The Office 365 Email Security Checklist - ITProMentor

The Office 365 Email Security Checklist

By Alex Fields,

Email is the number one attack vector that bad actors use to gain access to your data. And it is no surprise; anyone who has ever run phishing tests against a large group of email recipients will be shocked to learn how many people can be so easily manipulated into clicking on something.

We can't rely on education and testing alone--we need a comprehensive approach to email security. Microsoft Office 365 has all of the bells and whistles imaginable for helping to mitigate email-based attacks, but unfortunately most of them are not enabled by default (and some of them require additional licensing). Therefore, it is up to you, the reader, to take the necessary steps to protect your users.

My goal is to make this workbook easy to follow--like a checklist--so that you can implement a good "baseline" level of security as you proceed through to the end.

A note about licensing

Be aware that some of the features we are going to discuss require additional subscriptions that might not be included with your base Office 365 plan. However, I am not going to recommend any additional products unless I truly believe that they are necessary or add significant value (there are quite a few "security add-ons" in the Microsoft ecosystem that will not be included in this workbook--and that is on purpose).

Impact on Secure Score

At the beginning of each section, I will include the Secure Score impact for implementing each item. However, you will notice that some very critical actions I have included here are not even evaluated by Secure Score, at all. Also, some actions included are not scored, or, they are "worth" far more in Secure Score points than what I think they actually add in terms of realworld value.

So take that tool with a grain of salt--Secure Score is as much (or more) of a sales device as it is an assessment device. Nevertheless, if you successfully implement 100% of this workbook you should easily bring your Secure Score to somewhere between 400 and 500 points.

| The Office 365 Email Security Checklist

1

Table of Contents

The Office 365 Email Security Checklist....................................................................................................... 1 A note about licensing.............................................................................................................................. 1 Impact on Secure Score............................................................................................................................ 1

Table of Contents ......................................................................................................................................... 2 Connecting to Exchange Online using PowerShell................................................................................. 4 Enable Mailbox auditing ......................................................................................................................... 5 Email authentication: SPF, DKIM and DMARC ....................................................................................... 6

Sender Policy Framework ................................................................................................................... 6 Domain Keys Identified Mail .............................................................................................................. 7 Domain-based Message Authentication, Reporting & Conformance ............................................... 9 Client authentication: moving from Basic to Modern auth................................................................. 10 Enable Modern authentication ........................................................................................................ 11 Eliminate Legacy Protocols and Block Basic authentication ........................................................... 11

Option 1: Disable legacy protocols such as POP and IMAP ......................................................... 12 Option 2: Block Basic Authentication via an Authentication Policy............................................ 13 Option 3: Use Conditional Access to block legacy clients (preferred) ........................................ 14 Enable Multifactor authentication (MFA) ............................................................................................ 16 Option 1. Setup MFA for users individually ..................................................................................... 16 Option 2. Use Conditional Access to enforce MFA .......................................................................... 20 Instructions for end users ................................................................................................................. 24 Disable Mailbox forwarding to remote domains................................................................................. 24 Block sign-in for all shared mailboxes .................................................................................................. 26 Tune up your Exchange Online Protection policies ............................................................................. 27 Configure the spam filter policy ....................................................................................................... 28 Configure the outbound spam policy ............................................................................................... 30 Configure the malware filter policy.................................................................................................. 31 Turn on Office 365 Advanced Threat Protection ................................................................................. 32 Set Default ATP policy & Configure Safe Links................................................................................. 33 Configure Safe Attachments ............................................................................................................. 35 Configure Anti-Phish policy .............................................................................................................. 36

| The Office 365 Email Security Checklist

2

Protect mailboxes with a Retention policy or Litigation hold ............................................................. 37 Option #1: Create a Retention Policy ............................................................................................... 38 Option #2: Enable Litigation hold ..................................................................................................... 40

Configure Mobile device policies.......................................................................................................... 41 Method #1: Exchange ActiveSync..................................................................................................... 41 Method #2: Mobile Device Management in Office 365 (MDM)...................................................... 42 Method #3: Device Management using Intune (MDM)................................................................... 45 1. Configure iOS enrollment certificate ......................................................................................... 46 2. Create Compliance policies ........................................................................................................ 47 3. Create Device configuration profiles ......................................................................................... 50 4. Create Conditional access policies ............................................................................................. 53 5. Enroll devices.............................................................................................................................. 54 Method #4: Mobile Application Management (MAM).................................................................... 55

Block downloads from Outlook Web on unmanaged devices ............................................................ 63 Start using Office 365 Message Encryption features ........................................................................... 68 Configure DLP Policy (if applicable)...................................................................................................... 69 Enable the default Alert policies .......................................................................................................... 70 Enable Advanced alert policies within Cloud App Security ................................................................. 73 OAuth App Notifications and Review................................................................................................... 74 Closing comments ...................................................................................................................................... 78

What about transport rules? ................................................................................................................. 78

| The Office 365 Email Security Checklist

3

Connecting to Exchange Online using PowerShell

The Exchange Online PowerShell Module is going to make your life a lot easier. To install the module, browse to your Exchange Online Admin Center, and navigate to hybrid from the left menu. Find the second button to configure the Exchange Online PowerShell Module (which supports MFA).

And then simply run: Connect-EXOPSSession

| The Office 365 Email Security Checklist

4

Once you are connected for the first time, it may be necessary to enable organization customization (sometimes this has already been enabled via some other procedure, so if it errors out just ignore):

Enable-OrganizationCustomization

Enable Mailbox auditing

Secure Score impact: - Turn on audit data recording (+15) - Turn on mailbox auditing for all users (+10)

Auditing is crucial. If there ever is a breach, you want logging enabled in order to understand what happened and when. Not to mention it is usually required for compliance with various laws and regulations. Check whether the tenant is enabled for auditing at all. Most tenants should have this enabled by default now, but even at the time of this writing, I still see instances where it is not. View the status like this (should return a value of False if it is enabled):

Get-OrganizationConfig | FL AuditDisabled

If it says True instead of False for some reason, and you need to change the value, simply use:

Set-OrganizationConfig -AuditDisabled $false

The other piece to this is that even if auditing is enabled globally, you still need to enable audit log search (so you can actually return data from a query against the audit logs), and on top of that, you need to enable auditing on every mailbox individually (because it's off by default). To enable audit log search, run the command below. Note: it takes several hours before you can actually search the audit log (there is no data if auditing hasn't previously been enabled).

Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $true

| The Office 365 Email Security Checklist

5

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Related download
Related searches

©2024 5y1.org, Inc. All rights reserved.