Microsoft 365 Security Quick Checklist
In the aftermath of Australia’s two largest cybersecurity attacks recently, Optus and Medibank, companies around Australia are looking for immediate solutions to protect them from ransomware and evasive social engineering attacks.
Given the reliance on Microsoft 365 and various Microsoft products for cloud compute and collaboration – it is essential for Australian organisations to ensure that appropriate security features are enabled and tailored to an organisation’s unique infrastructure environments. Microsoft’s default security settings are often not enough, nor do they protect from well engineered ransomware, social, phishing or malware attacks that come from endpoints.
Microsoft Office 365 is popular because of its mobility and collaboration features. Thankfully, Office 365 offers built-in capabilities and customer controls that can help meet enterprise security standards for a fraction of the cost of third-party security platforms. However, these are only effective if configured correctly, patched and designed around your unique work infrastructure environment.
With our expertise in designing and implementing secure Microsoft solutions, we thought we’d share a quick checklist of 10 critical security administration areas to improve with your team.
- Build an identity fortress through enabling Multi-Factor Authentication (MFA), Role-Based Access Control and Conditional Access:
Use Microsoft identity management features to build a cyber resilient organisation through best-of-class identity management. Firstly, enabling MFA in your environment helps protect against username and password theft, particularly for mission critical applications. With this feature enabled, users will receive a text message or in-app authorisation request to prove their identity. This is particularly useful for remote workers who frequently travel interstate or work across public wifi networks.
Secondly, role-based access control (Azure RBAC and M365 RBAC) is a system that provides fine-grained access management of platform resources and data. Using RBAC, you can segregate duties within your team and grant only the amount of access to users that they need to perform their jobs thus controlling the likelihood of malicious actors entering into these zones.
Finally, Microsoft’s Azure AD Conditional Access features allow for real-time signals such as user context, device, location, and session risk information to determine when to allow, block, or limit access for users. You can also use this to assess the health and security configuration of registered devices to ensure only healthy and trusted devices can access your corporate resources.
- Track compliance data through Purview for content search and manage data loss prevention:
You can use the Content search eDiscovery tool in the Microsoft Purview compliance portal to search for in-place content such as email, documents, and instant messaging conversations in your organisation. This is particularly useful if your organisation requires customer data, or various regulatory data, to be stored in one place and not leaked across the environment.
- Set up Alerts
In the Microsoft Security and Compliance Centre, you can track new activities, perceived threats and monitor user’s actions on the platform and set up notifications for abnormal behaviour. Be careful to set alerts and notifications sparingly as to avoid ‘alert-fatigue’.
- Enable Microsoft Defender for Security Reports
Perfect for monthly reporting and on-going monitoring, security reports inside Microsoft Defender can track data loss, data loss prevention measures, malware detection, spam detection and identity breaches. These are very useful to present at monthly Executive meetings to provide context of the organisations security posture.
- Manage application access on company and personal devices with Microsoft Intune
Microsoft Intune is a cloud-based endpoint management solution. It manages user access and simplifies device management across many corporate devices, including mobile devices, desktop computers, and virtual endpoints. This ensures that any corporate application used on the network can be managed or users can be booted off if they do not meet usage policies regardless of the device ownership.
- Track what users used which documents
Need to find if a user viewed a specific document or deleted an item from their mailbox? If so, you can use the audit log search tool in Microsoft Purview compliance portal to search the unified audit log to view user and administrator activity in your organisation to spot malicious activity from either internal or external threat actors.
- Spot multiple instances of malicious activity across the network
Microsoft Advanced Threat Analytics (ATA) detects multiple suspicious activities including when attackers gather information on how the environment is built, what the different assets are, and which entities exist in order to plan their attack. ATA also analyses lateral movement to create visibility of the attack spread inside the network and also picks up what other entry points or credentials an attacker might use to try in an intricate ransomware attack similar to what Optus and Medibank have recently seen.
- Set up controls for document sharing across Sharepoint, OneDrive and Teams
Sharing confidential information both inside and outside of the network needs to be managed, especially in remote working scenarios or whereby third party contractors and vendors are engaged. These sharing measures can easily be configured inside the M365 suite and cover across all collaboration features. It is important, however, to set sharing configurations in a flexible way that does not impact business operations or create unnecessary “approval request” workloads for system administrators.
Want to know more?
Microsoft 365 and Microsoft Azure are the most used platforms across cloud and workplace collaboration. Unbeknownst to a number of organisations, their Microsoft licence also includes a range of best-of-breed security tooling that can prevent these styles of attacks.
Cloud Solutions Group (CSG) is a leading Microsoft Azure and Microsoft 365 consulting partner and works with Australian organisations to configure and reinforce their security posture at a portion of the price of traditional point solution security models. CSG’s expertise in the Microsoft cloud, workplace collaboration and security tooling allows customers to upgrade their outdated and traditional point security solutions to one consolidated platform across identity, email, remote devices, data and apps for a quarter of the cost of point solution pricing.
- How to prevent against similar ransomware attacks that were experienced by Optus and Medibank using your Microsoft suite;
- How to leverage Microsoft Defender for M365 to prevent from phishing attacks;
- How to secure work data on personal and remote devices using Microsoft Intune;
- How the CSG team builds in secure access and identity management across all work applications with Azure AD;
- How to prevent Data Loss Prevention through Azure Information Protection;
- How to protect chat and meeting data through Microsoft Teams;
- Retrieve and protect lost or stolen passwords through advanced multi-factor authentication;
- Provide a single-pane visibility of the security status entire platform on a 24/7/365 basis;
- How security compliance regulations have changed and can impact your organisation financially if not met; and
- How CSG can work with you to do this for a fraction of the cost of traditional point solutions.
Cloud Solutions Group is a specialist Microsoft services partner with over 20 years experience in designing, implementing and integrating Microsoft solutions across cloud, infrastructure, security and application environments. Our security expertise in Microsoft helps our customers to optimise their entire Microsoft licensing models while enabling a platform approach to security that provides end-to-end protection from any type of known attack, including ransomware, malware, DDOS and social engineering.
In exchange for your time in meeting with us to discuss your Security needs, we will offer you and your loved ones either two Gold Class tickets or a Family Theatre Pass for Village Cinemas. Learn more here or register below.
Register to meet with us below and claim your cinema tickets: