CISA urges action on common Office 365 security vulnerabilities

US Cyber agency offers best practice for configuring Microsoft Office 365 to secure employees working from home

The US Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on Wednesday recommending best practices for addressing Microsoft Office 365 security configuration errors.

The latest alert (AA20-120A) is an update to the CISA's AR19-133A analysis report published on 13^th May 2019 and discusses various steps that organisations must take to ensure that their Office 365 environment is properly configured to provide protection against attacks from threat actors.

In recent weeks, the coronavirus outbreak has forced many organisations to change their collaboration methods to support a workforce working fully from home. Such organisations are now looking to cloud collaboration platforms such as Office 365 to enable their employees to continue working with the minimum of disruption.

But uptake of new cloud technology also brings with it new risks.

"While the abrupt shift to work-from-home may necessitate rapid deployment of cloud collaboration services, such as O365, hasty deployment can lead to oversights in security configurations and undermine a sound O365-specific security strategy," CISA said in the alert.

The agency stated that it has seen many instances where organisations failed to implement best security practices for O365, making it highly vulnerable to attacks.

To prevent hackers from exploiting security weaknesses and configuration errors in Office 365, CISA advises organisations to use multi-factor authentication (MFA) for administration accounts. MFA provides an additional security layer, helping to verify that the person signing in is legitimate, not an adversary using stolen credentials.

Organisations should also ensure that they assign administrator roles using Role-based Access Control (RBAC).

Other recommendations from CISA include:

• Use MFA for all users
• Enable Unified Audit Log
• Enable alerts for suspicious activity
• Use Microsoft Secure Score
• Disable legacy protocol authentication, if not required, or limit its use
• Integrate logs with your existing SIEM tool

Last month, Microsoft announced that it would begin migrating Office 365 Personal and Home subscribers to Microsoft 365 over the next few weeks.

The company also revealed the plan to roll out a new Microsoft Family Safety app "designed to keep your family safe across the digital and physical worlds" and a number of new features to Microsoft Teams to "bring you closer to your friends and family".