ⚫ ⚫ ⚫
Social & Intranet SharePoint, Yammer ⚫6
⚫6
⚫ ⚫
Meetings, Voice &
Collaboration
Teams ⚫7
⚫7
⚫ ⚫
Phone System, Audio Conferencing ⚫
Files & ContentOneDrive 1 TB 2 GB 2 GB 5+ TB8 5+ TB8
Microsoft Stream, Sway for Microsoft 365 ⚫9
⚫9
⚫ ⚫
Business Apps
Microsoft Forms10, To-Do ⚫ ⚫ ⚫
Planner ⚫ ⚫ ⚫ ⚫
Bookings15⚫ ⚫
Power Platform Power Apps for Microsoft 36511, Power Automate for Microsoft 36511⚫ ⚫ ⚫
Device & App
Management
Microsoft 365 Admin Center, Windows AutoPilot, Fine Tuned User Experience, Windows Analytics Device Health ⚫ ⚫ ⚫
Microsoft Intune ⚫ ⚫ ⚫ ⚫
Mobile Device Management for Microsoft 36512⚫ ⚫ ⚫ ⚫ ⚫
Security
Windows Hello, Credential Guard and Direct Access13, BitLocker, Defender Antivirus and Device Guard13⚫ ⚫ ⚫
Azure Active Directory Plan 1, Microsoft Advanced Threat Analytics, Azure Information Protection Plan 1 ⚫ ⚫ ⚫ ⚫
Azure Active Directory Plan 2, Microsoft Defender Advanced Threat Protection (ATP), Office 365 ATP Plan 2, Azure ATP ⚫
Cloud App Security ⚫
Compliance
eDiscovery Content Search ⚫ ⚫ ⚫ ⚫
Manual sensitivity and retention labels ⚫14
⚫ ⚫
Office 365 Data Loss Prevention (DLP) for email and files, eDiscovery Export, eDiscovery Hold, Litigation Hold, In-Place Hold, basic Audit, Email archiving ⚫ ⚫
Automatic classification and retention, Customer Key, Advanced Message Encryption, Insider Risk Management, Communication Compliance, Information
Barriers, Customer Lockbox, Privileged Access Management, Advanced Audit, Advanced eDiscovery⚫
Analytics
Insights by MyAnalytics (Outlook plug-in) ⚫ ⚫
MyAnalytics (dashboard, digests, inline suggestions) ⚫
Power BI Pro ⚫See Speaker Notes for footnotes. Commercial USD ERP shown.
Office 365 Commercial Plan Comparison
M365 Apps for
enterprise1
$11/u/p
O365 F3
$4/u/m
O365 E1
$7/u/m
O365 E3
$20/u/m
O365 E5
$35/u/m
Microsoft 365 Apps
Install Word, Excel, PowerPoint, OneNote, Outlook, Access2, and Publisher2 on up to 5 PCs/Macs + 5 tablets +
5 smartphones per user⚫ ⚫ ⚫
Commercial use rights for Office mobile apps and Office for the web ⚫ ⚫3
⚫ ⚫ ⚫
Email & Calendar Exchange ⚫4
⚫ ⚫ ⚫
Social & IntranetSharePoint, Yammer ⚫
5⚫ ⚫ ⚫
Bookings11⚫ ⚫
Meetings, Voice &
Collaboration
Teams ⚫ ⚫ ⚫ ⚫
Phone System, Audio Conferencing ⚫
Files & Content
OneDrive 1 TB 2 GB 5+ TB6 5+ TB6 5+ TB6
Microsoft Stream, Sway for Microsoft 365, Microsoft Forms7⚫
8⚫ ⚫ ⚫
Mobile Device Management for Microsoft 3659⚫ ⚫ ⚫ ⚫ ⚫
Office 365 Cloud App Security ⚫
Compliance
eDiscovery Search, manual sensitivity and retention labels ⚫ ⚫ ⚫ ⚫
Office 365 Data Loss Prevention (DLP) for email and files, eDiscovery Export, eDiscovery Hold, Litigation Hold,
In-Place Hold, basic Audit, Email archiving⚫ ⚫
Automatic classification and retention10, Customer Key, Advanced Message Encryption, Communication
Compliance, Information Barriers, Customer Lockbox, Privileged Access Management, Advanced Audit,
Advanced eDiscovery
⚫
Analytics
Insights by MyAnalytics (Outlook plug-in) ⚫ ⚫ ⚫
MyAnalytics (dashboard, digests, inline suggestions) ⚫
Power BI Pro ⚫
See Speaker Notes for footnotes. Web Direct/Base Price shown.
