Office 365 provides businesses a solid platform for email and productivity software. When configured properly, it offers the means to keep your email and data safe and secure. When Office 365 isn’t configured properly, you basically lock the front door while leaving the key in the lock.
Typically, this where a third-party Microsoft partner like Pit Crew IT can help you. Office 365 is a complex platform, and partners go through rigorous training to be certified by Microsoft. Unfortunately, the U.S. Department of Homeland Security released a statement pointing out oversights by some Microsoft partners earlier this week.
Spoiler Alert: We here at Pit Crew IT would not be included in that category. We take tedious steps to recommend the best means to secure every aspect of your IT solutions.
Lower Office 365 Security Overall
The DHS analyzed organizations that utilize third-party partners to migrate their email services to Office 365. According to the DHS, “organizations that used a third party have had a mix of configurations that lowered their overall security posture.” Oversights included disabled mailbox auditing, no unified audit log, and lack of multi-factor authentication on admin accounts. Consequently, these oversights led to “user and mailbox compromises and vulnerabilities”.
Office 365 Security Recommendations
Along with their statement, the DHS offered a few recommendations to improve data protection on Office 365. These are considered best practice.
- Use multi-factor authentication.
- Enable unified audit logging in the Security and Compliance Center.
- Enable mailbox auditing for each user.
- Ensure Azure AD password sync is planned for and configured correctly, prior to migrating users.
- Disable legacy email protocols, if not required, or limit their use to specific users.
Trustworthy Third-Party Partners
No matter which MSP you use for IT service, ask questions. See if they’re following the best practices listed above. Assuming your data is protected can lead to trouble and potentially fines (depending on your industry). If you don’t have an MSP or you’re interested in a new provider, request a free consultation below. We’ll thoroughly evaluate your network and provide dependable service you can count on. As stated earlier, we follow the recommendations above, but feel free to ask what we’re doing and why. We’ll happily answer!