Using M365 ecosystem enable us to collaborate and share data without problem, but nowadays, companies are concerned about security and the holes that those applications open in organizations.
Even though we are ultimately responsible for protecting our sensitive data, there are native security capabilities to address Microsoft Office 365 security concerns. Moreover, there are third-party solutions that can help us ensure strong security posture across the entire infrastructure.
So let’s list the common concerns that I have gathered from my experience in M365:
- Unauthorized or External File Sharing: enabling users to collaborate with external users in applications like Teams and SharePoint
- Privilege Abuse: having a user with more permission than they need. It is obvious, but excessive rights increase risk of data breach…
- Global Admin Account Breach: this is a game over, if someone gains access to that type of accounts, forget everything, could be a disaster… If you are in that case, apply MFA to that users
- Disabled Audit Logs: It is not being enabled by default, but for me is very powerful to know which actions are doing the users
- Short Log: by default Microsoft sores 90 days our logs, if you need to archive those logs for further detail, keep that into account.
So what we can do to overcome those concerns?
- Enable MFA: it is a very powerful resource, we have it for free, so… use it, it is great, if you have the license try it with Conditional Access
- Use DLP and email encryption
- Classify Data: help to understand the value of the content in order to apply appropriate security controls. For example, apply tags to not to share documents with external users or even disable the option
- Minimize privileges: revoking excessive permission, expiration dates on links
- Use the Unified Audit Logging: in order to gain visibility across M365 environment
- use ATP, which can block malicious attachments in phishing emails or even verify URLs in messages and documents
- Use Cloud App Security: in order to discover Shadow IT, control over permission in M365, application acess, etc…
There is no magic addressing concerns in M365, but the path is to gain visibility in the environment, investigate threats and if you’re case maintain regulatory compliance