Welcome to the Online Course for Office 365 Security Roadmap. This course is designed for Security and Global Administrators in Office 365. We will instruct and demonstrate how to configure different security policies in your Office 365 tenant.
If you are signed into your tenant and do not see some of the features displayed in this video, please confirm that you have the proper security licensing before proceeding.
Before we get started on setting up security policies, first we will show you how to configure notifications. Whether your organization wishes to have admins alerted for messages quarantined or end-users (or both), we recommend this as the first step.
Microsoft has just released their Security Intelligence Report (SIR), its annual cybersecurity summary, and it reveals phishing is still the most popular way for cyber-criminals to attack, giving security experts everywhere headaches.
In this video we will show you how to prevent phishing attempts inside your organization.
Malware is comprised of viruses and spyware. Viruses infect other programs and data, and they spread throughout your computer looking for programs to infect. Spyware refers to malware that gathers your personal information, such as sign-in information and personal data, and sends it back to the malware author.
Office 365 has built-in malware and spam filtering capabilities that help protect inbound and outbound messages from malicious software and help protect you from spam. Admins don't need to set up or maintain the filtering technologies, which are enabled by default. However, they can make company-specific filtering customizations in the Exchange admin center (EAC).
You can train your employees to be extra vigilant when opening email attachments, but the fact of the matter remains that it only takes one person to mess up once to allow malicious agents into your organization.
In this video, we will show you how to setup an additional layer of protection to prevent employees who open malicious attachments from infecting their systems.
Phishing emails have become very convincing. No longer are we sent emails from a Nigerian Prince begging us to take his money, but rather we are sent very convincing emails from our banks, restaurants, online media companies, and from the people we work with. As we stated in our Safe-Attachments section, there is only so much training can do to prevent employees from opening malicious attachments and the same goes for employees clicking on a malicious link.
In this video, we demonstrate how to turn on Safe-Links, so that your employees are protected when they click on a link in an email that may not be legitimate.
Are you concerned about too much spam in Office 365? Though multiple spam filters are built into your Office 365 service, you may want to change a protection setting to deal with a specific issue in your organization—say you're receiving a lot of spam from a particular sender, for example—or to simply fine tune your settings so that they're tailored to best meet the needs of your organization.
Sender Policy Framework (SPF) is a simple email-validation system designed to detect email impersonation. The purpose of an SPF record is to prevent spammer from sending messages with forged ‘From’ addresses at your domain. This gives you, as an email sender, the ability to specify which email servers are permitted to send email on behalf of your domain.
Protect your customer, your brand, and your business from spoofing and phishing attacks by authenticating your email with SPF. Ready to create an SPF record? Follow these steps to get started.
The first step in implementing SPF is to gather a list of mail servers you use to send email from your domain. Normally organizations send mail from many places. Be sure to include all mail servers used to send mail on your behalf.
Once all domains that send mail on your behalf are gathered, you'll need to find each domain's unique IP address or IP range. These addresses will be added as "includes" in your SPF record. Most third party mail services will offer a help article with information regarding mail server IP ranges.
Understanding the format of SPF records is crucial to ensuring you’re getting the most out of your spam and phishing safeguards. Let’s take a closer look at how SPF records are constructed.
An SPF record contains multiple mechanisms, or parameters, that dictate it’s behavior. These parameters include:
A carefully tailored SPF record will reduce the likelihood of your domain name getting fraudulently spoofed and keep your messages from being flagged as spam before reaching their destination. Here are a few examples of effective, validated SPF records.
SPF records can appear fairly simple, but including a multitude of different server configurations can quickly become complicated. Let’s look at a few common mistakes for SPF records.
Validating an SPF record is an essential part is implementing SPF to prevent possible spam and phishing attacks. This video explains how to properly validate your SPF record with various tools available.
Once you created and validated your SPF record, it’s time to begin the publishing process. Once published, mailbox providers will be able to reference the record.
Validating an SPF record is an essential part is implementing SPF to prevent possible spam and phishing attacks. This video explains how to properly validate your SPF record with various tools available.
