Office 365 Security Hardening

I am sharing our Office 365 Hardening Checklist here today to help others “tighten-up” their own O365 security posture.

Office 365 Security Checklist

Secure Score in portal – portal.office.com
Enable Logging via PowerShell
Set MFA
Block Legacy Authentications – IMAP POP3 – PowerShell or Conditional Access Policy
Disabled OWA if it is not needed or used – PowerShell or Admin Center
Review/Block External Forwarding Rules – PowerShell
Review/Cleanup Inbox Rules – PowerShell
Review Calendar details sharing – PowerShell
Set Alert Policies in portal – Admin portal
Disabled Remote PowerShell per user setting – PowerShell
Designate more than one Global Admin – emergency access account
Review APP Passwords
Set Outbound Spam Notifications – Admin portal
Review Role Changes – CloudApp for new Global Admins
Configure External Sharing links defaults – SharePoint Admin and sharing
Enable Versioning on SharePoint Document Libraries
Oauth and data sharing – Cloud App control
Conditional Access – geographic fencing and other policies – Azure admin
Azure Information Protection and Document Classification and Handling & DLP Rules
Exchange
- Connection Filtering – may be leveraged if needed, and verify no unexpected settings
- Outbound Filtering – may be leveraged, and verify no unexpected settings
- Mail Flow Rules – may be leveraged, set notification of external email
- ATP Spam Filtering
- ATP Malware Settings
- ATP Phishing & Spoof Protection
- ATP Link Protection
- ATP Safe Attachments
- Mobile Device Policy – require password & encryption

DNS
- SPF Record
- DKIM Record
- DMARC Record
Domain Admin Accounts
- Set MFA
- Conditional Access – restrict by Country or IP

Weekly Tasks – many automated through CloudApp

Cybersecurity Awareness Month October 2019