- The number of tenant admins - The more global admin users you have, the more likely it is that one of those accounts will be successfully breached by an external attacker
- Mailbox auditing for all users - By default all non-owner access is audited, but you must enable auditing on the mailbox for owner access to also be audited which allows you to discover illicit access of Exchange Online activity if a user's account has been breached.
- Reviewing the Azure AD Sign-ins after multiple failures report at least every week - This report can serve as a good indication that an account has a cracked password.
- Windows Defender Security Center and Antivirus – You can now manage all facets of Windows 10 security such as PC health, Windows Firewall, Windows Defender and Parental and Family Controls through a single interface now, allowing you to more easily protect yourself against malware, malicious code and hackers.
- Enhanced mobile device management (MDM) support – Configure security policies through MDM that were previously only available through Group Policy, including 300 native MDM settings.
- Windows Hello for Business – So you want to enable MFA as suggested earlier in this article but don’t have Azure because you’re completely domain joined? No problem. You can use Hello so that users can use biometric gestures as an alternative to a simple PIN which isn’t a true form of MFA.
- Dynamic Lock – Tired of reminding your users to lock their machines when they leave their stations? Now you don’t have to. Dynamic Lock automatically locks their PC when they step away by measuring the signal strength of their smartphone. When Windows assumes they’ve walked away, it locks their PC automatically.
NEW April Blog: Great Security Tools from Microsoft
Brad Rudisail, MCITP, MCSE, Virtualization Administrator, Network Engineer
In case you haven’t noticed, Microsoft has increased their focus on cybersecurity as of late. Whether it be in support of their client/server operating systems or Office 365, Microsoft has released a number of powerful tools to assist your IT department in combatting unauthorized cyber activity that could jeopardize your network. Last year was a banner year for cyber security attacks, data breaches and ransomware, which became a billion-dollar industry last year by itself. Below is a summary of some of the options that you should consider implementing in order to circumvent these attacks.
Office 365 Secure Score
Most of us habitually check our credit score from time to time, but have you checked your Secure Score for Office 365 lately? If you are an Office 365 subscriber, you can access your score by going to https://securescore.office.com/#/dashboard. Secure Score offers a risk assessment for your Office 365 environment by assigning you a matrix score based on designated security settings and behaviors. It then assigns you a score between 1- 344. Don’t be shocked if you log on and see an assigned score of less than 50 because the average score is a poultry 29 believe it or not! This is yet one more example of the complacency surrounding the issue of cybersecurity for so many organizations. Secure Score lets you track and plan incremental improvements over periods of time. Three examples of the things that Secure Score evaluates are as follows:
The good old days of protecting your user accounts with a mere password are over. With the proliferation of credential stuffing attacks, key loggers, and bot armies guessing passwords on a nearly untraceable incremental basis, simply relying on password protection for your accounts is risky business. At the very least, accounts with privilege access such as IT admins, HR staff and high level management should be protected by more than one authentication method. Microsoft makes it easy to set up MFA for your Azure accounts, requiring additional identification only when they logon off premise. In this day and age, all organizations should have some type of transition plan to eventually enforce MFA for all users.
Windows Information Protection (WIP)
WIP helps to protect against potential data leakage by managing data policy enforcement for apps and documents and removing access to enterprise data from both enterprise and personal devices. For instance, a user may receive a confidential email and want to copy its contents and save it in Notepad on an unmanaged device. By doing so, this information now resides in an uncontrolled environment, exposing it to unauthorized access. WIP helps enforce the separation of personal and corporate data without requiring employees to switch environments or apps. It also allows IT admins to wipe corporate data from devices while leaving personal data alone. WIP requires the culmination of Windows 10 and either Intune, SCCM or a third party MDM solution.
New Windows 10 Creators Security Additions
In case you have been hiding in a cave the past two months, Microsoft is unveiling their new Windows 10 version called Creators within a matter of days and it adds additional layers of security armor to protect your devices.