Microsoft Office 365 - A1t .au
Microsoft Office 365Security Assessment0
Table of ContentsOverview . 2Mail Flow .11What Is Covered. 3Email Protection .12Microsoft Secure Score . 4Cheat Sheet: Recommended Improvements . 5Security Assessments . 6Azure AD . 6Azure – Identity Secure Score . 6Azure – Risky Users . 6Multi-Factor Authentication . 7Self-Service Password Reset . 8Device Management . 9Conditional Access . 10Role Assignments . 10Exchange Online . 111Impersonations & Phishing.13Top Users Targeted by Phishing Campaigns .13SharePoint Online / OneDrive for Business . 14Microsoft Teams . 15Information Security & Governance . 15Essential 8 . 16Key Findings & Recommendations . 17Critical Items . 17Important Items . 17General Items. 17Get in Touch . 18
OverviewThe goal of this assessment is to help Australian businesses to understand and reduce security risks to theirbusiness. With over 30% of cyber incident breaches in Australia coming from compromised or stolencredentials and another 43% from Phishing attacks it is highly important to secure your Microsoft Office365 tenant.This assessment can be used to review your Microsoft Office 365 configuration for best practices and outlineany recommendations to improve your security posture. The recommendations in this assessment are basedon utilising Microsoft 365 Business as a minimum, however some recommendations will work for lower levelsof Microsoft licensing.Microsoft Office 365 is an integral part of many Australian businesses providing key business services likeAzure Active Directory identity management, email, SharePoint and One Drive file management systems,Microsoft Teams for collaboration software and device management.Your Microsoft Office 365 applications and data can be accessed in many ways; whether you’re working inthe office, at your home office, on the road or from your laptop, phone or tablet device. There are now manyways to access sensitive business data so it’s imperative to ensure the security of this data of yourorganisation’s Microsoft Office 365 suite.30%30% of Cyber IncidentBreaches in Australia Come FromCompromised or Stolen CredentialsThis document will help considerably to raise your organisation’s Office 365 security posture. It can be usedto check off user, identity, and authentication actions needed to take to bolster security across each of thesecritical vulnerability points.A1 Technologies specialises in helping businesses secure their Microsoft Office 365 environments. Thisassessment template is based on our experience with our clients and ongoing improvements to our ManagedServices clients as part of our service. Through a continuous review and improvement schedule we regularlyadd additional security improvements to our assessments. This version is offered here freely to allowAustralian Businesses the opportunity to improve their Security and reduce the risks to their businesses.If, at any point, you need assistance with your security project to complete and assessment, implementrecommendations or discuss our Managed Services options, don’t hesitate to reach out, we would love tohear from you.243%Another 43% FromPhishing Attacks
What Is CoveredThis assessment template will cover the following Microsoft Office 365 components:Azure AD Assessment-General identity access and device management settings.Exchange-Mail Flow assessment, mailbox and groups permissions, connectors, etc.SharePoint & OneDrive-General sharing settings, permissions on sites and libraries.Teams-Teams ownership, channel settings, sharing settings, etc.Information Security-Auditing, data loss prevention, information protection, etc.Microsoft Secure ScoreMicrosoft Intune3
Microsoft Secure ScoreYour Microsoft Secure Score represents an overall scoring of security across five key Microsoft 365 areas:identities, data, apps, devices, and infrastructure, each with its own associated score. The higher the score,the more secure these are. It is a good check of overall system security health and by assessing each areayou can raise the individual and overall scores. Microsoft Secure Score is also based on your Microsoftlicensing, for example if your business utilises Microsoft Office 365 Business you will have less securityoptions available to you compared with Microsoft 365 Business (which includes Advanced Security andDevice Management).Out of the box, most Microsoft Office 365 environments have a Microsoft Secure Score of between 35-45 –this is a very low score however Microsoft provide the tools to greatly increase security. A score of 176 (likethe below example) provides a moderate level of security with low user impact on staff workflows, howeverit’s possible to do better.With the recommendations in this document, aMicrosoft Security Score of over 200 points can beachieved with limited impact on day-to-day userexperience. However, the Microsoft Secure