Under the hood: Origin’s Office 365 Security Assessment

30th July 2019

Written by Origin IT

Microsoft has poured nearly a billion dollars into the development of the state-of-the-art security solution at the core of the world’s most popular business software package, Office 365.

The investment’s paid off: Businesses can feel confident that O365’s powerful security features are more than up to the task of effectively protecting businesses and users against security threats, data leaks and access to business information by malicious third parties.

But as the saying goes, it’s not what you have that matters; it’s what you do with it. Unfortunately, a large proportion of businesses are operating O365 on inadequate legacy configurations, failing to activate essential security features, and pressing ‘Remind me later’ a few times too many.

The result is a dangerously false sense of security that exposes businesses to risks which have the potential to be extremely damaging and costly.

Origin Security has developed a focused, in-depth review - the Office 365 Security Assessment - to give businesses assurance that they’re getting the most out of O365’s security features.

It’s designed to help IT teams to identify the risks present in their O365 environment and learn how to remediate them, and ensures all available O365 security features are up to date and being used correctly.

Let’s take a look under the hood of the Office 365 Security Assessment. Here are the checks our security analysts work through for every assessment:

Identify active alerts and policy misconfigurations

Misconfigured policies and unattended alerts often lead to attacks going unnoticed. To prevent this, we’ll ensure your policies are correctly configured, and any active alerts are reviewed and responded to. We’ll also configure your alerts so that any compromised accounts flagged through Azure go to the right people, so they can take action quickly.

Identify malicious activities

The O365 Threat Management console will flag suspicious activities happening in your O365 environment, such as malware or phishing, which we’ll review and analyse. This allows us to identify the improvements your business can make to strengthen your security posture.

Monitor and review audit logs

We’ll review mailbox log-ons, in order to identify potentially malicious activity. This may also be required for compliance with certain standards such as PCI DSS and ISO 27001.

Identify rules that could bypass the Office 365 anti-spam filter

O365 has built-in spam filters, but it is possible for rules to be set that will bypass them. This may happen inadvertently, or with malicious intent. We’ll review all rules to ensure they are intentional, and the results are as expected.

Configure DMARC and DKIM

DMARC and DKIM help to protect your reputation by identifying and blocking emails that spoof your email address or domain. We’ll review the current configuration and provide best practice recommendations around these technologies, so that your business transmits messages in a way that can be verified by mailbox providers.

Conduct spoofing tests

We’ll test your email filter so you can be assured that potential malicious email activities are being blocked before they cause any business disruption. We’ll review the Office 365 email filter rules you have set up, so that we can identify misconfiguration that could be allowing spoofed emails to pass through leading to social engineering attacks against your employees.

Effectively implement Microsoft Secure Score recommendations to protect user experience

Microsoft’s Secure Score tool provides a dashboard view of your O365 security, complete with recommendations on how to improve your security posture. We’ll help you to understand its recommendations effectively, so that user experience isn’t adversely impacted.

To learn more about what the Office 365 Security Assessment can do for your business, click here.

IT is changing everything. Join us on LinkedIn to keep up to date with what’s happening now and what’s coming next in the world’s most exciting industry.

Join The Common Room
Join us once a month in The Common Room and find out what's happening now and what's coming next in the world's most exciting industry.