Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

DHS Reiterates Recommendations on Securing Office 365

An alert the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) published this week reiterates previously issued recommendations on how organizations should properly secure Microsoft Office 365 deployments.

An alert the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) published this week reiterates previously issued recommendations on how organizations should properly secure Microsoft Office 365 deployments.

In May last year, the agency issued an alert to highlight some of the common security oversights by Office 365 customers, and also included a series of recommendations on how organizations could improve their security posture.

Since many organizations have accelerated cloud adoption to adapt to the current COVID-19 lockdown, CISA decided to reiterate those recommendations, as many deployments might not be properly secured if performed in haste.

“While the abrupt shift to work-from-home may necessitate rapid deployment of cloud collaboration services, such as O365, hasty deployment can lead to oversights in security configurations and undermine a sound O365-specific security strategy,” CISA notes.

The agency says it continues to identify deployments where entities did not implement best security practices, thus remaining exposed to attacks.

To ensure their Office 365 implementations remain secure, organizations are advised to use multi-factor authentication for administrator accounts (given that Azure Active Directory (AD) Global Administrators have the highest privileges in Office 365 environments), but also for other user accounts, although they do not have elevated privileges.

Advertisement. Scroll to continue reading.

Additionally, CISA recommends that organizations assign administrator roles using Role-based Access Control (RBAC) and enable Unified Audit Log (UAL), incorporate Microsoft Secure Score and integrate logs with existing SIEM tools, but also disable legacy protocol authentication when appropriate, and enable alerts for suspicious activity.

“CISA encourages organizations to implement an organizational cloud strategy to protect their infrastructure assets by defending against attacks related to their O365 transition and better securing O365 services,” the agency notes.

Related: DHS Highlights Common Security Oversights by Office 365 Customers

Related: House Committee Passes Bills Improving CISA Leadership and Authority

Related: Patching Pulse Secure VPN Not Enough to Keep Attackers Out, CISA Warns

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

Mark Carter has been appointed Chief Information Security Officer at Socure.

Spektrum Labs has named Mark Cravotta Chief Operating Officer.

More People On The Move

Expert Insights

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.