Professional Documents
Culture Documents
MSFT Cloud Architecture Security Commonattacks
MSFT Cloud Architecture Security Commonattacks
MSFT Cloud Architecture Security Commonattacks
Phishing Any employee clicks on a link and Attacker uses stolen credentials to gain Attacker moves laterally, gaining Attacker removes data from the
enters their credentials. environment.
Identity-based attacks
Attacker targets access to the user s mail and files. access to cloud services and
employees by email or resources in the environment.
Exchange Online Protection blocks Multi-factor authentication prevents Cloud App Security detects and alerts
other unsafe links or
malicious hyperlinks in a message. password-only access to cloud services, Azure AD conditional access rules can on anomalous activity, such as download
websites.
including Exchange Online mailboxes and protect all SaaS apps in your activity, and can suspend user accounts.
Office 365 Advanced Threat Protection OneDrive for Business files. environment. Intune Mobile Application Management
protects against links in mail and files that Azure AD conditional access rules block Cloud App Security detects and alerts rules prevents business data from
Spear-phishing are redirected to unsafe sites. Protection access from unmanaged PCs. on anomalous activity for all SaaS apps leaving approved business apps on
Attacker uses information continues dynamically after mail is in your environment, including activity mobile devices.
delivered. Azure AD Smart Account Lockout
specifically about a user to temporarily locks out accounts with high-risk originating from new and infrequent Windows Information Protection (WIP)
construct a more plausible Windows Defender SmartScreen checks login activity. locations, suspicious locations, new and protects business content on devices
phishing attack. sites against a dynamic list of reported untrusted devices, and risky IP addresses. with file level encryption that helps
Risk-based conditional access protect apps
phishing sites and warns users. and critical data in real time using machine Securing Privileged Access Roadmap is prevent accidental data leaks to non-
learning and the Microsoft Intelligent guidance to mitigate lateral traversal and business documents, unauthorized apps,
Weak passwords are systematically Security Graph to block access when risk is credential theft techniques for your on- and unapproved locations.
Brute-force attack identified. detected. premises and hybrid cloud environments. Office 365 Exchange mail flow rules
Attacker tries a large list For on-premises networks, Advanced prevent auto-forwarding of mail to
Azure AD password protections enforce Threat Analytics identifies abnormal external domains.
of possible passwords for minimum requirements for passwords,
a given account or set of activity by using behavioral analytics and Office 365 data loss prevention (DLP)
dynamically ban commonly used passwords, leveraging Machine Learning.
accounts. and force reset of leaked passwords. rules prevent sensitive data from leaving
the environment.
Azure AD Smart Account Lockout
temporarily locks out accounts with high-risk Azure Information Protection and Azure
Other similar attacks: login activity. Rights Management encrypts and
Watering hole attacks, permissions sensitive files. Protection
leaked passwords. For on-premises networks, Advanced Threat travels with the files.
Analytics detects brute-force activity targeted
to the domain. Azure technologies provide encryption
for disks and storage, SQL Encryption,
and Key vault.
Malicious files and viruses are introduced Any employee clicks on a malicious link Attacker moves laterally, gaining
Devices compromise into the environment. or opens a malicious file. access to cloud services and SQL Database dynamic data masking
Device-based attacks
August 2017 © 2017 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at CloudAdopt@microsoft.com.