5 Critical Actions for Securing Microsoft Office 365

Security experts including Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA) are warning organizations who have migrated their email services to Office 365 to check their configuration and apply five critical configuration changes to reduce potential security risks such as identity theft or other digital fraud.

ID Integrated Data SA strongly encourages organizations to implement a secure cloud strategy to protect their infrastructure assets through defending against attacks related to their O365 transition, and securing their O365 service. Specifically, CISA and Microsoft recommends that IT administrators implement the following mitigations and best practices to secure your Microsoft hosted data including Exchange Online, Sharepoint Online, Teams, and OneDrive.

Admin accounts are particularly exposed to internet access because they are based in the cloud. If not immediately secured, these cloud-based accounts could allow an attacker to maintain persistence as a customer migrates users to Office 365.The basics of Multifactor Authentication are included in Office 365 (free) but advanced features are added with Azure Active Directory Premium.

 

The unified audit log contains events from Exchange Online, SharePoint Online, OneDrive, Azure AD, Microsoft Teams, PowerBI, and other O365 services. An administrator must enable the unified audit log in the Security and Compliance Center before queries can be run. Once you've turned on auditing you can configure Threat Detection settings and emails to receive security alerts. Threat Detection detects anomalous activities indicating potential security threats to the database. This enables you to detect and respond to potential threats as they occur.

Office 365 mailbox auditing logs actions that mailbox owners, delegates, and administrators perform.  This information can be critical in preventing and investigating breaches to email security.

Azure AD Connect integrates on-premises environments with Azure AD when customers migrate to O365. When the Azure AD is configured with the “Password Sync” option, the password from on-premises overwrites the password in Azure AD. In this particular situation, if the on-premises AD identity is compromised, then an attacker could move laterally to the cloud when the sync occurs.  When correctly configured, admin accounts cannot be hijacked to compromise all cloud data.

5. Disable legacy email protocols, if not required, or limit their use to specific users.
There are a number of protocols associated with Exchange Online authentication that do not support modern authentication methods with MFA features, hence they are less secure. These protocols include Post Office Protocol (POP3), Internet Message Access Protocol (IMAP), and Simple Mail Transport Protocol (SMTP). Whenever possible, disable these legacy protocols which do not support modern authentication. Taking this step will greatly reduce the attack surface for organizations

 

Do you need help securing your O365 data ? Let our team of IT infrastructure and data protection experts help you take immediate steps to secure your Microsoft Office 365 cloud data. We have long-time expertise and apply best practices to keep you and your organization's data secure. Contact us today !