Today's columnist, Kelly White of RiskRecon, runs through seven questions security teams need to consider when setting up the controls for Microsoft 365 Enterprise. Coolcaesar CreativeCommons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)

Much like many cloud services, Microsoft 365 Enterprise’s core value proposition becomes its primary challenge for security teams. The cloud-based suite of productivity apps and services (formerly Office 365) lets companies create, share and collaborate from anywhere on any device. Even if an enterprise does not operate on Microsoft 365, no doubt a large percentage of its business partners are, especially with the increased need for remote collaboration during the pandemic.

While Microsoft 365 offers an expansive set of capabilities, the core security controls boil down to a pretty short set of essentials, achieved through Microsoft’s unified identity and access management architecture. While it’s a short control list, security pros need to get the configurations right. Microsoft 365’s default configurations are pretty promiscuous. These default settings include letting non-privileged users invite guest users to the organization’s Azure Active Directory and default file sharing settings.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.