Review: Microsoft 365 Security for IT Pros (First Edition)

Before I begin my review of Microsoft 365 Security for IT Pros, I will start with the appropriate disclosures:

• One of the co-authors, Michael Van Horenbeeck, has been a friend for many years. We first met in-person back in 2013 in Seattle for the Microsoft MVP Summit, both being new MVPs at the time. We’ve attended many other events together over the years and collaborated on several books as well.
• I paid for my copy of this eBook with my own money. I wasn’t provided with a free copy, nor was I asked to write this review.
• I’m not compensated in any way for this review. Any links to purchase the book are not affiliate links, and I receive no commissions if you buy it.

Okay, with that out of the way, let’s get down to business.

Microsoft 365 Security for IT Pros is a new book that covers the complex and ever-changing topic of security in Microsoft’s cloud services. As an IT professional who manages cloud services, you want to know about this stuff. Security is crucial for businesses that adopt cloud services.

But you can’t just put your apps and data in the cloud and let Microsoft take care of everything security related. It’s a shared responsibility, and you need to play your part. Microsoft gives you the tools. It’s your job to make use of them. To make use of them, you need to learn how.

Modern Security in a Cloud World

Rewind a decade or more, well before the cloud became so dominant in IT, security followed a “fortress” model. There was a strict boundary to differentiate “inside” from “outside” a network.

Security was implemented at the network boundary, using solutions such as firewalls, VPNs, and so on. Aside from antivirus software and perhaps an Intrusion Detection System (IDS), inside the boundary was generally considered safe.

The cloud changes all that. There is no network boundary. Users and devices connect to cloud services from anywhere with an internet connection. We’ve seen that more than ever with the recent need to work from home during the COVID-19 pandemic.

There is no “internal” network that is considered safe. Every network is untrusted. Therefore, a new approach is needed for security. A defense-in-depth model that identifies risks at multiple layers (e.g. identity,

Now, granted that some companies still attempt the fortress model with cloud services. They might limit cloud access to specific corporate networks.

But that approach doesn’t invalidate the need to understand how security in the cloud – in particular, Microsoft 365 – actually works. And more so, how to use the robust security features of Microsoft 365 to mitigate a new world of more advanced threats than what we were dealing with a decade or more ago.

Getting Value from Microsoft 365 Security for IT Pros

Buying any book or training product these days needs its own risk/reward assessment. You’re risking time and money, and in return, you expect to acquire new skills and apply them for the benefit of you and your customers.

A $1000 training course is excellent value if it teaches you skills to deliver multiple $50000 consulting projects to clients. In comparison, a $20 book is poor value if you get nothing of practical use from it.

So, where does Microsoft 365 Security for IT Pros sit on that value spectrum? In my view, it depends on your needs.

First, the introductory chapter sets the table nicely for understanding cloud security. After that, you can either consume the book as written, one chapter at a time. Or, pick and choose from the chapters to solve your most immediate needs.

I went with the latter approach. While I certainly plan to read it all, I am focusing first on the areas that I want to improve for our business. For example, I’m happy with our identity security at the moment. I also have no pressing need to deal with Microsoft Intune. But, a priority issue for me is rolling out Windows Defender ATP. So that is the chapter I first dove into.

Microsoft Defender ATP is a shining example of the modern approach to security. MDATP is a post-breach detection tool. It assumes that your system can eventually be broken into – whether by spear-phishing, vulnerability exploits, or one of many other vectors. MDATP detects suspicious or malicious behaviour on your endpoints (user devices such as laptops and desktops) and alerts you to what is happening. You can investigate manually or configure automated responses (e.g. isolating the machine from the network).

But MDATP is just one layer. Modern security requires a multi-layered approach. So, while you might start with MDATP, you will still need to learn about other risks, the security features that can mitigate those risks, and how they all tie together. For example, MDATP can integrate with Azure ATP (on-premises Active Directory breach detection), Microsoft Intune (for device compliance), and Azure AD Conditional Access (preventing compromised devices from accessing data and applications).

A lot of this stuff sounds very “big scale” enterprise. Using Microsoft’s machine learning and threat intelligence will make a lot of sense in big networks where manual analysis of suspicious activity is simply inadequate. But environments of any size will benefit from this understanding of modern security. There’s no threshold where this level of security becomes valuable. Even if you are a small business, or deal with smaller customers, the risk of targeted cyber-attacks for financial gain is still present.

So, from that perspective, Microsoft 365 Security for IT Pros represents excellent value professionals dealing with customers of any size.

Who Wrote the Book, and What Did They Write About?

Technical content takes a particular type of person to produce. You can be a technical guru, but bad at teaching others. You can be a great teacher, but only have a shallow understanding of the topic you’re teaching.

Ideally, a technical author sits somewhere in the middle of those two extremes. They should have the depth of knowledge, depth of experience, and the ability to clearly communicate those to a reader.

Michael certainly fits that description. And from what I’ve read of the other authors’ chapters so far, they all do. It’s little wonder they are almost all in the Microsoft MVP program, which by its very nature requires that balance of knowledge, experience, and communication skills.

And, given the complex nature of the various Microsoft 365 security technologies, each author has been able to focus on the area that they specialise in.

The full list of chapters is:

• Securing Identities (Azure AD)
• Microsoft Endpoint Manager (Intune)
• Microsoft Defender Advanced Threat Protection (ATP)
• Cloud App Security
• Microsoft Threat Protection
• Microsoft Information Protection

There is some overlap with the well-known Office 365 for IT Pros eBook, particularly the Information Protection chapter which has been shared between the author teams. Also, Exchange Online anti-spam features are not covered in this first edition of the book, with plans by the author team to add that info soon. If you need that information today, you would also need to buy the Office 365 for IT Pros eBook. On the other hand, the Office 365 book doesn’t cover the Microsoft 365 security features. So, the two books make excellent companions for any Office 365 administrator or consultant.

Why Publish as an eBook Only?

I published my first eBook back in 2011. My view at the time was that:

• Traditional publishers should not be the gatekeepers of knowledge
• Large volumes of dense technical information are not as valuable as focused, practical content
• Technical writing requires more agility to handle change than traditional publishing can deliver

That view was reinforced during my time creating training and education content for Office 365. Microsoft released dozens of changes to the service each week that made content out of date overnight.

Maintaining the Practical 365 blog on my own before I sold it was a huge task. Being involved in the earlier editions of Office 365 for IT Pros was similarly challenging. And I still remember the stress of being partway through producing my Pluralsight course about Office 365 Security, only to have multiple new features appear that changed several of the admin portals, making it necessary for me to rewrite and re-record some modules.

Today I firmly believe that eBooks are an ideal format for writing technical books when the material needs to change frequently and rapidly. Source files can be updated, new PDF and EPUB files generated, and the customers notified to download the updates in a matter of hours (although a more predictable monthly release cadence is preferable).

As long as the author team can maintain their commitment to tracking changes through Microsoft’s roadmap, and covering the updates after a suitable period of real-world exposure, then the book will remain a valuable resource.

As I’m writing this, the first edition has been released. Free updates are included for the life of each edition, making now a great time to buy. If the Microsoft 365 Security author team follows the same model as the Office 365 author team, major editions will be released annually with a discounted upgrade offer to existing customers.

It’s a fair model if you ask me (and again, I get no personal benefit from this). The update process is a lot of work, usually in addition to doing their own job and having a personal life. The authors deserve to be supported for their efforts in providing high-quality content to us readers.

To purchase your copy of Microsoft 365 Security for IT Pros, head over to their website.