According to a Vectra survey, 71% of businesses using Microsoft 365 suffered an average of seven account takeovers in 2020.
IT leaders moving to Microsoft 365 assume that the platform offers out-of-the-box protection. But many essential security components — like conditional access policies, multi-factor authentication, and data loss prevention — are disabled by default or require additional configuration to work.
That’s because each organization has its own hierarchy, structure, and compliance needs. Microsoft’s built-in security defaults offer a decent framework to build upon, but they’re not production-ready as is.
So, how do you get it to production stage? For most IT teams, it involves poring through thousands of security settings across hundreds of screens to configure each tenant manually. But this process is error-prone, with limited visibility in case there’s an incident.
There’s a better way to handle security configuration in Microsoft 365. You can create a baseline to serve as a starting point, then roll it out across all your organization’s tenants. Here’s how.
This article covers:
Microsoft 365 security baselines are pre-configured groups of security settings and best practices that organizations can use as a starting point to secure their cloud environment.
Security baselines cover a wide range of Microsoft 365 services and apps, including:
Each baseline contains settings that have been tested and validated based on feedback from leading experts in cloud security. They offer organizations a way to quickly apply best practices without having to research each setting manually.
Under the hood, security baselines use native configuration capabilities in Microsoft 365 to apply and enforce the recommended security settings. This is an example of "configuration-as-code", where the desired state of the environment is defined in a structured format and then automatically applied.
Microsoft 365 security baselines cover a wide range of apps, modules, and security settings to help organizations quickly apply best practice configurations. Apart from covering Azure AD, Intune, and Office 365, it also includes configuration options for Microsoft Teams, SharePoint, Exchange Online, etc.
Here are 5 important ways a baseline can enforce better Microsoft 365 security, based on real-life use cases and scenarios:
One of the most effective ways to prevent unauthorized access to Microsoft 365 accounts is to enable multi-factor authentication (MFA) for all users, especially those with administrative roles.
MFA requires users to provide an additional form of verification beyond just a password, such as a code from a mobile app or a fingerprint scan. This significantly reduces the risk of account compromise due to stolen or guessed passwords. Security baselines can enforce MFA across the organization and ensure that it is consistently applied to all users.
Microsoft Defender for Office 365 provides advanced threat protection for email, documents, and collaboration tools. Security baselines can enable and configure key policies like safe links and safe attachments to boost Defender.
Safe links protect users from malicious URLs in emails and documents by scanning them in real-time and blocking access if a threat is detected. Safe attachments, on the other hand, quarantine suspicious email attachments and analyze them in a secure environment before delivering them to users. Together, these policies significantly reduce the risk of phishing attacks and malware infections.
Securing end-user devices is critical to protecting the overall Microsoft 365 environment. Security baselines can be used to deploy a consistent set of Windows 10 and 11 security configurations to all managed devices via Microsoft Intune.
This includes settings like enabling BitLocker disk encryption, configuring Microsoft Defender Antivirus with cloud-delivered protection, and enforcing a strong Windows Update policy. By ensuring that all devices meet a minimum security standard, baselines reduce the risk of compromise and data loss from endpoint vulnerabilities.
Attack surface reduction (ASR) rules in Microsoft Defender for Endpoint are a powerful way to prevent common attack techniques used by malware and hackers.
ASR rules can block executable content from email attachments, restrict scripts from downloading payload from the Internet, prevent Office apps from creating child processes, and much more. Security baselines can enable a carefully tested set of ASR rules that provide strong protection without interfering with legitimate user workflows. This proactively hardens endpoints against a wide range of threats.
Comprehensive logging and auditing are essential for detecting and investigating security incidents in Microsoft 365. Security baselines can enable unified audit logging in the Microsoft 365 compliance center, which centralizes activity logs from across Exchange Online, SharePoint Online, OneDrive, Azure AD, etc.
This provides visibility into admin actions, user actions, mailbox access, file modifications, permission changes, and more. With unified audit logging, security teams can more easily detect suspicious behavior, identify compromised accounts, and respond to threats in a timely manner.
Microsoft isn’t the only source for obtaining security baselines for Office 365. Different vendors, agencies, and organizations release their own security baselines too. Depending on your requirements you may find one of them more suited to your needs than the others. For example:
When you’re an IT lead for a large enterprise, manually configuring each tenant across multiple departments and locations can quickly become impractical. Thankfully, there’s a better way.
By using CoreView, you can roll out security baselines at the click of a button. You can also monitor them, audit them, and customize them as per your needs. All of this is possible with minimal human intervention, plus you can always keep an eye on things using our intuitive no-code platform. Here’s how it works:
By using CoreView, you can save time, reduce risk, and free up resources to focus on other strategic priorities. Ready to take the first step toward automated baseline management for Microsoft 365? Sign up for a demo with CoreView.
