Cybersecurity and Infrastructure Security Agency (CISA) has conducted several engagements with customers who have migrated to cloud-based collaboration solutions like O365. In recent weeks, organizations have been forced to change their collaboration methods to support a full “work from home” workforce.
O365 provides cloud-based email capabilities, as well as chat and video capabilities using Microsoft Teams. While the abrupt shift to work-from-home may necessitate rapid deployment of cloud collaboration services, such as O365, hasty deployment can lead to oversights in security configurations and undermine a sound O365-specific security strategy.
CISA continues to see instances where entities are not implementing best security practices in regard to their O365 implementation, resulting in increased vulnerability to adversary attacks.
Recommendations
- Enable multi-factor authentication for administrator accounts
- Assign Administrator roles using Role-based Access Control (RBAC)
- Enable unified Audit log (UAL)
- Enable multi-factor authentication for all users
- Disable legacy protocol authentication when appropriate:
- Enable alert for suspicious activity
- Incorporate Microsoft secure score
- Incorporate logs with SIEM solution to get a broader view on infrastructure
Follow a basic hygiene. Close the look holes as much as possible. Be secure , have a broader eye on security devices.