SECURITY AND COMPLIANCE

From Microsoft 365 Systems Hardening and Government Community Cloud (GCC) High Enclaves, JADEX security implementation experts have completed projects for the Defense Industrial Base (DIB) throughout the United States of America.  We learn from our leadership in what it means to serve our people and help others transform security to continuous improvement.  We help organizations in Zero Trust Security Transformations as well as assist with understanding Compliance across your digital estate.  Compliance can be implemented, managed, reviewed, noted, attached, documented, tested, and verified within Microsoft Compliance Manager.  Understanding your data will always lead to improved compliance, and at JADEX, our expert analysts and engineers are exceptional at helping your organization understand the Zero Trust security pillar of “data” as well as knowing what “compliance” really means from direct experience.

Microsoft Sentinel (SIEM)

Microsoft Sentinel is a cloud-native security information and event manager (SIEM) platform that uses built-in AI to help rapidly analyze large volumes of data across a digital estate. Microsoft Sentinel aggregates data from all sources, including users, applications, servers, and devices running on-premises or in any cloud, allowing your security team to analyze all data streams. It includes built-in connectors for easy onboarding of popular security solutions. With just the click of a few buttons, all your security solutions feed data directly into Microsoft Sentinel.

Application Management

With leveraging Intune/Microsoft Endpoint Manger (MEM), your organization can finally make application management and application security a priority. Please watch the video to understand more about Microsoft Application Management (MAM) with Intune.

Conditional Access

Microsoft Conditional Access is better understood as “If/Then” statements preventing or allowing certain variables. These features are available with Azure AD Premium as well as improve security posture and add additional conditional protections to the Zero Trust security pillar of “Identities.”

Customer Lockbox

Customer Lockbox is used in cases where a Microsoft engineer will need to be granted access to customer data, either in response to a customer-initiated support ticket or an issue identified by Microsoft. Once your organization has approved Microsoft to access this data, they will work with you to provide information and/or resolve whatever issue you may have. JADEX can configure Microsoft Customer Lockbox for your organization to ensure you possess an avenue for this type of direct support when needed.

Device Management

Microsoft Intune/Microsoft Endpoint Manager (MEM) provides an enterprise management solution with device compliance and security admin control through Microsoft Device Management (MDM). With Azure Active Directory and Intune device control and compliance, MDM has never been this thorough and functional for corporate as well as personally owned work devices. JADEX assists organizations with their MDM for many platforms like iOS, iPadOS, Android, Windows, and MacOS.

Microsoft 365 System Hardening

JADEX implements security hardening within multiple administration centers. Our team configures settings for Microsoft Defender, Azure Active Directory, Teams, SharePoint, OneDrive, Exchange, and Advanced Threat Protection. Our systems hardening is perfect for commercial environments of Microsoft 365 and organizations or IT/cybersecurity teams wanting Microsoft 365 expert guidance and implementation. We offer a broad range of systems hardening options for businesses of all sizes.

Microsoft Defender

Microsoft Defender is very different from Windows Defender that comes preinstalled on windows enabled computers. When leveraging proper licensing, Microsoft Defender encompasses numerous security and monitoring areas within Microsoft 365 environments. Spanning from Microsoft Defender for Cloud Apps to Microsoft Defender for Endpoints and all the Microsoft Defenders in between, JADEX has your organization covered. Utilizing these combined resources will progress your organization’s Zero Trust journey by adding the Zero Trust security pillars of identities, endpoints, applications, and infrastructure.

Self Service Password Reset

Self-service password reset (SSPR) gives your organization’s users the ability to change or reset their password, without the need for administrator or help desk engagement. If a user’s account gets locked or they forget their password, they can simply follow prompts to unlock themselves and quickly resume work. This ability reduces the amount of help desk calls and the loss of productivity when a user can't sign-in to their device or an application. JADEX will consult with your organization to customize and implement this solution to enhance and modernize your business.

Sign-in Risk/Risky User Remediation

JADEX utilizes remediation policies with conditional access policies to provide security of identities. Remediation policies allow you to control user access based on enforcing organizational policies, making decisions, and bringing signals together. Certain licensing is required to allow your organization to properly create and implement identity protection policies.