Score isalways changing, a score of 176 today may reduce overtime as new threats are found and new mitigationoptions are available. A continuous managementthrough the monitoring of various logs is required andregular reviews of the current Security Score toimplement ongoing improvements is required.This assessment template focuses heavily on credentials protection to mitigate threats, in particular thelargest user changes that organisations will typically make is by implementing Multi-Factor Authentication(MFA), which forces users to use a second level of authentication when accessing company data. You’ll befamiliar with MFA in real life – e.g. banks asking for a verification code sent over SMS or via Windows orGoogle Authenticator.Additionally, planning and tuning security settings over time will ensure your environment and your staff aremuch safer from the risk of attacks. A1 Technologies recommend monthly reviews of logs and quarterlyplanning for to implement improvements.4
Cheat Sheet: Recommended ImprovementsA recommended list of actions to increase your Microsoft Secure Score can be seen in the table below.5Improvement ActionScoreCategoryUser ImpactImplementation CostSourceRegister All Users For Multi-Factor Authentication (MFA)5/20IdentityHighHighAzure Active DirectoryRequire MFA For Azure AD Privileged Roles33/50IdentityLowLowAzure Active DirectoryRequire MFA For All Users2/30IdentityModerateModerateAzure Active DirectoryBlock Client Forwarding Rules [Not Scored]0/20DataModerateModerateExchange OnlineSet Outbound Spam Notifications [Not Scored]0/15DataLowLowMicrosoft InformationProtectionTurn On Mailbox Auditing For All Users [Not Scored]0/10DataLowLowExchange OnlineEnable Password Hash Sync If Hybrid0/10IdentityLowLowAzure Active DirectoryEnable Self-Service Password Reset0/5IdentityModerateModerateAzure Active DirectoryNo Transport Rule To External Domains [Not Scored]0/5DataLowLowDo Not Use Mail Flow Rules That Bypass Anti-Spam Protection [Not Scored]0/5DataLowLowSPO Sites Have Classification Policies [Not Scored]0/10DataModerateModerateSharePoint OnlineDo Not Allow Anonymous Calendar Sharing [Not Scored]0/10DataModerateLowExchange OnlineDo Not Allow Users To Grant Consent To Unmanaged Applications0/10IdentityModerateLowAzure Active DirectoryTurn On Sign-In Risk Policy0/30IdentityModerateModerateAzure Active DirectoryTurn On User Risk Policy0/30IdentityModerateModerateAzure Active DirectoryEnable Policy To Block Legacy Authentication0/20IdentityModerateModerateAzure Active DirectoryTurn On Cloud App Security Console0/20AppsLowModerateMicrosoft Cloud App SecurityCreate A Microsoft Intune Compliance Policy For iOS0/10DeviceModerateLowIntuneCreate A Microsoft Intune Compliance Policy For Windows0/10DeviceModerateLowIntuneCreate A Microsoft Intune Compliance Policy For MacOS0/10DeviceModerateLowIntuneCreate A Microsoft Intune Configuration Profile For iOS0/10DeviceModerateLowIntuneCreate A Microsoft Intune Configuration Profile For MacOS0/10DeviceModerateLowIntuneEnable Microsoft Defender ATP Integration Into Microsoft Intune0/10DeviceLowLowIntuneRequire Mobile Devices To Use A Password [Not Scored]0/5DeviceLowLowMicrosoft InformationProtectionMicrosoft InformationProtectionMicrosoft InformationProtection
Security AssessmentsAzure ADMicrosoft Office 365 uses Azure Active Directory (Azure AD), a Microsoft cloud-based user identity andauthentication service to manage identities and authentication for Microsoft Office 365. Getting youridentity infrastructure configured correctly is vital to managing Microsoft Office 365 user access andpermissions for your organisation.Azure – Identity Secure ScoreLike the Microsoft Secure Score, Azure also displays its own secure score based on identity (user information).The Identity Secure Score makes up the ‘Identity’ component of the Microsoft Secure Score and breaks downin more detail improvement actions to safeguard identity (and how much it will count towards yourAzure Identity Secure Score (out of 255), such as Require MFA for Azure AD privileged roles (50 points),Require MFA for all users (29 points), and Use limited administrative roles (1 point). This is directly availablein the Azure dashboard.Azure – Risky UsersA1 Technologies recommends reviewing your “Risky Users” reports (available via the Azure dashboard, under‘Users flagged for risk’) on a regular basis. Risky Users have behaviour that can lead to a data breach orunauthorised access. This includes behaviours such as poor password strength, leaked credentials, and loginsfrom different locations or devices. The Risky User portal will also warn of attempted malicious attacks suchas logins from Overseas. Risky Users can be classified as either High, Medium, or Low risk.6
