While Microsoft Office 365 (“O365”) has become enormously popular as an application for businesses of all sizes, it has also created significant opportunities for cyber criminals to mount what are now known as Business Email Compromise attacks.
Fortunately, Microsoft includes a number of features that can be useful in strengthening defenses against attacks, including built in logging and reporting functionality to help monitor the security of user accounts. In our experience, administrators can get enormous value from using Windows PowerShell, a scripting language that can automate and simplify any tedious task for administrators.
The Crypsis white paper available at the link below explores some of the ways PowerShell can be used to help secure O365, with a focus on Exchange. It discusses logging capabilities, multi-factor authentication, mailbox client access settings and policies, and access rules. While a subset of these features can be applied through the administrative portal, PowerShell can make the administration and validation of them exponentially more accessible, especially for multi-domain tenants or large environments.