Category Archives: Security

Microsoft Teams – Enable end to end encryption for Teams Calls

Teams encrypts all communication by default with industry-standard technologies including Transport Layer Security (TLS) and Secure Real-Time Transport Protocol (SRTP). By default TLS authenticates all traffic and encrypts them. SRTP is used for media traffic and also encrypted. And by default they are definitely Trustworthy and this end to end encryption is definitely not required unless there is a specific business case.

Last month Microsoft announced the public preview of the end to end encryption as per this blog

The goal of end-to-end encryption is to prevent data from being read or secretly manipulated by anybody other than the sender and recipient. The sender encrypts the calls, chats & files, but the third party or even the service provider has no way of decrypting them and stores them encrypted. The recipients obtain and decrypt the encrypted data on their own.

There may be a situation when a few participants are dealing with business-critical data or sensitive information, and they want more increased security to meet their compliance and regulatory obligations. In some circumstances, end-to-end encryption can be used to accommodate those scenarios, and it can be enabled exclusively for those users who are specifically targeted.

Continue reading

Tips and tricks to secure Microsoft 365

If you are using any of Microsoft’s business plans, you are likely to be targeted by hackers. The following guide will help you boost the security of your organization. This guide will help you meet the goals outlined in the handbook by Harvard Kennedy School Cybersecurity Campaign.

If you have Microsoft Business Premium, you can set up security by following the guide in Microsoft’s Library: Microsoft 365 for Smaller Businesses and Campaigns. The guidelines here were outlined in partnership with Microsoft’s Defending Democracy team. The guide protects small business customers against cyber threats.

It is crucial that you determine your Microsoft 365 Secure Score in Microsoft’s 365 security center. There is a centralized dashboard from where you can improve the security of your Microsoft 365 apps, data, devices, identities, and infrastructure. You gain points for installing the recommended security features and addressing recommendations with third-party software or application. Here are ways you can secure Microsoft 365.

1. Set Up Multi-Factor Authentication

Multi-factor authentication is the easiest and most effective way of boosting the security of your firm. Logging in to multi-factor authentication entails typing a code sent to your phone so you can access Microsoft 365. This is also known as 2-step verification. This move prevents hackers from accessing your account if they know your password.

To add the 2-step verification to your Microsoft account, you need to add a setting that requires you to log in with multi-factor authentication. After making this change, you will be prompted to set up your phone for 2-factor authentication the next time you are logged in.

2. Create Awareness

The Harvard Kennedy School Cybersecurity Campaign handbook provides further guidance on how to promote security awareness in your organization. This includes training users on how to spot phishing attacks.

Microsoft also recommends users to use strong passwords, protect their devices, and enable the security features on their Windows 10 and Mac PCs. Users are also required to protect their email accounts.

Continue reading

Enable Modern Authentication on Microsoft Teams Room Devices

As we all know the basic authentication will be retired for Office 365 sooner and its high time for us to enforce Modern Authentication on all clients. When most of the organizations have already enabled Modern Authentication which is a good sign. However there are cases where the modern authentication cannot be interactive for the 2nd factor authentication ,needs some planning on those special cases and they have exceptions. For instance Room Systems they are having resource accounts with Teams Enabled and Exchange Online where these resource accounts cannot have modern authentication enabled with MFA like normal user accounts to approve for the 2nd factor authentication.

Post Microsoft Teams Room App version 4.4.25.0 we have the option to enable Modern Authentication on the devices capable of hosting Microsoft Teams Meeting. The account management of the Teams Room devices is set at the application level.

Continue reading

Cloud DLP and Regulatory Compliance: 3 Things You Must Know

This article was originally published at nightfall.ai

It’s well-established that a data breach is an extremely costly event. By some estimates, a data leak can cost a small to medium-sized business more than $7.68 million per incident.

Compliance regimes may seem burdensome, but the goal of these policies is to prevent a devastating data breach that can bankrupt a business and cause myriad problems for consumers. It’s important to understand the differences between compliance and security, as well as how data loss prevention (DLP) allows your organization to accomplish both objectives efficiently and affordably.

Here’s what you need to know about cloud DLP and prevalent compliance policies like HIPAA, GDPR, and others.

Cloud compliance vs. cloud security: what’s the difference?

Cloud compliance and cloud security overlap, but these are two different areas of practice. Cloud compliance refers to the regulations and policies designed to protect individuals and companies from the impact of data loss. More specifically, compliance focuses on the type of data collected and stored by a business, as well as the regulatory frameworks that apply to data protection. Cloud security is made up of the physical tools and platforms that protect and defend customer and company data. This could include software like VPNs, DLP platforms like Nightfall, and tools like multifactor authentication. Cloud security also requires action-oriented cloud security policies that are updated regularly to reflect changes in the business and new online threats

Continue reading

Microsoft Teams – Deploy Information barrier policies for your organization.

Information barrier policies is an another security enhancement feature in Microsoft Teams. With this new component it helps the organization to enforce policies which prevents the communication between specific group of people. This is primarily helpful and beneficial for the organizations who are into manufacturing and production units where they would need to adhere certain industry standards and guidelines usually to avoid conflicts of interest.

