Microsoft Azure and 365 Security Basics

Financial Institutions that employ Microsoft 365 (also known as M365 and formerly branded as Office 365) are in the Cloud, and therefore, face a growing number of cyber threats. Consider this: The FBI’s Internet Crime Complaint Center (IC3) has seen a 400-percent increase in cybersecurity complaints since the pandemic started.

The surge in cybercrimes means financial institutions that use M365 need to focus on protecting their assets in the Cloud. Our CloudInsight™ M365 Security Basics makes it easy and affordable for institutions to start the process. M365 Security Basics provides visibility into security settings for Microsoft Azure Active Directory (Azure AD) and M365. Banks and credit unions can leverage this multi-faceted solution to get ahead of cyber threats and enhance cloud security.

Importance of Customizing Your Azure AD and M365 Settings

Your financial institution likely has a Microsoft tenant with Azure AD, whether you realize it or not. This is partly because every exchange online and M365 implementation requires the creation of a Microsoft tenant and Azure AD, even if the services are managed through a third party. There are also many other scenarios requiring the creation a Microsoft tenant, making it rare for most institutions not to have one.

It is important to understand whether you have a Microsoft tenant with Azure AD because the tenant belongs to your institution—not the licensing reseller—it is your obligation to know how to manage the security settings in these systems, including Azure AD, M365, and Exchange Online. This can be challenging because Microsoft’s default settings might conflict with your institution’s security and compliance requirements. Therefore, you must customize these settings to create more sophisticated and appropriate security, identity, and compliance policies for your institution. This should entail building policies around what users are allowed to do, what your institution’s risk assessment defines, what your institution’s compliance policies dictate, and what users will tolerate.

Once your institution has sufficient policies in place, it is essential to monitor for exceptions with reporting and alerting. And with the proper license, you can further enhance cloud security by optimizing the settings for Azure AD Premium P1, Intune, and Azure Information Protection.

How M365 Security Basics Can Help

Microsoft is constantly adjusting its platforms and automatically enabling new features to adapt to an ever-evolving security environment, making it difficult for banks and credit unions to keep up. Partnering with a value-added technology expert like Safe Systems can help you better manage your M365 tenant. Our M365 Security Basics service identifies cloud security blind spots and common risks such as compromised user accounts, enabled insecure protocols, and targeted phishing or SPAM attacks.

M365 Security Basics key services:

• Reporting – Collects Microsoft data that may not be readily available to institutions and assembles it in a user-friendly format
• Alerting – Delivers notifications for the most common indicators of compromise in Microsoft M365 tenants
• Quarterly reviews – Provide a vital, objective look at M365 Security Basics reports to help institutions determine the optimal security settings for their requirements

The Importance of MFA

An invaluable security control financial institutions should also consider implementing is multi-factor authentication (MFA). MFA applies a combination of factors to validate people’s identity before giving them access to sensitive data, account information, and other assets. MFA offers effective, low-cost protection against cyberattacks and other threats; and not implementing this security feature in Azure AD is risky. According to Microsoft, 99.9 percent of account compromises can be blocked with MFA, but the overall MFA adoption rate we have seen in the financial industry is only around 46 percent.

The bottom line: Microsoft is constantly enabling and disabling features in Azure AD and M365—, therefore, financial institutions must be able to manage the complexities of optimizing their security, identity, and compliance settings. To learn more about how your institution can customize Azure AD and M365 settings to enhance cloud security, read our “Azure and M365 Security Basics” white paper.