May 10, 2018

New to Microsoft Office 365: Attack Simulator, Data Privacy, and DSR updates

By Michael Panciroli

At the RSA Conference in San Francisco last month, we announced several new services and capabilities to Office 365 that can help partners to expand their security and compliance practice and their revenue potential. You can read about all of the announcements from RSA on our Microsoft 365 for Partners blog.

This post focuses on two of those security and compliance announcements for Microsoft Office 365: Attack Simulator, and the new Data Privacy tab and Data Subject Request (DSR) experience.

Office 365 Attack Simulator

Identity-based attacks are up 300% this year. This is because identity is the key to securing a customer’s digital estate of assets. Attackers understand that, and so they are focused heavily on stealing and cracking passwords. You can help your customers by assessing their vulnerability and train their users by launching simulated attacks with Office 365 Attack Simulator, which reached general availability last month. You can launch a spear-phishing, brute force, or password spray attack, with more simulations being added in the coming months. To learn more about how Attack Simulator works and what each of the attack simulations do, check out our Security, Privacy, and Compliance blog.

The general availability release comes with an editor and two templates which you can select from. The templates are a great starting point, but the key is to make the phishing emails look realistic and credible for your clients. The more you adopt a style that is meaningful to your recipients, the more successful your attack will be. You can modify the templates we offer by selecting one of them and then using the “source” tab in the email view to modify it. Of course, you can also craft your own with any HTML tool, such as Visual Studio Code. You just want to make sure you include the ${username} and ${loginserverurl} in the email body, which will insert the target’s name and the URL you want users to click.

You can easily try this out or prepare a demo for your clients through a tenant from your Microsoft Demos partner benefit. Simply create a tenant-joined virtual machine (VM), which becomes the persona to target the attack and show the experience in the VM’s rich email client. Remember that you must first enable multifactor authentication (MFA) for the admin that you use to launch the attack.

It’s a good idea to pick a high-profile persona for the campaign, such as the CEO. For an even more compelling demo, you could show off other capabilities of Threat Intelligence by visiting the dashboard and investigating those listed in the “top targeted users” card. If your tenant doesn’t have any users listed, you can send them sample malware test files ahead of time. Once you’ve launched your attack and demonstrated the client experience, you can show the campaign results. You can show the total number of users targeted and detail what each recipient did, including when they clicked on the link and how long it took to phish their credentials. Outside of the phishing campaign, Office 365 Attack Simulator offers a similar campaign setup wizard for password spray and for brute force attacks. Office 365 Attack Simulator doesn’t currently provide common password suggestions to use, but you can find lists of them on GitHub and other sites.

Partners should consider incorporating Office 365 Attack Simulator as part of a security assessment, along with Secure Score, which can help your clients be proactive about finding problems on their terms before someone else does. You can use the information you learn to educate users on how to avoid the pitfalls of real attacks.

Office 365 Data Privacy tab and Data Subject Requests

On the compliance side, we introduced new capabilities to support GDPR with the Office 365 Data Privacy tab and case support for Data Subject Requests (DSRs). In the Security and Compliance Center, you’ll find the new Data Privacy tab (currently in preview). Under the tab, you’ll find the GDPR dashboard. There you can also find the GDPR toolbox, which brings together Office 365 tools to help discover, govern, protect, and monitor the personal data in your organization.

Compliance Manager is a great resource in the GDPR toolbox that enables you to conduct real-time risk assessment for compliance performance against data protection regulatory requirements when using Microsoft Cloud services. When I demo the GDPR Assessment in Compliance Manager to partners, I like to point out the “Rights of individuals” section of the customer controls—specifically, the customer actions associated with Article (15)(3). This article details customer responsibility for responding to requests for copies of personal data undergoing processing, or DSRs. When partners read the customer actions for themselves, they quickly realize that customers will need help planning and implementing Office 365 capabilities of discovering, labeling, and classifying data in the organization for governance—as well as creating policies to enforce retention rules based on that classification. In addition to performing data classification, there are process/workflow-related steps to meet the organization’s obligations.

The new Office 365 data privacy experience offers a tab solely dedicated to the fulfillment of a DSR. We provide tools to create a case for a DSR, to search and refine relevant data across Office 365 apps and services, and to export the data. These tools make it easier for you to pinpoint relevant Office 365 data in a way that’s both effective and efficient. DSR uses the same technology as our eDiscovery content search capabilities. A notable feature is the ability to refine the search results by compliance tags, which map to any labels you may have set up. For example, if you have applied personal data labels—either auto-applied using a sensitive information type or manually—just click the “Add conditions” button, include compliance tags in your search, and enter your label name to find the relevant content.

Join our partner community call

Register to join our US OCP Community call, “Attack Simulator and GDPR Dashboard in Office 365,” on Friday, May 11 at 10 a.m. PDT. I’ll be joined by Microsoft security and compliance experts, who will demonstrate Attack Simulator’s new capabilities, as well as the new GDPR Dashboard and how to respond to a data subject request in Office 365. Sign up for the call and bring your questions!

Modern Workplace Technical Community

Other posts you may like