Recently, the U.S. Cybersecurity and Infrastructure Agency (CISA) published a report on their security observations on Office 365. In it, they detail some configuration vulnerabilities. I’d like to touch on these and build upon their recommendations of changes that will increase your environment’s security.
CISA also outlines a concern with Mailbox Auditing being disabled by default, but since the time of publishing their report, this feature is now enabled by default for all new and existing tenants.
Additionally, they detail a concern with the use of Azure AD Connect and the Password Sync feature. The potential threat scenario was in the case that an on-prem admin account was compromised, the same credentials could then be used to access the Office 365 portal as an admin. However, Microsoft has since disabled the capability to use AD Connect to match certain administrator accounts. Using MFA on administrator accounts, as well as strong password policies, will further mitigate this concern.
Below are additional changes I recommend making to further secure your Office 365 tenant. Some of these are simple setting changes. Others include planning and configure policies. For the purpose of this blog, I will not be going into technical detail on these suggestions. Some I already have in past blog posts, others I hope to in the future.
If you have any security concerns regarding your Office 365 tenant, please reach out to Sikich for a consultation!
This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. In addition, this publication may contain certain content generated by an artificial intelligence (AI) language model. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.