cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Contributor II

Office 365 / Microsoft 365 hardening & security

Greetings, everyone.  As cloud security definitely varies by vendor, I'd like to ask about one of the biggest of 'em all: Microsoft 365.  I'd like to hear some opinions on due diligence, known pitfalls, or other interesting concerns with a system that essentially places your AD in the cloud... or other interesting stories that you might have which reinforces a set of good security practices.

By the way, we're not in banking or a government subcontractor... but the tide is turning in M365's direction, and we need to start checklisting.

Thank you!

---
Eric Geater, CISSP
I've always said, "There's nothing an agnostic can't do if he really doesn't know whether he believes in anything or not."
2 Replies
Highlighted
Newcomer III

Re: Office 365 / Microsoft 365 hardening & security

Depend on your Microsoft 365 license, you can start off by leveraging existing Microsoft security features you have. For example, Identity Protection, Privilege Identity Management...etc.

 

Microsoft 365 Security Center and Compliance Center will give score base on your environment. It also outline tasks that can improve the score. You can use that as a good starting point and gradually improve the security score to enhance security posture.

Highlighted
Viewer III

Re: Office 365 / Microsoft 365 hardening & security

I would definitely advise exploring O365 or M365 or whatever they call it.

 

Few key security tips:

  1. MFA or no account. Always enable MFA for all your accounts.
  2. Bulletin EOP has come a long way, but may not be best when it comes to spam filtering, phishing protection.  
  3. Microsoft Compliance Score is a great way to improve 365 security
  4. Ther are many tools OneDrive, SharePoint, Teams, yammer etc. It is easy to lose track of your data. Review the configuration of every app.
  5. Review external sharing policies for OneDrive and Sharepoint
  6. Yes, backup is required. Backup emails and files.