Microsoft 365 Is Secure, But Your Implementation Likely Isn't!

Microsoft 365 Is Secure, But Your Implementation Likely Isn't

Microsoft Cybersecurity Reference Architecture (May 2021).png

The Online Trust Alliance (an Internet Society initiative) reports that 93% of all security breaches could have been avoided if basic cyber hygiene had been in place. That’s quite a depressing statistic given the sheer volume of attacks that continue to increase daily both in number and sophistication, though not entirely unreasonable seeing the large, dispersed landscape IT departments have to deal with nowadays.

The 93% statistic isn’t even referring to best practice such as complete implementation and usage of Microsoft’s Cyber Security Reference Architecture: ‘Security modernisation with zero trust principles’ released in May 2021, it refers to the very basics of cyber hygiene such as patching, firewall rule management, running anti-virus software, and enabling multi-factor authentication.

The impact, specific to Microsoft 365, is that 85% of organizations that use Microsoft 365 have suffered an email security breach. Now, you may be thinking that ‘it’s only email’ but while email may be the source issue, the potential consequences go well beyond email and into core infrastructure.

The MITRE ATT&CK matrix for Microsoft Office 365 and Microsoft Azure Active Directory demonstrate the kill chain from initial access to impact, both of which start with obtaining access to Valid Accounts and quickly escalate to account manipulation, creation of new accounts, privilege escalation, defense evasion and on so until critical services are impacted.

Why is this still a thing in 2021?!

Through our real-world work with clients to secure their Microsoft 365 and cloud services, we see four primary reasons as to why even the very basic security fundamentals are not being achieved:

Incorrect Security Perceptions: Organizations perceive Microsoft 365 to be secure, which is correct to an extent. The underlying Microsoft 365 service IS secure, but the information, data, devices, accounts, identities, and directory infrastructure are only as secure as their implementation and management. Microsoft’s own Shared Responsibility Model provides more detail on the roles and responsibilities for security.

Skills & Resources: A lack of available engineering resources, skills, and experience undermine the ability to implement and maintain a robust security architecture. This is especially true in the Small to Medium (SME) sized organizations of 100-1,000 users.

Tool Sprawl: Today’s highly distributed data and disappearing perimeters, results in organizations struggling not only with the expanding threat landscape, but the growing solutions landscape, their associated mounting costs, and a lack of a wholistic view of security status. 77% of security practitioners report they have too many point products to track and manage.

Tool underutilization: in contrast to point 3 – having too many tools addressing point solutions and no holistic view of security – Microsoft report that only one quarter of their customers are actively using the security products they’ve purchased.

While no single security provider will cover your entire digital footprint, for enterprise customers that have already embraced Microsoft 365, significant gains can be realized in security—to the tune of 52%.

Leverage Microsoft 365 Security Offerings

Microsoft 365 is much more than just a new name for Office 365, it brings together a comprehensive suite of security capabilities that most organizations already have access to, or can upgrade their licenses to access, at a fraction of the cost of bolting on expensive vendor specific security tools.

By leveraging the Microsoft 365 offerings, you will not only reduce your attack surface and mitigate risk, but you will also increase the speed and agility of your IT organization. Below are just a sample of the security services every organization should be utilizing:

Autopilot - a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use that meet security and compliance standards, and then reset re-purpose and recover as needed

InTune – a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM)

Defender – enterprise grade security platform that prevents and detects, along with helping investigate and respond to threats covering end points, devices, Microsoft 365, Office 365, and Azure Active Directory

Sentinel – a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response

A quick note on Sentinel to highlight that it is free for the following data sources – yes FREE:

Azure Activity Logs, Office 365 Audit Logs (all SharePoint activity and Exchange admin activity) and alerts from Microsoft Defender products (Azure Defender, Microsoft 365 Defender, Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Defender for Endpoint), Azure Security Center and Microsoft Cloud App Security can be ingested at no additional cost into both Azure Sentinel and Azure Monitor Log Analytics

Multi-factor Authentication – providing more secure access to Microsoft 365 services, yet surprisingly not enabled by a large portion of organizations!

Conditional Access – more capability than a tool per se, that is the logical progression that follows Multi-Factor Authentication (MFA) and InTune. Conditional access is used by Azure Active Directory to bring signals together, to make decisions, and enforce organizational policies including access by identities and devices to systems, applications, data, and services

But where do you start?

There are many places that you could start, but our experience shows that the best starting point is to understand your current security posture, address immediate high priority risks, and then build a roadmap to a security foundation that is effective yet lightweight.

That’s why we built the FREE Microsoft 365 HealthCheck service. In just a couple of hours you can realize the benefits of a comprehensive analysis of your:

  • Microsoft 365 and Azure Active Directory setup

  • Security posture

  • Administrative privileges and governance

  • License availability and usage

  • You will receive a report that will share:

  • High-risk priority risks that require immediate remediation

  • Gap analysis of current environment vs. desired state design based on best practice

  • Operating model recommendations

  • License recommendations and cost optimization

  • Tailored security roadmap

Lee Cassidy