Office365 best practices courtesy of CISA

Established on November 16, 2018 when President Donald Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018, CISA is a standalone United States federal agency under the Department of Homeland Security’s oversight. In their Analysis Report (AR19-133A) released on May 13, 2019, they provide an overview of Microsoft Office 365 Security Observations, as well as recommend associated risk mitigations and best practices. These include:

  • Use multi-factor authentication. This is the best mitigation technique to use to protect against credential theft for O365 users.
  • Enable unified audit logging in the Security and Compliance Center.
  • Enable mailbox auditing for each user.
  • Ensure Azure AD password sync is planned for and configured correctly, prior to migrating users.
  • Disable legacy email protocols, if not required, or limit their use to specific users.

Unsure about your Office 365 configuration? Have Suite3 conduct a security audit to verify current settings and recommend changes, if necessary, to adhere to recommended standards and procedures.