According to research by Spanning Cloud, a lack of expertise is one of the most significant issues with the company's Office 365 security and compliance strategy.
When referring to Microsoft Office 365 security pain points, it is necessary to understand that the lack of security features in Office 365 is not the issue. The learning curve that follows with these features, is. There is a pressing need to figure out the priorities, what works/doesn't work well for the organisation's security, stay updated on the features, and find out how to overcome the existing gaps and issues.
That sounds like a lot of work, especially if you are SME with limited time and resources. Microsoft has heavily invested in providing different solutions to keep their users safe. Still, these solutions often bring a certain level of implementation details which are hard to understand by non-technical individuals. Even for the tech-savvy experts like MSSPs, MSPs and IT teams, the configurations eat up a fair share of their day, leaving them with less time to focus on running their business and managing their clients.
This article will discuss the top four security pain points in Office 365, how they affect an organisation's security and what can we do about them.
Security Pain Point 1: Identifying Risky Rules
Inbox rules are the ones which do something automatically with email, which usually triggers upon the arrival of the mail. Mal-actors, be them malicious or well-meaning-but-foolish, can use rules that result in harmful incidents such as:
- invoice fraud (and other similar scams),
Broadly speaking, there are three types of rules used; Forwarding rules, deletion rules and move/copy rules. These may be used in combination with one another to form an attack/breach. We recently shared a blog describing the various rules which may make up a breach. There are several ways to find risky rules in your organisation. Here is an approach using PowerShell to list all rules for mailboxes.
Given that external forwarding rules are usually considered the most loathsome from a security standpoint, Microsoft has recently introduced a policy to disallow them by default in Office 365 tenants (however this can be circumvented by an administrator). They also supply an external forwarding report in the security and compliance centre.
Octiga has created a handy tool as part of its Office 365 Security Suite. It will find all mailbox rules across your organisation and classify them into levels of risk. From there, you can remediate instantly by disabling rules or even disable the user if warranted.
Security Pain Point 2: Configuring Remote Access
Remote working, once an occupation of a few, has now been thrust upon us in 2020 and 2021. We will unlikely return to the old world of long commutes and cubicles so quickly, having tasted the new elixir. Depending on your organisation's IT infrastructure makeup and size, there may be a combination of many configurations, tools, and services that can be used to keep employees safe while working remotely. These may include VPNs, Single-Sign-On gateways, device encryption policies, endpoint protection solutions. Looking at Office 365 only, you can do several things depending on your license and needs.
The first is mailbox access settings. These are the various ways that it is possible to configure access to a mailbox. They include legacy mail protocols such as IMAP and POP and more modern mechanisms that allow access to Outlook on the Web. Careful configuration can go a long way to mitigate what an attacker can do if they access the mailbox credentials (through phishing or otherwise). Here are some these settings in detail. Octiga has created a really useful tool as part of our Office 365 Security Suite where remote access settings can be configured quickly and easily.
Office 365 comes typically with Azure Active Directory Basic; however, if you have Azure Active Directory Business Premium license, you will configure conditional access policies. These allow you to restrict logins by location, IP address and other useful criteria.
Most Office 365 licenses now come with in-tune for device management. This can be great to consider if you allow users to connect through a myriad of devices outside of the office. It can be challenging to configure and requires some time invested in setting up and getting right. Teething problems, where devices are overly secure at first, can be a headache in the beginning.
Security Pain Point 3: Managing Users and Admins
In managing and monitoring security configurations, admins often overlook the basics around user privileges. This is because it needs consistent attention. The basic rules of thumb are:
1. Don't have too many admins
2. Never share admins privileges
3. Each admin accounts should be linked to and controlled by only one user
4. Each admin who requires mail should use a sperate non-admin account for mail
Beyond these, you also will need to ensure that all accounts get the least privileges possible to allow that account to function as needed. Lumping all these concerns together can be tedious and requires constant updating and attention. The Octiga Office 365 Security Suite provides and alerting and easy remediation UI around these concerns. Check it out!
Security Pain Point 4: Setting up the Universal Audit Log
Microsoft has provided some useful auditing across all license bands; however, one would think that it audits things by default. It does not. You need to configure these. Here is a rundown of the audit options.
Without getting into too much detail and time-constrained, I suggest simply turning on the Universal Audit Log. Go here as a global admin. A banner will tell you if it is not already on. Please do this now as it will only start recording from that moment onwards.
Strengthen your Organisational Security within Office 365
We recommend general security best practices for an organisation using Office 365:
1. Identify the Gaps- Allow experts like CSOs, MSPs, IT managers etc. to assess each workload and pinpoint its limitations within Office 365.
2. Establish a Security Culture- Move away from one-time training strategies and bring a comprehensive training plan to share security and compliance standards with the employees.
3. Adopt Technology for Increasing Efficiency- If the Office 365 security configurations seem complicated and time-consuming, resort to third-party automation tools that can do the heavy lifting for you.
Octiga provides well-rounded Microsoft Office 365 cloud security solutions that are automated and affordable. The product requires an online sign in using a Microsoft 365 account. A few clicks and your organisation is secured. Schedule a demo with us now.