Microsoft has recently published on its 365 Security Site a series of very practical guidelines focused on Business Decision Makers. The guide was written by Kozeta Beam – Microsoft Cloud Security Architect, and Thiagara Sundararaja – Microsoft Senior Consultant.
These guidelines urge the customer to “take responsibility to secure your own identities, data and devices used to access cloud services”
Among the recommendations we find:
- Secure top-level accounts that typically have administrative and management access. An attacker typically targets these high-value accounts, because if successful he can quickly elevate privileged to other hostile accounts.
- Reduce attack surface bu disabling older legacy protocols like POP3, IMAP, SMTP. Deleting accounts that are no longer active via policy and reduce the total number of Global Admins.
- Do not use external email forwarding, as this is one of the most typical resourced used by attackers.
- “Assume Breach mindset” with a “Zero Trust Network Strategy”
We would like to express our thanks to the authors for their valuable security insights.