Microsoft has recently published on its 365 Security Site a series of very practical guidelines focused on Business Decision Makers. The guide was written by Kozeta Beam – Microsoft Cloud Security Architect, and Thiagara Sundararaja – Microsoft Senior Consultant.

These guidelines urge the customer to “take responsibility to secure your own identities, data and devices used to access cloud services”

Among the recommendations we find:

• Secure top-level accounts that typically have administrative and management access. An attacker typically targets these high-value accounts, because if successful he can quickly elevate privileged to other hostile accounts.
• Reduce attack surface bu disabling older legacy protocols like POP3, IMAP, SMTP. Deleting accounts that are no longer active via policy and reduce the total number of Global Admins.
• Do not use external email forwarding, as this is one of the most typical resourced used by attackers.
• “Assume Breach mindset” with a “Zero Trust Network Strategy”

We would like to express our thanks to the authors for their valuable security insights.