Office 365 Roadmap – The Office 365 Roadmap lists updates that are currently planned for applicable subscribers. Updates are at various stages from being in development to rolling-out to customers to being generally available for applicable customers world-wide.
Office 365 Exchange Online Ports and IP Ranges
Office 365 Trust Documents – information about how Microsoft cloud services protect your data, and how you can manage cloud data security and compliance for your organization. This includes Audited Controls, Compliance Guides, FAQ, White Papers, Pen Test and Security Assessments.
Licensing Terms and Documentation – SLA, terms and other agreement related documents
Best Practices and Recommendations
Office 365 Security Roadmap – Video Link – This article includes top recommendations from Microsoft’s cybersecurity team for implementing security capabilities to protect your Office 365 environment. This article is adapted from a Microsoft Ignite session — Secure Office 365 like a cybersecurity pro: Top priorities for the first 30 days, 90 days, and beyond. This session was developed and presented by Mark Simos and Matt Kemelhar, Enterprise Cybersecurity Architects.
Configure O365 for increased security – This topic walks you through recommended configuration for tenant-wide settings that affect the security of your Office 365 environment. Your security needs might require more or less security. Use these recommendations as a starting point.
Microsoft Security Guidance for Political Campaigns, Nonprofits, and Other Agile Organizations – If your organization is agile, you have a small IT team, and your threat profile is higher than average, this guidance is designed for you. This solution demonstrates how to quickly build an environment with essential cloud services that include secure controls from the start. This guidance includes prescriptive security recommendations for protecting data, identities, email, and access from mobile devices.
Protect against threats in O365 – With Office 365 Enterprise, you can help protect your organization against a variety of threats, including spoofing, malware, spam, phishing attempts, and unauthorized access to data. Use the resources on this page to learn about threat protection and actions you can take.
Connect O365 to MCAS (Cloud App Security) – Start monitoring using the default threat detection policies for O365 anomalous behaviors. (Takes around 7 days to baseline)
Instructions and Guides
O365 ATP Attack Simulator – Test Credential harvesting, internal phishing campaigns, brute force and password spray attacks. Run realistic attack scenarios in your organization. This can help you identify and find vulnerable users before a real attack impacts your bottom line.
Office 365 Attack Simulator and Mitigating Common Attacks (Part 1)
Deep Dive – How Hybrid Authentication really works – The aim of this post is to explain in more detail how this server to server communication works, and to help the reader understand what risks this poses, how these connections are secured and authenticated, and what network controls can be used to restrict or monitor this traffic.
Exchange Server Deployment Assistant – Customized step-by-step instructions to deploy Exchange Server and Exchange hybrid deployments with Exchange Online.
SIEM integration with Office 365 Threat Intelligence – If your organization is using a security incident and event management (SIEM) server, you can integrate Office 365 Threat Intelligence and Advanced Threat Protection with your SIEM server. SIEM integration enables you to view information, such as malware detected by Office 365 Advanced Protection and Threat Intelligence, in your SIEM server reports.
Enable Audit logging and Search the audit log in O365 Security and Compliance Portal – Need to find if a user viewed a specific document or purged an item from their mailbox? If so, you can use the Office 365 Security & Compliance Center to search the unified audit log to view user and administrator activity in your Office 365 organization
Configuring Safe Attachments, Safe Links, and Anti-Phishing Policies – Helpful guide to configure various Office 365 ATP policies for your tenant.
Video – Getting started with protecting your email – The following series of introductory videos will help you use Exchange Online Protection (EOP) to protect your mailboxes. These videos are applicable for EOP standalone customers who are protecting on-premises mailboxes such as Exchange Server 2013, and for Exchange Online customers whose cloud-hosted mailboxes by default are protected by EOP.
Protect against Threats in Office 365 – security features Microsoft provides for customers to secure their o365 environment.
How to securely add a sender/3rd party mail service/server to an allow list in Office 365 – Explains the right and wrong way to setup Exchange Transport Rules (ETRs) to ensure you block anything you don’t know about.
NOT Using the Additional Spam Filtering option for SPF hard fail to block apparently internal email spoofing or 3rd party – Helps you configure some advanced Exchange Transport Rules (ETRs) to whitelist known servers leveraging DMARC to check the authenticity of the message.
How to align with SPF and DMARC for your domains if you use a lot of 3rd parties to send email as you
How Office 365 uses Sender Policy Framework (SPF) to prevent spoofing – This article describes how Office 365 uses the Sender Policy Framework (SPF) TXT record in DNS to ensure that destination email systems trust messages sent from your custom domain. This applies to outbound mail sent from Office 365. Messages sent from Office 365 to a recipient within Office 365 will always pass SPF.
Setup SPF in Office 365 to help prevent spoofing – This article describes how to update a Domain Name Service (DNS) record so that you can use Sender Policy Framework (SPF) with your custom domain in Office 365. Using SPF helps to validate outbound email sent from your custom domain.
SPF Official Documentation – openspf.org – This page serves as an introduction and quick overview of SPF mechanism syntax.
Use DKIM to validate outbound email sent from your custom domain in O365 – This article describes how you use DomainKeys Identified Mail (DKIM) with Office 365 to ensure that destination email systems trust messages sent from your custom domain.
Setup DKIM so that a third-party service can send, spoof, email on behalf of your custom domain – This article describes how you use DomainKeys Identified Mail (DKIM) with Office 365 to ensure that destination email systems trust messages sent from your custom domain.
Use DMARC to validate email in Office 365 – Domain-based Message Authentication, Reporting, and Conformance DMARC) works with Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to authenticate mail senders and ensure that destination email systems trust messages sent from your domain.
How Microsoft moved to a P=Quarantine DMARC Record? – Explains the steps Microsoft took to migrate to a P=Quarantine DMARC record in detail.
M3AAWG.org DMARC Training Series – Series of videos to help understand DMARC. Really useful for those that need more clarification.
Best Practices for implementing DMARC in O365
Best Practices for Exchange Online Protection Customers to align with DMARC
Dmarcian.com DMARC Deployment Checklist –
A way to sort of approximate DMARC aggregate reports in O365 – Shows you how to extract this information and send it off to a DMARC reporting address via powershell
Basic spam troubleshooting in O365
Troubleshooting the red (Suspicious) Safety Tip for fraud detection checks – article helps troubleshoot and investigate what could be the issue and why a particular mail is being flagged.
Spoof Intelligence – allowing or blocking a particular sender from sending spoofed email into your organization.
Anti-Spam and Anti-Malware
Anti-Spam and Anti-malware protection – If you’re an Office 365 customer whose mailboxes are hosted in Microsoft Exchange Online, your email messages are automatically protected against spam and malware.
Zero-hour auto purge – protection against spam and malware – Zero-hour auto purge (ZAP) is an email protection feature that detects messages with spam or malware that have already been delivered to your users’ inboxes, and then renders the malicious content harmless. How ZAP does this depends on the type of malicious content detected.
Getting the best connectivity and performance in Office 365 – Traditional enterprise networks are designed primarily to provide users access to applications and data hosted in company operated datacenters. A secondary use has been as a gateway for access to the Internet for communications and web browsing. In this model, there is minimal or no network security between users and the company operated datacenters, and a substantial security perimeter between users and the Internet with many network devices such as firewalls, anti-virus scanners, data loss prevention, and intrusion detection devices.