Security for Microsoft 365
With the ongoing transition to cloud-based platforms such as Microsoft 365, Azure and AWS, security needs to be reconfigured for the cloud world. With multiple access vectors now available to cybercriminals, you need to make sure you are protected at every entry point.
As security is at the forefront of everything we do at RODIN, we’ve created three easy to understand security packages.
Level 1 – Office 365 User Security
This level covers the user and their system access through the activation and use of Multifactor Authentication (MFA).
MFA allows the system to verify that the user is who they say they are. When implemented correctly, it is significantly more difficult for credentials to be stolen or compromised. This is done through the user having physical access to a secondary device such as an approved mobile phone, security token, or even their own fingerprint. Includes the removal of basic authentication protocols that don’t support MFA – such as legacy e-mail related policies.
This means that if a user signs in from an unrecognised location, or what Microsoft deems to be an unusual sign-in then they are required to validate their credentials through MFA.
This level also includes improved spam protection and daily quarantine emails. This allows you and your users to see what has been quarantined each day, without having to sort through them in your inbox. Quarantine management allows rules and policies to be set for certain behaviours or senders.
We consider this the minimum that every organisation should have implemented.
Level 2 – Microsoft 365 Account Security
Includes all services from the Office 365 User Security.
Account security takes MFA implementation one step further to increase your security score. With MFA turned on by default, all devices are required to validate making them more secure. It allows you to set policies for trusted devices (such as photocopiers, or job share accounts) allowing these devices to operate securely within your environment.
The addition of Advanced Threat Protection for emails brings security to the forefront of your users behaviour. If a link or attachment is deemed to be high risk, it changes the behaviour of the user by alerting them to the risk with warning banners and challenge pop up boxes. As an example, in the case of hyperlinks, it clearly states if a site has been malicious and challenges the user on their next action.
Email encryption is also enabled, this allows users to manually encrypt an email, or for policies to be set for certain message types. Encryption means that only the intended recipient can access the data, this is particularly relevant for organisations or users who are responsible for sending highly sensitive data such as personal or financial data.
Level 3 – Microsoft 365 Mobile Application & Device Management
Includes all services from Account Security.
With the multitude of devices being brought into environments, it presents a unique challenge. With this level of security, you can easily manage the security of devices & access to applications.
The most secure method is by access only granted to devices that have been enrolled, authorised and encrypted to meet company standards. This means that the device & application access is managed by company policy with secure controls.
Alternatively, with BYOD devices in your environment, you enforce conditional access to company-related apps with additional controls through profile installation. This allows the implementation of security controls which ensure your data is protected, and that company-related applications and data can be remotely wiped in the instance of compromised or lost devices.
You can allow remote web access through browsers for users to SharePoint from external devices, with restrictions on permissions (i.e. read / write / download). This includes the use of MFA for conditional access.
Ultimately this level of security means that you have real time management of users access to company related applications and data.