Silence Doesn't Mean Secure: Shore Up M365 With These Security Best Practices

By Michael Arabitg, Voleer

Effectively monitoring Microsoft environments, as every IT professional knows, requires constant vigilance. Even when all is quiet, and there are no security alerts and notifications, that doesn’t mean everything is secure. Threats have grown more sophisticated. Bad actors are just a click away, waiting to access valuable data or slip into your environment undetected to cause trouble.

IT staff can’t wait until a problem emerges. It’s imperative to assess an organization’s security consistently and regularly. Because what you don’t know can definitely hurt.

Common Challenges

Understanding the common security challenges can help organizations establish effective policies and protections. Proactive steps include disabling legacy or basic authentication protocols prone to cyberattacks like POP, IMAP, and SMTP. Also, reducing the number of global admins to a minimum can result in fewer surface attacks on cloud applications. Finally, you might also retire old servers and applications within the environment that are no longer needed. These steps help ensure that your organization is building out the strongest cloud environment possible.

But keeping your environment secure shouldn’t just fall on the security team. It’s important that while you’re leveraging Microsoft 365’s security offerings, you’re also training all staff to understand potential vulnerabilities. Deploying security training and awareness from entry-level positions to the C-Suite will help maintain a secure environment. All users must be aware of best practices for combatting common threats like phishing emails so they don’t fall prey to these threats.

Alert Fatigue

Given the onslaught of daily alerts and notifications, alert fatigue can quickly become a problem. Many types of cyber-security and protection software offer various intrusion alerts, which can indicate legitimate threats or false positives. With so many different alerts to track, these notifications can lose their urgency. It’s easy for security administrators conducting ongoing monitoring to experience fatigue.

Following up on each alert requires significant time. Security teams are often busy not only monitoring and protecting the environment but also resetting passwords and other administrative work. One tool can help cut through the fog of alert fatigue – a clean and presentable dashboard that displays all necessary information in one place. A dashboard helps the security team maintain visibility into the myriad types of intrusions.

When A Breach Occurs

Even when all is quiet, security issues can still escape detection.

Imagine a bad actor logs into an employee's email account by hacking an easy password. There are no security alerts, no alarms. Suddenly and silently, that email account could launch a multitude of threats.

In these instances, security teams need breadcrumbs to identify the security breach’s origin. Comprehensive security assessments and dashboards, such as those from BitTitan Voleer, can provide greater visibility into your Microsoft environment. They provide a detailed overview of email authentications, newly logged-in devices, directory roles that apply to all users, different types of outgoing internal emails, the types of email and forwarding policies recently established, changes in various types of mailbox permissions, and login heat maps.

These details can help identify suspicious activity and inform the necessary steps to remediate the threat. Security admins can see which passwords must be reset if any policy changes must be corrected, or if any phishing emails were sent and to which accounts. This comprehensive view helps quickly identify who is affected, the severity of the breach, and how to correct the issue as quickly as possible.

Having A Back-Up

Many organizations primarily focus on protecting systems from attack. However, little attention is paid to how to handle an attack once it has occurred. A strong plan for data backup helps companies mitigate loss and continue normal operations while addressing a threat.

Organizations should have a secondary environment where their data is replicated. In the event of a security breach or system failure, the secondary environment can be spun up quickly, enabling companies to continue business as usual. This helps mitigate potential downtime and negative impact on customers.

Leveraging Data And Selecting The Right Tool

Continuously monitoring security is challenging. But there are ways to make it easier.

Assessment reports and data analytics are powerful tools to help evaluate the effectiveness of security policies. A dashboard can be embedded into a Teams environment and refreshed, leveraging your datasets. Security admins can check this information throughout the day to monitor Microsoft environment activity through a single dashboard. This eliminates the need to pull data from multiple areas when following up on security alerts, saving valuable time.

When selecting the right security tool, consider its users. Will trained security experts who are comfortable using complex tools be using the tool? Or will it be non-dedicated security reps who require tools that aren’t so complex?

Whichever option you pursue, make sure the tool is easy to navigate for everyone in your organization. Your company should not rely on security experts alone to monitor your Microsoft environment. System engineers should have access to security-monitoring tools as well, as they have access to a lot of admin rights within the environment. Their role calls for them to create new tools, create new IP and work with customers to build out their solutions. They must be able to read the reports, understand the security threats and navigate the security tools. Focus on the quality and speed of information-gathering that a tool enables, the user experience, and the compatibility with how your organization operates.

Maintaining ongoing vigilance for security threats can be challenging. But you can take steps to ensure your efforts are effective, and tools are leveraged to ease the burden of monitoring threats. Use the resources at your disposal to stay on top of any unusual activity, mitigate risk and ensure your environment is protected.

About The Author

Michael has worked in the tech industry for more than 10 years, helping partners seamlessly and securely migrate to Microsoft 365 and Azure. He also has developed IoT and data analytic solutions to address customer challenges. In his current role as senior solutions engineer for Voleer, he focuses on helping customers optimize the management of IT and drive growth based on their needs. Michael earned his Certified Information Systems Security Professional (CISSP) accreditation at St Petersburg College.