Essential Checklist for Protecting Your Microsoft 365 Account

A new year has begun when Windows software will be patched. Because patching Microsoft 365 account protection isn’t enough, some businesses will want to buy a third-party tool that claims to protect against all threats or start a zero-trust project. But before that, businesses should look at whether they’re making the most of ways to protect their Microsoft 365 accounts and data.
ⓒ Microsoft

Logging system to prevent ransomware attack

In many cases, operating system patches alone cannot completely protect businesses from ransomware attacks. Even a fully patched operating system can be vulnerable if cyber attackers use phishing attacks. End-user training is the best preventative measure when technical safeguards do not work or attackers circumvent them.

Businesses should evaluate whether their current systems have sufficient logging to determine whether an attacker has infiltrated the network and how to gain access. According to a recent study by security firm FireEye, ransomware attackers spend an average of 72.75 days in the victim network, and the average duration of other cyberattacks is 56 days. Ransomware attackers hide in victim networks for up to 547.49 days. Of course, it is not necessary to save log files up to 547.49 days ago, but log files for at least 72.75 days must be able to be recorded. With this level of logging, you can see in the archives how an attacker accessed your network.

Whether to leverage Microsoft 365 security tools

Businesses using Microsoft 365 can protect their accounts and data with several tools included in the subscription package. Microsoft MVP Luerid Campbell blogintroduces several scenarios for using Microsoft 365 to protect information. Your best bet is to buy a Microsoft E5 license, but you don’t have to apply the E5 license to all Microsoft 365 users, and you can mix and match licenses as needed. For example, assigning E5 licenses only to employees who perform risky jobs or are likely to be targeted.

Check the privileges assigned to the IT consultant

Campbell stresses that the first thing to consider in order to protect your network from cyberattacks is to grant network administrator privileges to external consultants. In other words, businesses can be at risk from consultants trying to get Cloud Service Provider (CSP) management rights for their tenants. Campbell advises buying user accounts for consultants rather than providing them with a CSP that grants them rightsholder rights. This is because a more granular password policy can be applied to the account for the consultant.

Microsoft 365 has a roadmap for this situation. Businesses can add consultant accounts as needed and remove them upon project completion. Businesses should ensure that multi-factor authentication (MFA) is always enabled for all managed accounts. If there are users who refuse MFA, you can use the Azure P1 license. Static IP addresses can be whitelisted, eliminating the need for MFA to log in from specific trusted locations.

Seeking VPN Alternatives

We rely too much on VPNs and some users think VPNs are a way to be secure, but I don’t think so. For businesses, unpatched VPN software is often a network entry point. The VPN software isn’t Microsoft-based, so it’s easy to miss updates.

Therefore, it is better to look for alternatives to VPN solutions. If you need to connect to resources remotely, Azure AD Application Proxy is a good alternative. If you have older applications on your network that can’t use Azure AD, it’s a good idea to use the Remote Desktop Gateway service with Duo until you can transition more to an Azure AD-based solution. If you’re only using on-premises servers and a VPN for all your remote access, it’s time to consider other options. Let’s look at our reliance on group policy and configuration management, and consider the adoption of Intune.

Browser and Plugin Review

Ransomware often enters networks through malicious websites. That’s why browsers and add-ons have security enabled by default for both regular and business users. I like to use multiple browsers, as different web applications may have different optimized browsers. Also, in a business environment, it is wise to restrict certain browser activity, or at least review the plugins installed in the browser. Browser plug-ins are also a way for cyber attackers to take over your system.

Access policy check

Shortly after I first introduced Microsoft 365 a few years ago, a foreign cyber attacker tried to log into my account. I immediately created a conditional access policy and created a physical block rule. Login attempts occurred from accounts that received relatively more spam emails for work.

If you have employees who are more likely to be attacked or more likely to be targeted by phishing attacks than others, we recommend using Microsoft Defender for Cloud Apps. Microsoft Defender for cloud apps has the ability to review and monitor anomalous behavior that cannot logically occur, such as logging in from one country and then logging in from an IP in another country.

Alarm for lateral movement

Lateral movement becomes the first clue that an attacker is installing malicious code inside the corporate network and preparing for a full-scale cyber attack. Microsoft Defender for Identity is a lateral movement tracking tool that can be used to monitor pass-the-ticket (PTT) attacks, network reconnaissance by attackers, and credential theft. I set up to monitor these activities daily and send a report when anomalies are detected.

If you’re using Microsoft 365, let’s review the options available to you. Patches alone are not enough, but you may find that Microsoft 365 has various features that are needed to enhance security. [email protected]

Source: ITWorld Korea by

*The article has been translated based on the content of ITWorld Korea by If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!