It’s important for financial institutions to understand Microsoft Office 365 (O365) and M365 settings, so they can optimize the security controls and quickly detect potential areas of compromise. The educational journey begins with acknowledging the role of Azure Active Directory (Azure AD), Microsoft’s cloud-based user authentication platform.
When your institution purchased O365 (recently rebranded as M365), it established a Microsoft tenant with Azure AD. Since that tenant belongs to you and your institution—not the licensing reseller—it is your responsibility to understand Azure AD and its controls. This is where you can customize the settings to create more sophisticated and appropriate security policies for your institution.
Monitoring for Exceptions to Security Controls
Once your institution has good policies in place, it’s essential to monitor for exceptions. There are so many security controls to check; it can be difficult to know if there is a policy exception or even an active compromise. As an added challenge, some controls can have a major impact on the user experience, and these controls cannot be created arbitrarily by a third party simply based on what is presumed to be best practice.
Therefore, you must build policies around what users are allowed to do, what your institution’s risk assessment defines, and what users will tolerate. Making appropriate policy-related adjustments to O365/M365 requires knowing how to connect with and analyze specific Microsoft data to modify the related security controls. Microsoft has created a plethora of controls, which can be difficult for many customers to navigate. That’s where it can be beneficial to partner with a value-added reseller like Safe Systems.
M365 Security Basics
Safe Systems consults with clients to help them best use O365/M365 controls and uncover their cloud security “blind spots.” M365 Security Basics is the first CloudInsight offering that provides visibility into security settings for Azure Active Directory and O365/M365 tenants.
M365 Security Basics consists of three main parts—reporting, alerting, and quarterly reviews— that your institution can choose from based on its needs. The reporting feature pulls Microsoft data that may not be easily accessible and compiles it into a user-friendly format. The reports show the fundamental settings at a glance, so institutions can track configuration changes over time. There are summary reports that IT administrators can use to quickly identify anomalies in their organization as well as detailed reports that include the specifics of a given anomaly.
While reporting generates important ongoing details, it can produce a substantial amount of information for you to review. Alerts can notify you as soon as possible about the most common setting changes or activity that can represent an indicator of compromise, so you can investigate and respond.
With the quarterly review component, Safe Systems will help you walk through the content of all your reports and discuss your overall strategy for adjusting the configurations. Having all this data at your fingertips makes it easier to make assessments to determine which settings are right for your organization. Two key settings to enable are multi-factor authentication—which should be universal for every user because it adds a critical layer of protection to the user sign-in process—and auditing which is crucial for investigating changes.
Educate. Expose. Empower.
The goal of M365 Security Basics is to educate financial institutions about the unfamiliar concepts related to O365/M365, expose the reality of what they are already living today, and empower them to take action where changes are needed.
For more information about how to understand O365/M365 settings to ensure your security controls are effective, listen to our webinar on “Cloud O365-M365 Security – Do You Know if You Are Currently Compromised?”