On November 17th, Microsoft announced a new feature for Microsoft Teams – sign language view. This accessibility update improves the Teams meeting experience for signers by allowing users to keep selected users in centre stage, ensuring interpreters remain in a consistent location throughout every meeting.

Sign Language view makes several changes to improve accessibility for the Deaf and/or hard of hearing, including:

  • Keeping interpreters and other signers ‘video feeds in a consistent location
  • Ensuring that video feeds are an appropriate shape and size for sign language to be visible
  • Allowing participants to have up to two other signers in view throughout each meeting
  • Reducing repetitive meeting setup tasks like pinning interpreters and turning on captions at the start of each meeting.

With sign language view enabled, video streams are automatically prioritised at the highest available image quality and the correct aspect ratio. Like pinning and captioning, the sign language view does not affect other members in the meeting and can adapt to your needs.

The sign language view allows video feeds of the individuals you have assigned to stay visible on centre stage if their video is turned on. Other meeting members can also be pinned or spotlighted without blocking the view of the sign language interpreter.

Teams Sign Language Interpreter

Microsoft Teams: Sign Language View

When a member of a meeting shares content such as a presentation, the prioritised sign language interpreter’s video changes position, however, it remains more prominent than other video feeds and remains at high quality.

Microsoft Teams Sign Language View Presentation

Microsoft Teams, Sign Language View prioritised even when presenting

Microsoft has also allowed users to:

  • Set sign language view as a default across all their meetings
  • Pre-identify preferred signers that work within an organisation
  • Toggle captions on and off across all their meetings.

Users can find these options in the new Accessibility panel in the setting menu.

Accessibility Settings in Microsoft Teams

Accessibility Settings in Microsoft Teams

To find out more, read the article from the team at Microsoft, and learn more about Microsoft team accessibility features and how to use the sign language view feature.

The sign language view accessibility feature was initially released in Public Preview and is currently being rolled out for the Teams desktop application and web clients for commercial and GCC customers. You can enable public preview on a per-user basis. To find out how to enable the feature check out Microsoft Teams Public Preview in Microsoft Learn.

For advice on making Microsoft Teams work for your organisation, contact GCIT today

8 ways to improve the security of your personal data - GCITS Gold Coast

In 2022 we are online more than ever before, and many services that were previously done in person, such as banking, booking appointments and paying bills, are now completed through websites or mobile applications. As a result, the risk of cyber-attack has never been higher.
In the circumstances surrounding the Medibank and Optus hacks, there is not a lot that current and previous Optus customers could have done to prevent the exposure of their personal data. However, some steps can be taken to minimise the risk of exposing confidential data.

1. Use Antivirus Software

An often-overlooked step antivirus is an essential piece of software that can reduce malware attacks on your system. Once installed, you can let it run in the background, and it will automatically conduct malware scans and removal. Most antivirus can also offer several other features, including scanning removable devices such as USB drives, blocking spam websites and advertisements and detecting spyware.

While paid 3rd party antivirus software such as Bitdefender and McAfee can achieve the best results by activating and using Microsoft Security features, you can still get a fundamental level of protection. For Business, Microsoft 365 Defender is also a great choice to detect, manage and remove cyber security threats from your devices.

2. Protect your devices with strong passwords

It is good practice to password-protect your digital devices, including computers, tablets, and mobile devices, through strong, unique passwords. These devices can hold some of your most personal information as they now have access to everything from email accounts, social media accounts, banking apps, and an assortment of other information. If these devices fall into the wrong hands, a strong password will make it harder to access your device.

When creating your passwords, use a mix of symbols, numbers, and letters. Don’t use easy-to-guess passwords such as ‘123456’ or ’password’ or include information such as your birthdate or home address. This may sound like common knowledge, but research suggests that there is still a worrying amount of people using these easy-to-guess passwords. Make sure to use different passwords for different accounts. If you use the same password across multiple accounts and a hacker gains access to one account, it may compromise many others.