Multi-Factor AuthenticationTwo-factor verification is more secure than just a password, because it relies on two forms ofauthentication: something you know (your password), and something you have with you (i.e. a mobiledevice). Two-factor verification can help to stop malicious hackers from pretending to be you. Even if theyhave your password, they will also require access to your mobile to gain access to your account. Multifactor authentication can refer to two or more authentications necessary to gain access.Current StateRecommended StateUpdate RequirementsSecurity Defaults:Security defaults is a set of basic identity security mechanisms recommendedby Microsoft. When enabled, these recommendations will be automaticallyenforced in your organisation. Administrators and users will be betterprotected from common identity-related attacks.Enable this setting to apply new Microsoft recommendedsecurity settings such as:1.MFA on all users2. Restrict access to Azure portal3. Restrict access to Azure PowerShellGlobal Admins:Microsoft recommends that you have at least 2 global admins required atany time to reset passwords and to protect against a rogue admin orcompromised account. We now also recommend that you have no morethan 4 global admins to reduce your organisation's collective risk.MFA:Enforce MFA for all users.Modern Authentication:App passwords are used by legacy applications. Enforce users to use modernauthentication clients and disable app passwords.MFA Verification Options:Recommend removing phone and SMS as verification methods as they areweaker options than the Microsoft Authenticator mobile app.MFA Device User Trust:Allow trusted user devices to remember MFA for a period of 14 days.7
Self-Service Password ResetSelf-service password reset (SSPR) is an Azure Active Directory feature that enables employees to resettheir passwords without needing to contact IT. Employees must register for, or be registered for, the selfservice password reset before using the service. During registration, the employee chooses one or moreauthentication methods enabled by their organisation.It is strongly recommended that Global Administrators also set up this service for their own accounts.Current StateRecommended StateSelf Service Password:Enable SSPR for all users.Once enabled, users are required to complete the SSPR process toregister a device that will allow them to complete SSPR.8Update Requirements
Device ManagementIntune is a cloud-based enterprise mobility management (EMM) service that helps enable your workforceto be productive while keeping your corporate data protected. With Intune, you can:-Manage the mobile devices your workforce uses to access company data, whether companyowned or BYO device.Manage the client apps your workforce uses.Protect your company information by helping to control the way your workforce accesses andshares it.Ensure devices and apps are compliant with company security requirements.Intune integrates closely with Azure Active Directory (Azure AD) for identity and access control and AzureInformation Protection for data protection. We recommend all organisations use Intune for enterprisemobile security management.Current StateRecommended StateUpdate RequirementsMDM Auto-Enrolment:During Azure AD join for Windows 10 devices, the device willautomatically be enrolled with Intune for policy and configurationmanagement.Azure AD Premium P1 or P2.Intune Compliance Policies:Compliance policies will examine management defined rules forcompliance (like encryption, password strength, secure boot andsimilar), and mark each device as compliant or non-compliant withcompany policies. Policies should be defined for all used platforms inthe environment.Azure AD Premium P1 or P2.Intune Compliance Policies:Configuration policies should push company requirements and settingsto user devices.Intune Compliance Policies:Ensure all Android and Apple devices are enrolled with Intune.Recommend enrolling all Windows 10, Android and Mac devices.9
Conditional AccessThe modern security perimeter now extends beyond an organisation's network to include user and deviceidentity. Organisations can utilise these identity signals as part of their access control decisions.Conditional Access is the tool used by Azure Active Directory to bring signals together, make decisions, andenforce organisational policies. Conditional Access policies at their simplest are if-then statements, if auser wants to access a resource, then they must complete an action.Current StateRecommended StateUpdate RequirementsConditional Access Policies:Configure Conditional Access policies for different platforms, typeof access (from trusted or untrusted devices), and user groups.For example, if a user attempts to access resources from a trusteddevice (enrolled with Intune), which they have used within the past14 days, they will be granted access. For untrusted devices (accessfrom web browser from a non-managed device) it will requiremultifactor authentication every