Microsoft 365 and Security

Written by Mahak Jain

 

In today’s era Microsoft 365 (M365) or Office 365 enables collaboration and data sharing via applications like Teams, SharePoint, and OneDrive to name a few. These applications are being used and adopted widely and with it comes a concern – Security.

 

Even though the end user is ultimately responsible to protect one’s own data, Cloud services providers make sure that their resources dedicated to security is more than the average business. Third Party Apps are also available that can help you to tighten and add an extra layer of security not just to M365 but to the entire infrastructure.

In this article we are going to briefly discuss a few M365 Security Concerns and how we can address them.

 

External File Sharing or Unauthorized File Sharing: As we all probably know by now that this is one of the most popular features in M365 environment. It enables users to collaborate not just internally but with people outside of your organization as well. There are features in place to make this secure as much as possible and to protect data from unauthorized individuals. Even if everything is done correctly, an irresponsible recipient leaving their account open on a public computer can be the source of compromise. It’s important to really limit the access to files and make sure recipients understand the importance of internet safety.

 

Extra Permissions: Unknowingly users end up with more permissions than they need to do their jobs. Excessive Rights increase the risk of data breach because users can accidently expose more data than they should.

 

Global Administrator Account Breaches: Cyber Attackers often target admin accounts in their attacks to again access to elevated privileges. The global admin model of M365 allows administrators to have global credentials which grant access to every user’s account and content.

 

So, now that we have discussed some of the Security concerns, let’s see what can be done to overcome them.

 

The first step in the data you store in M365 is to use the security features that the Security and Compliance Center provides. The Secure score test scans and monitors M365 identities, apps, devices, data and suggests improvements. The admin should:

  1. Configure the recommended security features
  2. Perform security-related tasks, such as viewing reports.
  3. Addressing recommendations by 3rd Party applications.

 

Enable Multi-Factor Authentication (MFA) : MFA requires users to setup two or more methods of identification to access their account. Example: a password plus a one-time code. Currently, MFA is one of the most powerful mitigation techniques you can use to prevent credential theft. MFA can be enabled in the M365 tenancy through the Admin Center.

 

Classify Data: Assists the organization to understand the location and value the content holds, so that they can apply appropriate security controls. Example, Files can be tagged that should not be shared Externally.

 

Minimize Privileges: Regularly identify and revoke excessive permissions. Setting Expiration dates on shared links. Use Global admin account only when required.

 

Defending against Ransomware: Using Mail flow rules we can block extensions commonly used for ransomware insertion, warn users about email attachments that might be infected. Also, disabling Auto-forwarding of emails. These are all available in Exchange Admin Center.

 

Use Secure Devices: Accessing sensitive data from a secure computer is one of the steps taken for additional layer of security. Like using VPN which eliminates Man-in-the-middle attacks, securing data between your device and a server. Many companies also insist on having a separate work and home device.

 

Other Important Tools: M365 offers additional services like ATP (Advanced Threat Protection), Attack Simulation, Threat Detection, Application access and Session Controls.

 

ATP includes Safe Attachments – for blocking malicious attachments in phishing emails. And Safe Links – for time-of-click verification of URLs in messages and documents.

 

Although there are some security concerns, many find that the productivity of M365 far outweighs the risks. Many organizations implement third party solutions to help with Gaining deep visibility in their cloud or hybrid environment, Spot and investigate threats that could result in breaches. Taking secure measures is a great way to minimize threats on an already secure system.