Using 365 (or whatever Microsoft are calling it this week)? How many of these can you tick off?…:
[…] “CISA continues to see instances where entities are not implementing best security practices in regard to their O365 implementation, resulting in increased vulnerability to adversary attacks.”
The DHS cyber-security agency created its list of security best practices following several engagements with organizations that have migrated to cloud-based collaboration solutions such as Office 365 since October 2018, with some of them being forced to do it to support a fully remote workforce.
To prevent attackers from exploiting weaknesses in their Office 365 security configuration, CISA recommends taking the following measures:
• Enable multi-factor authentication for administrator accounts: this is needed because Microsoft doesn’t enable MFA by default, not even for Azure Active Directory (AD) Global Administrators (the equivalent of Domain Administrator in an on-premises AD environment).
• Assign Administrator roles using Role-based Access Control (RBAC): always switch from Global Administrator to other built-in administrator roles with fewer privileges to provide admins with the absolute minimum permissions for their job.
• Enable Unified Audit Log (UAL): allows admins to hunt for signs of potentially malicious actions or outside established policies.
• Enable multi-factor authentication for all users: helps block attackers from using stolen credentials to take control of user accounts.
• Disable legacy protocol authentication when appropriate: greatly reduce an organization’s attack surface.
• Enable alerts for suspicious activity: makes it possible to get notified of malicious activity as it happens and drastically reduce mitigation time.
• Incorporate Microsoft Secure Score: provides organizations with advice on enhancing their Office 365 security posture.
• Integrate Logs with your existing SIEM tool: helps detect anomalous activity faster and correlate it with any potential Office 365 anomalous activity.
Microsoft’s Office 365 security recommendations
A security roadmap with an extensive list of measures to be taken to protect Microsoft 365 environments is also available from Microsoft, with tasks to be accomplished during the first 30 days, within 90 days, and beyond.