Some prefer to own downloadable copies, which you can obtain on GumRoad. Here is a link to the scripts on GitHub.Here is a link to the checklist, summarized in an Excel spreadsheet.So today I’m happy to announce that I’m releasing an Office 365 Email Security Checklist along with a couple of scripts! Help put these ridiculous reports and security incidents to rest once and for all. You are responsible for your own security boundary and settings within the Microsoft cloud. Microsoft does NOT take care of security “for you” contrary to popular belief. If you are an IT provider or otherwise in charge of any Office 365 subscriptions, then you NEED to be implementing a baseline level of security in your tenants.
These security oversights have led to user and mailbox compromises and vulnerabilities.” “In addition, the majority of these organizations did not have a dedicated IT security team to focus on their security in the cloud. “The organizations that used a third party have had a mix of configurations that lowered their overall security posture (e.g., mailbox auditing disabled, unified audit log disabled, multi-factor authentication disabled on admin accounts),” the report said. And since email is still the number one attack vector in use by the bad guys, it’s time we step up our game–I’m looking at you, IT pros (especially consultants). Enough of what? Enough of reports like this one.