Monday

Tag: O365

O365 Security Overview

Office 365 is a popular cloud-based productivity suite that offers many benefits for businesses of all sizes. These Top 5 Security Settings in O365 should help you get started on your path towards a more secure cloud. However, with great power comes great responsibility. As an O365 administrator, you need to ensure that your organization’s data and users are protected from cyber threats and unauthorized access. In this blog post, we will share with you the top 5 security settings in O365 that you should configure to enhance your security posture and reduce your risk exposure.

1. Enable multi-factor authentication (MFA). MFA is a simple but effective way to prevent account compromise by requiring users to provide an additional factor of authentication besides their password, such as a code sent to their phone or email, or a biometric verification. MFA can stop attackers from accessing your O365 account even if they have your password. You can enable MFA for all users or specific groups in the Azure Active Directory portal.

2. Set up conditional access policies. Conditional access policies allow you to control who can access what resources in O365 based on certain conditions, such as location, device, app, or risk level. For example, you can block access to O365 from untrusted locations or devices, or require MFA for high-risk sign-ins. You can create and manage conditional access policies in the Azure Active Directory portal.

3. Configure data loss prevention (DLP) policies. DLP policies help you prevent sensitive data from leaving your organization or being shared with unauthorized parties. You can define what types of data are sensitive, such as credit card numbers, social security numbers, or health records, and what actions are allowed or blocked when such data is detected in O365 apps, such as Outlook, SharePoint, OneDrive, or Teams. You can create and manage DLP policies in the Microsoft 365 compliance center.

4. Enable audit logging and alerts. Audit logging and alerts help you monitor and respond to suspicious or malicious activities in your O365 environment. You can view and search audit logs for various events, such as user sign-ins, file downloads, mailbox access, password changes, or admin actions. You can also set up alerts to notify you when certain events occur, such as a user logging in from an unusual location or a file containing sensitive data being shared externally. You can access audit logs and alerts in the Microsoft 365 security center.

5. Review and update your security settings regularly. Security is not a one-time task but an ongoing process. You should review and update your security settings regularly to keep up with the changing threat landscape and best practices. You can use the Microsoft Secure Score tool to assess your current security posture and get recommendations on how to improve it. You can also use the Microsoft Security Roadmap to plan and prioritize your security initiatives. You can access both tools in the Microsoft 365 security center.

These are some of the most important security settings in O365 that you should configure to protect your organization’s data and users. By following these steps, you can enhance your security posture and reduce your risk exposure in the cloud.

8 Small Business Cybersecurity Tips

There are about 80 million businesses worldwide who meet the “small or medium business” (SMB) definition. Businesses with less than 300 employees can’t always afford someone to tell them what they can do to develop a more mature security posture or how to educate employees to be smarter about their cybersecurity practices. Most of the successful cybersecurity attacks are with small businesses and small government entities. Since the average cyberattack will cost them about $200k and a ransomware attack can force them out of business, we should talk about the basics of cybersecurity defense.

  1. Make sure you require complex passwords for every system. This means changing any vendor default passwords, not allowing simple or common passwords, and teaching your employees how to select a good password.
  2. Configure Multi-Factor Authentication (MFA) on all accounts. Just by requiring MFA to access business accounts you can prevent about 99% of all online attacks. The hackers might steal or guess your password, but it is much harder to access something like your cellphone.
  3. Use a separate account for performing administrative tasks for all your on-premise and cloud business accounts. Use this new account to only perform administrative actions, not to browse the internet or check email, and your risk of account compromise is significantly reduced.
  4. Install, properly configure, and use an antivirus solution that accesses the cloud to better protect your systems from the internet threats. This includes all your user computers and all servers.
  5. Backup your important files to the cloud. Using an automated solution to automatically backup your files to the cloud can prevent a successful ransomware attack from locking you out of your critical files.
  6. Don’t allow your users to configure email auto-forwarding rules in O365. If your account is hacked, one of the first things the attacker will do is configure auto-forwarding rules to exfiltrate your data to their systems across the internet. If you prevent this activity, it will slow down the attack and allow you more time to react. With alerts configured, you will get an email when the attacker attempts to create a new rule, giving you notice that an attack is underway.
  7. Use your available online tools to get tips and suggestions. Things like the Microsoft O365 Secure Score can be a really helpful source of useful tips and techniques for leveraging many more security settings to improve your overall security, and these tips are free just for having an O365 account.
  8. Educate your users about the threats on the internet. Billions of users have internet access, and not all of them have your best interests in mind. Warn users about sharing too much personal information on social media, discuss how to identify phishing emails, and provide guidance on who they need to contact if they aren’t sure about clicking on a link.

You need to think about how you use the services and systems that you have access to each day and determine what data you share has value, what processes are at a high risk, and how a malicious user might monetize your activity. A little work today can pay big dividends during an attack.

Follow these simple tips to start getting some confidence around your security posture, and build on each item as threats and systems change.

Coming Soon: Microsoft Defender for Office 365 Changes

Microsoft is updating Defender for Office 365 soon to help protect customers from embedded email threats while they are previewing quarantined emails. Microsoft is rolling out more quarantine management features that will help allow IT professionals and end users to better investigate quarantined emails:

  • Quarantine folder policy and user release request workflow
  • Customer organization branding
  • Streamlined email submission from the quarantine portal
  • Robust release of bulk quarantined emails
  • Secured preview of quarantined emails
  • Quarantine support for shared mailboxes

Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection) provides world-class protection for enterprise email accounts against  threats that include business email compromise and credential phishing. They even have some features that help with automated attack remediation.

These new enhancements should help limit risk to unwanted or malicious content by providing additional security controls to help block embedded threats to help prevent threat actors from knowing their intended victim has loaded an image or other embedded content in the quarantine preview.

“We’re changing the way users preview quarantined messages to provide additional security against embedded threats,” Microsoft explains on the Microsoft 365 roadmap. The idea is to provide some additional controls when previewing an email to make sure the threats are contained and the sender is less likely to know you have contained the suspicious email. With this change some components in quarantined messages will be distorted and not displayed by default. To see the full contents of the message, users can choose to reveal the full message.”

Other new features will allow for more control over quarantine items, release workflow options, corporate branding, and support for shared mailboxes.

Microsoft also plans on adding more intelligence around what kinds of attacks are targeting your business and options around how to deal with ongoing threats.

Deciding on Microsoft Intune

 

Many companies are trying to figure out how to handle their mobile device management at their business. Many will buy a product that performs some or all of the functions they need, or at least they think they need. As their needs mature or as requirements change, they may need to change the solution to a different product. I think the full-featured product that many companies need is Microsoft Endpoint Management, also known as Microsoft Intune. Intune is Microsoft’s answer to mobile-device management for Windows centric companies, and it is so very simple to use.

Intune will allow you to enroll all your Windows 10, macOS, iPadOS, and Android devices. Once a device is enrolled, it can be configured, applications can be installed, and devices can be wiped when they no longer need to be managed.

As you can imagine, effective configuration and application management across all business devices, including advanced security settings on multiple operating systems, using one powerful and easy-to-use interface will make support and training much easier, and your business will save money and time.

It is a popular and cost effective cloud-based tool that gives all employees access to corporate applications on their assigned endpoint,  along with conditional access to corporate data, and is simplifies the deployment of those settings, applications, and access to sensitive data to easily support hundreds or even thousands of employees with very little hands-on work by your technology team.

If you have your technology team buying and manually building laptops as you hire new employees you already know how difficult, time consuming, and manual that process can be, even if you have automated some of those steps. You need to deploy a new application to all employees? Simple, just send someone to all your users and they can install the software from a network share or flash drive. Maybe you have automated some of these steps and you deploy the new software via GPO? How long does it take for your remote workforce to finally make a VPN connection to the corporate network to get the new software? How easy is it to determine who is still missing the new software package or has installation errors?

  • How easy would it be to implement 10-20 new security settings to all your users laptops overnight?
  • How easy will it be to remove software they aren’t supposed to have installed, even if you can detect it exists on their laptop?
  • Do you have an accurate and up-to-date asset inventory of user laptops and what software is actually installed?
  • Are you able to detect missing patches to the OS and all the installed software for every user?
  • Can you make sure users are even trying to install patches on their laptops?

Remote workers that never connect to the corporate network make this management process even more difficult.

Do you have a solution to this issue? I think Microsoft Intune may be the solution to your problem, and it may already be included in your O365 licensing.

