2019-01-14
Mät säkerheten på din Microsoft 365-tenant
The CIS Microsoft 365 Foundations Benchmark | I dagens molnfokuserade IT är det viktigare än någonsin att förekomma ”the bad guys” när det gäller säkerhet. En bra säkerhetsnivå är nyckeln till att skydda företagets data och för att veta vart nivån ligger så behövs mätverktyg.
The CIS Microsoft 365 Foundations Benchmark
The Center for Internet Security (CIS) är en ideell organisation som syftar till att ”identifiera, utveckla, validera, marknadsföra och bibehålla dom bästa lösningarna för cyberförsvar och att bygga och leda samhället för att möjliggöra förtroende på internet.
CIS tillhandahåller gratis benchmarks i PDF-format för många olika plattformar som Linux, Windows Desktop, Windows Server, VMware och nu molnleverantörer.
De meddelade nyligen, i samarbete med Microsoft, CIS Microsoft 365 Foundations Benchmark som hjälper dig att få de viktigaste säkerhetsinställningarna på plats i Microsoft 365. Det är en vägledning för att skapa en säker konfiguration för Microsoft 365 oavsett operativsystem.
Denna benchmark är uppdelad i sju avsnitt med totalt ca 60 rekommendationer.
Du kan hitta en lista över alla steg som är involverade i CIS Microsoft 365 Foundations Benchmark längre ner.
Altitude 365 kan hjälpa dig att utföra denna benchmark för att förstå hur säker din Microsoft 365-tenant är och vad du kan göra för att förbättra säkerheten. Kontakta gärna mig med frågor om denna benchmark eller Microsoft-molnet i allmänhet.
Innehållet
Account/Authentication Policies
Recommendations related to setting the appropriate account and authentication policies.
- Ensure multifactor authentication is enabled for all users in administrative roles.
- Ensure multifactor authentication is enabled for all users in all roles.
- Ensure that between two and four global admins are designated.
- Ensure self-service password reset is enabled.
- Ensure modern authentication for Exchange Online is enabled.
- Ensure modern authentication for SharePoint applications is required.
- Ensure modern authentication for Skype for Business Online is enabled.
- Ensure that Office 365 Passwords Are Not Set to Expire.
Application Permissions
Recommendations related to the configuration of application permissions within Microsoft 365.
- Ensure third party integrated applications are not allowed (User Settings > No App Registrations).
- Ensure calendar details sharing with external users is disabled.
- Ensure O365 ATP SafeLinks for Office Applications is Enabled.
- Ensure Office 365 ATP for SharePoint, OneDrive, and Microsoft Teams is Enabled (blocks malicious files).
Data Management
Recommendations for setting data management policies.
- Ensure the customer lockbox feature is enabled.
- Ensure SharePoint Online data classification policies are set up and used.
- Ensure external domains are not allowed in Skype or Teams.
- Ensure DLP policies are enabled.
- Ensure that external users cannot share files, folders, and sites they do not own.
- Ensure external file sharing in Teams is enabled for only approved cloud storage services.
Email security/Exchange Online
Recommendations related to the configuration of Exchange Online and email security.
- Ensure the Common Attachment Types Filter is enabled.
- Ensure Exchange Online Spam Policies are set correctly.
- Ensure mail transport rules do not forward email to external domains.
- Ensure mail transport rules do not whitelist specific domains.
- Ensure the Client Rules Forwarding Block is enabled.
- Ensure the Advanced Threat Protection Safe Links policy is enabled.
- Ensure the Advanced Threat Protection Safe Attachments policy is enabled.
- Ensure basic authentication for Exchange Online is disabled.
- Ensure that an anti-phishing policy has been created.
- Ensure that DKIM is enabled for all Exchange Online Domains.
- Ensure that SPF records are published for all Exchange Domains.
- Ensure DMARC Records for all Exchange Online domains are published.
- Ensure notifications for internal users sending malware is Enabled.
Auditing Policies
Recommendations for setting auditing policies on your Microsoft 365 tenant.
- Ensure Microsoft 365 audit log search is Enabled.
- Ensure mailbox auditing for all users is Enabled.
- Ensure the Azure AD ‘Risky sign-ins’ report is reviewed at least weekly.
- Ensure the Application Usage report is reviewed at least weekly.
- Ensure the self-service password reset activity report is reviewed at least weekly.
- Ensure user role group changes are reviewed at least weekly.
- Ensure mail forwarding rules are reviewed at least weekly.
- Ensure the Mailbox Access by Non-Owners Report is reviewed at least biweekly.
- Ensure the Malware Detections report is reviewed at least weekly.
- Ensure the Account Provisioning Activity report is reviewed at least weekly.
- Ensure non-global administrator role group assignments are reviewed at least weekly.
- Ensure the spoofed domains report is review weekly.
- Ensure Microsoft 365 Cloud App Security is Enabled.
- Ensure the report of users who have had their email privileges restricted due to spamming is reviewed.
Storage Policies
Recommendations for securely configuring storage policies.
- Ensure document sharing is being controlled by domains with whitelist or blacklist.
- Ensure expiration time for external sharing links is set.
Mobile Device Management
Recommendations for managing devices connecting to Microsoft 365.
- Ensure mobile device management polices are set to require advanced security configurations to protect from basic internet attacks.
- Ensure that mobile device password reuse is prohibited.
- Ensure that mobile devices are set to never expire passwords.
- Ensure that users cannot connect from devices that are jail broken or rooted.
- Ensure mobile devices are set to wipe on multiple sign-in failures to prevent brute force compromise.
- Ensure that settings are enable to lock multiple devices after a period of inactivity to prevent unauthorized access.
- Ensure that mobile device encryption is enabled to prevent unauthorized access to mobile data.
- Ensure that mobile devices require complex passwords to prevent brute force attacks.
- Ensure that devices connecting have AV and a local firewall enabled (Windows 10).
- Ensure mobile device management policies are required for email profiles.
- Ensure mobile devices require the use of a password.
Relaterade inlägg
Vill du vara säker på att inte missa något
Som du märker brinner vi för att dela med oss av våra erfarenheter, nyttiga lärdomar och spaningar ut i exosfären. Se till att följa vårt nyhetsbrev eller vårt flöde på Linkedin så du inte missar något.