Established on November 16, 2018 when President Donald Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018, CISA is a standalone United States federal agency under the Department of Homeland Security’s oversight. In their Analysis Report (AR19-133A) released on May 13, 2019, they provide an overview of Microsoft Office 365 Security Observations, as well as recommend associated risk mitigations and best practices. These include:
- Use multi-factor authentication. This is the best mitigation technique to use to protect against credential theft for O365 users.
- Enable unified audit logging in the Security and Compliance Center.
- Enable mailbox auditing for each user.
- Ensure Azure AD password sync is planned for and configured correctly, prior to migrating users.
- Disable legacy email protocols, if not required, or limit their use to specific users.
Unsure about your Office 365 configuration? Have Suite3 conduct a security audit to verify current settings and recommend changes, if necessary, to adhere to recommended standards and procedures.