Let’s talk about some of the reasons I like Microsoft Intune.

Continue reading “Deciding on Microsoft Intune”

Effective Migration to O365

In the cloud-first environment in business today, many companies have already migrated to Microsoft’s online business solution intended to replace on-premise servers and services.  This cloud environment helps companies elevate their infrastructure to the cloud and reduce the need for maintenanc, including patching, drive management, etc.

While some organizations haven’t embraced Microsoft’s fastest growing business segment, but when it comes to moving mailboxes and other systems from on-premises to Office 365’s cloud you need to ask why you aren’t embracing this new environment.

Many organizations find the need to plan and execute the transition are competing with other day-to-day issues, which causes delays in their Office 365 Exchange migration. Other companies have be concerned about the cost versus what they are are used to paying. Business leaders need to take a serious look at O365 affordability and how to secure resources to complete the move to the cloud.

Properly Configure Azure Active Directory

Microsoft 365 uses an Azure Active Directory (Azure AD) tenant to store and manage identities for authentication and permissions to access cloud-based resources. If you have an on-premises Active Directory Domain Services (AD DS), you can synchronize your AD DS user accounts, groups, and contacts with the Azure AD tenant of your Microsoft 365 subscription. This is hybrid identity for Microsoft 365.

Azure AD Connect runs on an on-premises server and synchronizes your AD DS with the Azure AD tenant. Along with directory synchronization, you can also specify these authentication options:

  • Password hash synchronization (PHS)Azure AD performs the authentication itself.
  • Pass-through authentication (PTA)Azure AD has AD DS perform the authentication.
  • Federated authenticationAzure AD redirects the client computer requesting authentication to contact another identity provider.
Migrate email to O365

If you have an Office 365 portal, look into the Exchange Admin Center for your organization and explore the Migration tab (under the Recipients feature). Options include:

  • Remote move migration (supported by Exchange Server 2010 and later versions). This requires a hybrid configuration between your on-premises Exchange and Office 365.
  • Staged migration (supported only by Exchange Server 2003 and 2007).
  • Cutover migration (supported by Exchange Server 2003 and later versions). Use of this option is permitted only if you have fewer than 2,000 mailboxes. If you have more than 2,000 mailboxes, you must use either staged migration (on Exchange 2003 and 2007) or remote migration (on Exchange 2010 and 2013).
  • IMAP migration (supported by both Exchange and other email systems) for those of you folks looking to migrate from Google and so on.

The hybrid deployment option provides a variety of features, including:

  • a shared domain space (such as companyname.com)
  • a unified global address list (GAL)
  • free/busy calendar sharing
  • onboarding and offboarding at will between the two platforms (note that bandwidth and throttling affect the speed of these processes)
  • centralized mailbox management through a single console (the Exchange Admin Center from on-premises Exchange 2013).

Don’t forget to configure your spam and malware prevention rules, learn how to quarantine and release emails, and configure alerts to administrators if events warrant a response.

Configure OneDrive for Business

With the proper licensing, each user will get various amounts of online storage known as OneDrive. The files are actually stored in SharePoint Online, with a front-end interface to sync user files from their laptop to the clould for safe storage. If the user has to replace their laptop, they just sign into OneDrive on their new laptop and their documents, music, and picures will be automatically copied back down to the new laptop in just a few minutes.

Configure SharePoint Online

With the proper licensing, your organization will get access to SharePoint Online. This allows a business to many of the things they are used to sodoing with on-prem SharePoint, without the hassle of building and supporting servers,   installing and supporting SharePoint, and maintaining the on-prem infrastructure to keep all those systems running. A business can push that content to SharePoint online and save the time and money just keeping those systems running.

Configure Teams

With the proper licensing, your organization will get access to Microsoft Teams. Teams is an application that sits between your users and SharePoint to provide a consistant interface between users chatting and sharing files and it even allows you to use the built-in virtual telephone system to provide an interface for telephone and video calls so that you may also be able to replace your costly business telephone system.

Configure PowerBI

With the proper licensing, your organization will also get access to a powerful data visualization interface that will allow business users to see reporting and data in an easy to use cloud interface. This could save you time and money because you no longer have to support and maintain as many on-prem servers to process and distribute business reports.

