Your O365 Security Checklist

Are you about to head off for your Christmas break? This O365 security checklist might just save your skin.

Microsoft Office 365 is popular because of its mobility and collaboration features. However, in a cloud-hosted environment, security issues can keep managers up at night because they’re worried about new cyber threats are that are constantly showing up.

Your organisation, therefore, needs to be aware of, and use all tools at your disposal to secure your data.

Thankfully, Office 365 offers built-in capabilities and customer controls to help you meet your compliance standards. These are only effective if configured correctly to your unique cyber security environment.

We’ve put together a 14 point checklist of security and governance features that you can implement right away and help you relax this Christmas:

1. Multi-Factor Authentication

Multi-factor authentication requires more than just a username and password. After users logged in with a username and password, they’ll receive a phone call or text message (depending on the configuration). Then they either answer the call or enter the access code received via text into the browser.

2. App Passcode

An app password is a code that gives an app or device permission to access an Office 365 account of your users.

3. Office 365 Trust Centre

Microsoft created a site called Office 365 Trust Center. It covers everything regarding security,

4. Role-Based Access Control

Role-Based Access Control (RBAC role) is a feature designed to control administrative access over different services across Office 365. It requires the ability to control these services by separate administrators.

5. Alerts

In the Security and Compliance Center, you can track a new activity and monitor user’s actions on the portal. You can configure policies to get alerts when updates take place.

6. Office 365 Security Reports

You can see or download the reports such as DLP policy matches, Malware detection, Spoof and Spam Detection and many others.

7. Content Search

The ability to search across data is increasingly important, and Microsoft is now offering a lighter, quicker way to search across Office 365.

8. Audit Log Search

In large organisations, it is a very common requirement to track the user and administrator’s actions on the services.

9. Azure AD Connect and Single Sign On

Azure Active Directory provides access control and identity management capabilities for Office 365 cloud services.

10. Mobile Device Management via Intune

Intune is Microsoft’s mobile device and mobile application management solution.

11. Conditional Access via Azure AD

Azure Active Directory (Azure AD) enforces conditional access policies to help secure access to Office 365 services.

12. Office 365 Advance Reporting via Azure AD

To look for unusual or suspicious sign-in activities in your Office 365 organisation, you can use sign-in and activity reports in Microsoft Azure.

13. Microsoft Advanced threat Analytics

Advanced Threat Analytics is meant to help businesses block targeted attacks by automatically analysing, learning and identifying all normal and abnormal behavior.

14. Password Policy

Every user account that needs to sign in to Office 365 must have a unique user principal name (UPN) or LOGIN ID attribute value associated with their account.

15. Controls for Document Sharing

Securing your OneDrive and SharePoint files from internal and external threats. Preventing data exfiltration.