7 Free Things You Can Do to

Improve Your Clients' Office 365

Security Posture

Guillaume Boisvert
Security & Compliance Product Director @ SherWeb
 Turn on Audit
• What: Turn on auditing for your Office 365
organization. It will enable different reports
and data streaming.
• Why: If a security breach happens, you will
have some information to help you
investigate.
• How: In the Security & Compliance Center,
go to Search & investigation > Audit log
search. Click ‘Start recording user and admin
activities.’
 Turn on Email Audit
• What: Turn on auditing for all Exchange Online events.
• Why: When a security event happens, you will have some information to
investigate.

How: https://github.com/OfficeDev/O365-InvestigationTooling/blob/master/EnableMailboxAuditing.ps1
 Enable Multi-factor Authorization
• What: Turn on two-factor
authentication for your users. It will
ask users logging in to Office 365
to get authorized with a second
verification (SMS).

• Why: Helps ensure that

compromised credentials are not
enough for someone to access and
damage your client’s organization.
At a minimum, it should be turned
on for admin accounts.

• How: Access Admin Center, select

‘Active users’ in the ‘Users’ menu.
From the ‘More’ tab, select ‘Setup
Azure mult…’
Set Outbound Spam Notifications
• What: Exchange Online will be
configured to send you a notice if one of
your tenant users is flagged for sending
spam.

• Why: An internal account flagged for

spam is often a sign of compromised
credentials and a breach. Even if the
spam is actually sent by an internal user, it
is also something you may want to act
on.

• How: In the Outlook Admin, select the

‘Protection’ section, then the ‘Outbound
Spam’ tab, edit the default policy, select
‘Outbound spam preferences, add a
checkmark for ‘Send a notification to the
following email address…’
 Block ‘Bad’ File Extensions
• What: Go “old school” and block files
with “bad” file extensions from ever
making it to your client’s inbox.

• Why: There aren’t a lot of valid use

cases for sending a .bat file.

• How: From the Outlook portal, access

the configuration section, protection
section, malware filter tab, press Edit on
the default rule, access the Settings tab,
scroll down to ‘”Common Attachment
Types Filter” and select “Yes”.
 Passwords That Never Expire
• What: Once this is set, users will not
be asked to change their passwords at
regular intervals.

• Why: Modern password policy, as

provided by NIST for example, dictate
that regular expiration of passwords is
more of a hindrance than a help when
it comes to account security and
breach prevention. Password changes
should only be mandatory if an
incident happens, or the possibility of a
breach appears.

• How: In the Office 365 Admin Center,

in the Settings menu, select ‘Security &
privacy’ and click ‘Edit’ on Password
policy. In the sliding panel, toggle ‘Set
user passwords to never expire’ to Yes.
 Check the Unified Event Report
• What: Consult the available report from
Microsoft on a regular basis.

• Why: While prevention and advanced

monitoring are great solutions,
consulting the reports might help
identify security issues

• How: From the Security and

Compliance dashboard, in the ‘Search &
Investigation’ menu, select ‘Audit log
search’
https://protection.office.com/#/unifiedau
ditlog