Wednesday, July 15, 10:21
Home inet CISA: Suggests best security practices for Microsoft Office 365

CISA: Suggests best security practices for Microsoft Office 365

CISA issued one information for best security practices in Microsoft Office 365, as part of a notification notified through the National Cybercrime Awareness System (CSIRT). CISA's proposals were written to address this security errors in Office 365, which can weaken an organization's healthy security strategy when they switch to a cloud-based job in view of the Koronoi Pandemic. Specifically, CISA states in the AA20-120A notice that as many organizations adjust or change the terms and conditions of the partnership to meet its requirements. teleworking, go to Microsoft Office 365 (O365) and other cloud services. This notice is an update to the AR19-133A analysis report of 13 May 2019 and contains security remarks regarding Microsoft Office 365.

A poorly designed Office 365 "paves the way" for cyber attacks. Due to the speed of these applications, organizations may not fully consider the security issues of these platforms.

CISA observes cases where organizations and other agencies do not implement optimal security practices in their implementation of O365, making them vulnerable to cyberattacks. Cybersecurity service DHS has created a list that includes best security practices, as many organizations have resorted to cloud-based collaboration solutions, such as Office 365, with some of them being forced to do so to support remote workforce. CISA, to reduce the chances hackers take advantage of security errors in Office 365, it is recommended to take the following measures:

  • Enable multi-factor authentication for administrator accounts: this is required because Microsoft does not enable it MFA by default.
  • Manager role matching using role-based access control (RBAC): Organizations must always change from the global administrator to other integrated administrator roles with fewer privileges, to provide administrators with the licenses they need to perform their work.
  • Enable Unified Audit Log (UAL): allows managers to look for clues to any malicious actions or actions that are not in line with established policies.
  • Enable multi-factor authentication for all users: prevents intruders from attacking using stolen credentials to check user accounts.
  • Disable old ID authentication when needed: because it is important for an organism to reduce its attack surface.
  • Enable notifications for suspicious activity: to alert organizations to malicious activity at the time of occurrence and to significantly reduce mitigation time.
  • Integration Microsoft Secure Score: which provides advice to organizations to strengthen Office 365 security.
  • Integrate recording files with the existing tool SIEM: helps organizations identify an unusual activity faster and associate it with any other unusual activity in Office 365.

Η Microsoft also improves Office 365 security features, as seen by adding a new Advanced Threat Protection feature (ATP) in Office 365 which will automatically block senders e-mail if they fail the DMARC authentication.
Microsoft is also adding new features designed to block malware in Office 365, regardless of custom settings set by administrators or users. Office 365 ATP also has a feature designed to help security teams analyze cyberattacks. Phishing, detect any breaches, restore compromised accounts and investigate suspicious users.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


Spotify: Finally reshaping its podcast charts

Spotify is reshaping its podcast charts to help listeners find new shows and watch local news ...

Find out if you have been hacked and what to do about it

Hacking attacks are a daily occurrence with many victims worldwide. Everyone is vulnerable to cyber hackers, but the threats do not ...

ISIS accounts continue Facebook propaganda

According to a new research, some accounts connected to the terrorist group ISIS, still exist on Facebook, without becoming ...

US and UK: Dealing with major cyber attacks

The United States, the United Kingdom, India and Germany have experienced many "significant" cyber attacks over the past 14 years, ...

Google Meet: New security settings for training meetings

New security features are coming into the Google Meet video chat app for education subscribers' teleconferencing.

Technology companies against the deportation of foreign students from the USA!

Technology giants such as Google, Microsoft and Facebook, as well as many other technology companies, have joined the US Chamber of Commerce, ...

Microsoft announces new features in ATP for Azure Storage!

Microsoft announced today that Advanced Threat Protection (ATP) for Azure Storage now enables customers to protect ...

The UK is on the alert for cyber attacks from China

The United Kingdom must be vigilant about possible cyber attacks by countries such as China, government ministers have said.

Linux 5.8-rc5: Will be released with terminology changes

On July 4, Dan Williams proposed changing the special terms of Linux, with new names ...

Belgium: Jackpotting attack on Argenta bank ATM

Argenta Bank, based in Antwerp, Belgium, has been the victim of a jackpotting attack. Is...