Specifically, the agency has offered advise for companies that have rushed to deploy Office 365 amidst the COVID-19 outbreak. In the advisory, CISA says it sees organizations that have not rolled out security for Office 365 in a robust way. “In recent weeks, organizations have been forced to change their collaboration methods to support a full ‘work from home’ workforce,” CISA notes in the new alert. “O365 provides cloud-based email capabilities, as well as chat and video capabilities using Microsoft Teams. While the abrupt shift to work-from-home may necessitate rapid deployment of cloud collaboration services, such as O365, hasty deployment can lead to oversights in security configurations and undermine a sound O365-specific security strategy.” CISA has regularly warned organizations from rolling out Office 365 while ignoring security best practices. Obviously, this is something Microsoft is also concerned about. The company actively urges users to properly set up their security around the platform.
Best Practices
In its advisory, CISA links directly to Microsoft’s best-practices for Office 365 and Azure AD. Leading the list of advice is using multi-factor authentication (MFA), especially in Azure AD. This is important because AD is like a parent administrative platform for managing on-site deployment of Office 365. “Using Azure AD’s numerous other built-in administrator roles instead of the Global Administrator account can limit assigning of overly permissive privileges to legitimate administrators. Practicing the principle of ‘least privilege’ can greatly reduce the impact if an administrator account is compromised,” CISA explains. In January, Microsoft published Security Defaults that offers advice for organizations to protect their accounts. In fact, these defaults are the same protocols the company uses for its personal account users. CISA says organizations deploying Office 365 should use these defaults. “If not immediately secured, an attacker can compromise these cloud-based [admin] accounts and maintain persistence as a customer migrates users to O365,” CISA adds. In April last year, Kaspersky released a report showing Office is the target of 70% of all attacks it observes.
