Office 365 is an impressive, comprehensive package. It allows you to harness the power of the cloud with greater collaboration and also boasts increased security.
However, Office 365 isn’t as secure as you may think it is when it’s fresh out of the box. Just because it’s new, it doesn’t mean it is fully optimised to defend against potential Office 365 security threats. So, how can you defend your Office 365 from potential risks? We’ve compiled seven initial configurations you should have in place to harden your Office 365 security, give you greater control of your systems and networks and help ward off someone trying to infiltrate your systems.
7 Configurations To Strengthen Your Office 365 Security
- Set up outbound spam notifications. Though not a preventative measure, setting up alerts from a potentially compromised account in your organisation will help you identify the source of the issue. The compromised account may be sending mass outbound emails, and having alerts in place enables you to react quickly and take control of the situation.
- Enable the “client rules forwarding block” setting. This rule allows you to maintain control over end users’ ability to set up auto-forwarding. This setting helps to prevent data loss, be that from leavers or malicious actors redirecting valuable data. This can be especially useful when data is commercially advantageous, for instance, in sales, recruitment, and law firms.
- Keep the number of Global Administrators to a minimum. Having more than one Global Administrator is useful if the main admin loses access, but only share those permissions as much as necessary. We recommend designating fewer than five global admins to reduce the number of accounts that can perform global administrative tasks. This allows you to lock down multiple routes for someone to seize control of your environment. Microsoft advises that having too many global admins with unlimited access to your data and online business is a security risk.
- Disable anonymous calendar sharing in your Office 365 security settings. Not allowing anonymous calendar sharing can help prevent unauthorised access to staff calendars and reduce the level of detail that can be seen in shared calendars. This potentially sensitive information could be used to collect valuable data to launch a malicious attack.
- Enable mailbox auditing for all users. This setting is selected as a default to provide detailed activity logs that can be put in place for deeper analysis to proactively alert you to suspicious behaviour. Enabling this feature is useful for retrospective analysis of multiple Office 365 activities and traffic.
- As a precaution, don’t use transport whitelists. While this may seem counterintuitive, creating general rules for whitelisted domains can result in other addresses slipping through anti-phishing controls and bypassing malware.
- Turn off POP and IMAP protocols. While this can speed up access when you want to read your emails, it can actually weaken your Office 365 security, as using these can bypass multi-factor authentication (MFA).
Taking Your Defences To The Next Level
Configuring your malware filtering policies to block file attachments in email, based on the file type, can help reduce common malicious file types making their way through your defences.
The same goes for configuring spam filtering policies. Rules that filter email based on a senders’ reputation can be beneficial by allowing and blocking email addresses and domains. Similarly, configuring connection filtering policies by blacklisting other mail servers by their IP addresses can also provide a quick, block-all approach against known malicious email servers.
All three controls provide a layered approach to reduce the possibility of spam getting through. Including Advanced Threat Protection(ATP) will increase your Office 365 security by adding another filtering layer. This feature will run potential threats through a sandbox before they reach your network and includes “detonation” of attachments and links. This helps to evaluate and block more advanced threats, adds additional capability and is a worthwhile advance over the standard tools.
Most Office 365 security breaches occur due to credentials being stolen via phishing attacks or by what is known as a “low and slow” attack. This is where an attacker might try well-known passwords over a long period to avoid detection and account lockout rules.
The majority of attacks against email accounts can be avoided by enabling two-factor authentication (2FA). Even if the attacker takes time to crack or capture your password, they still can’t bypass multi-factor authentication (MFA) to log in to your account remotely.
To step it up a notch, you can also upgrade to the EMS suite, which provides greater controls of who and what devices can access your Office 365 tenancy and adds controls like conditional access for improved security and a better user experience.
Monitoring Unusual Activity
Information Rights Management (IRM) can protect against a potential attack by relying on identifying unusual activity in your Office 365 environment. Reviewing this information regularly will allow you to build up a baseline of what typical activity looks like to better identify any unusual activity that could indicate a compromised system.
Our cyber security CISSP experts are helping customers by performing proactive reviews. The immediate benefits of an outsourced team can mean your internal team isn’t bogged down with time consuming activity, and cyber security experts can provide a more focused approach due to higher levels of exposure and experience.
We would also advise tailoring your policies to meet your unique environment. We can help you develop an IRM policy to help prevent accidental or malicious exposure of your data outside of your organisation, especially if your industry is targeted by hackers because of high-value data assets.
At the very least, ensure you have the seven initial configurations in place to strengthen your Office 365 security measures.