Are you using Office 365’s default security configuration? Doing so unnecessarily increases your Office 365 attack surface. In this session, you will learn cFocus Software’s methodology to ‘hack proof’ Office 365. You will also learn about tools you can use to help protect your Office 365 environment, and walk away with a practical Office 365 security implementation checklist.
2. Welcome! Here’s the Agenda:
• Introduction
• The Best Way to Protect Your Data
• WannaCry & Office 365
• Office 365 Security Overview & Configuration
Recommendations
• Q&A
Office365AdvancedSecurityHardeningwithcFocusSoftware
3. Hi! My name is Jasson Walker, Jr.
• President of cFocus Software Incorporated
• I have a few certifications:
Microsoft Certified Solutions Expert (MCSE) – Cloud Platform
Microsoft Certified Professional - SharePoint
Certified Information Systems Security Professional (CISSP)
Certified Ethical Hacker (CEH)
Certified Penetration Tester (CPT)
Office365AdvancedSecurityHardeningwithcFocusSoftware
4. cFocus Software Incorporated specializes in:
• Microsoft Cloud Consulting Services
Office 365
SharePoint Online
Microsoft Azure
• Risk Management Framework compliance
Check out our blog at https://cfocussoftware.com/blog/
Office365AdvancedSecurityHardeningwithcFocusSoftware
5. Question:
What’s the best way to protect your data?
Office365AdvancedSecurityHardeningwithcFocusSoftware
7. Question:
What’s the second best way to protect your data?
Office365AdvancedSecurityHardeningwithcFocusSoftware
8. 3-Part Answer:
#1: User Education
#2: Defense in Breadth (not Depth)
#3: Continuous Monitoring
Office365AdvancedSecurityHardeningwithcFocusSoftware
9. Let’s apply these principles to mitigate WannaCry
• What is WannaCry?
Ransomware, infected 230,000+ computers in 130 countries
Encrypts hard disk, demands $300 in Bitcoin
Virtually all unpatched Windows OSs are vulnerable
Microsoft released a patch for it (MS17-010)
Threat disabled on 5/15/2017, but can always resurface
Go to cFocus blog for more info: http://bit.ly/2qCkRhl
Office365AdvancedSecurityHardeningwithcFocusSoftware
10. #1: User Education mitigates human vulnerabilities
Educate yourself first!
Educate user community about threats like WannaCry
User Quarterly security refresher courses
Anti-phishing simulators (SecurityIQ by InfoSec Institute which is free):
https://securityiq.infosecinstitute.com
91% of cyberattacks start with a phishing email
Office365AdvancedSecurityHardeningwithcFocusSoftware
11. #2: Defense In Breadth mitigates product vulnerabilities
Secure Score
Security & Compliance Center
Data Loss Prevention
Threat Management
Reporting
Advanced Security Management
Advanced Threat Protection
Office365AdvancedSecurityHardeningwithcFocusSoftware
12. #3: Continuous Monitoring shortens the attack time…
Secure Score
Security & Compliance reporting
Data Loss Prevention
Threat Intelligence
Because at some point, you will be attacked!
Office365AdvancedSecurityHardeningwithcFocusSoftware
13. The default Office 365 configuration is not enough.
Therefore, you must configure it yourself.
Office365AdvancedSecurityHardeningwithcFocusSoftware
14. OK, so here are some config. recommendations:
• Secure Score
Weekly performance of activities to increase Secure Score is highly
recommended
Multi-factor authentication for global/non-global admins is a must!
Recommended weekly report checks also a must
Increase the target score slider to include a few more defense in breadth
activities
Office365AdvancedSecurityHardeningwithcFocusSoftware
15. OK, so here are some config. recommendations:
• DKIM/DMARC/SPF
Ensure that all three are enabled for the default domain not the
onmicrosoft.com domain
Also, check Spoof mail report weekly (requires E5 or Advanced Threat
Protection SKU)
Office365AdvancedSecurityHardeningwithcFocusSoftware
16. OK, so here are some config. recommendations:
• Exchange Online
Weekly checks on all mailboxes with last login date (PowerShell script)
Enable common attachments type filter & notifications for
protectionmalware
Verify list of allowed/blocked IPs under protectionconnection filter
Verify block/allow list in spam filter policy
Office365AdvancedSecurityHardeningwithcFocusSoftware
17. OK, so here are some config. recommendations:
• Threat Management (requires E5)
Check the dashboard and individual reports weekly
Office365AdvancedSecurityHardeningwithcFocusSoftware
18. OK, so here are some config. recommendations:
• Advanced Security Management
Set up policies for anomaly detection, admin activity from a non-admin IP,
& mass downloads by a single user
Verify App permissions
Check Activity Log
Office365AdvancedSecurityHardeningwithcFocusSoftware
19. OK, so here are some config. recommendations:
• Data Loss Prevention
At minimum, set up a DLP policy for mitigating access to documents that
have Personally Identifiable Information (PII)
Office365AdvancedSecurityHardeningwithcFocusSoftware
20. OK, so here are some config. recommendations:
• SharePoint Online
Always use groups!
Produce document that lists all SharePoint users and permissions assigned
to each user
Office365AdvancedSecurityHardeningwithcFocusSoftware
21. Thank you!
• Any Questions?
Office365AdvancedSecurityHardeningwithcFocusSoftware