Microsoft Security – Insights and Best Practices

Microsoft offers many products as a powerful platform for cloud collaboration and productivity. But what about Microsoft security? In this blog post, we want to introduce you to some key aspects and recommendations that can help you protect and optimize your Microsoft environment, especially when working with guest users.

Our customer case story with GROB, an international machine manufacturer with more than 7,000 employees, takes a look at thow to securely invite and onboard new guest users.

Compliance and Licensing

As a first step towards more compliance, it is important to realize how different Microsoft licenses offer varying levels of protection and compliance capabilities. Microsoft’s compliance tools managing data residency, privacy, and retention policies need to be configured properly in order to follow GDPR, HIPAA, and other regulations.

Microsoft Features and Tools for More Security

Microsoft’s products come with several out-of-the-box security tools, such as Microsoft Defender, Intune, and Sentinel. Defender offers advanced threat protection, while Microsoft Intune manages device security. Sentinel provides security analytics for threat detection and response.

Security Audits

Regular security audits should be an important part of Microsoft security. Steps of successful audits include assessing current configurations, identifying vulnerabilities, and ensuring compliance with security policies.

Microsoft offers the Secure Score in Microsoft Defender, which provides an overall security assessment and recommendations to improve security. Secure Score recommendations may involve, for example, closing management ports or enabling multi-factor authentication.

Administration of Microsoft Teams

Managing Microsoft Teams, as the central powerhouse of many organizations’ Microsoft environment, plays a huge part in keeping your environment secure. Administrators should keep an eye on security settings, user access, and data protection and continuously work on Microsoft Teams governance.

Security Measures for Remote Work

With the rise of remote work, admins need to offer secure remote access to Microsoft environments. Implementing multi-factor authentication (MFA) and secure access policies to protect against unauthorized access are a good first step. Additionally, using tools like Microsoft Endpoint Manager and Intune to manage and secure remote devices is recommended.

Handling Phishing Emails

One major concern for the security of an environment is handling phishing emails within a Microsoft environment.

Recognizing Phishing Emails

Phishing emails are a primary method for cybercriminals to compromise accounts and systems. Such emails often contain malicious links or attachments that, when clicked, can install malware or capture sensitive information. Microsoft offers tools like anti-phishing protection and Safe Links to help identify and block these threats. Safe Links scans URLs in emails and documents to check for malicious links, protecting users even after the email has been delivered.

Implementing Anti-Phishing Measures

Anti-phishing protection is a feature within Microsoft Defender. This includes policies that detect and prevent phishing attempts by analyzing email headers, URLs, and the content of the messages. By enabling these policies, you can significantly reduce the risk of phishing attacks.

Training and Awareness

Educating your users on how to recognize and report phishing emails is the first step for effectively combating phishing attacks. Regular training sessions and simulated phishing attacks can help users become more aware of the signs of phishing and how to respond. Microsoft also provides integrated tools for reporting phishing emails, allowing security teams to investigate and respond to potential threats promptly.

What happens if a guest user receives a phishing email and clicks on the link?

If a guest user receives a phishing email and clicks on the link, they may not only expose their own account or device to hackers, but also compromise the security of your organization!

For example, a phishing link may ask the guest user to grant access to their Microsoft account, or to share sensitive information or files with the attacker. In such a case, the guest user may enable the attacker to access your organization’s data or systems.

How to prevent phishing attacks on guest users?

In addition to the usual security measures that you would use for your own users as well – such as educating users on the risks and signs of phishing emails, and implementing multi-factor authentication – there are options specifically for enhancing security when working with guest users:

• In Entra (Azure Active Directory, Azure AD) you can manage and monitor guest user access and activity, and enforce security policies and compliance.
• Microsoft Cloud App Security helps you detect and respond to anomalous or risky behavior of guest users, and to apply data loss prevention (DLP) policies.

Risks of Outdated Tenant Access for Partners or Consultants

Once a collaboration project has been concluded, external partners or consultants should no longer have access to your tenant, in order to protect your data and your environment.

Here is a guideline on how to secure your environment when working with external guests.

1. Regular Audits

Perform periodic audits of user accounts, specifically focusing on guest users. This involves reviewing who has access, what permissions they have, and whether their access is still necessary.

2. Access Reviews

Implement access reviews in Entra / Azure AD to periodically check and confirm whether guest users still need access. This helps ensure that permissions are up-to-date and necessary for current collaborations.

3. Automated Expiry Policies

Use automated policies that set expiration dates for guest access. This ensures that guest accounts automatically lose access after a predefined period unless explicitly renewed.

4. Monitor and Manage External Collaborations

Use tools like Microsoft 365’s audit logs and reports to monitor activities of guest users. This helps in identifying any unusual or unauthorized access patterns.

5. Educate Administrators and Users

Train administrators and users on best practices for managing guest access, including how to revoke access when it is no longer needed.

6. Automate these tasks to reduce human error

… with External User Manager. Create automated workflows for invitations, access reviews and removing guests from your tenant after the cooperation has ended.

Microsoft Security Defaults

Security Defaults are basic identity security mechanisms recommended and provided by Microsoft that protect your users and administrators from identity-related attacks.

They are available to every organization and enable preconfigured security settings such as blocking legacy authentication protocols, conditional access, requiring multi-factor authentication for registration, and applying MFA when needed.

More information about Security Defaults is included in our blog post about Microsoft Teams Security Configurations.

Microsoft Security with External User Manager

One of the most common security issues is managing external user access. As a Microsoft admin, you should consider using External User Manager to protect your environment. This tool provides a comprehensive dashboard that allows admins to control and monitor external users effectively.

With its identity and access management capabilities, you can keep your organization secure by customizing workflows and ensuring that only authorized guest users have access. The app automatically notifies users about their guests‘ access status.

External User Manager is an essential solution for any admin aiming to improve Microsoft security and efficient access management in their tenant. Book a free demo to find out how it can help you!

Get control over guests in Microsoft: