Vulnerability

Administrators are important to the overall safety of your domain, as well as the enforcement of important policy and security settings. But your vulnerability is greatly increased if administrators are not held to the same security standards as the users they manage. If an administrator account becomes compromised, so do all user accounts under their control. Failing to enforce security standards puts your business at greater risk for login theft, phishing and ransomware attacks, conversation hijacking, and other forms of social engineering. Along with requiring Multi-Factor Authentication for users and administrators, always tailor your security approach to follow best practices:

• Require Complex and Lengthy Passwords 
  • Ideally, use a combination of letters, numbers and symbols.
  • Do not use the same password for multiple accounts.
• Educate employees to stay alert for phishing emails
• Require Admins to check audit logs and mail flow frequently

Mitigation Strategy

You can protect your business by enabling Multi Factor Authentication (MFA) for all administrators. The Tenant Admin Report included in your security audit will let you know if MFA needs to be enabled for any of your administrators. Additional MFA features, such as reports and custom greetings, are available with Azure Active Directory Premium licenses.

Frequently changing Office 365 passwords is another way to help maintain security in your Office 365 tenant. With Tenant Administrators having access to all resources within your tenant, we recommend enforcing a 90 day password policy for administrators. It is also important that Tenant Administrators do not have passwords set to never expire in Office 365. The Tenant Admin Report included in your Security Audit will show you the password age and password expiration setting for all administrators, so you can decide if action is needed.

Service Suggestions 

Ultimately, your network is constantly under attack from phishing and ransomware campaigns. Even though the Security Audit identifies effective policy and setting optimizations, your business is still being targeted through email and web usage. Consider enhancing your security with the following:

Azure Active Directory Premium – Add additional MFA features such as reports and custom greetings, as well as additional security features. Contact us for more info.

Advanced Threat Protection – Protect your inboxes from phishing, malware, conversation hijacking and more.

Email Encryption – Protect both privacy and reputation with true, point-to-point encryption.

Vulnerability

Users are one of your greatest vulnerabilities. Whether intentional or unintentional, most breaches or cyberattacks originate from an action taken by a user on your network. User education on the dangers of phishing, ransomware and other social engineering schemes should be an essential part of your security plan. Along with requiring Multi-Factor Authentication for users, always follow best practices:

• Require Complex and Lengthy Passwords
  • Ideally, use a combination of letters, numbers and symbols.
  • Do not use the same password for multiple accounts.
• Educate employees to stay alert for phishing emails
• Assume all file attachments are dangerous

Mitigation Strategy

Multi-Factor Authentication (MFA) helps secure your account and prevent unauthorized access in Office 365. The Multi-Factor Authentication Report included in your Security Audit will show you if any of your users do not have MFA enabled so you can take action. Additional MFA features, such as reports and custom greetings, are available with Azure Active Directory Premium licenses. 

Users with simple passwords or passwords that never expire are easy targets for hijackers and scammers. Enforcing a 90-day or less password policy for your Office 365 users can help maintain security. The Multi-Factor Authentication Report included in your Security Audit will show you the password age and expiration date for all users so you can take action against policy violations. 

Service Suggestions

Ultimately, your network is constantly under attack from phishing and ransomware campaigns. Even though the security audit identifies effective policy and setting optimizations, your business is still being targeted through email and web usage. Consider enhancing your security with the following:

Azure Active Directory Premium – Add additional MFA features such as reports and custom greetings, as well as additional security features. Contact us for more info.

Advanced Threat Protection – Protect your inboxes from phishing, malware, conversation hijacking and more.

Email Encryption – Protect both privacy and reputation with true, point-to-point encryption.

Vulnerability

Mailboxes are entry points into your network and often contain sensitive information. Therefore, it’s important to utilize every possible resource to protect your business. Likewise, inactive mailboxes represent wasted resources – and could represent potential breach points that go unmonitored. Default mailbox auditing in Office 365 can be minimal as well but advanced features can help alleviate that problem.

Mitigation Strategy

Using the advanced mailbox auditing capability in Office 365 can help administrators investigate suspicious activity. The Mailbox Information Report included in your Security Audit will let you know if any mailboxes on your tenant do not currently have advanced auditing enabled so you can take action. For even greater threat protection, consider adding Cloud App Security licenses to your Office 365 users.

Mailboxes that have never logged in and inactive mailboxes in Office 365 give hackers the perfect environment for hiding malicious activity. While there are some valid reasons that a mailbox hasn’t logged in, such as a new user, it is important that administrators monitor mailbox activity and disable access to mailboxes that are not in use. The Mailbox Information Report included in your Security Audit will show you the creation date and last logon date for all mailboxes so you can take action if needed.

Service Suggestions

Although mailboxes are essential to businesses, they do represent vulnerable points into your network. Utilizing solutions that protect your network on multiple fronts can give you the enhanced protection your business needs:

Cloud App Security – Assess risk, enforce security policies, investigate activities, and stop threats. Contact us for more info.

Advanced Threat Protection – Protect your inboxes from phishing, malware, conversation hijacking and more.

Email Encryption – Protect both privacy and reputation with true, point-to-point encryption.

Vulnerability

Hackers utilize every possible resource to achieve their goals. A common threat vector involves using email rules to forward, move or delete messages, hoping to hide suspicious activity. Without an auditing tool, administrators and users may never be able to identify potential threats.

Mitigation Strategy

Inbox rules that are configured to forward, delete, or move messages are commonly used by cybercriminals to avoid detection or suspicion. The Inbox Rules Report included in your Security Audit will show all inbox rules for all mailboxes in your Office 365 tenant. The description column describes the function of the rules and provides a quick way to analyze the rules intended purpose so you can investigate and take action. For even more protection against unsafe attachments and malicious links, consider adding Advanced Threat Protection licenses.

Service Suggestions

Keeping track of your network can be a daunting task and using audit tools can help; also consider deploying proactive solutions that can defend your network from the threats that are aimed at businesses today:

Advanced Threat Protection – Protect against malicious attacks with spoof intelligence, safe attachments, and safe links. Contact us for more info.

Advanced Threat Protection – Protect your inboxes from phishing, malware, conversation hijacking and more.

Email Encryption – Protect both privacy and reputation with true, point-to-point encryption.

Vulnerability

One infected workstation or device could potentially bring down your entire network. Likewise, cybercriminals use forwarding rules to hide or obfuscate their true purpose from administrators. Furthermore, users often forward business email to personal accounts for convenience without knowing the risk they are adding to your business.

Mitigation Strategy

Forwarded mailboxes can be established through several methods in Office 365 such as Outlook Web Access, Exchange Admin Center, and Inbox Rules. Spammers and users often use forwarding capabilities to forward private email to external sources. The Forwarding Mailboxes Report included in your Security Audit will show all mailboxes on your Office 365 tenant that have forwarding enabled so you can investigate and take action. For more help with monitoring risky behavior or suspicious data points, consider assigning Cloud App Security licenses to your Office 365 user accounts.

Service Suggestions

For an administrator, awareness is an invaluable trait. Although many techniques and forwarding settings may be required in certain environments, knowing exactly what’s happening across the network is a requirement today. Protect your network from all attack vectors to prevent the workstation or device from being infected in the first place:

Cloud App Security – Assess risk, enforce security policies, investigate activities, and stop threats. Contact us for more info.

Advanced Threat Protection – Protect your inboxes from phishing, malware, conversation hijacking and more.

Email Encryption – Protect both privacy and reputation with true, point-to-point encryption.

Vulnerability

Transport Rules are often used to control tenant wide settings in Office 365. Spammers that gain access to admin credentials frequently create transport rules that allow phishing emails to reach end users. In a similar fashion, spammers also leverage transport rules to copy confidential data to unauthorized destinations.

Mitigation Strategy

Transport Rules can only be created through the Exchange Admin Center. If you find malicious transport rules on your tenant, it is safe to assume administrator credentials have been compromised. The Transport Rules Report included in your Security Audit will show all transport rules on your Office 365 tenant, which helps you to investigate further and take action if needed. For more help with monitoring risky behavior or suspicious data points, consider assigning Cloud App Security licenses to your Office 365 user accounts.

Service Suggestions

For an administrator, awareness is an invaluable trait. Transport rules have many legitimate purposes but, if used incorrectly, can have a huge impact. Administrators must know what's happening in their environment and regularly check admin-level settings, as well as user-level settings.

Cloud App Security – Assess risk, enforce security policies, investigate activities, and stop threats. Contact us for more info.

Advanced Threat Protection – Protect your inboxes from phishing, malware, conversation hijacking and more.

Email Encryption – Protect both privacy and reputation with true, point-to-point encryption.

Vulnerability

Connectors are frequently used in Office 365 to allow outgoing mail from on-prem resources. A common example is an inbound connector that allows your printer/scanner to send email through Office 365. Recent scans and attacks have shown that spammers are leveraging connectors on reputable Office 365 tenants to send out blasts of phishing emails. Microsoft strictly monitors outbound traffic in Office 365, so a malicious connector can easily result in your entire Office 365 tenant being blocked.

Mitigation Strategy

Connectors can only be created through the Exchange Admin Center. If you find malicious connectors on your tenant, it's safe to assume administrator credentials have been compromised. The Inbound and Outbound Connectors Report included in your Security Audit will show all connectors on your Office 365 tenant, which gives you the awareness needed to take action. For more help with monitoring mail flow and protecting your user's inboxes, consider adding Advanced Email Security for your Office 365 user accounts.

Service Suggestions

Connectors are often necessary to allow integration with on-prem appliances and servers. Many 3rd party organizations also leverage connectors to offer additional services for Office 365. As an Administrator, it's great to add additional services for your users, but you must also diligently monitor for malicious configurations. For more help with monitoring mail flow and protecting your user's inboxes, consider adding Advanced Email Security for your Office 365 user accounts.

Cloud App Security – Assess risk, enforce security policies, investigate activities, and stop threats. Contact us for more info.

Advanced Threat Protection – Protect your inboxes from phishing, malware, conversation hijacking and more.

Email Encryption – Protect both privacy and reputation with true, point-to-point encryption.