Last month we reviewed Third Party Risk Management and emphasized the importance of understanding the potential risks associated with basic business processes. This month we will delve into enhancing the security of an office email environment.

Protecting Microsoft Office

Microsoft Office offers extensive control of the platform and how it is configured. Microsoft has made preconfigured security settings available to all users, recognizing that 99.9% of common identity-related attacks can be stopped by implementing Multi-Factor Authentication (MFA) and blocking legacy authentication.

• Enforce O365 Security defaults
  • Forces MFA for all accounts
  • Requires all administrators to use MFA
  • Blocks legacy protocols
  • Enforce Conditional Access whenever possible

• Review your SPF, DKIM, and DMARC settings. Correctly configurating these settings will offer more protection against spoofing and phishing, safeguarding your brand.

• Review this site for proven PowerShell commands that will provide a greater insight into your tenant configurations –  Security Archives – Office 365 Reports

Additional resources for securing Office365.

• GitHub – T0pCyber/hawk: Powershell Based tool for gathering information related to O365 intrusions and potential Breaches

PowerShell Based tool for gathering information related to O365 intrusions and potential breaches.

• GitHub – cisagov/Sparrow: Sparrow.ps1 was created by CISA’s Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 environment.

Sparrow was created by CISA’s Cloud Forensics team to help detect possible compromised accounts and  applications in the Azure/m365 environment.

• GitHub – cammurray/orca: The Microsoft Defender for Office 365 Recommended Configuration Analyzer (ORCA)

The Microsoft Defender for Office 365 Recommended Configuration Analyzer (ORCA)

• GitHub – cisagov/ScubaGear: Automation to assess the state of your M365 tenant against CISA’s baselines

Automation to assess the state of your M365 tenant against CISA’s baselines – Secure Cloud Business Applications (SCuBA) Project | CISA

A few caveats on the sites above:

• Before implementing any of the scripts, carefully review them to determine their relevance to your specific tenant(s).  Some scripts may require or expect M365 licensing that is not owned.  As with any script, you must review the install guides.
• It is strongly recommended to test these scripts in a non-production environment before deploying.
• Keep in mind that the scripts provided above won’t necessarily fix existing issues. Instead, they offer valuable insights into your M365 tenant, aligning with Microsoft’s best practices and indicators of compromise.

Protecting Gmail Suite

1. Protect your business with 2-Step Verification – Google Workspace Admin Help
2. Advanced phishing and malware protection – Google Workspace Admin Help
3. Prevent phishing attacks on your users – Google Workspace Admin Help
4. Run a security checkup

Additional resources

Tips to Stay Safe & Secure Online – Google Safety Center