3. Set-up Two Factor Authentication on your Accounts

In addition to using strong passwords, two-factor authentication further improves your security. In a worst-case scenario, where your login details are compromised, a potential hacker will be blocked from accessing your data as they will still need to use an additional authentication method.

Many financial applications, online accounts and government logins now have two-factor authentication as standard or have the option to activate it. You can either get your authentication code via an app such as Google Authenticator, which creates time-based codes that renew every few seconds, gain a code via an email or get an SMS code directly to your mobile.

4. Learn to identify and avoid phishing scams

According to the ACCC (Australian Competition & Consumer Commission), Phishing scams are ‘attempts by scammers to trick you into giving out personal information such as your bank account numbers, passwords and credit card numbers.

These scams often pass off as legitimate businesses such as internet service providers, banks, or energy companies and try to gain your personal data by asking to confirm your details, login to your account or alert you to ‘unauthorised or suspicious activity on your account.’

As a rule, it is a good idea to never open emails from people you don’t know, and don’t download email attachments without knowing what they are. Never give out personal information when contacted by a business, bank or other entity and make sure your email spam filters detect phishing attempts.

Phishing scams may also appear as fraudulent websites, disguised to look the same as a legitimate website such as a bank, government agency or online shop. These are designed to gain your information, such as credit card information, login details, and personal addresses. Before you enter any personal data onto a website, be sure to check that it is legitimate. Signs of a legitimate website are an SSL certificate, a padlock icon, a green bar, or HTTPS at the beginning of the URL. Never enter personal information into a website accessed via a suspicious link from an email, SMS or social media message.

5. Setup alerts through your bank

Fraud alerts can be set up through your online bank account through emails, text messages or a phone call if your bank suspects suspicious activity may have occurred on your account.
Some banks, such as Commonwealth bank, also allow you to temporarily lock the use of credit cards if they have been lost to stop unauthorised use of your account. These measures have the ability not just to protect you against fraud but to save you money as well.

6. Follow the news to learn about data breaches.

As we have found in recent months, hackers don’t just target individuals. One of the ways your data can be compromised is when it is handled by a 3d party that becomes the target of a cyber-attack. Like the situation with Optus and Medibank, hackers will also try and often succeed in infiltrating businesses, government agencies, higher education institutions, health care facilities and any other organisations that gather personal or sensitive information.

When an organisation is subject to a data breach, they are legally required under the Privacy Act 1988 to notify affected individuals and the OAIC (Office of the Australian Information Commissioner). However, these situations can change rapidly, as seen with Medibank; initially, it was not known that personal medical history had been compromised. However, as the story developed, it was revealed that all customer personal data had been compromised. This is an example of why it is essential to keep informed about data breaches that may affect you, so you can be prepared to update or change any personal information or passwords asap.

To see the latest alerts, you can follow the ACSC (Australian Cyber Security Centre) on Facebook and Twitter, check out their alerts page on the website and sign up for email alerts.

7. Keep your devices and software updated.

Hackers will often try to exploit flaws in software and operating systems. They are looking for vulnerabilities they can use to insert malicious code. Microsoft and Apple regularly update operating systems with security patches, closing these vulnerabilities as they are found. Keeping your operating system and software up to date reduces how a hacker can access your device. As a best practice, updates should be applied within two weeks of release or 48 hours if a security exploit exists.

8. Use the GDPR (General Data Protection Regulation) to your advantage.

Many companies operating outside of Australian borders or with customers within the European Union must follow the GDPR. As a result, you may be able to get international companies such as Apple and Microsoft to delete your personal data based on this compliance. Be prepared for rejection however, as European Union laws do not apply to Australian Citizens, and companies can deny your request on this basis.

Not all security breaches can be prevented but taking steps to avoid violations and cyber-attacks can reduce the chances of them occurring and better protect your personal data in the long run, potentially saving you from the stressful or costly consequences of a cyber-attack.

 

At GCIT, we are specialists in providing Cyber Security services to numerous businesses across Queensland and New South Wales. Our Award-winning cybersecurity experts can take the stress out of IT Security and make sure your data is secure.

