kras99 - stock.adobe.com
Fine-tune Exchange Online security for your organization
After a move to Microsoft's hosted email service, Exchange admins must learn how to tailor the integrated and supplemental security features to cover several threat scenarios.
While a move from Exchange Server to Office 365 doesn't automatically protect you from email-based threats, understanding how to tailor the built-in security features can improve your defensive posture.
After security flaws in Exchange Server, including the ProxyLogon vulnerabilities, continue to mount, more IT leaders are considering a shift to Exchange Online to avoid these on-premises vulnerabilities, as well as removing the need to maintain the hardware and software to support these email servers. But the move to the cloud does not guarantee a safer environment. After a shift and lift of email services, it's imperative to examine the best ways to tighten Exchange Online security by understanding the new capabilities available on Microsoft's hosted email platform.
Microsoft Office 365 includes many security and compliance features for a higher level of protection than the Exchange Server, which makes it daunting for administrators to choose the appropriate configurations and services. To help administrators get a fuller understanding of the protections they can enlist, below are the four areas to examine to properly protect and secure the users and organization from a multitude of threats.
1. Identity security and management
Identity might be considered outside an Exchange administrator's concern, but it is a critical security component to keep email content accessible just to authorized users. A key security configuration Exchange administrators should consider is two-factor or multifactor authentication (MFA) on Office 365. Microsoft includes this extra protection in all Exchange Online plans, which can stymie hackers who try to gain mailbox access from leaked credentials.
Organizations should also consider an Azure AD Premium service, available through paid subscriptions, with enhanced features to detect and react to abnormal user activities such as repeated failed sign-ins and login attempts from suspicious locations.
2. Malicious content detection
Hackers continue to favor email to deliver malicious payloads and phishing attempts. This practice makes it imperative to take extra measures to block this email from reaching the end user. For enhanced Exchange Online security, there are several options to reduce harmful content, such as spam, with the following components:
- Exchange Online Protection. Microsoft includes this cloud-based email filtering service with Exchange Online and includes email filtering, antimalware, mail flow rules and content filtering.
- Microsoft Defender for Office 365 Plan 1. This cloud-based email filtering service, formerly called Microsoft Office 365 Advanced Threat Protection, includes real-time protection features such as Safe Attachments and Safe Links to block malicious attachments and URLs, and anti-phishing protection.
3. Threat detection and blocking
Exchange administrators can customize protections and security rules in Office 365 to stop specific attack scenarios. The Office 365 Cloud App Security add-on helps IT build policies to analyze user activities and detect abnormal behaviors, including mass email deletion, unusual sign-ins and email forwarding rules, then activate account locks or alerts to an administrator.
Administrators should consider implementing Sender Policy Framework and DomainKeys Identified Mail email security protocols to decrease the flow of domain spoofing and spam or malicious domains. But for even more in-depth threat detection and protection, Microsoft offers another paid add-on Microsoft Defender for Office 365 Plan 2, which includes all the features in Plan 1 with added features such as automatic response and investigation, and real-time detection enhancements.
4. End-user education and training
For most organizations, email training has shifted from how to use Outlook for email to how to identify a legitimate email from a fake one. One of the most common threats that lead to a data breach or a scam that results in a payout are phishing email campaigns.
Microsoft Defender for Office 365 Plan 2 features an attack simulator training module through which IT sends a fake email to users to see who is prone to click on a suspicious link, open an email attachment from an unknown user or enter their credentials on a fake site. If a user fails the test, then IT can enroll them in further training with videos to teach them how to detect a phishing email and what not to do if you receive an email with links or attachments.
Change to a new platform requires a new security perspective
Security is a top priority of not only system administrators but IT at all levels of the infrastructure and its components. Recent large-scale ransomware incidents and Exchange Server vulnerabilities have spurred many organizations to increase all aspects of security to block any targeted attacks. But, for Exchange administrators, a move to Office 365 is just the first step to protect the organization.
Eliminating Exchange Server from the infrastructure reduces the overall attack surface while introducing more ways to detect and protect from intrusion, phishing and scam attempts. This integrated security aspect to Exchange Online means the Exchange administrator will be expected to know far more than just email administration and Exchange infrastructure management, but how to utilize all the security functionality available to the hosted email platform.