Implementing a Microsoft 365 Secure environment. Whitepaper for Business Decision Makers (BDMs)

Image of Cloud Computing ICons

Microsoft has recently published on its 365 Security Site a series of very practical guidelines focused on Business Decision Makers. The guide was written by Kozeta Beam – Microsoft Cloud Security Architect, and Thiagara Sundararaja – Microsoft Senior Consultant.

These guidelines urge the customer to “take responsibility to secure your own identities, data and devices used to access cloud services”

Among the recommendations we find:

  • Secure top-level accounts that typically have administrative and management access. An attacker typically targets these high-value accounts, because if successful he can quickly elevate privileged to other hostile accounts.
  • Reduce attack surface bu disabling older legacy protocols like POP3, IMAP, SMTP. Deleting accounts that are no longer active via policy and reduce the total number of Global Admins.
  • Do not use external email forwarding, as this is one of the most typical resourced used by attackers.
  • “Assume Breach mindset” with a “Zero Trust Network Strategy”

We would like to express our thanks to the authors for their valuable security insights.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.