#FAQFriday: Friends Don’t Let Friends Migrate to the Cloud Without Locking it Down

During the last few years and for the foreseeable years, companies are migrating to Microsoft’s cloud – Office 365 and Azure in the masses. This is because Office 365 and Azure offer a variety of plans, applications, and benefits, like multi-level high availability that are expensive to implement and maintain with on-prem configurations. Office 365 and Azure tenants also include an increased number of available security options and features that seem to be going through infinite changes.

When we work with customers on these new implementations, migrations, or when training IT staff, customers often comment that the new security features are not straight-forward, they are hard to find, and it's not always clear how to actually use these new features. Because of this, IT admins, engineers, and managers alike are often left wondering if their Office 365 and Azure environment is properly secured.

We often get questions like:
"How do we lock it down to prevent unauthorized access?",
"How can we protect our users from viruses, malware, phishing, and scams?", and
"How do we prepare for escalations, or a bad day when things break that aren't supposed to?"

But, there are ways to proactively prepare for "the unexpected"...

Here are a few tips we recommend for locking things down, and keeping your tenant under control:

  • Add MFA (multi-factor authentication) for admin accounts.
  • Use built-in auditing reports and alerts to notify you if accounts are potentially comprised from external sources.
  • Only give admin permissions as needed, and use the Custom Admin roles and options to limit the type of admin permissions for admins.
  • Put into place a process to review unused accounts, and lock them out, or remove the licenses.
  • Assign an admin to keep an eye on the quarantine filter and alerts for viruses, malware, phishing, etc.
  • Limit the apps within the licenses, and customize them to only allow users access to features that your team is comfortable supporting.
  • Customize and limit end user sharing for OneDrive, links, documents, SharePoint and Office 365 groups.
  • Put DLP rules and encryption in place to prevent accidental sharing of intellectual property, confidential customer data, and employee info.
  • Lock down public folders and distribution groups, especially large ones. Limit who can send to them, and prevent external senders from sending to the ones that don’t need to receive messages from all.
  • Assign an IT admin to review the services messages from Microsoft daily to stay on top of planned maintenance schedules, feature updates, outage alerts.
  • If you use ADConnect or ADFS, schedule an outage testing day and test failovers and disconnections (hint: if ADConnect disconnects, the accounts in the cloud will continue to work, but password changes will not get updated).
  • Create a resource mailbox that is used specifically for disseminating emergency technical issues. Create a hidden distribution group that includes key business group leaders cell phones numbers in case there is an outage impacting email.

Here at CloudAdv, we provide engineering for these types of migrations, Security Assessments to spotlight security loopholes, and train customers on how to lock them down and be safe in the cloud.

Email us at securityassessment@cloudadv.com for a confidential chat about how we can help you to lock down your Office 365 / Azure tenant. It's never too late to secure your environment!

Posted in

Related Posts

Recent

Archive

Categories

Tags