~by Britton Manahan
While Microsoft Office 365 (“O365”) has become enormously popular as an application for businesses of all sizes, it has also created significant opportunities for cyber criminals to mount what are now known as Business Email Compromise attacks. These typically begin with fraudulent emails that are cleverly designed to gain access to email systems and thereby enable the thieves to gain an understanding of the flow of money within an enterprise – and then tap into it.
BEC attacks are costing businesses billions of dollars annually and are showing no signs of abating. With cyber thieves showing enormous agility in adapting to security measures, it is up to administrators to take measures to ensure that their O365 environments are secure. Fortunately, Microsoft includes a number of features that can be useful in strengthening defenses against attacks, including built-in logging and reporting functionality to help monitor the security of user accounts.
Yet most of the necessary work in bolstering O365 security involves a blurred mix of terminology and overlapping features that often don’t make themselves readily apparent. This is where, in our experience, administrators can get enormous value from using Windows PowerShell, a scripting language that can automate and simplify any tedious task for administrators.
The Crypsis white paper available at the link below explores some of the ways PowerShell can be used to help secure O365, with a focus on Exchange. It discusses logging capabilities, multi-factor authentication, mailbox client access settings and policies, and access rules. While a subset of these features can be applied through the administrative portal, PowerShell can make the administration and validation of them exponentially more accessible, especially for multi-domain tenants or large environments. In fact, several of the controls and features in O365 actually require the use of PowerShell.
Give it a look and let us know if you have questions.