Microsoft 365 Security Checklist – Cyber Security Awareness Month 2023 Edition

We click, type, and swipe without a second thought, trusting that our information and data are secure. Isn’t it? 🤧 But just as leaves fall, hackers drop many vulnerable attacks in our Microsoft 365 environment in multiple ways!  ⚠️

Phishing Attack by W3LL Hackers:

For example, Threat actors known as W3LL developed a phishing kit capable of bypassing MFA and compromised more than 8,000 Microsoft 365 user accounts! 😯But that’s not all. Over 500 cybercriminals use W3LL to carry out Business Email Compromise (BEC) attacks.  

Group-IB says that the W3LL Store offers solutions that include picking victims, creating phishing emails with weaponized attachments (default or customized), and sending those emails to victims. 

This attack is just 1 in 1000 attacks, so it’s a stark reminder that cybersecurity measures must be robust, and awareness must be high among organizations! 🛡️💪 

October 2023 – Cyber Security Awareness Month:

⌛Recall last October 2022, when we presented 31 Days – 31 Microsoft 365 Security Features, offering insights into every critical action. A few of the widely spoken tips are: 

1. Configure user consent to applications,  
2. Require phishing-resistant MFA 
3. Tag priority accounts in Microsoft 365 
4. Microsoft 365 Off-boarding best practices 
5. Passwordless authentication with Temporary Access Pass 

And more on the list. However, as Microsoft 365 continues to evolve with new features, configurations, and updates, so do we! 😌 

Thus, we’re back with a fresh round of “31 Days – 31 Advanced Microsoft 365 Security Best Practices” for this Cyber Security Awareness Month. 

During this month-long journey of cybersecurity awareness, we won’t be talking about the usual aspects: pumpkins, costumes, or turkey dinners! 😜Instead, we will guide you with the must-have Microsoft 365 security hardening tips. So, if you are looking for a break from the same old “trick or treat,” you can join in our 31-day feast of Microsoft 365 security features – a different kind of treat! 🤝 

What Can You Expect from This Cyber Security Awareness 2023 Series? 

As technology continues to advance within Microsoft 365, with the introduction of innovative features like Microsoft Co-pilot, Loop components, and Premium features across various services, the risk of advanced cyberattacks is also on the rise! Therefore, it is always our responsibility to be aware of every security setting that Microsoft provides and secure our Microsoft 365 environment accordingly.  

In this series, we’ll cover everything you need to know to enhance the security of your Microsoft 365 environment. Here’s what you can expect from this series: 

1. We promise no boring repetitions here. It’s all about new security configurations that you might not have stumbled upon yet. 💥  

2. Well, we’re not going to explain the same old feature, such as using strong passwords or turning on MFA – you’ve heard that a million times, right? You will see lesser-known, hidden security settings in Microsoft 365, the good stuff! 💯 

3. And guess what? We’re keeping it real – no heavy brand promotions. We’re all about Microsoft 365 security and solutions. 

Microsoft 365 Security Best Practices Checklist: 

Day 1: Move users to Microsoft Authenticator.

Still, some organizations use less secure MFA methods like SMS and voice calls, leaving the door open to MFA attacks! Here, Microsoft comes right in and will pop up the Entra ID recommendation: Migrate to Microsoft Authenticator. Therefore, it’s high time to listen to Microsoft’s advice and switch to better MFA options like number matching and time-based codes.

Day 2: Create Access Reviews in Microsoft Entra ID.

Managing access to sensitive data and resources can be as tricky as navigating a maze blindfolded!
So, MS introduced “Access Reviews in Microsoft Entra” as your personal security sidekick!
They ensure only the right users have access to the right things, thereby preventing unauthorized access. So, create access reviews, stay vigilant, review, and protect your data.🛡️

Day 3: Disable Guest User Invitations in MS Entra.

Do you know your guests can send invites to other guests to join your organization? That is too, by default! Looks like a major threat, isn’t it? Yeah, this open door can swiftly transform into a chilling nightmare and let hackers(in the form of guests) gain access to your most sensitive data, all without your knowledge or consent! 😯So, restrict guest user’s from sending invitations right away!

Day 4: Migrate MFA and SSPR Policies to Authentication Method Policies.

Out with the old, in with the new! Legacy MFA and SSPR policies are like trying to fit everyone into the same size shoe – it just doesn’t work. These outdated methods treat all users the same, with no room for customization. So, move from legacy methods to strong modern authentication for easy management and much granularity.

Day 5: Implement Least Privilege Access Using Administrative Units.

Are your Microsoft 365 accounts granting too many privileges, which could pose security risks for your organization? Leverage administrative units in Microsoft Entra ID to implement the principle of least privilege. Thereby, you can group users with similar roles and responsibilities into these units and assign permissions based on their precise needs.

Day 6: Manage Self-service Sign-up for Guests in Microsoft Entra.

Enhancing security involves securely granting access to external users, rather than simply denying or limiting guest user privileges. Here comes self-service sign-up for guests in Microsoft Entra (formerly known as Azure AD), enabling external users to access your organization’s apps in a secure way. 

Day 7: Remove Unused Applications in Microsoft Entra ID.

Unused apps are like entry cards for the attackers which help them effectively loot your sensitive information in Microsoft 365. If you have numerous unused applications in your organization, you should be the first to take note of this recommendation!  

Day 8: Migrate Apps from AD FS to Microsoft Entra ID (Azure AD).

Are your applications integrated with AD FS? Beware, it’s like an open invitation to cyber attackers! AD FS lacks advanced security features, leaving a wide-open door for malicious actors. Therefore, start migrating to Microsoft Entra ID (Azure AD) for enhanced security, simplified identity management, and robust data protection. Isn’t it time to safeguard your sensitive data from potential attacks?

Day 9: Best Practices to Prevent Security Risks in Azure Shared Access Signatures.

Microsoft publicly disclosed that 38TB of private data was accidentally exposed via the Microsoft AI GitHub repository. This is due to Azure SAS token misconfiguration by their AI research team, inadvertently granting access to the entire storage account, including sensitive information! That looks like such a harm, ain’t it? So, it is essential to adhere to the best practices of Shared Access Signatures (SAS) to proactively enhance SAS security and maintain a strong defense against potential vulnerabilities.

Day 10: Standard Signatures vs Digital Signatures in Microsoft Outlook.

A standard signature functions as the electronic equivalent of a handwritten signature, while digital signatures leverage a public key infrastructure (PKI) to authenticate electronic signatures. However, digital signatures significantly strengthen email security. They provide authenticity guarantees, ensure data integrity, prevent tampering, and offer non-repudiation, making them a vital component of Outlook security and boosting the overall email security framework.

Day 11: Free Leaked Credential Detection Report in Microsoft Entra ID.

Discovering compromised Microsoft 365 credentials often happens too late, but there’s a game-changing solution! Microsoft now offers free leaked credential detection reports in Microsoft Entra ID as part of Entra ID protection. This feature identifies leaked credentials, those stolen by cyber attackers before they’re misused. With Entra ID’s risk detection, you can proactively pinpoint affected users and swiftly secure your system, preventing potential data breaches.

Day 12: How Information Barriers Strengthen Microsoft 365 Security? 

Information barriers restrict communication and collaboration between user groups to protect sensitive data and avoid conflicts of interest. For example, if you work at a financial services company, you might not want your traders to be able to see your customer support reps’ conversations with customers. Here, information barriers can help you!

Day 13: Automate Microsoft 365 User Offboarding with PowerShell.

Offboarding employees is a big deal – neglecting it can put your data at risk and open the door to security issues! The problem is there’s no one-size-fits-all process; it’s like comparing apples and oranges. Without a standard, all you can do is judge them on speed, security, and completeness. We all know how clunky and error-prone manual offboarding in Microsoft 365 can be. But guess what? We’ve got a slick PowerShell script that automates 14 best practices, making offboarding a breeze.

