As an Office 365 admin, the effort to harden enterprise security is key to remaining employed. Recently, United States Cybersecurity and Infrastructure Agency (CISA) combed through Microsoft’s Office 365 documentation to pull out some best practices.
Not a week goes by that we do not hear about some company experiencing a data breach. These usually involve customer data containing a lot of personally identifiable information (PII) and they can be very costly for companies due to laws such as the General Data Protection Regulation (GDPR). For an Office 365 admin, making sure the organization’s user accounts and settings across the entire tenant are optimized is a top priority.
There are a lot of resources available to an Office 365 admin to help with this process but recently the U.S. Cybersecurity and Infrastructure Agency (CISA) shared some potential configuration vulnerabilities for organizations to be aware of.
As explained by CISA, these configuration issues usually occur when a third party service provider helps an organization with their migration to Office 365 from other services.
“The organizations that used a third party have had a mix of configurations that lowered their overall security posture. In addition, the majority of these organizations did not have a dedicated IT security team to focus on their security in the cloud. These security oversights have led to user and mailbox compromises and vulnerabilities.”
CISA shared four examples of these potential configuration concerns that could happen after a third-party migration to Office 365 and result in a lower security profile for organizations:
- Multi-factor authentication for administrator accounts not enabled by default
- Mailbox auditing disabled
- Password sync enabled
- Authentication unsupported by legacy protocols
Of course, CISA’s recommendations mirror those issues listed above and each come with a direct link to the Microsoft Office 365 guidance and information in that area:
- Use multi-factor authentication
- Enable unified audit logging in the Security and Compliance Center
- Enable mailbox auditing for every user
- Ensure Azure AD password sync is planned for and configured before migrating users
- Disable legacy email protocols or limit their use to specific users who need that access
Ultimately, every Office 365 admin should be moving their organization users to a modern experience on both desktop and mobile devices. That means removing the use of dated functionality like POP3, IMAP, and SMTP should be a top priority as suggested by CISA.
At the Microsoft Docs website for Office 365, there is an Office 365 security roadmap that can further assist any Office 365 admin to maximize the mix of subscription-related security features for their users. In combination with a modern desktop such as Windows 10, you should be able to easily increase your security posture.