O365 Security Consideration @Crisp Note

Cybersecurity and Infrastructure Security Agency (CISA) has conducted several engagements with customers who have migrated to cloud-based collaboration solutions like O365. In recent weeks, organizations have been forced to change their collaboration methods to support a full “work from home” workforce.

O365 provides cloud-based email capabilities, as well as chat and video capabilities using Microsoft Teams. While the abrupt shift to work-from-home may necessitate rapid deployment of cloud collaboration services, such as O365, hasty deployment can lead to oversights in security configurations and undermine a sound O365-specific security strategy.

CISA continues to see instances where entities are not implementing best security practices in regard to their O365 implementation, resulting in increased vulnerability to adversary attacks.

Recommendations

  • Enable multi-factor authentication for administrator accounts
  • Assign Administrator roles using Role-based Access Control (RBAC)
  • Enable unified Audit log (UAL)
  • Enable multi-factor authentication for all users
  • Disable legacy protocol authentication when appropriate:
  • Enable alert for suspicious activity
  • Incorporate Microsoft secure score
  • Incorporate logs with SIEM solution to get a broader view on infrastructure

Follow a basic hygiene. Close the look holes as much as possible. Be secure , have a broader eye on security devices.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s