top of page

9 security tips for your office 365

1

1

Ensure all accounts enable Multi-Factor Authentication (MFA) Not requiring Multi-Factor Authentication (MFA) in your company is like not requiring a password in 2010. Enable MFA for all user & administrative roles. Verify using command-line by using this great PowerShell script.

2 Protect your administrator accounts If you're company has more that 5 global admins then you're doing it wrong. Reduce the number of admins to minimize exposure to password attacks by applying the principle of least-privilege and following security best-practises:

  • Have less than 5 global administrators roles

  • Ensure global admin accounts are unlicensed

  • Assign the default '.onmicrosoft' domain

  • Ensure MFA is enforced on admin accounts


3 Create a backup of your most valuable Office information Which cloud made you think backups aren't a thing anymore? If loss of data would mean significant business impact, consider integrating a solution that manages external backups as your insurance.

4 Disable your legacy authentication protocols If you keep legacy protocols enabled, you're doing attackers a favor. In consultation with remote communities, we draw up a long-term action plan that will create water security and improve.

5 Increase audit log age from the default value (90) to 365 days Record user & admin activity for when you get hacked. The average company takes an average of 191 days to detect a data breach. Record user and admin activity in order to be able to trace back any potential malicious administrative or user action. Review audit logging for all user mailboxes in your organization. ​Get-Mailbox -ResultSize Unlimited -Filter "RecipientTypeDetails -eq 'UserMailbox'" | Out-GridView ​ Enable mailbox audit logging for all user mailboxes in your organization.| ​Get-Mailbox -ResultSize Unlimited -Filter "RecipientTypeDetails -eq 'UserMailbox'" | Select PrimarySmtpAddress | ForEach{ Set-Mailbox -Identity $_.PrimarySmtpAddress -AuditEnabled $true} ​ Set the age limit for mailbox audit log entries for all user mailboxes in your organization to 365 days. ​Get-Mailbox -ResultSize Unlimited -Filter "RecipientTypeDetails -eq 'UserMailbox'"| Set-Mailbox -AuditLogAgeLimit 365

6 Control guest access in your environment Invite an external collaborator on Teams without feeling anxious. Managed your external collaborators according to best-practises.

7 Manage application consent in your company Do you know what applications can access your Office data? Review external applications periodically and have delegated admins manage consent in the organisation.

8 Apply custom company branding to your environment Personalize your Office environment. Lower your exposure to generic attacks. Apply custom branding and train employees to recognize their own company branding everytime they log-on. Keeping the default branding increases exposure to low cost phishing attacks.

9 Allow users to report junk or phishing emails Allow your employees to signal malicious emails with the click of a button. Follow the step-by-step documentation by Microsoft to enable the Report Message button in Outlook.



11 views0 comments
bottom of page