- Enable mailbox auditing and unified audit log search
- Email authentication: SPF, DKIM and DMARC (ARC Seal is enabled by default by Microsoft)
- Eliminate legacy protocols and disable basic authentication. Instead use App Password. You can also use OAuth to configure IMAP/POP3.
For example many SharePoint developers use SharePoint Designer 2013 which don't support Office 365 Modern Authentication so you have to create App Password.
- Enable multi-factor authentication (admins and users alike)
- Disable mailbox auto-forwarding to remote domains
- Block sign-in for all shared mailboxes
- Adjust anti-spam, anti-malware and outbound spam policies
- Configure mobile device policies (ActiveSync or Office 365 MDM)
- Configure the default Alert policies
- Turn on Office 365 Advanced Threat Protection: Safe Links, Safe Attachments, Anti-Phish policy
- Protect mailboxes with a retention policy or litigation hold
- Configure modern device management & conditional access
- Block downloads from Outlook web on unmanaged devices
- Start using Office 365 message encryption features
- Configure Data Loss Prevention policy
- Configure Advanced alert policies in Cloud App Security
- OAuth notifications and review (or disable OAuth apps)
Comments
Post a Comment