Configure Azure Intune (Endpoint Management)

With the proper licensing, your organization will get a powerful mobile device management tool that allows you to configure and manage mobile devices (Windows 10, macOS, iPads, and Android devices) from the cloud. This allows you to add Windows 10 devices to your Azure AD infrastructure in minutes, but also configure and manage other supported mobile devices.

Once the device is managed from Azure Intune, you can also deploy various applications (including custom developed applications), install Office software automatically, configure device security settings, install and manage Microsoft Defender, etc. When the device reaches end-of-life you can easily off-board the device to remove sensitave data. If the device is lost or stolen you can also easily wipe the device to make any business data unavailable to anyone who finds the missing device.

Summary

Migrating to O365 is worth the time and effort. After to migrate to these prowerful online tools you will find that several of the tools and utilities you use (and pay for today) will no longer be needed.

Office 365 services drops support for older Office clients this year

Microsoft has said that that Office 365 (and Microsoft 365) services (Exchange Online, SharePoint Online, OneDrive for Business, etc.) will require newer versions of Office starting as early as October 13, 2020. Their older versions of Office (Office 2013 and older) will not get updates and may stop being able to access online services after this date. Microsoft has no plans to resolve any issues that may appear with the older versions attempting to access online resources, but the products themselves will contine to work.

As changes are made to the newer products to support changes to O365 services, you can expect the older versions of Office to see issues by early 2021, depending on what actions you are trying to perform.

For the versions of Office that are now out of support, Microsoft no longer offers technical support, will no longer issues bug fixes, and will not issue security updates for vulnerabilities.

Continue reading “Office 365 services drops support for older Office clients this year”

Microsoft 365 vs G Suite

There is a battle online attempting to win market share for cloud-based business productivity suites, and Microsoft and Google are fighting for market share from businesses willing to move their productivity software and services online.

Looking at Microsoft 365 (was named O365 until this year) and Google’s G Suite, you need to understand what features and capabilities are available with either solution as well as what each solution will cost your business. Both would like to be your solution for business productivity software by selling you a subscription-based solution, but you need to determine which service best solves your business needs while also providing the services you’ll need in the future at a price that meets your limited budget.

Both of these major services are built on a robust cloud infrastructure with multiple data centers scattered all over the world. These powerful companies have the history of managing cloud services to prevent downtime, network latency, and demonstrate a pattern of rolling out new features as at fairly steady rate.

Each online solution includes the standard features:

  • Productivity applications that support worker creation of standard documents, spreadsheets, presentations, forms, and on-line storage of files.
  • Cloud-based business email and calendaring services linked to your custom domain
  • Cloud-based messaging and communication tools that support online meetings and video conferencing.
  • Management console that allows selected administrators to adjust features and settings to meet business and compliance requirements, manage security settings, and configure archive settings that support enterprise customers.

While other companies offer online services including email and online storage, not many companies offer even half of the services and features available from just these two companies.

Continue reading “Microsoft 365 vs G Suite”

Multi-Factor Authentication (MFA) for Office 365

What is Multi-Factor Authentication

Multi-factor authentication (MFA) is basically an authentication method in which a computer user is granted access to computer systems only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user is). This is usually implemented by the user providing the traditional password along with another form of authentication, usually in the form of something they have. In most modern implementations this requirement is accomplished using a one-time code or authentication application the user has access to on their mobile device.

Using Multi-Factor Authentication

With O365 resources being available from anywhere in the world, it brings great opportunity for a business to operate without boundaries or time zones. As a business expands or business users travel they have unrestricted access to documents, data, and online services from everywhere on the planet. What cyber-security professionals know is that this flexibility also provides criminals the same access opportunities to steal your data from anywhere in the world.

Continue reading “Multi-Factor Authentication (MFA) for Office 365”

Microsoft Azure Management URLs

I’m reminded of an old saying: “There is more than one way to skin a cat”. This is relevant for Azure portal URLs , since there is more than one way to get to a management portal in Azure.

Instead of always going to the same login page and navigating to a specific page you need for the current task with a series of clicks, you can navigate directly to a specific management portal to make things a little faster.

Common Portal URLs
Uncommon Portal URLs

Simple Cybersecurity for 2020

There are about 80 million businesses worldwide who meet the “small or medium business” (SMB) definition. Businesses with less than 300 employees can’t always afford someone to tell them what they can do to develop a more mature security posture or how to educate employees to be smarter about their cybersecurity practices. Most of the successful cybersecurity attacks are with small businesses and small government entities. Since the average cyberattack will cost them about $200k and a ransomware attack can force them out of business, we should talk about the basics of cybersecurity defense.

  1. Make sure you require complex passwords for every system. This means changing any vendor default passwords, not allowing simple or common passwords, and teaching your employees how to select a good password.
  2. Configure Multi-Factor Authentication (MFA) on all accounts. Just by requiring MFA to access business accounts you can prevent about 99% of all online attacks. The hackers might steal or guess your password, but it is much harder to access something like your cellphone.
  3. Use a separate account for performing administrative tasks for all your on-premise and cloud business accounts. Use this new account to only perform administrative actions, not to browse the internet or check email, and your risk of account compromise is significantly reduced.
  4. Install, properly configure, and use an antivirus solution that accesses the cloud to better protect your systems from the internet threats. This includes all your user computers and servers.
  5. Backup your important files to the cloud. Using an automated solution to automatically backup you files to the cloud can prevent a successful ransomware attack from locking you out of your files.
  6. Don’t allow your users to configure email auto-forwarding rules. If your account is hacked, one of the first things the attacker will do is configure auto-forwarding rules to exfiltrate your data to their systems across the internet. If you prevent this activity, it will slow down the attack and allow you more time to react. With alerts configured, you will get an email when the attacker attempts to create a new rule, giving you notice that an attack is underway.
  7. Use your available online tools to get tips and suggestions. Things like the Microsoft O365 Secure Score can be a source of useful tips and techniques for leveraging many more security settings to improve your overall security, and these tips are free just for having an O365 account.

You need to think about how you use the services and systems that you have access to each day and determine what data you share has value, what processes are at a high risk, and how a malicious user might monetize your activity. A little work today can pay big dividends during an attack.

Follow these simple tips to start getting some confidence around your security posture, and build on each item as threats and system change.

Allow Only One Instance of Microsoft Outlook

Microsoft Outlook is the Office product that allows users to gain access to their emails, contacts, and other information. It is used by many businesses and most times people set it to automatically start when they log into Windows.

Users can also open multiple instances of Outlook, either on purpose or by accident, which can cause confusion and wasted resources. This default behavior can be easily modified with a small change to the program shortcut.

To avoid multiple Outlook instances, simply add the “/recycle” switch to the command line target of the Outlook’s shortcut.

  1. Right-click the Outlook shortcut in your start menu, select “More…”, then select the menu item “Open file location”.
  2. Right-click the Outlook shortcut in the file folder, and click on “Properties”.
  3. Select the “Shortcut” tab.
  4. In the Target field, append “/recycle” to the end of the command.
  5. Click OK to exit the property dialog

The next time you start Outlook, it will only allow one instance of the program. If the user attempts to restart a second instance, nothing appears to happen.

May PowerShell: Auditing Office 365 using PowerShell and Hawk

Note: For the month of May 2019, I’m focusing on PowerShell information that could help you better utilize this powerful scripting tool in your environment.

Hawk is a Powershell based tool for gathering information related to O365 intrusions and potential Breaches. You can simply use the Hawk Powershell Script that makes use of Exchange Online and Azure powershell scripts to generate the auditing reports you may need when investigating a suspected breach.

Reports Include:

  • CAS Mailbox Info
  • Azure Audit Logs (writes AzureActiveDirectoryAccountLogon: User login events with IP addresses)
  • Mailbox Audit Report (Mailbox login report with delegate and admin actions)
  • User Mailbox Forwarding Information
  • User Inbox Rules Information
  • Mailbox Info
  • Mailbox Statistics
  • Azure Authentication logs report (All authentication activity for the user in RAW + Readable form)

Azure AD reports rely on AAD P1 and P2 licenses, make sure you have the required licenses assigned.

GitHub Repository: https://github.com/Canthv0/hawk

A good starting place is the “Start-HawkTenantInvestigation”, this will run all the tenant based cmdlets and provide a collection of data to start with. Once this data has been reviewed if there are specific user(s) that more information should be gathered on “Start-HawkUserInvestigation”, which will gather all the User specific information for a specific user.

