Save time with unbiased, independent feedback on vendor solutions.
Watch weekly bite-sized webinars hosted by IANS Faculty.
Microsoft 365’s default settings are optimized for productivity and collaboration, not security. Unfortunately, improving the security posture of the tenant can significantly impact the user experience of services such as Teams and OneDrive. Before
making changes, security teams must understand the micro and macro impacts of those settings on users and the overall organization. This piece outlines the key considerations and recommends settings within five primary areas of M365 that will provide
the best security return-on-investment (ROI) with the least user experience impacts.
M365’s complexity creates problems in understanding exactly where to focus security teams’ efforts. For example, every user within the M365 environment has over 7,500 combinations of settings that can be configured. Not all of these have security
ramifications, but many do and they are often obfuscated and only available as PowerShell or GraphAPI settings configured through command line tools, and not through the administrative portals associated with each M365 service.
To prioritize security efforts within M365 tenants, we recommend getting starting with:
Key steps to protecting privileged users from sophisticated attacks include:
Microsoft claims nearly 100 million people use Teams every day as the result of the huge push to remote work over the last 18 months. Unfortunately, the default Teams security settings leave a lot to be desired. Key steps here include:
From a security policy perspective, it is important to recognize all security policies configured for OneDrive are controlled through the SharePoint administrative functions. Improving one automatically improves the other. Key steps here include:
Key steps to hardening Exchange, include:
Microsoft is always changing the names of its M365 services, but most of its documentation still refers to Intune as the tool to use for mobile device management. Re-branding is under way to change everything to Endpoint Manager, but that’s still
a few months away. For ease of reference, Intune settings that can be easily searched are referenced here. Key steps here include:
The M365 platform is incredibly complex and the security options for each service change frequently. As part of our Consulting offering, we offer M365 security assessments that can be run to improve baseline configurations as
well as detect changes. Get in touch to learn more about how our Consulting and other service offerings can help improve your security program.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
September 21, 2023
By IANS Faculty
Learn why CISOs Need D&O Liability Insurance Coverage now more than ever along with guidance to help minimize potential cyber liability risk.
September 19, 2023
Discover the diversity of IANS Faculty's real-world expertise. Learn how our faculty members can help you solve your most challenging security issues.
September 14, 2023
Learn how to use a three-step approach to defending and managing public and private APIs while avoiding common mistakes.