If your organisation utilises the Microsoft Office 365 (O365) ecosystem in any capacity, do you recall the last time you performed a security audit on the system? Most companies make use of O365 for key technology services such as emails, document storage, and collaboration, yet believe that it’s safe and secure right out of the box. The fact is that, by default, many security policies are not enabled and require manual configuration to be enforced within your organisation.
Enter Microsoft Secure Score, a feature within Office 365 that provides an overall measurement of your organisation’s security position and allows you to improve your security on the platform. The score varies depending on your setup, but is ranked by a percentage metric. The average score globally is 40%, indicating little actions have been taken to improve their environment, which is quite concerning. Below, we have listed the top 5 changes to make within the platform to enhance your online security.
1. Enforce Multi-Factor Authentication (MFA) for all users and administratorsSadly, Microsoft admits that the standard implementation out-of-the-box doesn’t have complex security requirements. Enabling MFA is highly recommended and the number one item on our list of security enhancements.
2. Disable Legacy AuthenticationBy default, Microsoft still allows users to bypass the MFA policy by setting up their own app passwords. However, this should be disabled as it enables external parties to target your passwords and breach accounts.
3. Enable Audit Data RecordingMicrosoft does log user actions, but only for a very short time frame until you enable the audit data policies, which will keep logs of user actions indefinitely.
4. Enable User Sign-in Risk PolicyThis policy will protect against password cracking and mitigate account breaches in your organisation. It is important to make sure that the organisation also has MFA enabled.
5. Do not expire passwordsIt may seem odd but it is recommended that passwords don’t change. If you are changing passwords frequently, standard behaviour is to add another character at the end of the password. It is much better to choose a long, secure password and manage it via your password manager, changing it periodically as opposed to frequently.
Following these steps will have a notable impact on the security of your Microsoft Office environment. If you’d like to know more, don’t hesitate to get in touch.
As an IT Professional with over ten years of experience, I pride myself on providing relevant, cost-effective solutions to my clients.
Post articles and opinions on Professionals UK
to attract new clients and referrals. Feature in newsletters.
Join for free today and upload your articles for new contacts to read and enquire further.