time.Risk-based Sign-in Policies:The system will intelligently monitor user sign-ins and blocksuspicious sign-ins detected based on parameters like time, locationor client application.Security Defaults:Baseline Protection policies are a legacy experience which is beingdeprecated. All baseline protection policies will be removed onFebruary 29th, 2020. If you are looking to enable security policy foryour organisation, we recommend enabling Security Defaults orconfiguring Conditional Access policies.Role AssignmentsThere are several default roles in Azure AD / Office 365. It is important to define what identities canmanage different aspects of your Office 365 environment.Current StateRecommended StateRestrict Privileged Access:Remove user accounts from Global Administrator role and create aseparate admin-only account for needed persons.10Update Requirements
Exchange OnlineMicrosoft Exchange Online is a hosted messaging solution that delivers the capabilities of MicrosoftExchange Server as a cloud-based service. It gives users access to email, calendar, contacts, and tasks fromPCs, the web, and mobile devices.Mail FlowCurrent StateRecommended StateEnsure SPF record published for Office 365.Ensure DKIM is configured for the all domains.Ensure DMARC is configured for all domains.Spam Filter Policy:Spam Filter policy configured for all domains. Additionally, enableadvanced threat protection (or 3rd party spam filter products).Anonymous Connectors:Configure connector only if you need device to anonymously relay.Client Forwarding Rules:Ensure this rule is turned on.Default Malware Filter:Enable this setting.Auto-forwarding to external contacts disabled.11Update Requirements
Email ProtectionTo protect your email messages from malicious attacks, Office 365 uses Advanced Threat Protection.Microsoft Office 365 Advanced Threat Protection (ATP) is a cloud-based email filtering service that helpsprotect your organisation against unknown malware and viruses by providing robust zero-day protectionand includes features to safeguard your organisation from harmful links in real-time. ATP has rich reportingand URL trace capabilities that give administrators insight into the kind of attacks happening in yourorganisation.Current StateRecommended StateAnti-Phishing Policy:Configure Anti-Phishing policy for all users in the tenant.Safe Link Policies:Configure Safe Link policy to scan email for malicious URLs enabled.Safe Attachment Policies:Configure ATP policy to scan emails for malicious attachments enabledfor SharePoint, OneDrive, and Microsoft Teams.Default Retention Policy:This policy contains the following retention tags1 Month Delete1 Week Delete1 Year Delete5 Year Delete6 Month DeleteDefault 2 Year Move to ArchiveJunk EmailNever DeletePersonal 1 Year Move to ArchivePersonal 5 Year Move to ArchivePersonal Never Move to ArchiveRecoverable Items 14 Days Move to Archive3rd Party Backup:A1 Technologies recommend the use of a 3rd party cloud-based backuptechnology to backup mailboxes, this is different to a retention policy andoffers a point in time restore of mail data or SharePoint data.12Update Requirements
Impersonations & PhishingWhile Microsoft works hard for ATP to catch impersonation and phishingattempts, sometimes these emails can still land in organisational inboxes.Invoking policies like only accepting emails from known domains, whileeffective, can completely stifle workflow.You can choose to use additional email filtering products by third partyservices; however, the best line of defence is in-house security briefingsabout current phishing attacks and what to look out for in emails.Phishing and impersonation attempts are sophisticated affairs, easilymimicking real-world service providers, known contacts, and otherassociates.Train staff to check incoming email addresses to known addresses, log in tooutside service providers only through their known sites, and be wary ofopening attachments from unknown senders – document-based malwarecan deliver payloads upon opening.Top Users Targeted by Phishing CampaignsAnyone has that access to important resources within your organisation isa major target for phishing. This means those in finance, HR, sales, C-suiteand their personal assistants, and IT administrators. Anyone with the keysto significant funds or data is a major target, although all staff need training,no matter their responsibilities.13
