Security is becoming increasingly important and considering the attacks on Solarwinds and Kaysea that have shaken the IT industry, there has never been a better time to reassess your own security measures and there is no better place to start than with your Microsoft 365 tenant.
The questions answered in this article were asked during a webinar we hosted which was presented by Truesec enterprise security experts Fabio Viggiani and Hasain Alshakarti. If you weren’t able to attend the webinar you can watch the full recording for free right here on the DOJO. It covers the most critical vulnerabilities in the Microsoft 365 suite, and how they would go about fixing or preventing them. As always in webinars such as this, we’re given a number of questions from attendees. Below you’ll find a list of the questions and associated answers from this webinar series, starting with a 30-minute follow-up video featuring Hasain and myself!
View mail flow reports in the Reports dashboard in Security & Compliance Center
Troubleshoot using the What If tool in Conditional Access
Top 10 ways to secure Microsoft 365 for business plans
Microsoft Secure Score
What’s inside Microsoft Security Best Practices? – (Security Compass)
Your M365 Security Questions
Are there any recommended conditional access policies that should be applied to ALL tenants?
Yes: at a minimum, policies should be put in place that blocks legacy authentication mechanisms along with requiring MFA for all users if possible (admins at a minimum). Also if you’ve got employees logging in from only a handful of countries go ahead and set up geofencing as well. Finally, don’t forget to set up your “break glass” accounts!
Are there any recommended tools to help test passwords against known breaches?
There are features in the Identity Protections features in M365 that can help with this. Additionally, a plugin can be installed on your on-prem DCs to have local passwords checked as well.
If I’m an SMB or some organization that has one of the lower licensing SKUs, what are my options for stopping Phishing?
At a minimum, you can set up MFA, which is included even in the lower licensing tiers. User awareness training and careful log monitoring can be useful at this size of organization as well.
Are Hardware-Based MFA Devices More Secure?
Not necessarily, the threat-actor is still going to wait for the end-user to do what they need to do to log in. The threat actor’s session token is still the target and can be compromised after a successful authentication with things like malicious OAuth applications…etc.
What are your recommendations for MFA in situations where you may have a shared global admin account across multiple team members?
Security best practices say don’t do this for a number of reasons. Ideally, each administrator requiring this level of access will have their own global admin account and leverage features such as just-in-time access.
Is it advantageous from a security perspective to have all endpoints accessing M365 managed by InTune?
Every situation is different of course, but anything that can increase the overall trust of a device (like being managed by InTune if that works for your organization) is generally beneficial
How much effort should organizations put towards end-user training?
This is certainly an area that organizations should focus on with consistent regular training. That said, this needs to be paired with technical solutions that are able to identify and take action against a threat because the human element WILL fail at some point despite best-laid plans
More on M365 Security and Vulnerabilities
We have a number of articles centered around security, but below are some of the articles that most closely go along with the topic of this webinar!
How the SolarWinds Hack Could Change Data Security Forever
M365 Records Management Guide
How Conditional Access Makes MFA Easy for Your Company
Why you Should Be Using Azure Security Benchmark
How to Secure Your Apps and Data with Azure Active Directory
Managing Identities and Passwords in Azure Active Directory
How to Boost your Azure Secure Score
The Actual Performance Impact of Spectre/Meltdown Hyper-V Updates
And just a reminder, if you haven’t watched the full webinar – what are you waiting for? Your 5 Most Critical M365 Vulnerabilities Revealed and How to Fix Them is free to watch right now!
Thanks for reading and for submitting your questions if you were one of our attendees for the webinar! Again, if you asked a question that you don’t see listed here or in the video, be sure to use the comments form below and we’ll get back to you with an answer!
As always, thanks for reading!
Not a DOJO Member yet?
Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!