Data Retention and Records Labels

How should you manage your passwords? Do you share passwords? Are you the only one with access to your passwords? Is there a secure organizational procedure in place if password sharing is desired? Are you interested in an organization without passwords? Do you use a password manager or a paper notebook or document on your desktop to store your passwords? JADEX can demonstrate options for your organization to conquer their passwords woes.

Data Sensitivity Labels

This Azure/Microsoft Information Protection features provides the ability to assign custom values to enable the classification and identification of sensitive information types within email messages, OneDrive, and SharePoint files. Microsoft 365 sensitivity labels can be applied automatically or manually.

Data Loss Prevention

With a DLP policy, you can identify, monitor, and automatically protect sensitive items across your organization. Sensitive data types most typically associated with a DLP policy are financial data, credit card numbers, health records, or social security numbers. Microsoft can identify sensitive items by using machine learning algorithms designed to detect content consistent with the parameters of your DLP policy.

Email Disclaimers

JADEX can configure an email disclaimer, legal disclaimer, disclosure statement, signature, or other necessary information to the top or bottom of email messages that enter or leave your organization. The scope of each disclaimer can be customized by conditions such as who is sending the email, who is receiving the email, and if the email is being sent internally or externally of the organization.

Insider Risk Management

JADEX will configure your IRM to allow administrators to manage risks that insider threats present to the organization. With Microsoft 365’s services and third-party indicators, administrators are able to quickly act on risky users’ activity to identify and triage the threat. Microsoft 365 insider risk policies are based on predefined templates that define the risk activities that you want to detect and investigate, such as data thefts or data leaks.

Microsoft Compliance Manager

Compliance Manager allows for regulatory assessment tracking, documentation, updating, noting, testing, verifying, and attaching any information pertaining to specific improvement actions. The best features are that it allows for the ability to remain current on the approximately 250 daily regulatory updates while providing the quick retrieval necessary in strict auditing situations.

Microsoft Teams Communications Compliance

Communication Compliance monitors various locations within Microsoft 365 like Exchange, Teams, and Yammer. These communications may be monitored for such things as inappropriate content, sensitive information, regulatory compliance, conflicts of interest, or created custom policies. JADEX utilizes and implements Microsoft 365 communications compliance to monitor as well as gain insights into recommended actions for the organization.

Information Rights Management

This can be implemented within Microsoft 365 SharePoint document libraries. This protects the IRM enabled SharePoint document libraries containing sensitive files from being misused or distributed without permission once they have been downloaded from the IRM protected library. JADEX recommends setting credential intervals and expiring document access rights after downloading a document from the IRM protected library.

Privileged Identity Management

Azure’s Privileged Identity Management (PIM) provides just-in-time access and just-enough access to privileged roles that users may need for other admin related tasks. Utilizing PIM will help any organization mitigate the risks of excessive, unnecessary, or misused access to critical resources in your organization. JADEX can implement PIM and help your organization limit standing admin access by assigning, activating, approving, and auditing Microsoft 365 roles and assignments based on your needs.

Secure Guest Sharing Environment

There are several elements involved in effectively creating a secure guest sharing environment in Microsoft 365 leveraging Teams, SharePoint, and OneDrive. These include setting up MFA, configuring guest terms of use, timeout policies, and access reviews, creating sensitive information types, restricting guests with unmanaged devices, automatically assigning sensitivity labels, and removing guest access based on sensitivity labels. We will work closely with you to implement these strategically combined practices to successfully meet the security and compliance needs of your organization.

Advanced email protection

Anti-Malware/Phishing/Spam

With the creation of policies and appropriate Microsoft 365 licensing, organizations can leverage Microsoft’s Exchange Online Protection (EOP) to identify malware, phishing attempts, and spam, while notifying appropriate personnel with recommended actions.

Impersonated User Protection

JADEX recommends advanced policies with enabled impersonated user protection for many team members that may be susceptible to phishing attacks. With these additional user protections implemented for your sensitive team, your security team utilize mailbox and spoof intelligence for impersonations.

Email Encryption

Encryption is the process by which information is encoded so that only an authorized recipient can decode and consume the information. Microsoft 365 delivers multiple encryption options to help you meet your business needs for email security.