Day 14: How to Use Protected Actions in Microsoft Entra ID?

Previously, Conditional Access policies were applied to various workloads, locations, and applications, right? But this feature has taken on a new approach. Yeah! Admins can now demand MFA or even more robust requirements for specific Microsoft 365 admin activities with the protected Actions in Microsoft Entra ID.

Day 15: Risk-based Conditional Access Policies in Microsoft Entra ID.

Microsoft is prompting users to move their sign-in risk and user risk policies from Identity Protection to Conditional Access in response to the retirement of the UX for these policies in Identity Protection, effective October 1, 2026. By implementing risk-based Conditional Access policies, organizations gain enhanced visibility, advanced features, unified policy management, and increased access control flexibility.

Day 16: Protect Your Word Documents with Digital Signatures.

Digital signatures are essential in Microsoft Word for several crucial reasons. Few are- they enhance document integrity & authenticity, prevent unauthorized alteration, verify the identity of the signatory, and non-repudiation. And there is more reason to use it; find more here and see how to apply digital signatures!

Day 17: Allow or Blocklist Policy in Entra ID: A Gatekeeper for Secure B2B Collaboration.

B2B collaboration is essential for businesses of all sizes, but it also comes with lurking risks, such as vulnerability to cyber-attacks. One way to mitigate these risks is to use the allow or blocklist policy in Entra ID. This policy allows you to control which B2B users are allowed to access your organization’s resources.

Day 18: Microsoft 365 Copilot – Privacy & Security Impact on User Data.

Just like ChatGPT assisted sysadmins, it’s time for Microsoft Copilot to take your Microsoft 365 tasks to the next level! Microsoft Copilot is an AI-powered assistant that is embedded in most Microsoft 365 apps – Word, Excel, PowerPoint, Outlook, Teams, and more and helps you to ease your tasks. As technology advances, cyber threats and privacy concerns also increase! So, how Microsoft Copilot works, and how privacy & security will be retained.

Day 19: Microsoft Entra ID Protection Dashboard Analysis.

Microsoft’s Entra ID Protection Dashboard is now available for preview. It’s an innovative feature that not only spots identity attacks but also keeps an eye on risky sign-ins and boosts your overall security. This dashboard includes metric cards, an attack graph, a geo-map of risky sign-ins, Entra ID recommendations, and a list of recent activities.

Day 20: Restrict Domain Sharing in SharePoint Online and OneDrive.

Certainly, there are domains where users shouldn’t share sensitive information, such as personal email addresses and rival accounts, right? Therefore, to maintain data integrity, it’s highly recommended to restrict external sharing to specific domains. Follow these steps, and add only trusted domains to your domain whitelist.

Day 21: Guest User Access Restrictions in Microsoft Entra ID.

You might think giving guest users the same access as your members/users is a good idea for getting stuff done,  but it can actually introduce a number of security risks, such as denial-of-service attacks. That’s why it’s super important to limit guest access within your organization – keep them on a need-to-know basis, so to speak.

Day 22: Safe Links in Microsoft 365 Defender.

Your Microsoft 365 users are constantly bombarded with phishing emails that contain malicious links. These links can lead to fake login pages or deceptive business offers that can compromise your organization’s resources. While it’s not always possible to prevent users from clicking on malicious links, Safe Links in Microsoft 365 Defender can help.

Day 23: Why Email Authentication in Microsoft 365 is Important? 

Google has introduced stringent email authentication rules, especially for those sending over 5,000 emails a day to Gmail. This is a heads-up for Microsoft 365 admins; listen up! Regardless of the email service, be it Google, Yahoo, Microsoft 365, or others, the primary objective remains thorough email validation before delivery to recipients’ inboxes. Find out why email authentication in Microsoft 365 matters, and don’t fall behind in 2024!

Day 24: Configure smart lockout in Microsoft Entra ID.

Brute-force attacks typically involve attackers trying trial & error to crack login credentials and passwords. Well, guess what? You can actually keep them at bay with the smart lockout in Microsoft Entra ID. Moreover, smart lockout is way better than regular lockout because it employs advanced methods like where the sign-in is coming from, the IP address, password patterns, and more before deciding to lock an account.

Day 25: Find inactive users using access reviews in Entra ID.

Inactive employee accounts can become a security concern and resource drain, especially in terms of licenses! Hence, addressing this is crucial as it frees up licenses and enhances cost-efficiency. The question is, how does one pinpoint inactive users in Microsoft 365? Well, among the available options, Microsoft Entra ID Governance access reviews emerge as the preferred method for managing inactive accounts, which is ideal for identifying accounts unused for up to 720 days.

Day 26: 15 SharePoint Online Security Best Practices.

Ensuring strong security in SharePoint Online is crucial, but it can be a bit of a puzzle. No worries, though; we’ve got your back! We’ve created a handy SharePoint security checklist that covers the top 15 protection measures to help you make sure your settings are spot on. Follow this checklist step by step, and you’ll be all set to safely share your important resources on SharePoint Online.

Day 27: How Safe Attachments in Microsoft 365 Improves Security

Beware of phishing attacks that use Microsoft Teams messages to distribute malware. In a recent campaign, cybercriminals used compromised Office 365 accounts to send phishing messages with malicious attachments named “Changes to the vacation schedule.” Here, Safe Attachments in Microsoft 365 Defender can help protect against these threats by detonating attachments in a virtual environment before they’re delivered to recipients. Learn how to make the most of safe attachments and discover their essential role in Microsoft 365 security.

Day 28: Best Practices for Protecting Priority Accounts in Microsoft 365.

Executive accounts are vital in any organization, and it’s crucial to shield these high-priority accounts from malicious users seeking to exploit vulnerabilities. Breaching these accounts could mean access to sensitive data like product development and financial information. In this guide, we’ll explore top security practices for Microsoft priority accounts and how admins can provide extra protection.

Day 29: Secure Workload Identities Using Continuous Access Evaluation in Microsoft Entra ID.

Workload identities are vital for secure access to resources in the Microsoft Entra ID, like Microsoft Graph, Entra storage, or your APIs, without revealing user credentials. However, they bring security challenges like a lack of structured lifecycle management, no MFA support, and a need for credential storage, increasing the risk of compromise. The solution? Continuous Access Evaluation for workload identities.

Day 30: How Applying User Tags Can Help to Improve Microsoft 365 Security 

Cybercriminals target top-tier accounts, like CEOs, finance, and IT teams. While admins do their best to watch over them, there’s still room for oversight! The solution? User tags in Microsoft 365 Defender. By tagging these high-value accounts, you can create custom alerts and reports to guarantee they’re always on the radar.

Day 31: Configure Microsoft Teams with Highly Sensitive Protection 

Microsoft Teams is a handy communication tool, but when it comes to safeguarding sensitive data, it may fall short! By default, Teams stores files in SharePoint Online, which can have lenient settings, potentially exposing your content. So, Microsoft suggests three tiers of protection, each providing varying levels of protection. Therefore, boost security by setting up highly sensitive protection for teams, allowing authorized users exclusive access to share sensitive data.

In conclusion, we’ve given you a handy Microsoft 365 security checklist, like a helpful treat! It’s like having a step-by-step plan to protect your organization from online threats.

By meticulously following these essential Microsoft 365 security steps, you’re not merely ticking off items on a to-do list; you’re building a strong defense against digital dangers. Whether you’re tightening access controls, adding extra security to your data, or setting clear rules, each action makes your organization more secure.

So, as we conclude, remember that security is not a destination; it’s a continuous journey. Stay secure and vigilant! 🛡️