In our webinar, Microsoft 365 Security Best Practices, we shared some valuable security insights to Microsoft 365 and demonstrates how automation can help you proactively manage systems across the board.
It’s frustratingly easy to fall behind on security and turn into firefighters, and frustratingly hard to get out of that pattern. When you have security automation for some of your most labor-intensive tools like M365, however, you can not only get yourself back into a proactive stance–you can stay there.
M365 Basics
Everything comes back to the basics of technology, and cyber-attacks affect us all, from schools and government agencies, to real estate and retail. When thinking about M365 and security, there are six main critical threats to focus on:
Unauthorized mail forwarding
This is one of the most common threats—phishing emails either steal credentials to deploy ransomware, or set up email forwarding so that users are unknowingly sharing emails with nefarious actors. Their ultimate goal is to find a billing or accounting contact to gain access to financial data they can use for things like invoice fraud.
Weak passwords or disabled MFA
If you’re not currently forcing your customers to adopt multi-factor authentication (MFA), you should be. When it comes to security today, MFA is necessary, and something your customers can’t afford not to implement. And, as an MSP, you need to be able to identify users with weak passwords and who aren’t adhering to MFA best practices.
Unnecessary privileged users
Giving more access than necessary to users is an easy way to create security risk. For instance, as a technical administrator, do you have global admin rights with your day-to-day login? As a best practice, you should have a separate admin account with increased permissions. It may seem like a hassle, but the security benefits far outweigh the inconvenience of logging into a separate admin account a few times a day.
Phishing-related OneDrive files
Similar to unauthorized email forwarding, bad actors will also try and gain access to OneDrive files, like work orders and invoices, for monetary gain. As an MSP, if you don’t catch the small cues and signs of infiltration, you customers can lose money that they’ll never recover.
Legacy authentication
Have you made sure legacy authentications (SMTP, POP3, IMAP, etc.) are disabled for your users? Outside of things like printers that need to connect to SMTP to send outbound emails, for example, you don’t need that legacy authentication for anyone else. The way most users will connect with M365—through their phone or laptop—will use the standard Exchange protocol.
DKIM, DMARC and SPF
These aren’t new—in fact, DKIM, DMARC and SPF are all public information that can easily be accessed if you know where to look. For instance, if your customers are receiving a lot of spam or phishing emails, you may need to take a second look—specifically your SPF settings—to make sure everything is set up properly to M365 standards.
M365 Security Best Practices
As an MSP, there are some things you can do to reduce the possibility of a security breach and protect your customers and users.
- Use MFA and strong passwords
- Use email encryption
- Implement strong phishing protection
- Train and test your users
- Use enhanced filters for content and image identification
- Configure DMARC
Manual Monitoring Leaves Your Clients at Risk
Documentation is the core of everything you do as an MSP, from security to reporting. If you don’t have the right data and documentation, you don’t know what you’re protecting, what holes you might have in your security, or what you have to do to protect your customers.
When you rely on manual documentation, you’re constantly switching between systems and apps to get the information you need and, a lot of the time, that information is just surface level data. When you’re focused on the tickets coming in and jumping from project to project, documentation can be the last thing on your mind, and security for both your MSP and your customers can suffer.
The built-in M365 monitoring and alerting function work well, but sometimes can be hard to integrate into your PSA for streamlined ticket management and issue alerts. It can be time-consuming and tedious to set up each instance for each client, and manual documentation and monitoring usually results in stale data, missed alerts, or critical security settings that are never turned on, all causing headaches for you and security risks for your customers.
Liongard Automates M365
Liongard integrates into your Microsoft stack, giving you access to 39 actionable alerts across all your customer accounts—immediately. The best part is, Liongard is set up once at the customer level and can be instantly associated with all related accounts at the touch of a button. You can create custom alerts and metrics for the data that matters to you, and then apply those alerts across the board—no more manual set up! This allows you to reduce noise and focus on what matters most to you and your customers, providing full visibility from billing to sales to support.
See what Liongard can do for your MSP. Schedule a demo today, or take a look at our Inspectors and Integrations in action to learn more.