Govern Email Forwarding

Once compromised, auto-forwarding of emails are common techniques that adversaries deploy to gain insights from targets’ email communications. JADEX engineers can deploy policies within Exchange Online to prevent the auto-forwarding of emails, and ensure critical organizational data is not compromised.

Safe Links and Safe Attachments

Safe Links and Safe Attachments are core components of Microsoft 365 Advanced Threat Protection and Microsoft Defender for Office 365 available with specific Microsoft licensing. JADEX and our clients leverage both Safe Links and Safe Attachments to minimize digital estate threat vulnerabilities after Exchange Online Protection (EOP) scans emails utilizing detonation. These policies will help your organization provide easy and safe opening of email attachments as well as email links.

DMARC AND DKIM Configuration

Domain Keys Identified Mail (DKIM) is an authentication process that can help protect both senders and recipients from forged and phishing emails. Domain-based Message Authentication and Conformance (DMARC) leverages both the Sender Policy Framework (SPF) and DKIM to authenticate mail senders and ensure the destination email systems trust messages sent from your domain. JADEX engineers can configure these processes for your organization as an additional layer of verification and protection for email communication.

Regulatory enclaves

Its Not About Checking Boxes

Microsoft maintains their unique position as the only major business solutions provider capable of adhering to stringent regulatory compliance standards. When fully embraced, the Microsoft 365 ecosystem can provide tools and applications to safeguard your data overshadowing the competition. We assist our clients in understanding what it means to be and remain compliant.

At JADEX, our mantra for compliance is simple: "Compliance is not a light switch, it can't be just switched on and off." Our enclave configurations must be leveraged as a remote extension of your normal business operating environment in order to perpetuate your organization’s compliance.

Government Community Cloud (GCC) with Microsoft 365

Government Community Cloud (GCC) High with Microsoft 365

National Institute of Standards and Technology (NIST) with Microsoft 365

Cybersecurity Maturity Model Certification (CMMC) 2.0 with Microsoft 365

California Consumer Privacy Act (CCPA) with Microsoft 365

General Data Protection Regulation (GDPR) with Microsoft 365

International Organization of Standards (ISO) with Microsoft 365

Frequently asked questions

Security certainly goes hand-in-hand with compliance but having security does not mean you’re compliant.  Security may be seen as cyber and/or physical in nature as well as defined according to your compliance standards.  Compliance depends on many factors, though for most organizations, it is simply the means to conduct business.  Most industries, in the majority of the world, are regulated by governing bodies usually put in place to protect data, humans, animals, and/or the environment from continued harm if left unchecked.

Knowing what security and compliance requirements that your organization must adhere to, is very much dependent on its success.  JADEX always recommends allowing your compliance requirements to define much of your organization’s early policies and procedures.  Most local, state, and federal governments within the United States can offer assistance for organizations to help them understand what regulatory bodies govern them and what standards with which they must comply.

 

There is no specific amount of security that an organization can obtain to become complaint.  JADEX believes that security has now transformed to continuous improvement that is driven by governance.  We recommend minimizing third-party security vendors as most organizations leverage an average of 60 different security solutions, and each one is another potential opportunity for breach.  Obviously, we recommend and depend on Microsoft 365 and its proven security to work towards compliance as a holistic, secure, and trusted solution.

This is the answer everyone wants to know!  The solution will certainly vary amongst contrasting circles, but at JADEX, we recommend a Microsoft 365 based Zero Trust security maturity model designed for the specific needs of your unique organization.  At JADEX, we guide our clients through their compliance journey by utilizing Microsoft 365 Compliance Manager, its assessments, and improvement actions to implement, document, and safeguard your organization.

Our primary recommendation for any organization looking to improve their existing security and compliance posture is to thoroughly assess exactly where they currently stand.  To do this, JADEX offers various security and compliance assessments, which include company-wide questionnaires, key stakeholder interviews, and comprehensive tenant reviews. These combined procedures allow us to not only gain the knowledge to forge a path forward, but also provide us with extremely pertinent, real-time solutions that we can implement for your organization.

As far as an immediate action that you can take today to improve your security and compliance posture, JADEX strongly recommends implementing and enforcing MFA. Statistics show that by activating MFA on user accounts in your organization, you can eliminate 99.9% of attacks on user identities.

“We transform how people work.”

Company Details

Contact

Codes & Certs

Services