Microsoft Sentinel Video Meeting Security Guide

In the current digital era, where remote work has become the norm, the security of audio/video conferencing software is paramount. Following up on SecureSky's "Top 10 Audio/Video Conferencing Security Best Practices" article, this blog delves deeper into how Microsoft Sentinel (MS Sentinel), a powerful security information and event management (SIEM) tool, fortifies the security of platforms like Microsoft Teams and Zoom against potential threats.

Microsoft Sentinel's Role in Safeguarding Microsoft Teams

Microsoft Sentinel seamlessly integrates with Azure Active Directory (Azure AD) to monitor activities and authenticate users in Microsoft Teams. This integration is crucial for Teams, which relies on Azure AD for user authentication. With Sentinel's built-in connector, organizations can easily track user identity-related activities, enhancing security measures.

By analyzing audit data from Microsoft 365, Sentinel enables the creation of hunting queries and alerts for identifying suspicious behaviors, including:

• Unauthorized addition/removal of external users
• Assignment of ownership rights to multiple Teams by a single user
• Deletion of multiple Teams by an individual
• Suspicious Azure AD login attempts

These examples underscore Sentinel's capability to provide comprehensive monitoring and alerting on various security risks, limited only by the ingenuity applied to query creation.

Zoom Security Monitoring with MS Sentinel

For organizations utilizing Zoom, MS Sentinel offers a dedicated connector that simplifies the monitoring of Zoom activities for security threats. Following guidelines by Microsoft's Pete Bryan on configuring Sentinel for Zoom, organizations can detect and respond to a range of suspicious activities, such as:

• Disabling of encryption
• Access by external users
• Sharing of suspicious links
• Joining meetings from anomalous time zones
• Unauthorized changes to room systems or meeting settings

This level of monitoring ensures that anomalies and potential security breaches within Zoom meetings are swiftly identified and addressed.

SecureSky's Commitment to Simplified Security Monitoring

At SecureSky, we understand the complexities involved in monitoring and securing cloud environments. Our team of seasoned professionals is dedicated to managing the security of your audio/video conferencing tools, whether you're using Microsoft Teams, Zoom, or any other platform. With our expertise in threat detection and response, we aim to alleviate the burden on your IT staff, ensuring a secure and efficient remote work environment.

For organizations looking to enhance their security posture in the face of evolving cyber threats, MS Sentinel offers a robust solution. Its ability to monitor, detect, and respond to potential security issues across popular conferencing platforms is invaluable. SecureSky is here to assist in deploying and managing these capabilities, ensuring your remote communications are secure and compliant.

Feel free to reach out to us to explore how we can support your security monitoring and alerting needs, helping you navigate the challenges of remote work with confidence.

References:

Configuration of Teams and Zoom:

• https://techcommunity.microsoft.com/t5/azure-sentinel/protecting-your-teams-with-azure-sentinel/ba-p/1265761
• https://techcommunity.microsoft.com/t5/azure-sentinel/monitoring-zoom-with-azure-sentinel/ba-p/1341516

Additional References:

• https://techcommunity.microsoft.com/t5/azure-sentinel/using-kql-functions-to-speed-up-analysis-in-azure-sentinel/ba-p/712381https://docs.microsoft.com/en-us/microsoft-365/compliance/turn-audit-log-search-on-or-off?view=o365-worldwide
• https://docs.microsoft.com/en-us/microsoftteams/security-compliance-overview

Frequently Asked Questions