1.1 Microsoft 365 Security
MIR MD NEWAZ MORSHED
Technical Lead | Microsoft O365 | Exchange Online | Azure | M365 Identity & Security
Microsoft considers Zero Trust an essential component of any organization’s security plan. Today’s organizations need a new security model that more effectively adapts to the complexity of the modern environment, embraces the mobile workforce, and protects people, devices, apps, and data wherever they’re located.
With over 90% of threats surfacing through email, it’s critical that organizations can configure security tools in a way that works for their environment. Over time, settings can age, new attack scenarios develop, and new security controls are available, necessitating regular review, upkeep, modifications, and even removal of old configurations. Microsoft is on a journey to make it easier for users and customers to understand configuration gaps in their environment with?recently launched features ?like?preset security policies, Configuration Analyzer, and override alerts in Microsoft Defender for Office 365. Essentially, when Microsoft is confident that an email contains malicious content, they will not deliver the message to users, regardless of tenant configuration.?They also recently announced their?Secure by Default capabilities that eliminate the risks posed by legacy configurations.
Exchange Online Protection (EOP) is the cloud-based filtering service that helps protect your organization against spam, malware, and other email threats. EOP is included in all Microsoft 365 organizations with Exchange Online mailboxes.
Microsoft Defender for Office 365 (MDO) helps organizations secure their enterprise with a comprehensive slate of capabilities across prevention, detection, investigation and hunting, response and remediation, awareness and training, and secure posture.
New Security Controls Microsoft Defender for Office 365 employs a multi-layered protection stack that is always being updated to meet the needs of their users/customers. As they introduce new capabilities and make improvements to existing ones, it’s important that their customers are able to take advantage of these capabilities. That sometimes requires frequent evaluation of settings to ensure the latest protections are turned on. Failing that discipline, it’s possible that the latest protections are not being applied to all users in the organization.
Naturally, these three challenges signify the importance of secure posture. It’s more important than ever that configuring protection against threats is easy to achieve and maintain.
Microsoft 365 Email Protection Basics
Top security tasks
Microsoft recommends that you complete the tasks ? listed below:
Compromised Accounts
Investigation and data gathering
领英推荐
Incident response
How to stop an active user session in Microsoft 365
In situations involving compromised user accounts simply disabling an account may not be sufficient to mitigate the threat. Especially, if the account is actively being using to send spam or phish or to download data.
In Office 365 Admin Center under Home >Active Users - Select a user, Click on Account and Sign out of all sessions. This performs a one-time sign-out for that user that revokes active sessions across Office 365 services, including Exchange Online.
Security Resources
User Education
Microsoft Defender for Cloud Apps:
Microsoft Defender for Cloud Apps is a Cloud Access Security Broker (CASB) that supports various deployment modes including log collection, API connectors, and reverse proxy. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your Microsoft and third-party cloud services.
Microsoft Defender for Cloud Apps natively integrates with leading Microsoft solutions and is designed with security professionals in mind. It provides simple deployment, centralized management, and innovative automation capabilities.
For more information, please refer to Introducing Microsoft Defender for Cloud Apps