31 Ways to Strengthen Your Microsoft 365 Security

We have finally reached the last day of October, and that means the start and end of so many things! 🍂

Autumn leaves are falling faster, the holiday season is kicking off, and we are all preparing for some well-deserved time off. But amidst all this excitement, there is one fright we cannot ignore – the sudden rise of cyber threats! 😱

That’s why we at AdminDroid brought you the 3rd edition of our Cybersecurity Awareness Month series at this time. This year’s theme takes a fresh approach compared to the last two years. 😉But before diving into this year’s theme, let’s quickly revisit the highlights of our previous series for some perspective.

• 2022 was all about – 31 Essential, frequently missed Microsoft 365 configurations.
• 2023 was all about – Advanced Microsoft 365 security settings.

I hope our past 2 series would have helped you much! 🎉 And just like that, another Cybersecurity series wraps up, but the lessons and best practices will stay with us long beyond this month. 💯

Now, let’s revisit this year’s series, packed with actionable insights on Secure Scores, practical Microsoft 365 tips, and overlooked assessments. We’ve broken down complex security concepts into easy-to-understand terms and carefully organized our blogs into two main treat bags:

1. Secure Score-Recommended Actions: We categorized Microsoft Secure Score recommendations and tailored strategies for every license type and organization. Plus, we debunked the myth that only enterprises can achieve high security by showing how basic licenses can benefit too.

2. Security Configurations Beyond the Secure Score – Some settings, though not part of the Secure Score, deliver significant security benefits. So, we carefully selected and detailed such configurations & assessments to provide those essential extra layers of protection.

Tip: Explore our dedicated page for the complete list of 31 blogs in the Cybersecurity Awareness Month series – 2024 edition.

So, before we hang up our capes and bid farewell to this Cybersecurity Awareness Month, let’s take one last tour of the security strategies we explored together.

Let’s dive into our final chapter for Cybersecurity Awareness Month 2024! ⏳

For the first 15 days of October, we focused entirely on Microsoft Secure Score recommended actions from the various Microsoft 365 portals. We’ve categorized and explored each one based on different criteria. Here is the breakdown:

• Secure Score boost with simple, free tier configurations
• Microsoft 365 workload-specific security settings
• Identity & device protection essentials for Secure Score improvement
• Microsoft Defender policies to protect sensitive data
• Secure third-party apps in Microsoft 365

Strong security and higher Secure Scores aren’t just for Enterprise licenses; they’re for everyone! So, for organizations with Basic licenses, we highlighted two blogs that cover free-tier Secure Score recommendations.

Learn how to gain 40 points and boost your Microsoft 365 security (and your Secure Score) by applying just 6 configurations!

• Boost Secure Score by 12 points with 3 easy configurations
• Top 3 settings to increase Secure Score by 28 points

Security isn’t always managed by one admin – often, different services have dedicated admins. So, to ease the process for each admin, we’ve classified the recommendations by workload! ⚙️By tailoring recommendations to specific services, it’ll be easier for admins to focus on the most relevant security measures for their specific service.

• 6 SharePoint Online recommendations to improve Secure Score
• Strengthen Exchange Online security with Secure Score recommendations.
• Major Microsoft Teams configurations to boost Secure Score by 8 points.

When it comes to cybersecurity, protecting identities and securing devices is essential. 📱Just one compromised account or device can invite major threats! To prevent this, we’ve gathered recommendations covering everything from robust password settings to advanced device-level security.

• 6 essential password settings to improve Secure Score & security
• Top 5 Microsoft Entra ID Secure Score recommendations.
• How to improve Microsoft Identity Secure Score.
• Top ways to maximize Microsoft Secure Score for devices.

Whether it’s preventing phishing scams or blocking malicious emails, policies in Microsoft Defender can offer a multi-layered approach to keep your organization secure! While Microsoft Defender is full-featured for Enterprise licenses, it also provides solid protection for Business licenses. So, we’ve broken down key policies that can improve both Secure Score and overall protection.

1. 6 Microsoft Information Protection recommendations to improve Secure Score
2. Boost Microsoft Secure Score with essential spam protection settings.
3. Tune phishing protection to boost your Microsoft Secure Score.

Microsoft supports integration with various third-party apps for seamless work and productivity. However, not all third-party apps are secure! 🚨Leaving them unmonitored and unprotected could lead to serious security issues. So, we have gathered Microsoft’s top assessments for protecting against external threats.

1. Secure Your 3^rd party apps with Secure Score recommended actions.
2. Manage third-party apps in Microsoft Defender for Cloud apps

And lastly, setting up security configurations is just one part of the equation – monitoring is the next. 🔎You can track changes in Microsoft 365 Secure Score in the ‘Metrics & Trends’ section on the home page.

Relying solely on Secure Score recommendations is not ideal and isn’t advised! Why? Because several other critical security practices are not part of the Secure Score but are equally essential. We have chosen such recommendations and included detailed insights. Here is a breakdown of such settings categorized by different criteria.

