Ensuring robust cybersecurity measures is paramount for organizations of all sizes. This white paper outlines a comprehensive strategy that helped a client significantly improve their security posture by increasing their security score from 30% to 75%. This achievement was made possible through the strategic implementation of various security settings and policies within their Microsoft 365 environment. These settings were carefully selected and applied to mitigate vulnerabilities, enhance user authentication, protect against threats, and bolster overall security.
Introduction
Security in the digital age demands proactive measures that continually adapt to evolving threats. Legacy authentication, lack of multifactor authentication (MFA), and the potential for impersonation attacks are just a few of the vulnerabilities that organizations must address. This white paper discusses the implementation of specific settings within the Microsoft 365 environment to address these issues and improve overall security.
Setting 1: Enable Conditional Access Policies to Block Legacy Authentication
Description: Blocking legacy authentication is a critical step in preventing compromising sign-in attempts. Legacy protocols lack support for modern authentication and MFA, making them vulnerable to attacks.
User Impact: Users accessing apps that don’t support modern authentication will no longer be able to access them with this policy enabled.
Setting 2: Require Multifactor Authentication (MFA) for Administrative Roles
Description: Requiring MFA for administrative roles adds an additional layer of security, protecting high-privilege accounts from unauthorized access.
User Impact: Users with administrative roles need to register for MFA and will be prompted for additional authentication factors as per policy settings.
Setting 3: Ensure MFA for All Users
Description: Requiring MFA to all users increases protection, especially in the event of one factor being compromised.
User Impact: Users will be prompted to authenticate with a second factor when accessing applications or resources.
Setting 4: Enable Impersonation Protection
Description: Enabling enhanced impersonation protection based on sender maps helps to detect and respond to impersonation attacks effectively.
Setting 5: Move Impersonated Messages to Junk Email Folder
Description: Messages detected as impersonated users should be moved to the recipients’ junk email folder or quarantined for further investigation.
Setting 6: Enable Impersonated Domain Protection
Description: Prevents specified domains from being impersonated, providing added security against domain spoofing attacks.
Setting 7: Set Phishing Email Level Threshold
Description: Adjusting the phishing email level threshold controls the sensitivity of machine learning models for phishing detection.
Setting 8: Turn on Safe Documents for Office Clients
Description: Leveraging Microsoft Defender for Endpoint to scan documents and files for malicious content enhances document security.
Setting 9: Ensure ‘External Sharing’ of Calendars is Not Available
Description: Restricting external sharing of calendar details prevents potential data leaks and unauthorized access.
Setting 10: Set Action for High Confidence Spam Detection
Description: Defining actions for high confidence spam detection helps in quickly and effectively dealing with spam emails.
Setting 11: Restrict User Consent to Apps Accessing Company Data
Description: Limiting user consent for apps accessing company data reduces the risk of malicious applications gaining unauthorized access.
Setting 12: Configure User Permissions for Teams Meetings
Description: Allowing only authorized users with presenter rights to share content during Teams meetings reduces disruptions and security risks.
Setting 13: Ensure No Sender Domains Are Allowed for Anti-Spam Policies
Description: Avoid adding trusted domains to anti-spam policies to prevent attackers from spoofing trusted domains.
Setting 14: Only Allow Invited Users in Teams Meetings
Description: Automatically admitting only invited users to Teams meetings reduces the risk of unauthorized participants joining.
Setting 15: Restrict Anonymous Users from Joining Meetings
Description: Restricting anonymous users from joining Teams meetings enhances control and prevents unauthorized access.
Setting 16: Don’t Add Allowed IP Addresses in Connection Filter Policy
Description: Avoid adding trusted IP addresses to connection filter policies to prevent attackers from exploiting trusted sources.
Setting 17: Retain Spam in Quarantine for 30 Days
Description: Specifying a quarantine retention period helps in reviewing and analyzing spam messages.
Setting 18: Set the Email Bulk Complaint Level (BCL) Threshold
Description: Configuring the BCL threshold helps in managing bulk spam effectively.
Setting 19: Block Users Who Reached the Message Limit
Description: Taking action when users reach message limits reduces the impact of compromised accounts.
Setting 20: Ensure Modern Authentication for SharePoint Applications
Description: Enforcing modern authentication for SharePoint applications enhances security and authentication mechanisms.
User Impact: Users will need to authenticate using modern authentication, causing minor adjustments to user behavior.
Conclusion
By systematically implementing these security settings and policies, our client was able to increase their security score from 30% to an impressive 75%. This transformation was achieved by addressing vulnerabilities, enhancing authentication, and protecting against threats within their Microsoft 365 environment.
As the threat landscape continues to evolve, organizations must remain vigilant and adopt a proactive approach to cybersecurity. The settings discussed in this white paper offer a roadmap to bolstering security in the digital age. By prioritizing these measures, organizations can significantly reduce their risk of security breaches and data compromise.
Remember, cybersecurity is an ongoing process. Regularly reviewing and updating security measures is crucial to staying ahead of emerging threats and maintaining a strong security posture.