Before we actually move into deploying the information barrier policies segmentation of the users needs to be done.Ideally the business requirement which falls into compliance category to prevent communications between groups of users in Microsoft Teams. For example a person from Marketing Team cannot make a call,send instant messages or share his desktop to Research department. It can be vice versa or its is only one direction. All the sets of users needs to be identified because this contributes to the number of the segments that we are going to create for this policy to prevent the communication between them.

Continue reading

Microsoft Teams – Utilize the AzureADMSGroupLifecyclePolicy command to manage the teams group life cycle

With the Azure active directory powershell commandlets, we could control the lifecycle of office365 groups.Ideally when any office365 group is created for an action of creating a team in the backend it creates the azure ad group.With the Azure commandlets we have options to control the lifecycle of the office365 groups automatically.

Let’s say we ‘ve created Team for a partner project which completes in 1 year time period, we have got an option to expire this team in 1 year time during the team creation.This keeps the access reviews of the Microsoft Teams intact and ensures that only required persons have access to the company corporate data.

The default setting is unlimited days as it should be for most of the scenarios.

Firstly we need to connect to azuread module from the powershell. Since we do not have any group life cycle policy the value remains empty.

Continue reading

Microsoft Teams – Notify security administrator when a new team is created by the end users

Microsoft Teams is being used as a most preferred method of communication platform by many organizations. By default in office 365 the group creation is enabled for end users which will allow them to create public and private groups. Few organizations are having the group creation disabled on the organization level for larger scale companies and have users request for creating the teams using a request form which will run through a automation process in the background with help of azure automation accounts ,Microsoft flow or few other mechanisms.

But few organizations are really interested in allowing the users to create the Office 365 groups once their workloads are migrated to office 365. This is primarily to increase the adoption rate of Office 365 workloads Microsoft Teams and SharePoint online.

We have more options available in Office 365 cloud app security. By leveraging these options we can better secure the Office 365 suite of products which in turn controls the Data loss prevention, security compliance, information governance and threat management for the entire organization.

Through Cloud App Security –

Navigate to Cloud App Security – https://portal.cloudappsecurity.com

Select and create Activity Policy

Do not choose any policy templates – select policy severity – category as per classification – Have selected compliance in below example.

Continue reading

Review and Remove inactive guest users from Microsoft Teams through Identity Governance – Access reviews

When an office 365 group is created, we have options to collaborate with public partner accounts .As a result of this People outside organization can see and have access to office365 public groups contents when they are been invited as guests.

When we have allowed the end users to create the office 365 groups and invite the external partners to collaborate,over a period of time the groups left unattended without the access reviews. There is a high possibility of an user having access to the sensitive documents which they don’t need them anymore.

In order to alleviate these security issues , we can influence the Microsoft Azure Identity Governance – Access reviews

With the access reviews created for office365 groups , we can let the group owners review their office 365 public group guests present on them and take necessary action based on the requirement.

In order to create access review navigate to azure portal – Identity Governance – Access reviews – Click on access review – Select New access review.

Now we can create them with name ,description , start date and frequency of how often the access reviews needs to take place for the office365 groups.

Continue reading

Microsoft Teams – Enable data loss prevention,ATP safe attachments,retention of files and conversations

Security is considered one of the success factor for any implementations.With Office 365 security and compliance there are lot of options to enforce the security across Office 365 suite of products.We can enforce DLP on Microsoft Teams based on our requirement. ATP can be turned on for all file upload activities in Microsoft Teams. The best part is that now we do have option to enable retention as lesser as 1 day in Microsoft teams channel messages and chats.

Microsoft Data Loss Prevention have been protecting sensitive information across all Office365 platforms. The easiest part is that we already have more custom built-in templates which will be easier for us to create,test,evaluate the results and finally create one for the production.

DLP Policy in Teams:

To create a dedicated DLP policy for Teams navigate to security and compliance center – Create a new policy.

In our example we are creating a new policy which will block the sharing of PAN card number via teams channels and chats.

Continue reading

Microsoft Teams – Enforce Multifactor Authentication on guest accounts

Post the ignite sessions last month on Microsoft Teams, we have enhancements on security perspective that can be enabled which adds extra protection in any organization.

Inviting the external guest users to the teams channel have been a welcoming option for all of us which increases the communication between them and surges the productivity. However, there are few security guidelines that needs to be followed to ensure that our data is always secure even when they are shared outside the boundary. For instance, a guest account getting compromised where he is a member of a finance team will become a major security incident in any organization.

This article outlines the steps that can be carried over to enhance the security on Microsoft Teams guest accounts by enforcing the multi factor authentication.

Below are the steps to enforce the MFA on guest accounts:

First create a dynamic distribution group and target the guest account

Login to Azure AD Tenant with Admin privilege’s- Go to Groups – Create new group – make them security – membership type make them dynamic.

Continue reading
%d bloggers like this: