In our previous security articles, we discussed some of the tools available within the Microsoft 365 suite, what Zero Trust Strategy is, and why it’s important. In this article we will be running through how joint Microsoft and NCSC guidance recommends that you secure your Microsoft 365 environment.
Following the publication of the NCSC’s 14 Cloud Security Principles documentation, Microsoft created a very detailed response on how this can be implemented in Office 365. Microsoft also created a document detailing the level of protection based on the configuration that you implement, graded from Good to Better to Best.
The NCSC have recommended that organisations implement all configuration labelled as ‘Good’ in this Microsoft guidance as a minimum.
Some of the key identity security guidance proposed by the NCSC and Microsoft include the below points:
These are some of the simplest security features to roll out to your organisation that make the biggest impact in securing your environment. MFA alone prevents over 99% of account breaches, used in conjunction with blocking Legacy Authentication with Conditional Access, and Password Protection policies – you have a robust identity security solution with very minimal effort Cloud-Native Authentication (Hybrid Environments).
We have a lot of experience with helping companies integrate their on-premises solutions to the cloud with Microsoft 365. In a lot of these scenarios, companies will keep their on-premises AD intact and synchronise identities to Azure AD. In this type of Hybrid solution using AAD Connect, the recommendation now is to use Seamless Single Sign-On with Password Hash Sync. This means that Azure AD is handling the authentication for users – and this means that additional security features available with Microsoft 365, such as Conditional Access and Azure MFA, can be used fully to increase the security of authentication.
Some people may have reservations in doing this as they see it as potentially not being secure as continuing to use on-premises AD as the primary source of authentication. But this is false! Here are some of the key reasons why:
Covered in the Microsoft Guidance article, they recommend implementing a more "holistic identity-centric Conditional Access approach". We completely agree with this and believe this to be the perfect opportunity for using a Zero Trust approach when it comes to Identity. The Microsoft line of ‘identity is the new control plane’ is not new, but we continually see customers who have been breached because they went with default settings. Equally, we see when Conditional Access has stopped breaches.
According to research conducted by IBM in 2019, the average total cost of a data breach is $3.92 million.
An Azure AD Premium P1 which can be used to implement the above key security features costs £4.50 per user per month.
For those unfamiliar with Zero Trust – please refer to our previous article.
We strongly recommend that everyone should start thinking about all their security with a Zero Trust mindset and approach, especially those of which use the cloud. Microsoft 365 contains all the necessary tools to be able to maximise your security with Zero Trust and Identity is a perfect first step.
If you would like to know more about Zero Trust Identity – we do have a solution for this. You can find out more here.