Office 365 needs to be secured.
Out of the box, Office 365 is relatively vanilla and comes with a preset configuration that should be acceptable for some smaller organisations. However, for a number of organisations this will not suffice and additional security configuration needs to be implemented.
Misxon Group run Office 365 Security Assessments to help identify areas that organisations can improve on. After the report has been generated, the Assessment can then be handed over to their own IT staff to implement, or we can be engaged to undertake the security improvements.
Typically Misxon Group will completed about 83 security checks in your cloud environment, mainly relating to Office 365 and Identity. These checks all come with a remediation advisor note, which will help the client improve their security posture.
Sample of Checks.
“Common Attachment Type Filter” is used for blocking suspicious file types
Enable “Common Attachment Type Filter” for all malware policies to block file types which are typically used to deliver malware through email.
Auto-forwarding to external domains should be disallowed or monitored
Customers remote domain policies allow automatic forwarding of emails to external recipients. The email servers for these recipients may not be subject the same governance requirements.
Modern Authentication is enabled for Exchange Online
Customer has enabled the “OAuth2 Client Profile” in Exchange Online. This enables you to use multi-factor authentication and conditional access policies. In addition, Outlook does not store the username and password in the Windows credential manager
Multi-factor authentication for users is enabled
Multi-factor authentication is implemented by either conditional access or enforcement for all users.
MFA Registration Policy configured
If licenses permit, look to configure a MFA Registration policy which will force users to register for MFA within 14 days
Enable Conditional Access policies to automate the response to a user risky sign-in
Automate the remediation activity if a risky sign-in is detected, such as requiring password change, force MFA etc