Jack Bloke
asked on
O365 security suggestions and best practice.
Wanted to get some assistance with O365 security. How can I do so and maybe with the help of some CBT's? Any recommendations?
I'd like to be able to analyze a file/attachment, how do I do so?
I'd like to be able to verify the alerts and so forth, in general.
I'd like to be able to analyze a file/attachment, how do I do so?
I'd like to be able to verify the alerts and so forth, in general.
review the Microsoft 365 secure score
https://docs.microsoft.com/en-us/office365/securitycompliance/office-365-secure-score
it will lead you to things you need to secure
as said, there are tons of security logs available in different portal, you need to be specific.
https://docs.microsoft.com/en-us/office365/securitycompliance/office-365-secure-score
it will lead you to things you need to secure
as said, there are tons of security logs available in different portal, you need to be specific.
ASKER
I basically wanted to verify is an attachment is malware, but don't know where begin this process or the process at all. We also constantly receive phishing email and would like to very this as well.
Your question is not entirely clear. Please have a look at these white papers
https://docs.microsoft.com/en-us/office365/securitycompliance/anti-spam-and-anti-malware-protection
https://docs.microsoft.com/en-us/office365/securitycompliance/office-365-malware-and-ransomware-protection
https://docs.microsoft.com/en-us/office365/securitycompliance/anti-spam-and-anti-malware-protection
https://docs.microsoft.com/en-us/office365/securitycompliance/office-365-malware-and-ransomware-protection
Jack:
Office 365 is a cloud system, so you don't need to do the heavy lifting to analyse whether it is malware or not. If it is malware, it will be be found the EOP
if it slip through (because there is no match of the signature), then Office 365 offers ATP (advance threat protection) that will open the file in a sandbox and do additional scan. This will make sure it is work accordingly.
This is not saying it is a bullet proof solution. the last defense is human; Educate your user not open any attachment that sound fishy, even coming from user they deal with. thats need education.
Phishing email is the same. Microsoft have Office 365 anti-spoofing policy.
If you just want the solution work, look up the ATP and anti-spoofing policy then you should be fine.
IF you have a specific technical issue, we definitely can help.
https://docs.microsoft.com/en-us/office365/securitycompliance/anti-spoofing-protection
Again, this is how long a piece of string you need this for.
Office 365 is a cloud system, so you don't need to do the heavy lifting to analyse whether it is malware or not. If it is malware, it will be be found the EOP
if it slip through (because there is no match of the signature), then Office 365 offers ATP (advance threat protection) that will open the file in a sandbox and do additional scan. This will make sure it is work accordingly.
This is not saying it is a bullet proof solution. the last defense is human; Educate your user not open any attachment that sound fishy, even coming from user they deal with. thats need education.
Phishing email is the same. Microsoft have Office 365 anti-spoofing policy.
If you just want the solution work, look up the ATP and anti-spoofing policy then you should be fine.
IF you have a specific technical issue, we definitely can help.
https://docs.microsoft.com/en-us/office365/securitycompliance/anti-spoofing-protection
Again, this is how long a piece of string you need this for.
ASKER
Thank you all for your very valuable input!
What would the next step be if a particular user clicks on a specific URL or opens/downloads a file or even sends an email back to the user (phishing email)? Lately, I've been running Malwarebytes as well as running Windows Malicious removal tool.
What would the next step be if a particular user clicks on a specific URL or opens/downloads a file or even sends an email back to the user (phishing email)? Lately, I've been running Malwarebytes as well as running Windows Malicious removal tool.
You can try uploading the attachment and the url to virustotal for scanning.
https://www.virustotal.com/#/home/upload
https://www.virustotal.com/#/home/url
Malwarebytes has endpoint security suite that has anti malware, anti exploit and anti ransomware. In any case, you should be AV scanning the machine for any findings. Include any portable storage media used.
Also make sure that your logon account has a strong password I.e. passphrase of minimum length of 12 alphanumeric. Don't reuse the same password for all various accounts and consider changing them to err on safe side if suspected anomaly is observed in the use of the online services logon. Consider use of 2FA for those account.
https://www.virustotal.com/#/home/upload
https://www.virustotal.com/#/home/url
Malwarebytes has endpoint security suite that has anti malware, anti exploit and anti ransomware. In any case, you should be AV scanning the machine for any findings. Include any portable storage media used.
Also make sure that your logon account has a strong password I.e. passphrase of minimum length of 12 alphanumeric. Don't reuse the same password for all various accounts and consider changing them to err on safe side if suspected anomaly is observed in the use of the online services logon. Consider use of 2FA for those account.
i will basically use Office 365 ATP for attachment sandboxing and URL rewrite.
It will scan the URL at the time you click and attachment sandbox
IF it is make your way, you can also report phishing back to Microsoft to improve their service.
My windows defender hasn't pick up anything for long while as there are so many protection
Ref:
https://docs.microsoft.com/en-us/office365/securitycompliance/office-365-atp
https://docs.microsoft.com/en-us/office365/securitycompliance/atp-safe-links
https://docs.microsoft.com/en-us/office365/securitycompliance/atp-safe-attachments
https://docs.microsoft.com/en-us/office365/securitycompliance/submit-spam-non-spam-and-phishing-scam-messages-to-microsoft-for-analysis
https://docs.microsoft.com/en-us/office365/securitycompliance/enable-the-report-message-add-in?redirectSourcePath=%252farticle%252f4250c4bc-6102-420b-9e0a-a95064837676
It will scan the URL at the time you click and attachment sandbox
IF it is make your way, you can also report phishing back to Microsoft to improve their service.
My windows defender hasn't pick up anything for long while as there are so many protection
Ref:
https://docs.microsoft.com/en-us/office365/securitycompliance/office-365-atp
https://docs.microsoft.com/en-us/office365/securitycompliance/atp-safe-links
https://docs.microsoft.com/en-us/office365/securitycompliance/atp-safe-attachments
https://docs.microsoft.com/en-us/office365/securitycompliance/submit-spam-non-spam-and-phishing-scam-messages-to-microsoft-for-analysis
https://docs.microsoft.com/en-us/office365/securitycompliance/enable-the-report-message-add-in?redirectSourcePath=%252farticle%252f4250c4bc-6102-420b-9e0a-a95064837676
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Alerts for what? There are tons of those in O365, you have to be more specific.