Contact GCIT to find out how we can help your Business protect against cyberattacks.

Microsoft 365 website - GCITS Gold Coast

Microsoft has recently announced that it will be changing the Microsoft Office software package and giving it a new name: Microsoft 365. According to the FAQs on the Official Microsoft website, several changes will be happening over the next few months. Office.com, the Office mobile app, and the Office app for Windows will be rebranded to Microsoft 365, with a new icon look and features to come.

These changes will begin rolling out for Office.com in November 2022 (next month), and the changes to the Office app on Windows and mobile with an update in January 2023. There will be no impact on any existing account, profile, subscriptions, or files you currently have with Microsoft Office. The apps will automatically update with the new icon and name from November.

As a part of Microsoft 365, customers will be able to continue to get access to apps such as Word, Excel, PowerPoint, and Outlook. Microsoft is also continuing to offer one-time purchases of those apps to consumers and businesses via Office 2021 and Office LTSC plans. There will also be no changes to Office 365 subscription plans.

This change has been a slow progression that started in 2020, with Microsoft rebranding some of its Office 365 plans to Microsoft 365. The new branding originally started as a subscription package for businesses with an enterprise Windows 10 and Office 365 bundle. Microsoft has since gradually moved all their office applications under the Microsoft 365 branding.

This rebranding is another example of Microsoft branching out and offering more services and applications that don’t fit strictly into the ‘Office’ branding, including providing cloud services, apps such as Clipchamp, and Microsoft Family Safety, with new changes to be expected in the future. Find out more about this change by visiting the new microsoft365.com website.

Many companies are allowing staff to work from home and remote indefinitely, raising questions about how they can protect work data on personal or uncontrolled devices.

As IT experts for working remote Gold Coast IT Support offer the following information to help.

Because we can lose company data in a variety of ways across different devices, we need to apply a variety of protection measures. Let’s take a look at the features in Microsoft 365 that can allow companies to protect their data while users are working remotely.

Use Mobile Application Management

Despite the name, mobile application management doesn’t just apply to mobile devices, it can also protect Windows 10 devices. Mobile Application Management policies can protect company data on both managed and unmanaged devices.

It works by applying protections to the apps your teams use to access company data, like Outlook, Teams, OneDrive and SharePoint.

You can enforce restrictions on these apps to prevent data being saved, cut, copied or pasted.

Mobile Application Management Prevent Copy Paste

You can also require a PIN when the app starts or block the app from running on a jailbroken phone or tablet.

Mobile Application Management Pin Code

This feature can be used to selectively wipe company data from a users device, without affecting their personal files. This is handy for organisations where staff use their personal computers and mobile devices to access company information remotely.

Mobile Application Management Wipe Device

Set up conditional access policies

We can use Conditional Access to enforce restrictions on non-compliant or unmanaged devices. Such as blocking access entirely, or preventing particular actions like stopping users from saving attachments in Outlook on the web or syncing files to OneDrive

We can apply these protections in other ways to apps like OneDrive and SharePoint. Preventing users from syncing data to their personal devices by either blocking access or only allowing limited web only access

SharePoint Prevent Access From Unmanaged Device

Expert IT advice for working remotely

Use Cloud App Security to protect data on third-party apps

These protections don’t just relate to Microsoft 365 apps like OneDrive, SharePoint and Outlook; we can use Microsoft Cloud App Security to apply additional protections to apps like Dropbox Business too. Applying protection to a third-party app like Dropbox Business can prevent users from downloading your company data to unmanaged devices.

Control Dropbox Access Unmanaged Device

Apps like Dropbox Business also provide their own security measures, allowing you to block access and wipe company data when a device next comes online.Wipe Dropbox Device Remotely

Configure idle session time outs

To lessen the likelihood of the wrong people accessing company information on a shared device, we can configure idle session time outs. These will sign users out after a period of inactivity, just like your bank does.

