Six O365 Security Tips – What to Turn On and Turn Off

Over 1 million companies worldwide, and over 650K in the U.S., use Microsoft 365, which works out to be over 200M daily. While O365’s popularity makes it a benchmark in business, there are cybersecurity concerns that every organization should address. While Microsoft’s Exchange Server breach in early 2021 didn’t affect Cloud accounts, it does highlight that, both, on-prem and SaaS solutions need robust security. Here are six tips to review with your CISO or security partner to ensure you have maximized all available security for O365.

Multi-Factor Authentication (MFA)

Use Multi-Factor Authentication (MFA)

Your administrative accounts are the most vulnerable because they give the highest level of access and power and because these types of accounts are cloud-based. Cybercriminals love these accounts. If they can crack one, they can exploit that administrator’s access and controls.

Most users are familiar with two-factor authentication (2FA). As the name suggests, the user must prove their identity with two points of confirmation – username and password, plus one other like code from text, or some other time-based one-time password (TOTP).

MFA comes into play when the 2FA failed or where you want users to have a higher level of authentication, which could include factors like biometrics, face or fingerprint identification, time, location, and others. MFA typically includes a piece of data that you know (like a password or PIN), data you have (like a security code that was texted), and information about who you are (e.g. biometrics).

The National Security Agency provides a document for
Selecting Secure Multi-factor Authentication Solutions.”

Email Security

Get Back to Basics – Email Security

Email is your #1 threat vector. From phishing and ransomware to compromised credentials, protecting your email is paramount. Once you’ve set up MFA, you’ll want to ensure that every mailbox takes advantage of Microsoft’s email audit feature within admin settings, as well as set automatic alerts that can ping your security team when there is suspicious activity.

Follow these links to more in-depth guidance on phishing and ransomware.

Typically, it seems that companies aren’t concerned with phishing campaigns until “after the fact” or a security incident has taken place. In reality, users, employees are the critical point of security failure, particularly with phishing. Look for solutions that consider phishing intensity and frequency. After each phishing campaign, ensure there is required training as a refresher, providing feedback to employees after each attack with a sample and specific statistics with how well their campaign, or your employees, performed.

Microsoft Exchange Server Breach

Staying Dedicated to Vulnerability Management – On-Premise and Cloud

More on the Microsoft Exchange Server Breach

Read Insight

Watch Your Email Bells and Whistles

Watch Your Email Bells and Whistles

While we love O365’s email features like “Send Later” or attach from Cloud, some features are best left off.

We suggest that you turn off, or leave off, features like auto-forwarding, or blocking unsafe attachments. Users can easily manage Outlook’s unsafe attachment blocking settings by using the add-in interface, which will add or delete file extensions from the blocked extensions list.

On the other hand, there are a few features that you should start using like Encryption, as well as these three under Advanced Threat Protection:

Activate Office 365’s Advanced Threat Protection

“Detonate” Attachments

Safe Attachments launches email attachments and executes it in a virtual machine (that’s where the term ‘detonating’ comes from), before giving your permission to access it. The virtual machine can use the sandbox environment to detect any abnormal actions that may be hiding malware. A great feature for fettering out zero-day threats.

Utilize Safe Links

This handy feature takes the hyperlinks in email messages in Office 365 and rewrites them into a new URL that includes a Microsoft URL that acts like a proxy. The wrapper launches the links (plus, any downstream links) before it points the user’s web browser to the intended destination.

Launch Anti-Impersonation Protections (ATP)

Anti-phishing policies let you add protections against specific domain addresses or mailboxes of concern. These protections, for example, would highlight when a web address contains strange characters typically used in various cyberattacks. These tools notifies Microsoft when someone from your contact list or previous email replies sends an email that’s actually an impersonator overtaking the sender’s address.

Tried and True Still Needs Security

Microsoft 365 is a ubiquitous suite of powerful tools. But, even tools that we use every day need a periodic review from a security perspective. These tips will offer an opportunity to discuss your organization’s most tried and true applications and ensure, whether on-prem or cloud-based, they have maturity security in place.

Contact Us

Robert J. Sumner II, Security Analyst & Consultant

Insight Contributor:

Robert J. Sumner II, Security Analyst & Consultant

Robert J. Sumner II is a CyLumena cybersecurity analyst and risk consultant with substantial experience in investigative and cybersecurity analysis. Robert advises clients in their Governance, Risk Management and Compliance (GRC) efforts as well as designs and implements effective security solutions.