Microsoft Office 365 Security

In order to protect your IT systems, we are currently auditing your current 365 setup and implementing many improvements to your tenant.

These settings help protect your email, data and identity. We are ultimately trying to protect you from any financial loss due to scams.

1) Implemented in the first round of security updates are:

MFA
MFA number matching
Authentication methods
Audit logs
Connected applications
Contact settings
External sender tag (more info below)
DKIM
OneDrive retention
Shared mailboxes
Inactive mailboxes
SharePoint permissions
External sharing
Guest permissions
PowerShell access
Block legacy applications
Login portal branding
Risky country blocking
Risky IP blocking
External email forwarding (more info below)
Admin permissions

External sender tag

You will start to see emails originating from outside your organisation labelled with an “EXTERNAL” message.
This helps to quickly identify external emails that you should be wary of in regard to clicking on links etc.
To help stop scams, emails to your staff pretending to you will get tagged also.
Emails from co-workers won’t have this tag added.
This setting is recommended and is widely used worldwide.

If you prefer not to have this labelling occur, please let us know.

External email forwarding

If a hacker gains access to your email, then will forward your emails to an email address the control. This is so they can intercept your emails.
They do this to look for financial emails and then send fake invoices to your customers.
If you need to forward emails to an external email address please let us know.

2) Second round of security updates:

Risky attachment blocking (more info below)
Security Access Training (more info below)

Risky attachment blocking

We are seeing .HTM files being sent to our customers that contain QR codes. These QR codes link to a fake Microsoft website where you are prompted to enter your username, password and MFA code.

The fake website proxies to the real Microsoft servers to satisfy the MFA request. The hacker now has your MFA code and can login to your account.

Security Access Training

Security Access Training is critical for your users and may be a requirement of your insurance policy. If you are yet to accept our free offer of security training, I suggest you do so.

3) Implemented in the third round of security updates are:

Conditional Access Polices

Conditional Access Policies are a powerful security feature that helps organizations control access to resources based on specific conditions. Here are the key benefits:

Enhanced Security

    Enforces multi-factor authentication (MFA) only when needed (e.g., accessing sensitive apps or from risky locations).
    Blocks access from untrusted or risky devices, locations, or users.

    Context-Aware Access Control

    Policies can be based on:

    User/group
    Device state (e.g., compliant or not)
    Location (e.g., IP ranges)
    Application
    Risk level (e.g., sign-in risk detected by Microsoft)

    Protection Against Identity-Based Threats

    Helps mitigate risks like phishing, credential theft, and token replay attacks by requiring stronger authentication when risk is detected.

    Granular Control

    Allows IT admins to define fine-grained rules for different scenarios, such as:

    Allowing access only from managed devices
    Allowing access from only the countries you operate in
    Requiring MFA for all users
    Blocking legacy authentication protocols

    We are reviewing and implementing new policies to protect you from overseas hacking attempts and for enrolling users with multi-factor authentication.

    As threats change and evolve its important to add the corresponding protection to your Office 365 tenant.

    To implement these policies you need MICROSOFT NCE AZURE AD PREMIUM P1 licenses.

    Key Features of Azure AD Premium P1

    Conditional Access

    Create policies that enforce access controls based on user, device, location, risk level, etc.
    Helps protect against unauthorized access and identity-based threats.

    Multi-Factor Authentication (MFA)

    Includes MFA enforcement via Conditional Access, not just the free version.
    Supports trusted IPs, remember MFA on trusted devices, and more.

    Group-Based Access Management

    Automate user access to apps and resources using dynamic groups and group-based licensing.

    Company Branding

    Customize the sign-in pages with your logo, background, and help links.

    Security Reports & Alerts

    Gain insights into risky sign-ins, leaked credentials, and more.

    Microsoft Identity Protection (basic)

    Detects and responds to suspicious sign-in behavior.