10 Top Ways to Boost Microsoft Secure Score

Step One – Get to Know the Score

The New Secure Score

Microsoft Office 365 Secure, as the name indicates, is focused on Microsoft Office 365 security. Its replacement, the new Microsoft Secure Score now includes Azure security, and so is a broader measure of Microsoft security. “The Microsoft Office 365 Secure Score has evolved into the Microsoft Secure Score. This tool assesses the security state of multiple aspects of Microsoft Office 365 by evaluating which controls are enabled and presenting a score — the sum of the point values for each control. The score is a reasonably meaningful starting point for measuring and improving your Microsoft Office 365 security posture,” Microsoft explained. “To help you devise a plan for a staged rollout of controls, the tool combines recommendations into five categories: identity, data, devices, apps, and infrastructure.”

According to Gartner analyst Neil MacDonald, “Through 2020, 80% of cloud breaches will be due to customer misconfiguration, mismanaged credentials or insider theft, not cloud provider vulnerabilities.”

Step Two – Analyze Your O365 Tenant

Discover Weaknesses and Vulnerabilities

The CoreView Microsoft Office 365 Health Check (a complete scan of your M365 tenant to determine security posture, application usage, and license state) shows many ways you can boost your Secure Score. The Health Check is a deep analysis, and offers an O365 Security Action Plan based on the findings. It also includes an enhanced version of the Microsoft Secure Score.

Step Three – Tighten Password Strength

Why Passwords Matter

Passwords are a big deal for any application, service, or environment. They are even more critical for a Microsoft Office 365 tenant. Whether you have a hybrid or a cloud-only Microsoft Office 365 environment, you will have cloud users. In this case, Microsoft Office 365 is the authentication provider for these users. That is why it is so vital to implement the right password policy to protect your users’ identities and account security. Once an M365 password is cracked, the hacker has access to everything that end user does.

Doing Passwords Right

The old way of protecting passwords was to demand complexity, and require these complex passwords to be changed regularly, often every 90 days. This causes users to forget their passwords and often put them on Post-It notes to remind them – a security flaw if we ever saw one. The new approach is event driven password changes. If there is a breach, or other security events, this is when end users should change their passwords. CoreView tracks these events, and can automatically alert users to update their passwords. We can report on these password changes, and again, automatically alerts users that failed to take them.

Step Four – Protect User Identities Through Tough Authentication

Why Multi-Factor Authentication Matters

Multi-Factor Authentication (MFA) is one of the most important security practices you can employ. Fortunately, Microsoft Office 365 has a robust and proven MFA solution built-in. Forward-thinking organizations are implementing MFA to improve user identity security. MFA has become so recognized that the National Institute of Standards and Technology (NIST) guidelines on password security now specifically recommend the implementation of MFA. Also, the United States Department of Homeland security now recommends that all Microsoft Office 365 users implement MFA.

Step Five – Activate MFA!

Don’t Forget to Turn on MFA

MFA only works if it is activated. “Multi-factor authentication for administrator accounts not enabled by default: Azure Active Directory (AD) Global Administrators in an O365 environment have the highest level of administrator privileges at the tenant level. Multi-factor authentication (MFA) is not enabled by default for these accounts,” the NIST guidelines stated.

CoreView shows how many users have MFA activated, have MFA disabled, and how many users with MFA disabled have administrative roles, which presents a substantial security risk. With CoreView, it is simple for you and your administrators to monitor, set, and enforce an appropriate MFA authentication policy.

Step Six – Secure Email – M365’s Weakest Link

Button up Email Security

Are you shocked to learn that 94% of all cyberthreats start with email?

Here are more shocking email facts courtesy of the ‘Mimecast ‘State of Email Security 2020’, which finds that:

  • “51% of organizations have been impacted by ransomware in the last 12 months
  • 58% saw phishing attacks increase
  • 60% of organizations have experienced their own employees being responsible for spreading a malicious email”

Mailboxes are the number one way hackers breach systems, steal identities and credentials, and launch phishing and ransomware attacks. One step to take is to set access rights to mailboxes to protect data, mail content, and mailbox owner identities. This can include items such as access to more than five mailboxes, auto forwarding, and accessing mailboxes of others.

Fortunately, CoreView can apply key rules for mailbox security, especially in regard to access rights. CoreView, for instance, flags user accounts that have been provided with access rights to more than 5 other user mailboxes. These are not for Room, Shared, or Team mailboxes, but rather actual User Mailbox accounts. Such cases should be investigated to ensure they are being used for acceptable business purposes.