SharePoint Online / OneDrive for BusinessMicrosoft SharePoint Online in Office 365 is a content, knowledge, and application management andorganisation platform. It empowers people to share and work together, to inform and engage othersacross the company, to transform business processes, and to harness collective knowledge. In addition,SharePoint provides capabilities for organisations to protect and manage their data and to build customsolutions.OneDrive is an online storage space in the cloud that's provided for individual licensed users in anorganisation. Use it to help protect work files and access them across multiple devices. OneDrive lets youshare files and collaborate on documents, and sync files to your computer.Current StateRecommended StateDefault Link Type:This section allows you to configure how you as an organisation want toshare documents.Allow Guests to Share Items They Don’t Own Is Set:Recommend change setting False unless required otherwise.Default Link Permission:Recommend change default link permissions to “View” unless requiredotherwise.Expiration for Anonymous Links:Recommend set expiration of 7 days.File and Folder Links:Recommend restricting who you share links with. If this setting isrequired, this should also be set to expire after a set number of days.14Update Requirements
Microsoft TeamsMicrosoft Teams is a unified communications platform that combines persistent workplace chat, videomeetings, file storage (including collaboration on files), and application integration. The service integrateswith your organisation's Microsoft Office 365 subscription office productivity suite and features extensionsthat can integrate with non-Microsoft products. Microsoft Teams is a competitor to services such as Slackand is the evolution and upgrade path from Microsoft Skype for Business.Current StateRecommended StateUpdate RequirementsDefault Policies:Define more granular policies, especially for external access and guestusers.Information Security & GovernanceGeneral information security guidelines and tools coming from Office 365 and Azure.Current StateRecommended StateModern Retention Policies:Configure retention policies for all Office 365 services for bettercompliance.User Actions Auditing:Turn on auditing for user and admin actions.DLP Policies:Define fine-grained DLP policies to protect accident data leakage indomain.Mail Archive Policy:Define fine-grained AIP policies to encrypt messages and applypermissions and track documents shared internally and externally.Alert Policies:Alert policies enabled for detection of suspicious actions.Establish Company Branding:Allows admins and users to quickly identify what tenant they areconnecting into.15Update Requirements
Essential 8A1 Technologies also recommends complying with the Australian CyberSecurity Centre’s Essential 8 guidelines. This includes the below 8 key areas,of which, several of the key areas reside outside of Microsoft Office 365.1.2.3.4.5.6.7.8.Application WhitelistingMicrosoft Office 365 Macro SettingsRestrict Administrative PrivilegesMulti-Factor AuthenticationPatch ApplicationsUser Application HardeningPatch Operating SystemsDaily BackupsThe Essential 8 is 8 security strategies that the Australian Cyber SecurityCentre (ASCS) recommends, as a minimum-security baseline, for businessesof any size or industry.You can read more about the Essential 8 here.16
Key Findings &Recommendations// use this section to outline key findings & recommendations for yourteam, managers, or vendors. It should include critical, important, andgeneral recommendations.Critical ItemsTo be addressed and remediated immediately.1. Critical item2. Critical itemImportant ItemsTo be addressed and remediated immediately.1. Important item2. Important itemGeneral ItemsTo be addressed and remediated immediately.1. Important item2. Important item17
A1 Technologies is an Australian IT Consultancy and Managed Service Provider (MSP)specialising in delivering robust, responsive, and secure IT and Technology solutions tobusinesses Australia-wide.If you need help deploying, managing, or optimising any part of your technologyinfrastructure, feel free to reach out, we would love to hear from you.Our Services IT ConsultancyIT Support & HelpdeskIT Security & AuditingBusiness Internet & VoIPSolutionsSD-WAN SolutionsProfessional & ProjectServicesA Few Words from Our Customers Cloud MigrationAzure ConsultingCloud Security & AuditingCloud Architecture, andOptimisationMicrosoft 365 SecurityConsultingAWS Consulting“Excellent experienced team who can quickly understand the pressuresof a business and help prioritise.”Mark Woodhouse, CFO, JD Sports Fashion Retail“I would like to thank A1 and commend you for your excellent work.A1 delivered beyond my expectations."Sandra Whitaker, IT Manager, NSW Nurses & Midwives Association“A1 has been very efficient and a great value-add to our business”Trevor Bolland, CEO, Nuzest Life.Get in TouchContact: Rob Rattray, Sales DirectorP: 1300 287 910 E: rob@a1t.com.au18
Microsoft Teams for collaboration software and device management. Your Microsoft Office 365 applications and data can be accessed in many ways; whether you're working in the office, at your home office, on the road or from your laptop, phone or tablet device. . Intune is a cloud-based enterprise mobility management (EMM) service that helps .
