As the threat landscape continues to evolve, and industries transition from remote to hybrid work, security continues to be one of the top challenges of our digital age. Today, anything less than comprehensive security is no security at all. 

 

Bringing together Dicker Data expertise with Microsoft resources, explore these guides to help you ensure your Microsoft cloud deployments are secure, cost-efficient, and set your SMB customers up for ongoing success!

Watch our fireside chat hosted by Darren Bennett
CSP Security Best Practices:
Where do your responsibilities to your customers start and end?
How do you safeguard your own business and reputation?
What is Microsoft doing to support you?
Watch The Video

The Partner's Role:

The Shared Responsibility Model (see graph) is a security & compliance framework that outlines the responsibilities of partners, cloud providers, and customers in cloud deployments. This model covers every aspect of the cloud environment, including hardware, infrastructure, endpoints, data, configurations, settings, operating system (OS), network controls and access rights.


Workload responsibilities vary depending on whether the workload is hosted on Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), or in an on-premises datacenter.

 



Table Graph

 

Read more about​ Shared Responsibility

 

Access Step by Step Guides: 

 

 



Security
Home Page

Learn More


Cost Management
Home Page

Learn More


Monitoring & Alerts
Home Page

Learn More

Useful Resources:

  • For Partners:
  • Share with Customers:
events-ascend

OnDemand Partner Enablement from Dicker Data

Re-watch or explore popular training sessions run by Dicker Data on various aspects of the Microsoft Security stack. Don't miss our most popular sessions the 'Microsoft Security Labs' which through a technical lens examine Zero Trust, Intune, Defender, and more. 

Register now
Calendar-Images-PA

Microsoft & Essential 8:

While no single mitigation strategy is guaranteed to prevent cyber security incidents, organisations are recommended to implement eight essential mitigation strategies as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems.

Read More
Calendar-Images-PB

Security Best Practices for Microsoft Partners

Today, anything less than comprehensive security is no security at all. In this guide, Microsoft delivers ongoing guidance and resources to help you adopt stronger protective measures.

Download Now
Calendar-Images-PC

Microsoft Australia's Security Hub

Partner skilling, customer use cases, blogs, and more; here you'll find a repository of Microsoft Australia's most useful pieces focusing on cybersecurity. 

Learn More
Calendar-Images-PD

OnDemand Microsoft Security Training

On Microsoft's Cloud Skills training catalogue you can find a series of shorter, OnDemand webinars and training sessions that zero in on key security elements e.g. IoT, Risk Management, Zero Trust, Microsoft Purview Explained, and more!

Watch a Session
Calendar-Images-CA

Small Business Cyber Security Guide

Microsoft partnered with the Australian Cyber Security Centre to develop this Small Business Cloud Security Guide. Keep it simple with steps to keep SMBs safe! 

Access Here
Calendar-Images-CB

Ebook: How a Consolidated Security Stack can Reduce Risk & Cost

As businesses pivot around post-COVID security strategies, it's a good time to revisit ways to streamline and strengthen security environments. Rather than cobbling together individual point solutions, consider a more integrated approach that providers comprehensive protection and enhanced capabilities.

Read the eBook
Calendar-Images-CC

One Pager: Protecting Data on Personal Devices

Through a Microsoft 365 Business Premium lens, this short brochure explores risks associated with Bring your own Device strategies and how businesses can mitigate them.

Download Here
Calendar-Images-CD

One Pager: Sensitive Data

In today's collaborative, work-from-anywhere world, files containing your company's sensitive information often leave the four walls of your office. Through a Microsoft 365 Business Premium lens, this short brochure discusses risks and strategies to control sensitive data. 

Download Here
Calendar-Images-CE

One Pager: Ransomware

Ransomware twists the power of encryption against you. Encryption should protect your data and files, but ransomware uses it to take files hostage. In this short brochure, you'll find example scenarios and 3 key ways Microsoft 365 Business Premium can protect from Ransomware. 

Download Here
Calendar-Images-CF

One Pager: Phishing

Phishing is a form of fraud in which an attacker masquerades as a reputable person or company. Phishing attacks are popular with cybercriminals because it is easier to trick someone into clicking a malicious link than to break through a computer's defences. In this short brochure, you'll learn about Phishing basics and how Microsoft 365 Business Premium can detect and protect SMBs.

Download Here

 

Frequently Asked Questions

Who is responsible for the security of my customers’ workloads in the cloud?

Microsoft follows a shared responsibility model where you would be responsible for some aspects of security along with Microsoft and the customer. Responsibility varies by the type of workload i.e., IAAS, PAAS, and SAAS, you can find an infographic demonstrating the breakdown here.

What Microsoft Security Controls should I implement for my customer as a minimum?

The security solution you choose to implement for your customer should reflect the customer's unique needs and any compliance requirements however, at the very least we recommend turning on Multifactor Authentication (MFA) for all the users and following the Zero Trust guidelines. Here is the reference for you to get started. 

What license do I need to implement Multifactor Authentication (MFA)?

MFA is considered a security default by Microsoft. Security defaults are free for every customer in Azure Active Directory Premium P1 & P2, and relevant M365 licenses.

What is Zero Trust Architecture?

In the past, as an organisation, you may have focused your defences on protecting network access with on-premises firewalls and VPNs, assuming that everything inside the network was safe. Today, as data footprints have expanded to sit off-premises in the Cloud, or across hybrid networks, the Zero Trust security model has evolved to address a more holistic set of attack vectors. Read more here.

How can I get help and 1:1 advice on a specific security requirement my customer has?

Contact the Microsoft team at Dicker Data here. We have a team of experts across product, sales, and technical support who are available to walk through specific queries.

Where is my customer’s data located in Azure?

Microsoft Azure has many global regions. You can search the available geographies, here.

Are the security recommendations on this page applicable to small environments?

Regardless of the size of the environment, we recommended following Microsoft's best practices for your customers.

How should I limit access to Azure subscriptions?

This can be achieved by using RBAC and following the principle of least privilege. For more information on the type of roles available please explore here.

How can I check if there are any malicious sign-in attempts to my Microsoft Services?

Azure AD provides a sign-in activity report that can be utilized to check any malicious login attempts to the service. These logs can be further analysed by ingesting the data in log analytics/Microsoft Sentinel.

I want to follow Microsoft security recommendations for various workloads in Azure. Where do I start?

Various compliance standards such as CIS, and ISO2700 provide detailed instructions around security best practices. Microsoft Azure security benchmark can be used as a reference to implement various security controls for Azure. You can read more here.

Looking for further clarification?

Our Microsoft Cloud Specialists will be in touch shortly.