CIS Microsoft 365 Benchmark v1.1: Enhancing Security with SecureSky's Expertise
Jan 15, 2020
SecureSky is honored to have contributed to and been recognized as a co-editor for the latest update, version 1.1, of the Center for Internet Security (CIS) Microsoft 365 Foundations Benchmark. This collaboration allowed us to leverage our extensive experience in Office 365 (O365) incident response and security control recommendations, further enriching the O365 security community.
The CIS Microsoft 365 Foundations Benchmark v1.1 offers detailed guidance for securing Microsoft 365 configurations, covering Exchange Online, SharePoint Online, OneDrive for Business, Skype/Teams, Azure Active Directory, and InTune. This version introduces significant updates, including:
Enhanced Account/Authentication Security
A new focus on Azure Active Directory emphasizes the disabling of insecure authentication protocols and the adoption of strong authentication practices. This aligns with CIS, SecureSky, and Microsoft's commitment to Azure Active Directory security, mirroring Microsoft's Security Defaults initiative.
Expanded Security Checks
The benchmark now includes additional security checks, such as Exchange MailTips, aiding users in recognizing emails sent outside their tenant.
License Level Applicability
Clarifications on security controls relevant to users' current Office 365 licensing levels, and insights into additional controls available with upgraded licenses.
Participation in this esteemed group of security professionals, alongside Microsoft representatives, empowers SecureSky to share and gain invaluable security insights. This collaborative effort aims to guide our customers and the broader CIS community in risk assessment and the fortification of their O365 environments.
Following the benchmark update, CIS surveyed its community on the usage of other leading SaaS platforms. As CIS broadens its benchmarks to include platforms like Salesforce, Dropbox, G Suite, and Slack, SecureSky commits to delivering up-to-date security guidance and insights through our blog.
We are already engaged in developing the next O365 Benchmark, anticipated later this year. Access the complete Benchmark Guide for free here, and utilize it as a comprehensive checklist for securing your Microsoft Office 365 environment. For further assistance or to consult with an O365 security expert from SecureSky, please contact us.
SecureSky's expertise in securing and monitoring Office 365 environments is unmatched. Discover our client success stories and recommendations for enhancing Office 365 security on our website and through our Office 365 BEC Blog Series.