We’re in the process of digging in to the methodology for securing our Office 365 (O365) and Azure resources.
One of the things we are doing is building an on-boarding checklist for setting up O365 and Azure tenants as we sign them up.
The first place to start is the Microsoft Secure Score in the Office 365 Security & Compliance Console. After signing in with the admin account for the tenant we are greeted with a very wide range of security and compliance related tasks. It can actually be quite overwhelming at first!
Microsoft Office 365 Security & Compliance Dashboard
Note the Microsoft Secure Score in the middle column. It’s not looking too good for a newly set up tenant now is it?
We clicked on the link at the bottom to bring up the Microsoft Secure Score page.
Microsoft 365 Security: Microsoft Secure Score
At the bottom of this page we have the Improvement actions section with a Show More link under it. We clicked on that link and once the Microsoft Secure Score page came up clicked on the Rank column header to sort the most important things to do to the top of the list:
Microsoft Secure Score: Ranked Improvement Actions
Now that we’ve seen the list there are some items we deem more important to get to relative to their Rank score.
The first place to start is to make sure Multi Factor Authentication (MFA) is set up for _all_ accounts in the O365 and Azure especially the tenant’s administrator account(s).
What’s the moral of the story?
Get Secure. Get Secure Now!
- Krebs on Security: Breach at Cloud Solution Provider PCM Inc.
- PCM’s custom portal solution required MFA to be turned _off_ for tenant admin accounts! 🙁
- Breach is epic in proportion and nature
- MPECS Inc. Blog: Protecting a Hyper-V Host and Backup Repository from Malware and Ransomware
- There’s an air-gap in there right?
- There are a lot of further reading links in this post
Thanks for reading! 🙂