Enable SharePoint Idle Session Timeout

Get alerts on suspicious activities

Cloud App Security includes built-in alerts that trigger on potentially suspicious activities. We can use these to get notified about things like mass deletions, mass downloads and unusual volumes of external sharing

Enable Cloud App Security Alerts

Protect sensitive data with Data Loss Prevention

We can use data loss prevention to restrict or impose conditions on the sharing of sensitive information. These policies can trigger on certain keywords like project names or sensitive information types like credit card numbers, driver’s license details or tax file information. Once a file containing this info is detected, it can display a warning, be blocked from being sent or have encryption applied.

Use Data Loss Prevention

Using Cloud App Security, we can apply additional data loss prevention measures to third party apps like Box and Dropbox Business

Use Sensitivity Labels

But what happens if this all fails, and someone downloads company data to a personal, unmanaged device. To protect against this, we can apply sensitivity labels. These labels define how sensitive a particular piece of content is and in turn can enforce protections on our data. What’s more, these protections apply no matter where it ends up. These baked-in protections can limit who can access the file and what they can do with it. Preventing the wrong people from opening, copying, saving, forwarding or printing sensitive documents or emails.

Protect Data With Sensitivity Labels

In many cases, these protections can be applied automatically by scanning for those same keywords and sensitive information types that data loss prevention uses.

Automatically Classify Content With Sensitivity Labels

As you can probably tell by now, there’s a lot you can do to protect your sensitive data when people are working from home. If you need help with any of this, reach out to us below.

  • This field is for validation purposes and should be left unchanged.

 

Org-Wide Teams in Microsoft Teams let you create a single Microsoft Team that includes all internal users in your organisation. However, Microsoft recommends that you make some changes to the team’s settings to cut down on excess noise and notifications.

What is an Org-Wide Microsoft Team?

An Org-Wide team in Microsoft Teams is just a team that includes everybody in your organisation. Its member list will automatically update as users come and go, and while it currently supports up to 1000 users, there are plans to increase this limit.

How do you create an Org-Wide Microsoft Team?

Creating an org-wide team is quite simple, just choose the Org-Wide team option from the drop-down when creating a new team at https://teams.microsoft.com

Create An Org Wide Microsoft Team

What are some best practices for Org-Wide Microsoft Teams?

If you have a lot of users in your organisation, these types of teams could quickly become very noisy and distracting.

To reduce excess notifications and noise, Microsoft have some best practice recommendations.

Only let team owners post on the General channel

  1. You do this under Manage teamManaging A Microsoft Team
  2. Click Settings, then Member permissions, then select Only owners can post messages.Microsoft Teams Only Owners Can Post In Org Wide Teams General Channel

Disable @mentions for the whole team

You’ll probably want to disable @mentions for the whole team, since that can send a notification to up to a thousand people at once.

  1. You can do this do this under Settings, @mentions, Show members the option to @team or @[team name].

Dont Allow @Mentions In Org Wide Microsoft Teams

 

Automatically favorite important channels

Switch to the channels tab and tick Auto-favorite on the channels you would like to show up by default.

Auto-favourite Microsoft Teams Channels

Also note that while the video above states that the feature is still in development, it has since been marked as launched.

 

What Is Microsoft 365 Business Premium

On April 21, 2020, Microsoft rebranded it’s small and medium business Office 365 products to Microsoft 365. This resulted in a name change for the popular Microsoft 365 Business product as well, which is now called Microsoft 365 Business Premium. GCITS provide Office 365 Support on the Gold Coast and Brisbane.

Note that the pricing and makeup of the plans haven’t changed, just the names.
Previously calledNow calledWhat it has
Office 365 Business EssentialsMicrosoft 365 Business BasicCloud Services
Office 365 Business PremiumMicrosoft 365 Business StandardCloud services and desktop apps
Microsoft 365 BusinessMicrosoft 365 Business PremiumCloud services, desktop apps and advanced security

We’ve been advocates of Microsoft 365 Business Premium for a while now. We believe it’s the best value Microsoft 365 product around for businesses with under 300 users. As providers of Micorsoft 365 support here on the Gold Coast and Brisbane, we can assist you in the easy management of this terrific resource.

