Office 365

Office 365 Best Practices and Recommendations

Documentation

Office 365 Security RoadmapVideo Link – This article includes top recommendations from Microsoft’s cybersecurity team for implementing security capabilities to protect your Office 365 environment. This article is adapted from a Microsoft Ignite session — Secure Office 365 like a cybersecurity pro: Top priorities for the first 30 days, 90 days, and beyond. This session was developed and presented by Mark Simos and Matt Kemelhar, Enterprise Cybersecurity Architects.

Configure O365 for increased security – This topic walks you through recommended configuration for tenant-wide settings that affect the security of your Office 365 environment. Your security needs might require more or less security. Use these recommendations as a starting point.

Microsoft Security Guidance for Political Campaigns, Nonprofits, and Other Agile Organizations – If your organization is agile, you have a small IT team, and your threat profile is higher than average, this guidance is designed for you. This solution demonstrates how to quickly build an environment with essential cloud services that include secure controls from the start. This guidance includes prescriptive security recommendations for protecting data, identities, email, and access from mobile devices.

Protect against threats in O365 – With Office 365 Enterprise, you can help protect your organization against a variety of threats, including spoofing, malware, spam, phishing attempts, and unauthorized access to data. Use the resources on this page to learn about threat protection and actions you can take.

Connect O365 to MCAS (Cloud App Security) – Start monitoring using the default threat detection policies for O365 anomalous behaviors. (Takes around 7 days to baseline)

O365 ATP Attack Simulator – Test Credential harvesting, internal phishing campaigns, brute force and password spray attacks. Run realistic attack scenarios in your organization. This can help you identify and find vulnerable users before a real attack impacts your bottom line.
     Office 365 Attack Simulator and Mitigating Common Attacks (Part 1)

Email Security

General

Video – Getting started with protecting your email – The following series of introductory videos will help you use Exchange Online Protection (EOP) to protect your mailboxes. These videos are applicable for EOP standalone customers who are protecting on-premises mailboxes such as Exchange Server 2013, and for Exchange Online customers whose cloud-hosted mailboxes by default are protected by EOP.
Protect against Threats in Office 365 – security features Microsoft provides for customers to secure their o365 environment.
How to securely add a sender/3rd party mail service/server to an allow list in Office 365 – Explains the right and wrong way to setup Exchange Transport Rules (ETRs) to ensure you block anything you don’t know about.
NOT Using the Additional Spam Filtering option for SPF hard fail to block apparently internal email spoofing or 3rd party – Helps you configure some advanced Exchange Transport Rules (ETRs) to whitelist known servers leveraging DMARC to check the authenticity of the message.
How to align with SPF and DMARC for your domains if you use a lot of 3rd parties to send email as you

SPF

How Office 365 uses Sender Policy Framework (SPF) to prevent spoofing – This article describes how Office 365 uses the Sender Policy Framework (SPF) TXT record in DNS to ensure that destination email systems trust messages sent from your custom domain. This applies to outbound mail sent from Office 365. Messages sent from Office 365 to a recipient within Office 365 will always pass SPF.
Setup SPF in Office 365 to help prevent spoofing – This article describes how to update a Domain Name Service (DNS) record so that you can use Sender Policy Framework (SPF) with your custom domain in Office 365. Using SPF helps to validate outbound email sent from your custom domain.
SPF Official Documentation – openspf.org – This page serves as an introduction and quick overview of SPF mechanism syntax.

DKIM

Use DKIM to validate outbound email sent from your custom domain in O365 – This article describes how you use DomainKeys Identified Mail (DKIM) with Office 365 to ensure that destination email systems trust messages sent from your custom domain.
Setup DKIM so that a third-party service can send, spoof, email on behalf of your custom domain – This article describes how you use DomainKeys Identified Mail (DKIM) with Office 365 to ensure that destination email systems trust messages sent from your custom domain.

DMARC

Use DMARC to validate email in Office 365 – Domain-based Message Authentication, Reporting, and Conformance DMARC) works with Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to authenticate mail senders and ensure that destination email systems trust messages sent from your domain.
How Microsoft moved to a P=Quarantine DMARC Record? – Explains the steps Microsoft took to migrate to a P=Quarantine DMARC record in detail.
M3AAWG.org DMARC Training Series – Series of videos to help understand DMARC. Really useful for those that need more clarification.
Best Practices for implementing DMARC in O365
Best Practices for Exchange Online Protection Customers to align with DMARC
Dmarcian.com DMARC Deployment Checklist
A way to sort of approximate DMARC aggregate reports in O365 – Shows you how to extract this information and send it off to a DMARC reporting address via powershell

Advanced/Troubleshooting

Troubleshooting the red (Suspicious) Safety Tip for fraud detection checks – article helps troubleshoot and investigate what could be the issue and why a particular mail is being flagged.

Spoof Intelligence

Spoof Intelligence – allowing or blocking a particular sender from sending spoofed email into your organization.

Anti-Spam and Anti-Malware

Anti-Spam and Anti-malware protection – If you’re an Office 365 customer whose mailboxes are hosted in Microsoft Exchange Online, your email messages are automatically protected against spam and malware.

Helpful/Related Instructions

Enable Audit logging and Search the audit log in O365 Security and Compliance Portal – Need to find if a user viewed a specific document or purged an item from their mailbox? If so, you can use the Office 365 Security & Compliance Center to search the unified audit log to view user and administrator activity in your Office 365 organization

Configuring Safe Attachments, Safe Links, and Anti-Phishing Policies – Helpful guide to configure various Office 365 ATP policies for your tenant.