Are you about to head off for your Christmas break? This O365 security checklist might just save your skin.
Microsoft Office 365 is popular because of its mobility and collaboration features. However, in a cloud-hosted environment, security issues can keep managers up at night because they’re worried about new cyber threats are that are constantly showing up.
Your organisation, therefore, needs to be aware of, and use all tools at your disposal to secure your data.
Thankfully, Office 365 offers built-in capabilities and customer controls to help you meet your compliance standards. These are only effective if configured correctly to your unique cyber security environment.
We’ve put together a 14 point checklist of security and governance features that you can implement right away and help you relax this Christmas:
1. Multi-Factor Authentication
Multi-factor authentication requires more than just a username and password. After users logged in with a username and password, they’ll receive a phone call or text message (depending on the configuration). Then they either answer the call or enter the access code received via text into the browser.
2. App Passcode
An app password is a code that gives an app or device permission to access an Office 365 account of your users.
3. Office 365 Trust Centre
Microsoft created a site called Office 365 Trust Center. It covers everything regarding security,
4. Role-Based Access Control
Role-Based Access Control (RBAC role) is a feature designed to control administrative access over different services across Office 365. It requires the ability to control these services by separate administrators.
5. Alerts
In the Security and Compliance Center, you can track a new activity and monitor user’s actions on the portal. You can configure policies to get alerts when updates take place.
6. Office 365 Security Reports
You can see or download the reports such as DLP policy matches, Malware detection, Spoof and Spam Detection and many others.
7. Content Search
The ability to search across data is increasingly important, and Microsoft is now offering a lighter, quicker way to search across Office 365.
8. Audit Log Search
In large organisations, it is a very common requirement to track the user and administrator’s actions on the services.
9. Azure AD Connect and Single Sign On
Azure Active Directory provides access control and identity management capabilities for Office 365 cloud services.
10. Mobile Device Management via Intune
Intune is Microsoft’s mobile device and mobile application management solution.
11. Conditional Access via Azure AD
Azure Active Directory (Azure AD) enforces conditional access policies to help secure access to Office 365 services.
12. Office 365 Advance Reporting via Azure AD
To look for unusual or suspicious sign-in activities in your Office 365 organisation, you can use sign-in and activity reports in Microsoft Azure.
13. Microsoft Advanced threat Analytics
Advanced Threat Analytics is meant to help businesses block targeted attacks by automatically analysing, learning and identifying all normal and abnormal behavior.
14. Password Policy
Every user account that needs to sign in to Office 365 must have a unique user principal name (UPN) or LOGIN ID attribute value associated with their account.
15. Controls for Document Sharing
Securing your OneDrive and SharePoint files from internal and external threats. Preventing data exfiltration.
Need help locking down your O365 implementation?
Brace168 can help with your unique security environment and establish your priorities.