The Alert policies in O365 are an often overlooked or underestimated security feature for indicators of compromise (IOC). They enable especially administrators for smaller tenants to supervise their environments on a critical level in terms of security events. As part of a multilevel defense the O365 Alerts add a lot value, as they are easy to setup and part of every O365 and therefore free of additional costs.
Read more...This part is focused once again on mail traffic and its attack vectors. Specifically, I wanted to tag all incoming mails in Office 365 Exchange, which are not coming from trusted domains. This is really easy to implement with Exchange Online rules and doesn’t even require any kind of powershell knowlegde, so every O365 should have implemented this policy in their environment.
Read more...How you do implement basic security policies for your company’s Office 365 system? As mail systems are usually the main target for your average cyber criminals, a quick strategy was needed to harden the first line of defense against this attack vector. The measures I came up with are luckily not any kind of rocket science and easy to implement even by not so experienced O365 admins, as they are well established and around for quite a while by now. But they are a great way to harden your network and protect your users against cyber criminals with just a few hours of work. This is a three part series, starting with how to implement DMARC for your Office 365 Exchange Server.
Read more...
