Microsoft 365 Security Best Practices for MSPs
IT service providers can sometimes fall behind on security because they turn into firefighters. If you’re only being reactive on the security side—only responding to attacks once they happen—you’re not getting ahead of the attack, which is where you need to be. If you’re not proactive, you’re just hopping from fire to fire. Providers today need the right tools to go from firefighting to fire prevention.
We recently sat down with Liongard Engineer Scott Davis for some valuable security insights to Microsoft 365 and to learn how automation can help ITSPs proactively manage systems across the board.
Microsoft 365: Six Basic Security Issues to Mitigate
Everything comes back to the basics of technology, and cyber-attacks affect us all, from schools and government agencies, to real estate and retail. When thinking about MS365 and security, there are six main critical threats to focus on:
- Unauthorized mail forwarding: This is one of the most common threats—phishing emails either steal credentials to deploy ransomware, or set up email forwarding so that users are unknowingly sharing emails with nefarious actors. Their ultimate goal is to find a billing or accounting contact to gain access to financial data they can use for things like invoice fraud.
- Weak passwords or disabled MFA: If you’re not currently forcing your customers to adopt multi-factor authentication (MFA), you should be. When it comes to security today, MFA is necessary, and something your customers can’t afford not to implement. And, as an ITSP, you need to be able to identify users with weak passwords and who aren’t adhering to MFA best practices.
- Unnecessary privileged users: Giving more access than necessary to users is an easy way to create security risk. For instance, as a technical administrator, do you have global admin rights with your day-to-day login? As a best practice, you should have a separate admin account with increased permissions. It may seem like a hassle, but the security benefits far outweigh the inconvenience of logging into a separate admin account a few times a day.
- Phishing-related OneDrive files: Similar to unauthorized email forwarding, bad actors will also try and gain access to OneDrive files, like work orders and invoices, for monetary gain. As an ITSP, if you don’t catch the small cues and signs of infiltration, you customers can lose money that they’ll never recover.
- Legacy authentication: Have you made sure legacy authentications (SMTP, POP3, IMAP, etc.) are disabled for your users? Outside of things like printers that need to connect to SMTP to send outbound emails, for example, you don’t need that legacy authentication for anyone else. The way most users will connect with MS365—through their phone or laptop—will use the standard Exchange protocol.
- DKIM, DMARC and SPF: These aren’t new—in fact, DKIM, DMARC and SPF are all public information that can easily be accessed if you know where to look. For instance, if your customers are receiving a lot of spam or phishing emails, you may need to take a second look—specifically your SPF settings—to make sure everything is set up properly to MS365 standards.
Microsoft 365 Security Best Practices
As an MSP, there are some things you can do to reduce the possibility of a security breach and protect your customers and users.
- Use MFA and strong passwords
- Use email encryption
- Implement strong phishing protection
- Train and test your users
- Use enhanced filters for content and image identification
- Configure DMARC
Manual Monitoring Leaves Your Clients at Risk
Documentation is the core of everything you do as an ITSP, from security to reporting. If you don’t have the right data and documentation, you don’t know what you’re protecting, what holes you might have in your security, or what you have to do to protect your customers.
When you rely on manual documentation, you’re constantly switching between systems and apps to get the information you need and, a lot of the time, that information is just surface level data. When you’re focused on the tickets coming in and jumping from project to project, documentation can be the last thing on your mind, and security for both your company and your customers can suffer.
The built-in MS365 monitoring and alerting function work well, but sometimes can be hard to integrate into your PSA for streamlined ticket management and issue alerts. It can be time-consuming and tedious to set up each instance for each client, and manual documentation and monitoring usually results in stale data, missed alerts, or critical security settings that are never turned on, all causing headaches for you and security risks for your customers.
Automate Your Microsoft 365 Security
MS365 integrations can simplify your security management and alerting. Tools like Liongard allow you to create custom alerts and metrics for the data that matters to you, and then apply those alerts across the board—no more manual set up! This enables you to reduce noise and focus on what matters most to you and your customers, providing full visibility from billing to sales to support.