Microsoft 365 has made it simpler for users to work from anywhere at anytime, and companies are increasingly utilizing it to share and exchange important files and folders. With the rise of cloud-based services, however, it is crucial that companies pay close attention to their cloud security to ensure sensitive information and data remains protected and not easily accessed. So how do you make sure you’ve taken the steps you need to secure your Microsoft 365 environment?
Learn the Top 5 Ways to Secure your Microsoft 365 Environment
While Microsoft offers a variety of security features, keep your organization safe is ultimately up to you. Omar Alchi, Cloud Security Expert at Klarinet Solutions, recently hosted a webinar to discuss the top 5 best practices for ensuring your Microsoft 365 cloud environment stays secure, and how to implement these practices. Read on for a recap of what he covered.
Enforce Multi-Factor Authentication with Conditional Access Policies
Multi-factor authentication (MFA) requires users to provide more than one method of authentication to access an account, adding an additional layer of security. Legacy MFA methods are typically per user, but the recommended method is to enforce MFA through conditional access policies, as these provide security to groups and organizations as a whole, rather than individually.
To create a conditional access policy, which requires an Azure Active Directory (AD) Premium P1 or P2 license, you can go into Azure AD and create a new group or verify an existing group, and then enable Microsoft Authenticator for the group under authentication methods. Group membership can either be assigned or dynamic – assigned means that users must explicitly be selected to be part of the group and dynamic means users are automatically added based on attributes.
For best practices, we recommend starting with a pilot group when implementing MFA, and then expanding to the organization as a whole. Be sure to notify the entire organization about changes in security.
Principle of Least Privilege Model
The principle of least privilege maintains that users or entities should only have access to data they actually need. Oftentimes, users are given access to data, resources, and applications they don’t actually need, and most people don’t need access to admin roles in their day-to-day roles.
With Azure AD Privileged Identity Management (PIM), admins can activate roles for a specific period of time, ensuring that access to higher roles can be revoked after it is no longer needed. To create assignments, you can manage access under Privileged Identity Management and select roles and members for the assignment, which can be eligible or active.
Active assignments can be permanent, so the higher role can be active for the user indefinitely, or only active until a certain point. An eligible assignment means users can be eligible permanently for a role, but it won’t be active until an administrator manually goes in and activates it.
With priority monitoring, you can tag priority users such as executives, leaders, managers, or other users with access to proprietary, confidential information. By tagging these accounts, Microsoft will provide them with customized protection measures.
Priority monitoring can be managed by viewing users through the Microsoft Admin Center, filtering for active users, and then tagging priority accounts. A new alert policy can be created for these accounts by adding new alert policies in Microsoft 365 Defender.
When an account is tagged as a priority account, you will be alerted anytime suspicious files that potentially contain malware are sent to that account. You can then filter your reports in Microsoft 365 Defender to only include priority report tags for a closer look at security risks.
Phishing Awareness Campaigns
Phishing is one of the most common forms of cyberattacks, with more than 90% of all cyberattacks beginning with phishing, according to CISA. Phishing involves targeting individuals and organizations by tricking them into revealing sensitive information such as login credentials, financial data, or personal information.
It can be tricky to distinguish between legitimate and malicious emails, but phishing awareness training can help employees more easily recognize and avoid phishing attacks. Attackers constantly evolve their tactics, and new threats emerge all the time, so phishing awareness training should be an ongoing process.
In Microsoft 365 Defender, you can actually launch simulations that mimic a phishing attempt and notify the user if they fall for it. There are a few different payloads that can be selected, including credential harvest, malware attachment, link in attachment, link to malware, and more.
By reducing unnecessary access to sensitive resources, you can help your organization reduce cybersecurity risks. Often, when access to files and folders is given to a temporary user, organizations rarely go back and conduct audits to remove inactive users or compromised accounts, leaving sensitive data exposed with the possibility of being compromised.
Access reviews provide recommendations based on user activity and these can be completed by team owners. We recommend using access reviews to conduct an audit quarterly and ensure all access is up to date.
Access reviews can be created in Azure AD under identity governance, and you can select the users you believe should be reviewing access quarterly.
Klarinet Solutions Can Help You Secure your Microsoft 365 Environment
For more details on implementing all 5 of these recommended practices, be sure to watch the webinar recording in which Alchi walks you through each, step-by-step.