Office 365 is a sub brand of Office that reflects Office as a service and include traditional Office apps and cloud-based services. The first mention of “Office 365” in body copy must be referenced as “Microsoft Office 365”. After the first mention, Office 365 may be referenced as: Microsoft Office 365 Office 365 Office 365 SKUs
Management Microsoft Forms Pro 1 Year Audit Log Retention. Microsoft 365 Common Features. Microsoft 365 Plans. Microsoft 365 Plans. Enterprise Mobility Security. Windows 10. Office 365 Enterprise. Microsoft 365 Plans. Advanced Threat Analytics. Intune Device Management & Application Management. Azure Information Protection Plan 1. CALs
Intune Device Intune Device 2 Enterprise Mobility Security E3 Intune 9 Enterprise Mobility Security E5 Intune 15 Microsoft 365 E3 Intune 34 Microsoft 365 E5 Intune 57 Microsoft 365 F1 Intune 10 Microsoft 365 Business Intune 20 Microsoft 365 Education A3 Intune for Education 6 Microsoft 365 Education A5 Intune for Education 11
replica for Ferrari 365 GTB 4 Daytona models. Part #:. 365 GT 2 2 365 GTB 4. FR-365-055 Set of air conditioning service valves for Ferrari 365 GT 2 2, . Cap screw heater valve for Ferrari 365 models. Part #: AR-GIU-064 365 GTB4 Daytona GTC4. FR-206-879-1 Pressureless radiator cap for Ferrari 365 GTB4 Daytona, and
Biežāk uzdotie jautājumi par Microsoft Office 365 pakalpojumiem RTU IT lietotāju atbalsta centrs, tālrunis: 67089999, fakss: 67089824, e-pasts: it@rtu.lv 4. Kā saņemt Microsoft Office 365 programmu instalācijas, lietošanai Jūsu datorā?!!! Lai saņemtu Microsoft Office 365 programmu instalācijas, Jums bija jāpiesakās pakalpojumam
Office 365 入门 什么是 Office 365 企业版? 正如 Office 2010 是一套桌面应用程序一样,您的 Office 365 企业版订阅向您提供一套 �的 Office 桌面应用程序。 Office 365 允许您: 最多在五计算机上安装 Office。 使用 Office Online 从具有 .
Enterprise License Bundles -Continued To make it easier to license all three components listed above in a single license, Microsoft created the Microsoft 365 License. This license comes in two variations, the Microsoft 365 E3 and Microsoft 365 E5. The Microsoft 365 E3 license combines the E3 license, with the EM S E3 license and the Windows 10
the adoption and adaptation of agile software development practices. This model was found especially useful when the project context departs significantly from the “agile sweet spot”, i.e., the ideal conditions in which agile software development practices originated from, and where they are most likely to succeed, “out of the box”. This is the case for large systems, distributed .
