Secure your Microsoft 365

17 Aug 2020

Microsoft 365 Lockdown

Cyber Security is an ongoing battle in the world of technology, and in the last few months it has only become more important with a mass change to working from home. Microsoft 365 (including emails, teams, etc.) is no exception, and we have seen a marked increase in attempts on Microsoft 365 instances. Because of how important these cloud services are to almost all businesses, how exactly can you protect these cloud services from theft, deletion, or compromise?

Unfortunately – there is no silver bullet. However, we can make it very hard and make your business less appealing to a hacker. If there is one thing you take away from this article, it is that Two Factor Authentication - on its own - is not enough to protect your data.

End User Authentication (Change the way your staff login)

The first obvious move is making the login process more secure. Some of the things we can do include:

  • Multifactor Authentication: (also known as Two Factor Authentication) can be setup for your M365 instance. This is usually setup so your end users can be challenged for another code from the Microsoft Authenticator (or other service). (You can download Microsoft Authenticator for apple devices and android devices however this also needs to be setup in your instance as well.)
  • General understanding of cyber security for all staff: Getting all staff to have a general understanding of cyber security can help. If your staff know what to look for, or even what could possibly cause a breach – then you can automatically lower the chance of any cyber attacks on your company. Check out our Cyber Security Guide for more information.
  • Modify Password Policies: Simple things like changing passwords to being changed every 90 days, and removing admin access from all users can dramatically decrease the chance of an external party getting unauthorised access to your data.

Device Management (Change what can be used to login with, and how)

Beyond user accounts, we can also define how an account can be accessed. In this instance, you can define simple things like:

  • End user devices MUST have a passwords or passcodes.
  • Disallow jail broken or rooted devices (usually mobile devices) - avoiding compromised OS’s.
  • Require email profile management on device.

There is much more that can be done in this area, however these are the basics and form a good starting point when coupled with other protection mechanisms on devices like antivirus and web filter solutions.

Exchange Emails (How emails are changed at an org level to prevent attack)

Emails are a big entry point for breaking into M365 instances for hackers, and so beyond protecting the user accounts, and devices; defining WHAT the exchange email servers for your company can and cannot do are important. Just some of these include:

  • Enable auditing (so diagnostics can be completed easily)
  • Enhance the inbuilt exchange malware filters
  • Filter emails incoming and outgoing with a 3rd party malware & spam solution… effectively “cleaning” emails before they enter or email your domain.
  • Disable auto forwarding to external domains altogether (Thus negating any chance of a third party getting a copy of all emails without you knowing about it by simply adding rules or similar).

Again, much more can be done in this area, but implementing the above changes help to harden the security in the email services portion of Microsoft 365, and minimise the risk. Anything more beyond these changes only increases security further.

Domain Settings & Other Changes

There are various other changes around your “digital infrastructure” that can help lower cases of events with Microsoft 365, and specifically email.

  • Enable various security standards throughout all the Microsoft 365 various admin areas. (this extended from conditional access through to user administration and is very broad)
  • Review SPF settings for all your domains: and ensure they are correct to ensure hard fail for anyone trying to spoof your email domain.
  • Ensure DKIM is setup and enabled: DKIM (DomainKeys Identified Mail) is an authentication process that can help protect both senders and recipients from forged and phishing email. Add DKIM signatures to your domains so recipients know that email messages came from users in your organization and were not modified after they were sent.
  • Enable DMARC for your business: DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email.
  • SharePoint / OneDrive Sharing: Disallow sharing to anyone without a code or account (you can still share with external people; it is just harder for criminals to get your data this way)

Whats next?

If you are ready to look at securing your Microsoft 365 instance, feel free to contact us to design a solution for your firm, and implement the above with a tailored fit for your business.

Secure your Microsoft 365 instance today

Share:

Most Recent Posts

Secure your Microsoft 365

Cyber Security is an ongoing battle in the world of technology, and in…

The BlueReef Roadmap to 2025

Big goals for a company are important to drive teams to be better, and…

How we are responding to COVID-19

The situation around COVID-19 is rapidly changing and we are…

COVIDSafe App

Should you download the COVIDSafe App?

COVID-19 Malicious Cyber Activity

There has been a flood COVID-19 themed cyber threats, beware of scams.

Microsoft Gold Partner.png   Stay Smart Online Partner   Territory Proud Member

© 2008 - 2020 BlueReef Technology (Tropical Business Solutions Pty Ltd)