Microsoft 365 Security Series

In the world of technology, security should be number one on everyone’s mind.  At the very least, every business should have multifactor authentication enabled, and users trained and tested frequently. We humans are gullible, and if not trained in the art of identifying manipulation in person and electronically, then the consequences can be devastating. 

I’ve wondered if I could walk into a medium size company with khakis, a shirt with a company logo and a briefcase:

Could I persuade the front desk admin to let me leave a complimentary bucket (again with a nice logo) of USB drives along with a phony price list and business card?   

If so, then that could cause an issue. 

The headline would read:

“The front desk admin inserted the USB drive and copied personal photos from the computer, costing the company millions as ransomware has hi-jacked servers that contained financials, backups, and employee’s personal information.”

Is the front desk admin to blame?  If they were not trained and tested, then no.  Even if they were trained and tested and they still inserted the drive, was the antivirus on the computer up to date?  That may not have mattered, but should there be an enforced, written policy against inserting a drive into a machine?  Should IT have restricted USB devices by using Intune Administrative Templates?

As one of my co-workers would say, “Just sayin…” 🙄

I thought that this would be a good time to start a series on Microsoft 365 Security.  I can’t train your users, but I can show you how to secure you’re your Azure AD, Exchange Online environment, desktops, mobile devices, and applications. Depending on your environment and users, you will need to decide how secure you want it.  I would recommend against Windows Hello if you are in the spy game, or you could lose your head! Seriously, even little changes can confuse and frustrate people. Tell them how important it is and that taking the extra minute to authenticate will come natural to them. Let them know that this also applies to their personal lives and give examples!

In an episode of one of my favorite TV shows, Seinfeld, Elaine is shaking a drink and complaining that she is sick of shaking drinks. Jerry takes the drink and shakes it with a sarcastic look on his face, making his point that it’s not so bad.

There is a lot to cover.  I will not include security for on-premises yet as I needed to find time to rebuild my AD server, but it will come, and I will include securing hybrid Azure AD joined devices and more.  It will also be a refresher to me as I migrated all to the cloud and shut it down for good (or so I thought). 

The first in the series will be available on Sunday, February 5th.