Helping you Stay Secure with Office 365
We have created a set of best practice security recommendations (Baseline and Enhanced Security) that we are encouraging clients to adopt to protect from data breach. We have also developed complementary services that provide further enhancements to security, compliance, and management.
We offer a Security Review and Roadmap where we will:
1. Review your environment against the security recommendations – Baseline, and where applicable Enhanced. You can read more about our baseline security standards here.
2. Undertake a pragmatic review and validation of the Microsoft Secure Score (Microsoft’s numerical measurement of an organisation’s security posture) taking into consideration your specific environment, requirements, and culture.
3. Develop a Security Roadmap with areas ofimprovement or enhancement that are prioritised and costed (including any additional licence requirements), these can be implemented in a phased approach.
There are a number of services that provide further enhancements to security, compliance, and management.
- Microsoft products/services
- Implementation and configuration
- Ongoing Management
Within this section we have outlined key services and would within the Security Review & Roadmap determine the most appropriate elements and prioritisation.
Extend Audit Log Duration
As standard Office/Microsoft 365 only log activity to the audit logs for a rolling 90- day period. In the case of an investigation this could be very limiting.
We strongly recommend extending the logging duration with Microsoft Log Analytics, which extends the logging to 24-months with the ability to further archive these logs indefinitely.
Enhanced Logging
The standard logs that are recorded by Office/Microsoft 365 are very difficult to interpret and almost impossible to correlate between different services.
In addition to ‘Extend Audit Log Duration’ we recommend a basic implementation of ‘Cloud Access Security Broker (CASB)’, utilising Microsoft Cloud App Security (MCAS) to capture a detailed audit trail of all user and admin activities for forensic investigations. Further capabilities of MCAS are detailed later.
SharePoint Permissions
It is important to ensure that internal and external permissions on folders and individual files are appropriate and there is no risk of unauthorised access to sensitive or confidential information. The standard approach to SharePoint permissions is problematic and can be very complex, with ad-hoc sharing and inherited permissions increasing the risk of people gaining incorrect access rights.
We can undertake an audit and review of permissions, develop an appropriate permission structure, and as applicable restructure the site/library.
We have developed a platform – Syntax Asset Data Manager (ADM). ADM utilises an innovative permissions dashboard to assign permissions to both internal and external users that are flexible, repeatable, auditable, and critically, is not open to errors that are common with a manual approach.
Team Permissions
The use of Teams to collaborate with external parties has increased substantially over recent months. In a similar manner to ‘SharePoint Permissions’ it is important to ensure the security of data that is being shared via Teams.
Teams has a more basic permissions model than SharePoint, increasing the requirement to ensure that appropriate access is implemented and reviewed.
We can undertake an audit and review of permissions and develop an appropriate permission structure. It is also possible to implement ‘Access Reviews’, allowing the efficient management of group memberships, access to enterprise applications, and role assignments. User access can be reviewed on a regular basis to make sure only the right people have continued access.
Document Protection
In addition to implementing ‘SharePoint Permissions’, it is possible to configure additional security to protect files and documents regardless of where they reside. For example, if you shared a sensitive file with a prospective investor and the deal did not progress, you could revoke access regardless of whether they kept a local copy of the file.
It is possible to discover and automatically categorise your sensitive information such as PII or banking information across a variety of locations including devices, apps, cloud services, and on-premises.
We can implement a service to apply sensitivity labels manually or automatically to files. Allowing data security actions such as encryption, digital rights management (DRM), and visual markings (such as ‘Confidential’) to be applied.
Self-Service Password Reset
Self-Service Password Reset (SSPR) enables users to reset their passwords without contacting IT staff for help. The users can quickly and safely unblock themselves and continue working no matter where they are or time of day.
We can implement SSPR, including the planning and deployment to end-users, developing activity reports, and provide ongoing support and advice.
Advanced Anti-virus/Malware
We can review your existing anti-virus/malware provision and as appropriate migrate to Microsoft’s next-generation endpoint security platform – Defender Advanced Threat Protection (Defender ATP).
Defender ATP is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. This includes threat & vulnerability management, automated investigation and remediation, and Microsoft Threat Experts (a threat hunting service).
Cloud Access Security Broker (CASB)
Cloud Access Security Brokers (CASBs) are cloud-based security solutions that provide a new layer of security to enable oversight and control of activities and information across cloud SaaS apps – not just Office/Microsoft 365, but other services such as Dropbox, Salesforce, etc. that may be used in an official or unofficial manner (known as ‘Shadow IT’).
CASBs have four key capability areas 1) Shadow IT discovery, 2) information protection, 3) threat protection, and 4) compliance. They provide a central control plane for governance and policy enforcement across all your cloud apps and services.
We can determine the elements you may wish to implement and the most appropriate configuration/reporting settings. This can be undertaken in a phased approach – as discussed within ‘Enhanced Logging’ we recommend a basic implementation of Microsoft Cloud App Security (MCAS) to capture a detailed audit trail of all user and admin activities for forensic investigations. Other potential uses include:
Discovering all cloud apps and services used in your organisation, both official and shadow (unofficial)
Detect when data is being exfiltrated from your corporate apps, this can alert you on suspicious usage that indicate a potential attempt to misappropriate information
Protect your data when downloaded to unmanaged devices, it can be configured with granular controls to either prevent the download of sensitive files altogether, or apply a protection label
Security Information and Event Management (SIEM)
A Security Information and Event Management (SIEM) system collects data from various sources, normalises and aggregates it, and analyses it to pinpoint security breaches and enable the investigation of breaches.
Microsoft Sentinel is a relatively new service from Microsoft and is significantly more cost effective than other SIEM services/products in the marketplace.
Sentinel integrates and takes feeds/alerts from Microsoft services and other data sources such as firewalls, proxies, and other endpoints.
We offer an implementation, tuning, and 24×7 monitoring SOC (Security Operations Centre) service. We can implement this in a phased approach sized and scaled appropriately to your organisation, requirements, and risk profile.
Please do not hesitate to contact us if you are interested in undertaking a Security Review & Roadmap, or need any additional information relating to any of these elements.
To discuss your specific requirements.
Call today 020 7307 5008
Office 365 Management Enhancements
We are also able to offer a range of Enhanced Management services, building upon the functionality of Enhanced Security. We are working closely with Microsoft to identify new ways to help you stay secure, and we are developing a roadmap of recommendations which we will be sharing with you regularly to ensure that you are kept abreast of best practice as the security landscape evolves.
Please do not hesitate to contact us if you are interested in undertaking a Security Review & Roadmap, or need any additional information relating to any of these elements.
To discuss your specific requirements.
Call today 020 7307 5008