Firstline Worker Plan Comparison
1Windows 10 E3 per user includes cloud management and virtualization2Cannot be administrators. No site mailbox. No personal site. 1TB shared storage.3Commercial use of mobile apps limited to devices with integrated screens 10.1” diagonally or less4Does not include Forms Pro capabilities. F1 users can complete/respond to forms/surveys as this does not require a Forms license. 5Does not include Outlook desktop integration or voicemail. M365 F1 includes Exchange K service plan to enable Teams calendar only with no email rights. 6Includes 2000 API requests/day. Additional capacity available by purchasing the Power App and Power Automate additional capacity add-on. 7Includes consumption only, no publish/share
Microsoft 365 F1
$4/u/m(New as of 4/1/20)
Microsoft 365 F3
$10/u/m(Renamed from M365
F1 as of 4/1/20)
Office 365 F3
$4/u/m(Renamed from O365
F1 as of 4/1/20)
EMS
Microsoft Intune ⚫ ⚫
Azure Active Directory P1 ⚫ ⚫
SMS Sign In and Shared Device Sign Out ⚫ ⚫
Advanced Threat Analytics, Advanced Information Protection P1 ⚫ ⚫
WindowsWindows 10 E31
⚫
Windows Virtual Desktop Rights ⚫
Office 365
Microsoft Teams ⚫ ⚫ ⚫
Includes Calendar, Shifts, Tasks, and Walkie Talkie ⚫ ⚫ ⚫
Yammer, SharePoint2⚫ ⚫ ⚫
Office for the web and Office Mobile apps3 Read-only ⚫ ⚫
Forms (create/share/manage)4⚫ ⚫
OneDrive storage 2 GB 2 GB 2 GB
Exchange email5 2 GB 2 GB
Planner ⚫ ⚫ ⚫
Power Automate for Microsoft 3656⚫ ⚫
Power Apps for Microsoft 3656⚫ ⚫
Stream7⚫ ⚫ ⚫
Microsoft Product Terms:
2.1.3 Microsoft 365 F1/F3
2.1.3.1 License Eligibility for Firstline
Worker Licenses
Microsoft 365 and Office 365 Firstline
Worker licenses may only be assigned to
users who satisfy one or more of the
following conditions:
• Uses a primary device with a single
screen smaller than 10.1”
• Shares their primary work device with
other licensed Microsoft or Office 365
Firstline Worker licensed users, during
or across shifts.
o Other licensed Microsoft
Firstline Worker users must also
use the device as their primary
work device.
o Any software or services
accessed from the shared device
requires the device or users to
be assigned a user license that
includes use of those software or
services.
Qualifying Microsoft 365 and Office 365
Firstline Worker licenses include Microsoft
365 F1, Microsoft 365 F3, and/or Office 365
F3.
Customers who had Microsoft 365 F1/F3
licensed users prior to June 1, 2020
(Impacted Customers) may license
additional users with the same or
equivalent service, under the Microsoft 365
F1 License Eligibility terms in the
November 1, 2019 Product Terms, until the
end of the Impacted Customer’s
subsequent subscription renewal term.
Detailed Comparison of Office Client Commercial OfferingsOffice Standard
2019
Office Professional
Plus 2019 Office for Mac 2019
Microsoft 365 Apps
for business9
Microsoft 365 Apps
for enterprise10
Applications Word ● ● ● ● ●Excel ● ● ● ● ●
PowerPoint ● ● ● ● ●OneNote ● ● ● ● ●Outlook ● ● ● ● ●
Publisher ● ● ● ●Access ● ● ●
Skype for Business 2019 ●
Premium Value Volume Activation ● ● ●Group Policy1 ● ● ●
Shared Computer Activation ●App Telemetry ● ● ● ●
Update Controls ● ● ● ●Apply Personal Retention Policies2 ● ● ●5
Access Site Mailboxes2 ● ● ●5
Access In-Place Archive Folder2,3 ● ● ● ●5
Spreadsheet Compare & Inquire ● ●5
Business Intelligence ● ●5
Create IRM2 ● ● ●Data Loss Prevention2 ● ●5
Cloud Value Groups ● ●
Office Deployment Tool ● ●Roaming Documents & Settings ● ●
1 TB OneDrive for business ● ●
Licensing Licensing Model Per Device Per Device Per Device Per User Per User
License Type Perpetual5 Perpetual5 Perpetual5 Subscription Subscription
PC/Mac Installs7 1 1 1 5 5
iOS/Android Smartphone Installs7 N/A N/A N/A 5 5
Tablet Installs7 N/A N/A N/A 5 5
Office RT Commercial Rights ● ● ● ● ●Office for the web ●7 ●7 ●7 ● ●
See speaker notes section for footnotes
New name
Offers
Partner Incentives
Microsoft 365 Partner Accelerators
Online Services Usage incentives
Resources
Microsoft 365 for partners
Microsoft 365 learning paths
Remote Work Resource Center
M365 Sales Tools
https://www.microsoft.com/microsoft-365/partners/resources
Magyar yammer partnercsatorna
Important sites
