CISA issued one information for best security practices in Microsoft Office 365, as part of a notification notified through the National Cybercrime Awareness System (CSIRT). CISA's proposals were written to address this security errors in Office 365, which can weaken an organization's healthy security strategy when they switch to a cloud-based job in view of the Koronoi Pandemic. Specifically, CISA states in the AA20-120A notice that as many organizations adjust or change the terms and conditions of the partnership to meet its requirements. teleworking, go to Microsoft Office 365 (O365) and other cloud services. This notice is an update to the AR19-133A analysis report of 13 May 2019 and contains security remarks regarding Microsoft Office 365.
A poorly designed Office 365 "paves the way" for cyber attacks. Due to the speed of these applications, organizations may not fully consider the security issues of these platforms.
CISA observes cases where organizations and other agencies do not implement optimal security practices in their implementation of O365, making them vulnerable to cyberattacks. Cybersecurity service DHS has created a list that includes best security practices, as many organizations have resorted to cloud-based collaboration solutions, such as Office 365, with some of them being forced to do so to support remote workforce. CISA, to reduce the chances hackers take advantage of security errors in Office 365, it is recommended to take the following measures:
- Enable multi-factor authentication for administrator accounts: this is required because Microsoft does not enable it MFA by default.
- Manager role matching using role-based access control (RBAC): Organizations must always change from the global administrator to other integrated administrator roles with fewer privileges, to provide administrators with the licenses they need to perform their work.
- Enable Unified Audit Log (UAL): allows managers to look for clues to any malicious actions or actions that are not in line with established policies.
- Enable multi-factor authentication for all users: prevents intruders from attacking using stolen credentials to check user accounts.
- Disable old ID authentication when needed: because it is important for an organism to reduce its attack surface.
- Enable notifications for suspicious activity: to alert organizations to malicious activity at the time of occurrence and to significantly reduce mitigation time.
- Integration Microsoft Secure Score: which provides advice to organizations to strengthen Office 365 security.
- Integrate recording files with the existing tool SIEM: helps organizations identify an unusual activity faster and associate it with any other unusual activity in Office 365.
Η Microsoft also improves Office 365 security features, as seen by adding a new Advanced Threat Protection feature (ATP) in Office 365 which will automatically block senders e-mail if they fail the DMARC authentication.
Microsoft is also adding new features designed to block malware in Office 365, regardless of custom settings set by administrators or users. Office 365 ATP also has a feature designed to help security teams analyze cyberattacks. Phishing, detect any breaches, restore compromised accounts and investigate suspicious users.