Microsoft Azure is a comprehensive set of cloud services that developers and IT professionals use to build, deploy and manage applications through their global network of data centres.
It's a huge and complex set of resources.
Here's some useful links to help configuring and maintaining the security aspects of Azure services:
Main portal - all hosting controls, security and Azure Active Directory
Securescore - Compares your O365 configuration to recommended baselines and gives a score and recommendations.
Data loss protection (DLP) - protect sensitive information and prevent its inadvertent disclosure (eg. block sending of credit card data, financials.
Threat Intelligence Console - research threats against your organization, respond to malware, phishing, and other attacks.
Advanced Security Management (ASM) portal - login as admin user for each organisation.
eDiscovery - Click "Search and Investigation"->"eDiscovery"->"create a case" ( tech note) - the electronic aspect of identifying, collecting and producing electronically stored information (ESI) in response to a request for production in a law suit or investigation.
Azure Information Protection (AIP) - Classify, label and protect data and files at the time of creation or modification. Apply persistent protection that travels with your data. Enable safe sharing.
Advanced Threat protection - suite of tools known as windows Defender (different to old AV Defender) - controlled folder access - ransomware - allowed apps list, and ms friendly apps. Policy through GP or inTune.
Mobile device management:
Mobile device management (MDM) - set policies for mobile devices connecting to your data. Comes included with standard M365 licences.
inTune - subscription based mobile management platform (better than MDM)
Other useful tools:
Autopilot - a suite of capabilities powered by cloud-based services, designed to simplify deployment and management of new Windows 10 PCs/devices
Smartscreen
Applocker (OS based protection) / Devicelocker (Boot level protection)
Device Guard - Microsoft has moved the bits of Windows that check whether or not drivers and kernel-level code are legit into a (Hyper-v) container that malware (in theory) cannot reach. That means even if (or when) a software nasty manages to get into the Windows operating system, it shouldn't be able to crack this final layer of protection. Optionally it also only allows approved (by being signed) software to run. Enabling Device Guard
Conditional access: define machines/devices which are allowed to access services.
Connect to Azure AD V2 with powershell:
Open Powershell cli as Administrator
First time: Install-Module -Name AzureAD
$UserCredential = Get-Credential
Connect-AzureAD -Credential $UserCredential (with MFA just use Connect-AzureAD by itself)
The Azure commands you can use in this mode are here: https://docs.microsoft.com/en-gb/powershell/module/Azuread/?view=azuread...
Connect to Azure Exchange O365 with powershell:
Open Powershell cli as Administrator
Set-ExecutionPolicy RemoteSigned
$UserCredential = Get-Credential
-type your admin account credentials-
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
You should be good.
Useful Commands:
Get-Mailbox.
Get-MailboxFolderPermission username:\calendar
Set-MailboxFolderPermission
Remove-MailboxFolderPermission