Want to know how to protect your data in Microsoft 365 Business Premium? Download our free guide to learn what features to switch on.

 

So why do we think you should go with Microsoft 365 Business Premium over Basic or Standard?

For us, it comes down to the Microsoft 365 Business Premium’s advanced security and compliance features.

Security and Compliance features of Microsoft 365 Business Premium

Microsoft 365 Business Premium includes advanced security features that are not present in the lower tier plans. These include:

Malware and Phishing protection with Office 365 Advanced Threat Protection

Microsoft 365 Safe Links and Safe Attachment policies protect against known and zero-day malware. Anti-Phishing policies protect users against phishing attacks using mailbox intelligence and machine-learning enhanced sender reputation checks.

Enhanced security for identities with Conditional Access

Conditional Access policies help balance security and productivity by applying the right security measures at the right time. For instance, if Microsoft 365 detects a risky sign-in from an unexpected location or non-compliant device, it can prompt for multi-factor authentication or block access to the user.

Enforce encryption on devices using Microsoft Intune

We can use Microsoft Intune to protect data on devices in the event of loss or theft. Microsoft Intune can configure Windows BitLocker, Apple’s File Vault, and encryption settings on Android and iOS devices.

Classify and protect confidential information with Azure Information Protection

Azure information protection helps companies use sensitivity labels and policies to classify and protect data. Built-in labels include Personal, Public, General, Confidential and Highly Confidential.

Depending on what label is applied, a policy can be used to protect it. These policies can enforce encryption, apply watermarks, prevent it from leaving your organisation and more.

Control company data on PCs with Windows Information protection

Many people use the same computer for both work and personal tasks. Windows Information protection tags files as ‘Work’ if they are generated by, or saved from, a corporate app. Files tagged as ‘Work’ are subject to the controls defined in your Information Protection policies. These files can:

  • be encrypted
  • prevented from being uploaded or shared via unmanaged apps
  • remotely wiped without affecting personal data.

Control access to sensitive emails with Information Rights Management

Information Rights Management allows your team to apply restrictions like “Do Not Copy” for specific documents and emails. When a recipient receives the email or document, they’ll be unable to forward, save, print or copy it.

Prevent sharing of sensitive info with Data Loss Prevention

Data Loss Prevention policies monitor the types of data that are uploaded to and shared outside your company. This info could be tax file numbers, credit card information, drivers license details and many more. When sensitive information is detected, the Data Loss Prevention policy can encrypt the message, notify the sender, alert an admin or block the message from being sent or file uploaded.

Remotely wipe company data and enforce security on devices with Microsoft Intune

Microsoft Intune lets us enforce security requirements on the devices that access company data. These could include requiring a strong password and encryption on phones and only allowing access via company-approved apps. When employees leave the company, Microsoft 365 can remotely wipe company data from the device without affecting personal info.

Unlimited archive for email

Microsoft 365 Business Premium provides practically unlimited storage for your email. Alongside the standard 50GB mailbox, users can access an unlimited archive of their email in Outlook.

Office 365 Support Gold Coast and Brisbane

Our expert assessment will have you supported the right way.

Want to enable advanced security in Microsoft 365 Business Premium?

While you get all the above features with Microsoft 365 Business Premium, you still need to configure them to suit your business and requirements. You can outsource the security of your cloud environment to GCITS. Get in touch for an expert assessment, and we can ensure the ongoing state management of these essential security policies.

  • This field is for validation purposes and should be left unchanged.

Improvements to Azure AD Identity Protection have launched, making it easier to identify and manage identity risks in your organization.

What is Azure Active Directory Identity Protection?

Azure AD Identity Protection uses machine learning to identify signs of suspicious activity or issues that might cause you to have a compromised identity in your organization. We can use Azure Identity Protection to configure policies that impose conditions on sign-ins or users that are deemed risky by Microsoft 365. We can also use it to manage, investigate and remediate risk alerts when a suspicious sign-in or user is detected.

