An alert the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) published this week reiterates previously
An alert the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) published this week reiterates previously issued recommendations on how organizations should properly secure Microsoft Office 365 deployments.
In May last year, the agency issued an alert to highlight some of the common security oversights by Office 365 customers, and also included a series of recommendations on how organizations could improve their security posture.
Since many organizations have accelerated cloud adoption to adapt to the current COVID-19 lockdown, CISA decided to reiterate those recommendations, as many deployments might not be properly secured if performed in haste.
“While the abrupt shift to work-from-home may necessitate rapid deployment of cloud collaboration services, such as O365, hasty deployment can lead to oversights in security configurations and undermine a sound O365-specific security strategy,” CISA notes.
The agency says it continues to identify deployments where entities did not implement best security practices, thus remaining exposed to attacks.
To ensure their Office 365 implementations remain secure, organizations are advised to use multi-factor authentication for administrator accounts (given that Azure Active Directory (AD) Global Administrators have the highest privileges in Office 365 environments), but also for other user accounts, although they do not have elevated privileges.
Additionally, CISA recommends that organizations assign administrator roles using Role-based Access Control (RBAC) and enable Unified Audit Log (UAL), incorporate Microsoft Secure Score and integrate logs with existing SIEM tools, but also disable legacy protocol authentication when appropriate, and enable alerts for suspicious activity.
“CISA encourages organizations to implement an organizational cloud strategy to protect their infrastructure assets by defending against attacks related to their O365 transition and better securing O365 services,” the agency notes.