The US Department of Homeland Security released its Microsoft Office 365 Security Observations earlier this year and upon review we found their findings to be interesting to say the least. The findings certainly reinforce the importance of partnering with the right IT service provider.
It was noted that many businesses had used 3rd party IT service providers to migrate their data from on-premise environments to Microsoft’s Cloud without the correct security considerations. Following is a summary of the vulnerabilities identified in these environments:
- Multi-factor authentication not enabled for administrator accounts
- Mailbox auditing disabled
- Password sync vulnerability
- Legacy email protocols
S5 Technology Group recommend and implement the following basic security principals in Microsoft Office 365 tenants:
- Enable multi-factor / two factor authentication (2FA) for all user accounts including administrator and service accounts
- Enable unified audit logging
- Enable mailbox auditing for all users
- Disable Powershell for all user accounts that do not require it
- Ensure Azure AD Sync is the latest version and configured correctly
- Disable legacy email protocols that are not required
If you require assistance with your Microsoft Office 365 tenant’s security, please get in touch.
Links:
Department of Homeland Security Analysis Report
Configure your Microsoft Office 365 tenant for increased security
We provide our services throughout New South Wales, however some of the key locations that we service includes: Port Macquarie, Cowra, Laurieton, Kempsey, Wauchope, Macksville, Nambucca Heads, Coffs Harbour, Tamworth, Taree, Gloucester, Bellingen, Armidale, Newcastle, Forbes, Parkes, Young, Orange, Bathurst, Condobolin, and Dubbo.