I often speak with customers who have existing Microsoft online tenancies, configuration, resources and security controls that have been configured in a manner to suit a particular projects pre-requisites (e.g. an Office 365 Pilot).
In some instances, there are long-term implications from these initiatives that have been overlooked.
Even if the implementation at the time was deemed best practice, keeping up with the pace of change within Microsoft Cloud technologies means that best practice is far from a static state.
This article is intended to provide an overview on three specific tools you have at your disposal. These tools will help you make a more informed decision on an appropriate course of action, and are to be used as a part of a wider security strategy and framework.
Let’s break down the three items we will be diving deeper on:
Microsoft offers the Secure Score service as a complimentary feature, which is available to all Office 365 customers.
Secure Score analyses the services currently in use (e.g. OneDrive, SharePoint, Exchange Online), and performs an analysis on your settings and activities, and compares them to a baseline established by Microsoft. Your Office 365 tenant is then subsequently stacked against your peers in terms of how you compare, and where you can improve.
After the Secure Score service has finished running its analysis, a score is presented (as shown below) with a subsequent ‘call to action’ on tasks to improve your Secure Score. It’s unlikely you will want to action all recommendations within your environment, however by looking at the severity and the effort to implement, it is likely that you will find some valuable recommendations – such as enabling multi-factor authentication (MFA) for administrative accounts.
To get started with Secure Score, head on over to securescore.office.com.
Keep in mind, this just a minor component of addressing security within Office 365 and is a great introduction to some of the advanced offerings found within Microsoft Enterprise Mobility and Security.
Continuing on the self-assessment and recommendation path provided by Secure Score for your Office 365 tenancy, let me introduce Azure Advisor. Azure Advisor is a personalised recommendation engine that provides proactive, best practice guidance for optimally configuring your Azure resources.
Azure Advisor performs analysis on your resource configuration and usage to provide recommendations to reduce costs, improve the performance, security, and reliability of your applications.
The recommendations are provided within the following four categories:
The results from Azure Advisor can open a number of questions around your current implementation:
Whilst understanding the recommendation from Azure Advisor is one hurdle to cross, the next is to execute on the tasks required to action the recommendation. Azure Advisor aims to address this by providing step-by-step suggested actions to follow to allow you to achieve this.
Azure Advisor can be accessed now through your Azure Portal. Even if it is just a sanity check or a bit of self-validation on services you have deployed, it is worthwhile checking out.
Azure Security Center helps you prevent, detect, and respond to threats with increased central visibility into and control over the security of your Azure resources. It provides integrated security monitoring and policy management across your Azure subscriptions, helps detect threats that might otherwise go unnoticed, and works with a broad ecosystem of security solutions. Let’s break it down at a high level.
Microsoft Azure Security Center provides a number of preventative controls out of the box, monitoring the security state of all Azure resources.
Security policies are configured to check for risks, such as systems that are out of date and haven’t been patched, current OS vulnerabilities, endpoint protection configuration and incorrect network security groups. Once the policies are configured, you will be presented with a list of recommendations and appropriate steps to remediate the issue. Users can also deploy services from other vendors, such as security appliances, right from inside the Security Center.
Threat detection is driven by advanced analytics systems within Azure, Machine Learning is utilised to perform next-generation threat detection, rapidly adapting to thwart evolving attacks. Over time, Microsoft Azure Security Center’s threat detection technology understands each system and user patterns and can make intelligent recommendations based on prior activity and abnormalities within these patterns. Users can also collect and analyse security data from Azure resources, and tap into external resources such as the Microsoft Security Response Center to identify vulnerabilities and security issues.
Microsoft Azure Security Center provides the following response mechanisms:
One common example is Remote Desktop Protocol (RDP) attacks on Windows servers. When the network security group allows access to that protocol (TCP port 3389) from any source, it’s not uncommon to see a large number of attacks against that service. Microsoft Azure Security Center identifies this, and provides guidance on how to secure your network security groups with ingress rules that restrict access.
If this is the first you have heard of Azure Security Center or you have been meaning to define that first policy to get started, set yourself a few minutes after reading this and head on over to Azure Security Center. Given the current security landscape, it is imperative to assess your current risk levels and current configuration – you may be surprised at what you may pick up.
For some additional reading on the stages of a security attack and how this relates to Azure Security Center, I highly recommend checking out the following blogs:
Azure Security Advisor comes in two tiers – Security policy, assessment and recommendations are free of charge and can be accessed now through your Azure Portal. Refer to the pricing details for further information.
To summarise, Microsoft has given a number of tools to help asses and summarise potential security risks to your Office 365 or Azure tenancies. These are basic ways to check potential security and misconfiguration issues.
For more information, feel free to connect with me on LinkedIn.