Government Suggestions for Office 365 Admin & Security

As an Office 365 admin, the effort to harden enterprise security is key to remaining employed. Recently, United States Cybersecurity and Infrastructure Agency (CISA) combed through Microsoft's Office 365 documentation to pull out some best practices.

Richard Hay, Senior Content Producer

May 15, 2019

2 Min Read
An green tinted image with an eye and global map for security checks

Not a week goes by that we do not hear about some company experiencing a data breach. These usually involve customer data containing a lot of personally identifiable information (PII) and they can be very costly for companies due to laws such as the General Data Protection Regulation (GDPR). For an Office 365 admin, making sure the organization's user accounts and settings across the entire tenant are optimized is a top priority.

There are a lot of resources available to an Office 365 admin to help with this process but recently the U.S. Cybersecurity and Infrastructure Agency (CISA) shared some potential configuration vulnerabilities for organizations to be aware of.

As explained by CISA, these configuration issues usually occur when a third party service provider helps an organization with their migration to Office 365 from other services.

“The organizations that used a third party have had a mix of configurations that lowered their overall security posture. In addition, the majority of these organizations did not have a dedicated IT security team to focus on their security in the cloud. These security oversights have led to user and mailbox compromises and vulnerabilities.”

CISA shared four examples of these potential configuration concerns that could happen after a third-party migration to Office 365 and result in a lower security profile for organizations:

  • Multi-factor authentication for administrator accounts not enabled by default

  • Mailbox auditing disabled

  • Password sync enabled

  • Authentication unsupported by legacy protocols

Of course, CISA’s recommendations mirror those issues listed above and each come with a direct link to the Microsoft Office 365 guidance and information in that area:

Ultimately, every Office 365 admin should be moving their organization users to a modern experience on both desktop and mobile devices. That means removing the use of dated functionality like POP3, IMAP, and SMTP should be a top priority as suggested by CISA.

At the Microsoft Docs website for Office 365, there is an Office 365 security roadmap that can further assist any Office 365 admin to maximize the mix of subscription-related security features for their users. In combination with a modern desktop such as Windows 10, you should be able to easily increase your security posture.

Read more about:

Government

About the Author(s)

Richard Hay

Richard Hay

Senior Content Producer, IT Pro Today (Informa Tech)

I served for 29 plus years in the U.S. Navy and retired as a Master Chief Petty Officer in November 2011. My work background in the Navy was telecommunications related so my hobby of computers fit well with what I did for the Navy. I consider myself a tech geek and enjoy most things in that arena.

My first website – AnotherWin95.com – came online in 1995. Back then I used GeoCities Web Hosting for it and WindowsObserver.com is the result of the work I have done on that site since 1995.

In January 2010 my community contributions were recognized by Microsoft when I received my first Most Valuable Professional (MVP) Award for the Windows Operating System. Since then I have been renewed as a Microsoft MVP each subsequent year since that initial award. I am also a member of the inaugural group of Windows Insider MVPs which began in 2016.

I previously hosted the Observed Tech PODCAST for 10 years and 317 episodes and now host a new podcast called Faith, Tech, and Space. 

I began contributing to Penton Technology websites in January 2015 and in April 2017 I was hired as the Senior Content Producer for Penton Technology which is now Informa Tech. In that role, I contribute to ITPro Today and cover operating systems, enterprise technology, and productivity.

https://twitter.com/winobs

See more from Richard Hay
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

cloud-native
Cloud Native
How Cloud-Native Development Benefits SaaSHow Cloud-Native Development Benefits SaaS
byForrester Blog Network
Jun 28, 2024
3 Min Read
abstract string backgroud
PowerShell
Advanced String Manipulation Techniques in PowerShellAdvanced String Manipulation Techniques in PowerShell
byBrien Posey
Jun 28, 2024
3 Min Read
business person stamping a document
IT Operations
How to Get Executive Buy-In for IT ProjectsHow to Get Executive Buy-In for IT Projects
byChristopher Tozzi
May 28, 2024
6 Min Read