• General security best practices guides
• PowerShell scripts for Microsoft 365 tasks
• Optimize user experience while boosting security
• Effective session and credential management strategies
• Strengthen data protection with Microsoft Defender

You may have come across widely debated questions with conflicting this-or-that answers. Below, we’ve gathered some of the most frequently asked questions in security and provided clear, definitive answers. Read through our breakdown and let us know your perspective! 💯

1. How to Safeguard Admin Accounts: Best Practices for IT Teams
2. Shared vs. Inactive Mailboxes: The Best Choice for Managing Departed Employee Emails
3. Microsoft Security Defaults vs Conditional Access – When to use What?

PowerShell is one of the best ways to automate tasks in Microsoft 365. Rather than duplicating existing UI-based automations, we focused on automating tasks that are complex and tedious in the UI. Below are scripts designed to streamline these efforts:

• How to reset MFA for Microsoft 365 users
• Delete phone authentication for all users using PowerShell
• Allow external sharing for specific SharePoint sites
• Get Entra app registrations with expiring client secrets and certificates
• Identify And remove inactive users in Microsoft 365 using PowerShell

If your organization still relies on weak MFA methods or users have lost access to their MFA devices, resetting MFA is the first thing you do! But manually resetting MFA for each user is time-consuming! Instead, you can simplify MFA reset with our PowerShell script that effortlessly handles more than 25 real-world scenarios!

Download Script: https://blog.admindroid.com/reset-mfa-for-microsoft-365-users/

🚨 SIM Swapping Attacks are rising, and the main reason for such attacks is SMS MFA (phone-based MFA)! So, Microsoft recommends nudging users to use Microsoft Authenticator or go passwordless. However, many users stick to easy SMS MFA, increasing the risk of SIM hijacking attacks.

The best solution is to remove phone-based MFA from Microsoft 365 accounts. However, manually deleting phone numbers (primary mobile, alternate mobile, and office phone) for each user is tedious. So, considering all these problems, we’ve prepared this PowerShell script that does all the above more effectively!

Download Script: https://blog.admindroid.com/delete-phone-authentication-for-microsoft-365-users/

Enabling site-level external sharing in SharePoint is a smart move but can be quite a hassle if done individually for each site! This PowerShell script simplifies the process by allowing you to enable or restrict external sharing for multiple sites simultaneously, all from a single script.

Download Script: https://blog.admindroid.com/allow-external-sharing-for-specific-sharepoint-sites/

It’s vital for admins to track expiring client secrets and certificates to prevent downtime. This script retrieves expiration details and addresses multiple use cases, like identifying credentials with expiry, finding all secrets & certificates expiring in the next 30 days. Download the script to stay proactive and avoid disruptions.

Download Script: https://blog.admindroid.com/retrieve-entra-app-registrations-with-expiring-client-secrets-and-certificates/

Inactive users in Microsoft 365 are a loophole! Because it serves as a loophole through which attackers might gain initial access easily! Additionally, these accounts consume unnecessary licenses that can be reused to reduce costs. So, it’s necessary for admins to find and delete inactive users in Microsoft 365 frequently.

Download Script: https://blog.admindroid.com/identify-and-remove-inactive-users-in-microsoft-365/

In this section, we’ve highlighted potential threats that may not seem significant at first glance. However, a closer look reveals serious risks! 😨We’ve peculiarly selected and listed such settings, so review them and take action to disable them promptly!

1. Change default calendar permissions in Microsoft Outlook
2. How to disable LinkedIn integration in Microsoft Teams & Outlook
3. Customize remember MFA setting in Microsoft 365
4. Block uploading specific file types in SharePoint and OneDrive

This section focuses on crucial configurations that secure user sessions and manage credentials effectively. Neglecting these settings could leave your systems exposed to unauthorized access and data leaks. Adjust these settings to maintain a Microsoft 365 secure environment!

1. Configuring idle session timeouts for the Entra portal
2. Remove unused credentials from apps in Microsoft Entra

Here, we cover critical security policies to protect against sensitive data mishandling. You can automate labeling and pre-set rules to keep your data secure without constant manual intervention! It’s time to let Defender work smarter, not harder, for your data security!

1. Enable preset security policies in Microsoft 365
2. Create an auto-labeling policy to apply sensitive labels to content automatically

At the End of the Day, It’s About “Secure Together”

The core message of our Cybersecurity Awareness Month is that cybersecurity isn’t a solo mission; it’s a community effort! As admins, professionals, and users, we all share the responsibility of protecting our Microsoft 365 environment and every digital space we engage with.

We at AdminDroid are grateful for your engagement and commitment! While Cybersecurity Awareness Month may be coming to a close, the journey toward a secure environment never stops.

Until then, we’ll keep you updated on what’s new, what’s essential, and what’s next!

Thank you for joining us this October! 🙏

Stay secure, stay proactive, and remember: It’s not just about what you protect but HOW you protect it. 🔐