In this section, we’ve demonstrated how to properly engineer and implement an SPF record to safeguard against spam and phishing attacks. In the next section, we’ll discover how SPF works with DKIM (DomainKeys Identified Mail) to further bolster your secure mail environment.
DKIM, or DomainKeys Identified Mail, adds yet another layer of security to your organization's email ecosystem. In this section we'll explain the value of DKIM, along with steps to implement DKIM for your organization.
Implementing DKIM in Office 365 is a fairly straightforward process. Follow these simple steps to get started.
Let's take a closer look at inventorying all of our relevant domains.
NOTE: Be sure to consider ALL domains your organization may send mail from, as this is a commonly overlooked step.
In this lesson, we’ll take the data that we’ve collected and, using the provided format, create our custom DKIM record.
Once our DKIM record has been created, we'll next log into our DNS provider and publish the record for testing and deployment.
An important step to enabling DKIM is to ensure that the record has been created correctly and is valid. Follow along as we do a DNS lookup to do so.
Once our records have been published and tested to be valid, we will enable DKIM Signing in Office 365.
That's it! DKIM signing for your emails is now enabled. Most organization's email environments are unique, so ensure that you've followed the proper steps for every domain and third-party service that you utilize to send emails.
Our final safeguard for defending against potential threats is called DMARC. DMARC uses both SPF and DKIM to validate the "alignment" of a message to control what happens with the result from both tests. This offers an added layer of protection.
How exactly does DMARC work? Essentially, a sender’s DMARC record instructs a recipient of next steps (e.g., do nothing, quarantine the message, or reject it) if suspicious email claiming to come from a specific sender is received.
As SPF may not protect from any and all potential email threats, DMARC offers an additional layer of security by using SPF and DKIM together.
Let's look at a brief overview of how to implement DMARC in our environment.
SPF and DKIM MUST be deployed in our environment to enable DMARC. These steps are provided in previous lessons of this course.
Before enabling DMARC signing, we must ensure that SPF and DKIM are properly configured and published.
To publish a DMARC record, we must create a new DNS record. Use our example provided as your guideline.
A great feature of DMARC is the ability to view activity through reports of delivery information. This includes details on SPF and DKIM statuses of related email messages.
Once you're confident that DMARC is properly configured, you can now change the DMARC record flag to enable proper reporting of future email messages.
Multi-factor Authentication offers an additional layer of security for your users. While using their password to log in, users must additional provide an approval from a personal registered device to further verify their identity.
Before setting your users up with Multi-factor Authentication, 'Modern Authentication' must first be enabled in the Office 365 admin center. Modern Authentication offers access to additional security features such as Single Sign-on.
In this lesson, we'll be manually enabling Multi-factor Authentication for individual users.
Note: Once activated, affected users will be prompted to to begin their setup of Multi-factor Authentication on next login to any Office 365 services.
Link to register your Multi-factor Authentication: https://aka.ms/setupmfa
Once enabled, end users with Multi-factor Authentication will be prompted on next login to Office 365 to begin the setup process. This includes downloading and setting up the mobile authenticator app.
Set up a custom policy to automatically enable Multi-factor Authentication for new users in your organization.
In this lesson we'll be creating a custom conditional access policy which enforces Multi-factor Authentication for only our organization administrators. These policies can be created for any type of user roles in Office 365.
Microsoft Office 365's Secure Score is your personal cyber security consultant. Not only does Secure Score's AI review and suggest improvements to your organization's security, but it will also give you step by step instructions on how to implement the suggestions.
Let's take a look at using Office 365's custom branding for your environment. Creating a customized login page in Office 365 can help ensure that your users avoid losing login information to potential phishing attacks.
Yet another must have safeguard, conditional access can help secure the identity of your users by preventing them from logging in from suspicious locations and devices.
Audit logging in the Office 365 Security & Compliance Center allows you to track most activities of your users such as:
Follow along to enable your Office 365 audit log.
To enable audit logging: https://protection.office.com
Let's take a look at a few examples of audit log searches. Search criteria can range anywhere from file history to any administrative changes within Office 365.