The Office 365 Email Security Checklist - ITProMentor
The Office 365 Email Security Checklist
By Alex Fields,
Email is the number one attack vector that bad actors use to gain access to your data. And it is
no surprise; anyone who has ever run phishing tests against a large group of email recipients
will be shocked to learn how many people can be so easily manipulated into clicking on
something.
We cant rely on education and testing alonewe need a comprehensive approach to email
security. Microsoft Office 365 has all of the bells and whistles imaginable for helping to mitigate
email-based attacks, but unfortunately most of them are not enabled by default (and some of
them require additional licensing). Therefore, it is up to you, the reader, to take the necessary
steps to protect your users.
My goal is to make this workbook easy to followlike a checklistso that you can implement a
good baseline level of security as you proceed through to the end.
A note about licensing
Be aware that some of the features we are going to discuss require additional subscriptions
that might not be included with your base Office 365 plan. However, I am not going to
recommend any additional products unless I truly believe that they are necessary or add
significant value (there are quite a few security add-ons in the Microsoft ecosystem that will
not be included in this workbookand that is on purpose).
Impact on Secure Score
At the beginning of each section, I will include the Secure Score impact for implementing each
item. However, you will notice that some very critical actions I have included here are not even
evaluated by Secure Score, at all. Also, some actions included are not scored, or, they are
worth far more in Secure Score points than what I think they actually add in terms of realworld value.
So take that tool with a grain of saltSecure Score is as much (or more) of a sales device as it is
an assessment device. Nevertheless, if you successfully implement 100% of this workbook you
should easily bring your Secure Score to somewhere between 400 and 500 points.
| The Office 365 Email Security Checklist
1
Table of Contents
The Office 365 Email Security Checklist....................................................................................................... 1
A note about licensing.............................................................................................................................. 1
Impact on Secure Score ............................................................................................................................ 1
Table of Contents ......................................................................................................................................... 2
? Connecting to Exchange Online using PowerShell ................................................................................. 4
? Enable Mailbox auditing ......................................................................................................................... 5
? Email authentication: SPF, DKIM and DMARC ....................................................................................... 6
? Sender Policy Framework ................................................................................................................... 6
? Domain Keys Identified Mail .............................................................................................................. 7
? Domain-based Message Authentication, Reporting & Conformance ............................................... 9
? Client authentication: moving from Basic to Modern auth................................................................. 10
? Enable Modern authentication ........................................................................................................ 11
? Eliminate Legacy Protocols and Block Basic authentication ........................................................... 11
? Option 1: Disable legacy protocols such as POP and IMAP ......................................................... 12
? Option 2: Block Basic Authentication via an Authentication Policy ............................................ 13
? Option 3: Use Conditional Access to block legacy clients (preferred) ........................................ 14
? Enable Multifactor authentication (MFA) ............................................................................................ 16
? Option 1. Setup MFA for users individually ..................................................................................... 16
? Option 2. Use Conditional Access to enforce MFA .......................................................................... 20
? Instructions for end users ................................................................................................................. 24
? Disable Mailbox forwarding to remote domains ................................................................................. 24
? Block sign-in for all shared mailboxes .................................................................................................. 26
? Tune up your Exchange Online Protection policies ............................................................................. 27
? Configure the spam filter policy ....................................................................................................... 28
? Configure the outbound spam policy ............................................................................................... 30
? Configure the malware filter policy.................................................................................................. 31
? Turn on Office 365 Advanced Threat Protection ................................................................................. 32
? Set Default ATP policy & Configure Safe Links ................................................................................. 33
? Configure Safe Attachments ............................................................................................................. 35
? Configure Anti-Phish policy .............................................................................................................. 36
| The Office 365 Email Security Checklist
2
? Protect mailboxes with a Retention policy or Litigation hold ............................................................. 37
? Option #1: Create a Retention Policy ............................................................................................... 38
? Option #2: Enable Litigation hold ..................................................................................................... 40
? Configure Mobile device policies.......................................................................................................... 41
? Method #1: Exchange ActiveSync..................................................................................................... 41
? Method #2: Mobile Device Management in Office 365 (MDM)...................................................... 42
? Method #3: Device Management using Intune (MDM)................................................................... 45
1.
Configure iOS enrollment certificate ......................................................................................... 46
2.
Create Compliance policies ........................................................................................................ 47
3.
Create Device configuration profiles ......................................................................................... 50
4.
Create Conditional access policies ............................................................................................. 53
5.
Enroll devices .............................................................................................................................. 54
? Method #4: Mobile Application Management (MAM).................................................................... 55
? Block downloads from Outlook Web on unmanaged devices ............................................................ 63
? Start using Office 365 Message Encryption features ........................................................................... 68
? Configure DLP Policy (if applicable) ...................................................................................................... 69
? Enable the default Alert policies .......................................................................................................... 70
? Enable Advanced alert policies within Cloud App Security ................................................................. 73
? OAuth App Notifications and Review................................................................................................... 74
Closing comments ...................................................................................................................................... 78
What about transport rules? ................................................................................................................. 78
| The Office 365 Email Security Checklist
3
? Connecting to Exchange Online using PowerShell
The Exchange Online PowerShell Module is going to make your life a lot easier.
To install the module, browse to your Exchange Online Admin Center, and navigate to hybrid
from the left menu. Find the second button to configure the Exchange Online PowerShell
Module (which supports MFA).
And then simply run:
Connect-EXOPSSession
| The Office 365 Email Security Checklist
4
Once you are connected for the first time, it may be necessary to enable organization
customization (sometimes this has already been enabled via some other procedure, so if it
errors out just ignore):
Enable-OrganizationCustomization
? Enable Mailbox auditing
Secure Score impact:
- Turn on audit data recording (+15)
- Turn on mailbox auditing for all users (+10)
Auditing is crucial. If there ever is a breach, you want logging enabled in order to understand
what happened and when. Not to mention it is usually required for compliance with various
laws and regulations. Check whether the tenant is enabled for auditing at all. Most tenants
should have this enabled by default now, but even at the time of this writing, I still see
instances where it is not. View the status like this (should return a value of False if it is enabled):
Get-OrganizationConfig | FL AuditDisabled
If it says True instead of False for some reason, and you need to change the value, simply use:
Set-OrganizationConfig -AuditDisabled $false
The other piece to this is that even if auditing is enabled globally, you still need to enable audit
log search (so you can actually return data from a query against the audit logs), and on top of
that, you need to enable auditing on every mailbox individually (because its off by default).
To enable audit log search, run the command below. Note: it takes several hours before you
can actually search the audit log (there is no data if auditing hasnt previously been enabled).
Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $true
| The Office 365 Email Security Checklist
5
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- office 365 faqs potential issues mitigation and resolution
- how to set up outlook retention policies on email folders
- outlook read receipt without recipient knowing
- how to send large files securely using egress protect for microsoft outlook
- microsoft outlook encryption guide to sending pii
- maxoutlook manual altigen
- trainingconnect create outlook recipient list
- email server settings
- how to send outlook email to fax rightfax messages after migration to
- e mailing a large amount of recipients
Related searches
- office 365 email sign in
- office 365 email sign up
- outlook office 365 email access
- office 365 email account
- microsoft office 365 email account
- office 365 email only account
- access office 365 email online
- office 365 email login
- microsoft office 365 email outlook
- office 365 email account access
- microsoft office 365 email security
- office 365 email security settings