Azure Identity Protection can generate alerts based on the following risk events:

  • Atypical travel
  • Anonymous IP
  • Unfamiliar sign in properties
  • Malware linked IP addresses
  • Leaked credentials
  • Azure AD Threat intelligence (activities that match known attack patterns)

The leaked credential alert is especially useful because it will let you know whether some of your users have credentials that are exposed on the dark web or in another breach. We use this in conjunction with the Have I Been Pwned API to alert our customers to compromised credentials.

Where can I find Azure Active Directory Identity Protection?

  1. Sign in to portal.azure.com
  2. Open Azure Active DirectoryAzure Identity Protection In Azure Portal
  3. Scroll down to Security on the left rail
  4. Open Identity Protection.Open Azure Identity Protection

What’s new in Azure Active Directory Identity Protection?

Azure Identity Protection has been updated with new controls for managing, investigating and remediate issues with our identities.Azure Identity Protection Improved Controls

We can use these improved controls to manage risk events in bulk, easily confirming a compromised user or dismissing alerts. These new controls are handy for larger organisations who generate many alerts each day. Azure Identity Protection Managing User Risk Events In Bulk

For each alert, we can drill down and see more information on the user’s recent activities. We can see other user sign-ins and risk detections, as well as reset passwords, confirm compromise, block access and investigate further in Azure ATP. Choosing to investigate further opens up Cloud App Security, providing more insight into the user’s recent activities that contributed to the alert.Azure Identity Protection User Risk Event Details

What license do I need for Azure Identity Protection?

Azure Identity Protection is included in Azure AD Premium P2 license. Azure AD Premium P2 is available under the following licenses:

  • Azure Active Directory Premium P2  standalone SKU
  • Microsoft 365 E5
  • Office 365 E5
  • Enterprise Mobility Suite E5

You get some limited reporting on risky users, risky sign-ins and risk detections in Azure AD Premium P1, which is included in Microsoft 365 Business Premium.

Since Microsoft licensing can change, see here for up to date licensing requirements.

 

 

What are phishing emails?

Phishing emails are fake messages, designed to look legitimate.

They cost businesses around the world billions of dollars each year. And they get opened by about 30% of people. These emails will generally impersonate a person or company that you trust or deal with, and attempt to trick you using one of three things:

They’ll use a fake person – someone pretending to be someone you know, so that you share information or transfer money into an attacker’s bank account.

They’ll set up a fake site – So that you enter your private information, like passwords or credit card details, or provide a rogue app with permission to access your data.

They’ll create fake attachments – attackers will disguise malware in fake invoices and shipping notification to remotely access your computer or encrypt your files.

How can I prevent phishing emails with Microsoft 365?

To give our teams the best chance of avoiding phishing emails, not only do we need to make people aware of the methods above, we need to configure the features in Microsoft 365 that address them. Starting with Office 365 Advanced Threat Protection

Start with Office 365 Advanced Threat Protection

This is your companies primary defence against phishing emails. While all Office 365 plans come with a built-in anti-phish policy, it’s not even close to what’s offered in Office 365 Advanced Threat Protection, also known as Office 365 ATP.

Once you’ve purchased Office 365 ATP, you should jump into the Security and Compliance centre and check out your anti-phishing policy.

Detect User Impersonation Phishing Emails in Microsoft 365

Its default controls are pretty good for detecting phishing emails that impersonate your users, your domains and external contacts. It develops an understanding of how your users and their contacts interact, the addresses and sending infrastructure they use, and identifies anything out of the ordinary. If it detects an impersonation attempt, the message is either quarantined or delivered with a warning.

You can enhance your protection by adding users in roles like CEO or CFO to the targeted user protection feature. You can also add external domains, that you frequently interact with, to the targeted domains feature.

Protect CEO And CFO From Phishing Emails

 

Use a mail transport rule to warn on external impersonation

You can configure a mail rule that applies a warning to messages where an external sender uses a display name that matches someone internally in your company. We have an example rule on our website that has been pretty popular amongst smaller organisations.

