topic Office 365 / Microsoft 365 hardening & security in Cloud Security

Office 365 / Microsoft 365 hardening & security

ericgeater — Mon, 20 Jul 2020 15:49:49 GMT

Greetings, everyone. As cloud security definitely varies by vendor, I'd like to ask about one of the biggest of 'em all: Microsoft 365. I'd like to hear some opinions on due diligence, known pitfalls, or other interesting concerns with a system that essentially places your AD in the cloud... or other interesting stories that you might have which reinforces a set of good security practices.

By the way, we're not in banking or a government subcontractor... but the tide is turning in M365's direction, and we need to start checklisting.

Thank you!

Re: Office 365 / Microsoft 365 hardening & security

sergeling — Tue, 21 Jul 2020 14:17:24 GMT

Depend on your Microsoft 365 license, you can start off by leveraging existing Microsoft security features you have. For example, Identity Protection, Privilege Identity Management...etc.

Microsoft 365 Security Center and Compliance Center will give score base on your environment. It also outline tasks that can improve the score. You can use that as a good starting point and gradually improve the security score to enhance security posture.

Re: Office 365 / Microsoft 365 hardening & security

Maverick — Mon, 03 Aug 2020 17:10:13 GMT

I would definitely advise exploring O365 or M365 or whatever they call it.

Few key security tips:

MFA or no account. Always enable MFA for all your accounts.
Bulletin EOP has come a long way, but may not be best when it comes to spam filtering, phishing protection.
Microsoft Compliance Score is a great way to improve 365 security
Ther are many tools OneDrive, SharePoint, Teams, yammer etc. It is easy to lose track of your data. Review the configuration of every app.
Review external sharing policies for OneDrive and Sharepoint
Yes, backup is required. Backup emails and files.