The ApplyGRC Office 365 & Azure Assessment
ApplyGRC takes Office 365 and Azure very seriously when it comes to security. Not only is Cybersecurity a constant issue but internal attacks are prominent daily. Researchers from Barracuda Networks have found that hackers are targeting Microsoft Office 365 accounts with a worrying degree of success. In a report published in May of 2019 the researchers refer to a "startling rise" in the number of account takeover (ATO) attacks, with an analysis of those aimed at their own customers suggesting 29% of organizations had seen their Office 365 accounts compromised by hackers in March alone. “Using these compromised accounts, the hackers were able to send in excess of 1.5 million malicious and spam emails.”
Researchers from Barracuda Networks discovered that hackers are targeting Microsoft Office 365 accounts with a high degree of success. The researchers also referred to the hacks as a "startling rise" in the number of account takeover (ATO) attacks, with an analysis of those aimed at their own customers suggesting 29% of organizations had seen their Office 365 accounts compromised by hackers in March 2019 alone. Using these compromised accounts, the hackers were able to send in excess of 1.5 million malicious and spam emails.
What We Look At
- Email authentication: SPF, DKIM and DMARC
- Mailbox auditing and unified audit log search
- Legacy protocols and disable basic authentication
- Multi-factor authentication (admins and users alike)
- Mailbox auto-forwarding to remote domains
- Global Account Use and Permissions
- Block sign-in for all shared mailboxes
- Anti-spam, anti-malware and outbound spam policies
- Mobile device policies (ActiveSync or Office 365 MDM)
- Default Alert policies
- Enablement of Advanced Threat Protection (ATP): Safe Links, Safe Attachments, Phishing
- Mailboxes with a retention policy or litigation hold
- Modern device management & conditional access
- Downloads from Outlook web on unmanaged devices
- Enablement of Office 365 message encryption features
- Data Loss Prevention policy (DLP)
- Advanced Alert Policies (AAP) in Azure
- OAuth notifications
- Review of Azure architecture
- Azure Data Collection and Storage
- Azure Admin Accounts
- Security Roles and Access Controls
- Identity and Access Management
- Security Monitoring
- Deep Dive to Microsoft 365 and improves security or the potential to improve security for Office 365 & Azure
- Improving Office 365 Secure Score
- Developing a progress plan for security and compliance of Office 365 within the respective network environment.
What Your Business Receives
- A summary report which provides a list of findings that were identified from the assessment
- A detailed report which delves into further analysis of those findings based on tiered impact severity
- An RR (Realistic Recommendations) report which provides best practice and recommendations on how to remediate all issues.
- A follow-up meeting after 3 months to determine status and discussion of further ApplyGRC assistance
- The scoping for Office365 and Azure can last between 1-2 business weeks.
- Office 365 & Azure assessment can last between 1-4 business weeks.
- A RR report which is provided to the Business 3 weeks from the completion of the assessment