Cybersecurity Awareness Month October 2019

Cybersecurity Awareness Month – IT Nation
October 21, 2019

Cybersecurity Awareness Month October 2019

I am sharing our Office 365 Hardening Checklist here today to help others “tighten-up” their own O365 security posture.

Office 365 Security Checklist

  • Secure Score in portal – portal.office.com
  • Enable Logging via PowerShell
  • Set MFA 
  • Block Legacy Authentications – IMAP POP3 – PowerShell or Conditional Access Policy
  • Disabled OWA if it is not needed or used – PowerShell or Admin Center
  • Review/Block External Forwarding Rules – PowerShell
  • Review/Cleanup Inbox Rules – PowerShell
  • Review Calendar details sharing – PowerShell
  • Set Alert Policies in portal – Admin portal
  • Disabled Remote PowerShell per user setting – PowerShell
  • Designate more than one Global Admin – emergency access account
  • Review APP Passwords
  • Set Outbound Spam Notifications – Admin portal
  • Review Role Changes – CloudApp for new Global Admins
  • Configure External Sharing links defaults – SharePoint Admin and sharing
  • Enable Versioning on SharePoint Document Libraries
  • Oauth and data sharing – Cloud App control
  • Conditional Access – geographic fencing and other policies – Azure admin
  • Azure Information Protection and Document Classification and Handling & DLP Rules
  • Exchange
    • Connection Filtering – may be leveraged if needed, and verify no unexpected settings
    • Outbound Filtering – may be leveraged, and verify no unexpected settings
    • Mail Flow Rules – may be leveraged, set notification of external email
    • ATP Spam Filtering
    • ATP Malware Settings
    • ATP Phishing & Spoof Protection
    • ATP Link Protection
    • ATP Safe Attachments
    • Mobile Device Policy – require password & encryption
  • DNS
    • SPF Record
    • DKIM Record
    • DMARC Record
  • Domain Admin Accounts
    • Set MFA
    • Conditional Access – restrict by Country or IP

Weekly Tasks – many automated through CloudApp

  • New mailbox forwarding rules – CloudApp
  • Mailbox non-owners access – CloudApp
  • Malware detections – CloudApp & Security & Compliance
  • Account Provisioning Report – Detector
  • Multiple Sign-In Failure Report – Power BI
  • Access from infrequent country – CloudApp
  • Impossible travel – CloudApp
  • Cloud App alerts review – CloudApp
  • Cloud Backups – outside of Microsoft (Datto, Axcient, Skykick)