Threat actors aren't breaking in any more, they're logging in. Regular check on your infrastructure and supporting services are non-negotiable.
To create resilience, your configuration should utilise a framework such as CIS Benchmarks or, in Australia, the Australian Cyber Security Centre's Essential Eight. A solid configuration should include the following:
- No Legacy Auth: Disable POP, IMAP, and SMTP AUTH. These protocols don't support modern MFA and are targets for brute-force attacks.
- OAuth Permissions: Review third-party apps. Look for broad Read/Write permissions that aren't necessary.
- Conditional Access (CA) Policies: Ensure CA policy is applied to all users, including service accounts. No exceptions
- External Sharing: Restrict guest access and set expiry dates for shared links to help prevent data loss.
- Privileged Identity Management (PIM): Use Just-in-Time access for admin roles. No one should be a Global Administrator permanently.
Please note: is list is not exhaustive
A secure Microsoft 365 environment is a moving target.
As your company grows and new features (like Copilot and AI workloads) are integrated, your attack surface changes. To ensure secure operations, it is prudent to test your infrastructure and build resilience.
