US govt updates Microsoft Office 365 security best practices

US govt updates Microsoft Office 365 security best practices

The Cybersecurity and Infrastructure Security Agency (CISA) today issued an update to its Microsoft Office 365 security best practices as part of an alert distributed via the US National Cyber Awareness System.

These recommendations were compiled to address Office 365 security configuration errors that can weaken an organization’s otherwise sound security strategy while migrating from on-premise to cloud collaboration solutions during the pandemic.

“As organizations adapt or change their enterprise collaboration capabilities to meet ‘telework’ requirements, many organizations are migrating to Microsoft Office 365 (O365) and other cloud collaboration services,” CISA explains in the AA20-120A alert published today. 

Today’s alert is an update to the AR19-133A analysis report from May 13, 2019, and containing Microsoft Office 365 security observations.

Poorly configured Office 365 lead to cyber attacks

“Due to the speed of these deployments, organizations may not be fully considering the security configurations of these platforms,” the agency adds.

“CISA continues to see instances where entities are not implementing best security practices in regard to their O365 implementation, resulting in increased vulnerability to adversary attacks.”

The DHS cyber-security agency created its list of security best practices following several engagements with organizations that have migrated to cloud-based collaboration solutions such as Office 365 since October 2018, with some of them being forced to do it to support a fully remote workforce.

To prevent attackers from exploiting weaknesses in their Office 365 security configuration, CISA recommends taking the following measures:

Microsoft’s Office 365 security recommendations

A security roadmap with an extensive list of measures to be taken to protect Microsoft 365 environments is also available from Microsoft, with tasks to be accomplished during the first 30 days, within 90 days, and beyond.

Below you can find the Microsoft Ignite video session on which Microsoft’s security roadmap was based on.

Microsoft is also improving the security capabilities of Office 365 as shown by the addition of a new Office 365 Advanced Threat Protection (ATP) feature that would block email sender domains automatically if they fail DMARC authentication.

Microsoft is also currently adding new features designed to block malicious content in Office 365 regardless of the custom configs set up by admins or users unless manually overridden.

Office 365 ATP now also has a Campaign Views feature designed to help Security Operations (SecOps) teams analyze phishing attacks, as well as enhanced compromise detection and response to help detect breaches, remediate hacked accounts, and automatically detect and investigate suspicious users