Microsoft Advanced Security for CMMC: Part 2

    In part 2 of this blog, we're going to Identify the workloads within the Microsoft 365 E5 license as well as explain what each workload is capable of for security and compliance.

    3 Minutes Read

    As part of their overall security and compliance strategy, aerospace and defense contractors supporting the Department of Defense (DoD) who are leveraging the Microsoft 365 E3 need to consider moving from the Microsoft 365 E3 to an E5 license. In part 2 of this blog, we're going to: 

    • Identify the workloads within the Microsoft 365 E5
    • Explain what each workload is capable of
    • Equip your organization with the knowledge to build a better security and compliance posture overall.

    Workloads covered in this blog:

    • Microsoft Defender for Cloud Apps
    • Microsoft Defender for Endpoint (DFE)
    • Microsoft Privileged Identity Management (PIM)
    • Azure AD Identity Protection
    • Azure Information Protection Auto-labeling
    • Customer Lockbox

    If you haven't already, check out Part 1 of this two-part blog before reading any further.

    FINAL Graphics- Microsoft 365 E3 to E5 Uplift_Microsoft 365 E5 (1)

    As a short recap, let's go over a few of the benefits when performing the E5 Uplift. It allows contractors to:

    • Address Shadow IT scenarios.  
    • Automatically protect their most sensitive data through automation.  
    • Automate investigation and remediation of attacks to endpoints 
    • Integrate and automate threat and vulnerability management with other Microsoft solutions. 
    • Detect vulnerabilities in user identities and proactively prevent compromised identities from being abused. 
    • Actively monitor user activity across managed/unmanaged applications and apply machine learning to identify matching conditions to take appropriate actions via alerting. 
    • Assume complete control and protection over cloud apps.  

    Now, let's get specific with what each workload is capable of and how you can leverage them.

    Microsoft Defender for Cloud Apps 

    Microsoft Defender for Cloud Apps is a Cloud Access Security Broker (CASB) that provides visibility, data flow control, and analytics to identify and mitigate threats across all Microsoft and third-party cloud services. Utilizing this product allows organizations to: 

    • Increase cloud platform visibility. 
    • Protect sensitive data residing across all cloud applications. 
    • Centralize user access to cloud platforms. 
    • Generate data for user and entity behavior analysis. 
    • Mitigate malware found. 
    • Evaluate compliance standing of all cloud platforms.   

    Microsoft Defender for Endpoint (Plan 2)

    Microsoft Defender for Endpoint Plan 2 (part of the M365 E5) is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. Microsoft Defender for Endpoint Plan 2 uses the combination of technology built into Windows 10/11 and Microsoft's robust cloud service to provide: 

    • Comprehensive safeguarding for endpoints through enhanced malware detection and protection. 
    • Frequent updates via Microsoft to protect against newly emerging threats in the digital landscape. 
    • Scalability for organizations of any size. 
    • Seamless integration of Data Loss Prevention (DLP), Microsoft Defender for Cloud Apps, and Microsoft Intune for the ease of deployment, enhanced threat insight, and heightened security posture. 
    • Automated investigation and response (AIR).  
    • Threat and vulnerability management (TVM) through customizable automation.  

    Microsoft Privileged Identity Management (PIM) 

    Microsoft Privileged Identity Management (PIM) provides organizations with the capabilities to limit time and access capabilities for privileged accounts. Controlling access allows the organization to limit privileged access to an authorized time frame (e.g., 2 days, 2 weeks, 2 months) instead of permanent role assignments seen in normal Azure AD elevated privileged roles. This allows organizations to reduce the risk of permanently privileged accounts becoming compromised and amplifying incidents.  

    With Microsoft Privileged Identity Management, accounts that wish to elevate rights to perform administrative functions must be approved with time-bound constraints attached to the request. Organizations may also incorporate IT Service Management (ITSM) software into the mix to track these changes with service tickets using an automated process.  

    Azure AD Identity Protection  

    Azure AD Identity Protection is  a tool in the Microsoft 365 E5 that allows organizations to accomplish three key tasks:  

    • Automate the detection of identity-based risks 
    • Automate the remediation of identity-based risks 
    • Investigate the risks using aggregated user behavior data.  

    With Azure AD Identity Protection organizations can: 

    • Automate the real-time and offline detection and remediation of risky user sign-on scenarios (impossible travel, location-based constraints, etc.) 
    • Categorize risk into multiple tiers (low, medium, and high) and allow for conditional access based on risk scores calculated at sign-on. 
    • Allow end-user self-remediation of identified risky sign-on or blocking accounts for admins to intervene after an attempt. 

    Azure Information Protection Auto-labeling 

    Azure Information Protection and Auto-labeling helps organizations proactively counter potential users’ errors which may lead to unauthorized data access and distribution. When appropriately leveraged, organizations using the Azure Information Protecting Auto-labeling client can: 

    • Automate the labeling of word documents, excel spreadsheets, and power point slide-decks reducing the risk of failed or inappropriate labeling of the data.  
    • Automate the labeling of emails with the integration of Outlook client and configuration changes  

      Important note: the video below was created under CMMC 1.0 standards and some of the old Microsoft nomenclature; however, the content is still relevant to Microsoft products discussed in this blog.


    Customer Lockbox  

    Customer Lockbox ensures that Microsoft cannot access your content to do service operations without your explicit approval. Customer Lockbox brings you into the approval workflow process that Microsoft uses to ensure only authorized requests allow access to your content. Lockbox offers: 

    • Improved security and privacy by restricting Microsoft support access to your data. 
    • Complete access control to data via multiple levels of approval, all requiring explicit customer consent. 
    • Time-bound and limited access authority to Microsoft support with Just-in-time + Just-Enough Access (JIT + JEA). 
    • Auditing and logging capabilities of all activities performed by Microsoft Support. 

    Next Steps

    As you've seen, performing an E5 uplift and looking into the workloads within the E5 benefit organizations looking to leverage the Microsoft platform, and help prepare contractors in the Defense Industrial Base for specific compliance requirements such as CMMC 2.0.

    You can begin your licensing journey by downloading our M365 licensing guide here.


    Important note for your licensing strategy - organizations can now leverage Microsoft 365 GCC High to collaborate with other versions of the cloud. 


    To discuss the Microsoft 365 E5 in greater detail about how your organization can leverage the platform, or to speak with a member of the Summit 7 team about Microsoft licensing, you can take action via: 

    Jason Sproesser