How to set up security in Office 365 to CIS recommendations

Susan Bradley here for CSO Online. Some resources just came out the other day for Microsoft 365 users. It's from the Center for Internet security. It's an organization that puts forth benchmarks and checklists to help you set up your organization securely. They have windows checklists, Exchange Server checklists all sorts of checklists. I'll talk about those in an upcoming. Podcast. Recently as noted on the Microsoft blog site they released a checklist specifically for Microsoft 365. The instructions include two levels that allow you to choose if you want light security or heavy security level. Level 1 for any system as should cause little or no interruption of service and cause no reduced functionality. Level 2 is recommended security SEC settings for highly secure environments and could result in some reduced functionality. Now to obtain this guidance you follow the link on the blog Web site. You sign up for access on the Center for Internet security. Accept the eula. And you can download the latest benchmarks. You put in your name. Organization, then your industry. And in a few moments you'll get a PDF from the organization. As you can see the number of operating systems they cover and the benchmarks they have is large. Again I'm only going to talk about the Microsoft 365 benchmark today but you want to take a look at these other benchmarks as well. Includes Linux. Apple operating system. Windows servers VM where. Apache Tomcat SQL Server. Docker. Amazon Web Services Google Cloud. Microsoft Azure foundations.

And last but not least down here at the bottom. Is Microsoft 365 foundations benchmark. Now once you download it you can start scrolling things through and see the options you have. In each section it talks about items they're scored and not scored. And that means the secure score I talked about earlier. If you haven't gotten the idea by now that multi factor authentication is key to securing your environment you'll get it from this document. As you can see it's the number one recommendation right at the front talking about enabling multiple factor authentication for all users and administrative roles. Each section gives you a description. It gives you the reason why they recommend the setting. And then of course it gives you how to audit and verify that a setting that you chose is put in place. Way down at the very bottom is an appendix that summarizes all of the different settings that they recommend. As you can see you can. It allows you to check up whether or not it's set correctly or not if you're using it. And you can see all the different items that they recommend. There are 60 recommendations in many different areas including account authentication policies, application permissions, data management, e-mail security auditing policies, storage policies and mobile device management. Again from the Center for Internet Security I highly recommend downloading these checklists and taking a look at them in your organization. Until next time. Thanks for being an insider on CSO Online. This is Susan Bradley.