Warn On External User Impersonation For Phishing

So that helps address fake senders, how about fake attachments and fake websites? Office 365 ATP addresses these with the Safe Attachments and Safe Links policies.

Detect malicious attachments with Safe Attachments policy

The safe attachments policy can protect your users from malware sent by phishing emails, like the COVID-19 phishing campaign that used Excel files to install a malicious remote access tool. The Safe Attachments feature analyses your attachments in a separate environment, running a bunch of checks for malware then blocking the email or removing the unsafe attachment.

Block Malware With Safe Attachments in Office 365 ATP

 

Detect malicious websites with a Safe Links Policy

The Safe links policy scans your URLs in emails for links to malicious sites. If a malicious website is detected, Safe Links blocks users from visiting it.

Block Malicious Site With Safe Links In Office 365 ATP

 

Remove phishing emails from mailboxes after delivery

These tools work by analysing messages for known malware, bad links or untrusted senders and stopping them arriving. But what happens if a bad email gets through, and the system doesn’t realise until later?

You should configure Zero Hour Auto Purge. Zero Hour Auto purge removes bad messages from your mailboxes retroactively and sends them junk, quarantine or deleted items.

Remove Phishing Emails From Mailboxes With Zero Hour Auto Purge

 

Set up Office 365 ATP and Exchange Online Protection with recommended best practices

I’ve just discussed four different security policies in a few minutes. If you’ve spent any time looking at ATP or Exchange Online Protection policies, you’ll probably notice there’s a lot of policies, and most of them are already set up. Should you change anything or leave them as they are?

It would help if you changed them, and Microsoft has two levels of recommended best practices that they say will prevent most unwanted messages from reaching your team.

Configure Best Practices For Phishing In EOP and ATP

These two levels are called Strict and Standard. In our experience, Strict is very strict, but it’s a good starting point that you can enable first, and adjust later.

Test users by simulating a phishing campaign

Once your policies are set up, you should test your users. If you purchase Office 365 ATP Plan 2, you can run attack simulations against your team. Attack Simulations can help you identify and find vulnerable users before a real attack impacts them.

Simulate Phishing Attack With Office 365 ATP

 

Protect your accounts if your team gives up their credentials

But what happens when messages get through? What happens when users get duped and provide their login details to attackers?

Protect your accounts. If a user enters their credentials into a fake website, we need to make sure an attacker can’t use these credentials alone to log in. All Office and Microsoft 365 plans allow you to configure multi-factor authentication; this will ensure that attackers can’t log in without having access to an additional form of verification such as a phone or authentication token.

Set Up Multi Factor Authentication

If you have a plan that includes Azure Identity Protection, you should set up a sign-in risk policy to monitor for unusual logins. These policies use machine learning to detect suspicious activity and can temporarily block sign-ins and accounts if something’s amiss.

Configure Sign In Risk Policy In Azure Identity Protection

 

Monitor for unusual applications with access to your users’ data.

Now that accounts are getting more secure by default, attackers are requesting access to user data via apps. And it’s worse if they manage to trick an admin user because then attackers can have longstanding access to an entire organisation that persists even when passwords are changed.

Detect Phishing Attacks Via OAuth Apps Microsoft Cloud App Security

It can be challenging to detect if a user clicks a phishing link and provides a rogue app with access to their mailbox, OneDrive or SharePoint data. So you use Microsoft Cloud App Security to get alerted to unusual oAuth applications with access to your teams’ information.

Ban Uncommon Apps Via Microsoft Cloud App Security

 

Be extra vigilant if your data has been exposed in the past

Take extra care if you, or companies you regularly interact with, have been breached before. If attackers have had access to your company data and know who usually communicates with who, and for what purposes, they will try to exploit that information by setting up fake emails to hold their fake conversations with their fake invoices to get your real money.

Need help with phishing in Office 365 or Microsoft 365?

If you need assistance setting-up these policies in your organisation or need a hand cleaning up after a successful phishing attack in Microsoft 365, we’d be happy to help. Reach out to us via chat, or using the form below.

  • This field is for validation purposes and should be left unchanged.