Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

DHS Reiterates Recommendations on Securing Office 365

An alert the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) published this week reiterates previously issued recommendations on how organizations should properly secure Microsoft Office 365 deployments.

An alert the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) published this week reiterates previously issued recommendations on how organizations should properly secure Microsoft Office 365 deployments.

In May last year, the agency issued an alert to highlight some of the common security oversights by Office 365 customers, and also included a series of recommendations on how organizations could improve their security posture.

Since many organizations have accelerated cloud adoption to adapt to the current COVID-19 lockdown, CISA decided to reiterate those recommendations, as many deployments might not be properly secured if performed in haste.

“While the abrupt shift to work-from-home may necessitate rapid deployment of cloud collaboration services, such as O365, hasty deployment can lead to oversights in security configurations and undermine a sound O365-specific security strategy,” CISA notes.

The agency says it continues to identify deployments where entities did not implement best security practices, thus remaining exposed to attacks.

To ensure their Office 365 implementations remain secure, organizations are advised to use multi-factor authentication for administrator accounts (given that Azure Active Directory (AD) Global Administrators have the highest privileges in Office 365 environments), but also for other user accounts, although they do not have elevated privileges.

Additionally, CISA recommends that organizations assign administrator roles using Role-based Access Control (RBAC) and enable Unified Audit Log (UAL), incorporate Microsoft Secure Score and integrate logs with existing SIEM tools, but also disable legacy protocol authentication when appropriate, and enable alerts for suspicious activity.

Advertisement. Scroll to continue reading.

“CISA encourages organizations to implement an organizational cloud strategy to protect their infrastructure assets by defending against attacks related to their O365 transition and better securing O365 services,” the agency notes.

Related: DHS Highlights Common Security Oversights by Office 365 Customers

Related: House Committee Passes Bills Improving CISA Leadership and Authority

Related: Patching Pulse Secure VPN Not Enough to Keep Attackers Out, CISA Warns

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...