Often, mailbox security can be compromised by spam and malicious malware. CoreView can discover the exact number of instances of malware sent by email from your organization.

Knowing the internal sources of malware is critical to stopping the spread. CoreView keeps IT informed of unusual patterns or targeting, which may attempt to compromise mailboxes in your organization. CoreView also provides details on potentially compromised accounts and the malware which may have been sent from your organization, enabling your shop to take action to support investigations and remedy issues.

Malware often spreads from mailbox to mailbox – right under IT’s nose. The answer is tracking all actions and file movement from mailbox owners hit by malware, and other unusual activity.

Step Seven – Don’t Forward Critical Data Away

The Danger of External Auto Forwarding

To the average end user, setting up automatic email forwarding rules is a harmless exercise. But for those whose job it is to prevent data breaches and ensure compliance, email forwarding rules can quickly turn into a nightmare scenario. The indiscriminate forwarding of emails outside of your organizational control is a common vector for information theft, as well as GDPR and similar data protection regulations violations.

CoreView can identify mailboxes that have auto-forwarding to external addresses such as “Gmail.com”. This is a major data leakage concern. These should all be reset to internal e-mail addresses or have the auto-forwarding removed completely.

Step Eight – Limit the Power of O365 Admins

Reducing the Risk of Out of Control Administrative Roles

Ensuring that M365 administrative privileges are limited to those that absolutely need them is critical to a safe Microsoft Office 365 environment. An internal threat, such as a disgruntled employee, with access to global admin privileges, is a major risk that can be prevented simply by limiting the number of users with admin privileges — and restricting the scope of those permissions.

Unfortunately, Microsoft Office 365 Admin roles have limited flexibility. Microsoft offers some roles that limit administration rights on a specific workload, but these are not available across all workloads. For example, you can configure an operator as an Exchange administrator and another operator as a SharePoint administrator. The major issue with many Microsoft Office 365 deployments is that administrators have global access to all the company users as well as access to all configuration capabilities for the assigned workload. Unfortunately, this permission model doesn’t match with most enterprise organizations’ requirements. For example, if you have a local support team in a specific country, you should limit their administrative control to users within their area of work. Or, if you have a tiered support structure, you should limit administrative rights for support staff based on their responsibilities.

Step Eight – Limit the Power of O365 Admins

Get a Detailed View of M365 Admin Roles

CoreView shows how many admins your shop has, and their roles. The report to the right is an example of a tenant with 178 total admins, 7 of whom also have a company admin role. The good news is that by using CoreView, your organization can implement a granular Role-Based Access Control (RBAC) policy. This will enable your organization to assign administrative privileges to operators which appropriately match their responsibilities.

Step Nine – Stop Confidential Files from Leaving Your Shop

Data Leakage Through OneDrive and SharePoint Sharing

Whether your organization is large or small, sharing content with users is a powerful capability provided by Microsoft Office 365 collaboration features. This is especially true when working with clients, vendors, and partners.

With SharePoint and OneDrive, users have multiple choices when they need to share documents externally:

  • Shareable: Anyone with the link
  • Internal: Only people in your organization
  • Direct: Specific people

Shareable, also known as Anonymous Sharing, is the most insecure way to share a document since you cannot track how the link will circulate and be shared outside of your organization, and who will have access to your data.

CoreView can detect OneDrive sharing activities, SharePoint sharing activities, as well as creation and use of anonymous links. Also, with CoreView admins can be alerted when new anonymous links are created or used. You can then immediately address any problems.

Step Ten – Run a Tightly Configured Ship

Eliminate Misconfiguration and Mismanagement Danger

Gartner argues that “Nearly all successful attacks on cloud services are the result of customer misconfiguration, mismanagement, and mistakes.” Providing proper configuration, as well as monitoring and enforcing policies, are the responsibility of Microsoft Office 365 IT professionals, and is a must-do best practice to reduce your breach perimeter.

To reduce mismanagement issues, CoreView implements segregation of your tenants in many critical ways. You can separate your tenant into sub-tenants or virtual tenants. This way you can have local administrators that keep an eye on a smaller, more defined set of users. Specific policies can apply to just these user sets. Moreover, because fewer admins have global rights, end users in these sub-tenants are protected from global admin mistakes or malfeasance.

Stopping Improper Administration and Non-Compliance

With CoreView, you can monitor your configurations and usage policies, and report and alert on the account and device misconfiguration. If a misconfiguration or a misusage has been detected, you can immediately remediate it as well as enforce those policies using the CoreView workflow automation capability. Moreover, with CoreView, policy management moves from a manual and error-prone process to one that is intuitive, easy, and automated.