CASB Explained

A Cloud Access Security Broker (CASB) acts as a gatekeeper between your company’s endpoints and the multiple cloud services they use, and is positioned on the network perimeter. CASB software allows your company to extend your security policies to SaaS applications such as O365, Salesforce, Dropbox, and IaaS platforms such as Azure or AWS. A CASB simply helps a business secure communications end-to-end from cloud to device and vice-versa, regardless if the device is managed or unmanaged, from any location or any user.

In addition, modern BYOD policies can leave businesses staring liabilities in the face as employees begin to use cloud services without the IT department’s knowledge. This so-called ‘Shadow IT’ leaves data in the dark. Businesses have a responsibility to keep track of sensitive data, and with GDPR around the corner there’s no room for complacency. CASB can help enterprises make a compliant move to the cloud.

Continue reading “CASB Explained”

10 Facts About Deploying Microsoft Office 365

Microsoft Office 365 is a popular choice for enterprises that want a cloud-based suite of productivity and collaboration applications. The latest version of Office 365 gives you access to online Microsoft Office solutions anytime and anywhere on multiple Operating System platforms.

Microsoft’s marketing description of Office 365:

Microsoft Office 365 now includes Office 2016 and gives you the full Office experience. With access to the latest Office applications as well as other cloud-based productivity services, whether you need Office for home, school, or business, there is an Office 365 plan to meet your needs.
Our Office 365 subscription plans include Office 365 Home, Office 365 Personal, Office 365 University, and Office 365 for Mac. With each plan, you can install the 2016 versions of Word, Excel, PowerPoint, Outlook, and OneNote (Access, and Publisher are also included only for PC users). When a new version of Microsoft Office is released, you’ll get instant access to it so your applications are always up-to-date – and because Office 365 is optimized across your devices it’s easy to get anywhere access to your stuff on your laptop, phone, tablet and more.

Continue reading “10 Facts About Deploying Microsoft Office 365”

Microsoft Plans Office 365 Upgrades

A few months ag0 Microsoft announced that Windows 10 would receive major updates just twice a year, scheduled for September and March. Based on feedback from enterprise customers wanting a more tolerable schedule, Microsoft moved to make their release schedule more predictable.

What some people missed is that they also announced an identical schedule for corporate subscribers to Office 365. They aligned the update schedule with Windows 10. Microsoft says they plan to deliver and support Office 365 ProPlus updates, starting in September.

Microsoft also extended support 50% from 12 months per update to 18 months. The additional six months means your IT team can choose to push updates just once or twice a year.

The twice-a-year feature updates will be named Semi-annual Channel (Pilot) and Semi-annual Channel (Broad), each describing how Microsoft envisions them being deployed in the enterprise. Most people will probably just refer to them as simply “Pilot” and “Broad”.

You can get more information here.

New Word, PowerPoint, and Outlook features coming to Office 365

In an effort by Microsoft to continuously add new features to the Office 365 platform, users will soon get new tools that are intended to help prioritize important email, improve their writing skills, and better research topics of interest. The new features are added to three applications included in the Office 365 suite.

Outlook

A new feature called “Focused Inbox” is a messaging feature that launched in the Outlook for Android and iOS apps in January. It is now included in the Outlook for Mac, Windows and web users. The Focused Inbox automatically separates your inbox into two tabs. There is a “Focused” folder for important email, and another tab labeled “Other” for everything else. Focused Inbox is supposed to learn what is important based on how you move email in or out your folders of choice. The feature should help provide you with a single view of the most important items in their inboxes, across all platforms.

PowerPoint

This presentation tool will get a feature called “Zoom” that lets you create interactive, nonlinear presentations. You will be able to use Zoom to show slides in any order you want, without exiting slide show mode. This new feature will allow you to move to a different slide without hitting the back or forward buttons to return to previous slides your summary or Q&A portions of your presentation.

Word

A new tool for Word is “Researcher,” which offers a new window to allow users to research and explore material related to topics of interest. Using outside sources and the Bing Knowledge Graph, Researcher pulls information and shows it to the user without having to switch to another interface like the browser. Microsoft says it will add more reference materials to Researcher, including well-known encyclopedias and internet databases.

%d bloggers like this: