Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Paulw_isp
Newcomer I
‎01-22-2018 10:49 AM
‎01-22-2018 10:49 AM

Best Practices for securing Office365

Hello,

 

I'm looking at Office365 security for our organisation and am wondering how best to secure it, what defaults I should apply?

 

We have bought Office365 E3 and I work for a Local Authority, so what should I look for and are there any good/best practice resources I should look at? I have already looked at the UK NCSC guidance documentation and that looks good, but what have other applied?

 

Thanks,

Paul

 

p.s. sorry If I've posted this in the wrong place.

Reply
0 Kudos
3 Replies
LA_Appel_Du_VId
Viewer II
‎01-22-2018 08:20 PM
‎01-22-2018 08:20 PM

Honestly,

One issue that I have found time in and out is that Office 365 inherently has some vulnerabilities. I chose to move to a spam filtration system that does anti-impersonation as a backbone. If you choose to keep O365 I would suggest just a short list of the following.

* Highly suggest investing in a spam filtration system that sits behind the 0365 console* 

- disable OWA or enable MFA with app authentication (no matter what else you do)

- Set to strip all hyperlinks in messages 

- One nice feature of Office 365 is that in the Admin portal, under the security it has a rating system from 0-365 (cute) which will give you different check offs you can do that will allow you too increase your security score. 

*the key is to remember that training your staff is the one of the if not the most important part of email and infrastructure security, if you do not have their buy in for the changes made, as each change will make it more time consuming for them to log in, then you will have a rather hard time* 

 

Reply
0 Kudos
JayCee
Newcomer II
‎01-23-2018 06:23 AM
‎01-23-2018 06:23 AM

MFA is an absolute must - we have seen too many examples of compromised accounts in other organizations that would not have occurred with MFA in place.

Reply
0 Kudos
Scwilco
Viewer
‎03-26-2018 11:09 AM
‎03-26-2018 11:09 AM

I would like to also emphasize 2FA. Cloud 2FA is expected in a high-regulatory environment like Healthcare and that if you have O365 you will should have MFA. In Microsoft's " mobile-first, cloud-first world" you must actively take steps to secure access.
Reply
0 Kudos