The Office 365 Email Security Checklist - ITProMentor

The Office 365 Email Security Checklist

By Alex Fields,

Email is the number one attack vector that bad actors use to gain access to your data. And it is

no surprise; anyone who has ever run phishing tests against a large group of email recipients

will be shocked to learn how many people can be so easily manipulated into clicking on

something.

We cant rely on education and testing alonewe need a comprehensive approach to email

security. Microsoft Office 365 has all of the bells and whistles imaginable for helping to mitigate

email-based attacks, but unfortunately most of them are not enabled by default (and some of

them require additional licensing). Therefore, it is up to you, the reader, to take the necessary

steps to protect your users.

My goal is to make this workbook easy to followlike a checklistso that you can implement a

good baseline level of security as you proceed through to the end.

A note about licensing

Be aware that some of the features we are going to discuss require additional subscriptions

that might not be included with your base Office 365 plan. However, I am not going to

recommend any additional products unless I truly believe that they are necessary or add

significant value (there are quite a few security add-ons in the Microsoft ecosystem that will

not be included in this workbookand that is on purpose).

Impact on Secure Score

At the beginning of each section, I will include the Secure Score impact for implementing each

item. However, you will notice that some very critical actions I have included here are not even

evaluated by Secure Score, at all. Also, some actions included are not scored, or, they are

worth far more in Secure Score points than what I think they actually add in terms of realworld value.

So take that tool with a grain of saltSecure Score is as much (or more) of a sales device as it is

an assessment device. Nevertheless, if you successfully implement 100% of this workbook you

should easily bring your Secure Score to somewhere between 400 and 500 points.

| The Office 365 Email Security Checklist

1

Table of Contents

The Office 365 Email Security Checklist....................................................................................................... 1

A note about licensing.............................................................................................................................. 1

Impact on Secure Score ............................................................................................................................ 1

Table of Contents ......................................................................................................................................... 2

? Connecting to Exchange Online using PowerShell ................................................................................. 4

? Enable Mailbox auditing ......................................................................................................................... 5

? Email authentication: SPF, DKIM and DMARC ....................................................................................... 6

? Sender Policy Framework ................................................................................................................... 6

? Domain Keys Identified Mail .............................................................................................................. 7

? Domain-based Message Authentication, Reporting & Conformance ............................................... 9

? Client authentication: moving from Basic to Modern auth................................................................. 10

? Enable Modern authentication ........................................................................................................ 11

? Eliminate Legacy Protocols and Block Basic authentication ........................................................... 11

? Option 1: Disable legacy protocols such as POP and IMAP ......................................................... 12

? Option 2: Block Basic Authentication via an Authentication Policy ............................................ 13

? Option 3: Use Conditional Access to block legacy clients (preferred) ........................................ 14

? Enable Multifactor authentication (MFA) ............................................................................................ 16

? Option 1. Setup MFA for users individually ..................................................................................... 16

? Option 2. Use Conditional Access to enforce MFA .......................................................................... 20

? Instructions for end users ................................................................................................................. 24

? Disable Mailbox forwarding to remote domains ................................................................................. 24

? Block sign-in for all shared mailboxes .................................................................................................. 26

? Tune up your Exchange Online Protection policies ............................................................................. 27

? Configure the spam filter policy ....................................................................................................... 28

? Configure the outbound spam policy ............................................................................................... 30

? Configure the malware filter policy.................................................................................................. 31

? Turn on Office 365 Advanced Threat Protection ................................................................................. 32

? Set Default ATP policy & Configure Safe Links ................................................................................. 33

? Configure Safe Attachments ............................................................................................................. 35

? Configure Anti-Phish policy .............................................................................................................. 36

| The Office 365 Email Security Checklist

2

? Protect mailboxes with a Retention policy or Litigation hold ............................................................. 37

? Option #1: Create a Retention Policy ............................................................................................... 38

? Option #2: Enable Litigation hold ..................................................................................................... 40

? Configure Mobile device policies.......................................................................................................... 41

? Method #1: Exchange ActiveSync..................................................................................................... 41

? Method #2: Mobile Device Management in Office 365 (MDM)...................................................... 42

? Method #3: Device Management using Intune (MDM)................................................................... 45

1.

Configure iOS enrollment certificate ......................................................................................... 46

2.

Create Compliance policies ........................................................................................................ 47

3.

Create Device configuration profiles ......................................................................................... 50

4.

Create Conditional access policies ............................................................................................. 53

5.

Enroll devices .............................................................................................................................. 54

? Method #4: Mobile Application Management (MAM).................................................................... 55

? Block downloads from Outlook Web on unmanaged devices ............................................................ 63

? Start using Office 365 Message Encryption features ........................................................................... 68

? Configure DLP Policy (if applicable) ...................................................................................................... 69

? Enable the default Alert policies .......................................................................................................... 70

? Enable Advanced alert policies within Cloud App Security ................................................................. 73

? OAuth App Notifications and Review................................................................................................... 74

Closing comments ...................................................................................................................................... 78

What about transport rules? ................................................................................................................. 78

| The Office 365 Email Security Checklist

3

? Connecting to Exchange Online using PowerShell

The Exchange Online PowerShell Module is going to make your life a lot easier.

To install the module, browse to your Exchange Online Admin Center, and navigate to hybrid

from the left menu. Find the second button to configure the Exchange Online PowerShell

Module (which supports MFA).

And then simply run:

Connect-EXOPSSession

| The Office 365 Email Security Checklist

4

Once you are connected for the first time, it may be necessary to enable organization

customization (sometimes this has already been enabled via some other procedure, so if it

errors out just ignore):

Enable-OrganizationCustomization

? Enable Mailbox auditing

Secure Score impact:

- Turn on audit data recording (+15)

- Turn on mailbox auditing for all users (+10)

Auditing is crucial. If there ever is a breach, you want logging enabled in order to understand

what happened and when. Not to mention it is usually required for compliance with various

laws and regulations. Check whether the tenant is enabled for auditing at all. Most tenants

should have this enabled by default now, but even at the time of this writing, I still see

instances where it is not. View the status like this (should return a value of False if it is enabled):

Get-OrganizationConfig | FL AuditDisabled

If it says True instead of False for some reason, and you need to change the value, simply use:

Set-OrganizationConfig -AuditDisabled $false

The other piece to this is that even if auditing is enabled globally, you still need to enable audit

log search (so you can actually return data from a query against the audit logs), and on top of

that, you need to enable auditing on every mailbox individually (because its off by default).

To enable audit log search, run the command below. Note: it takes several hours before you

can actually search the audit log (there is no data if auditing hasnt previously been enabled).

Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $true

| The Office 365 Email Security Checklist

5

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Related download
Related searches

©2024 5y1.org, Inc. All rights reserved.