How to Combat
Phishing in Office 365

Phishing attacks are one of the easiest ways for a cybercriminal to enter an organization’s environment and move laterally. That’s why they are all too common! Below are our top tips for combating phishing attacks when using Office 365 (O365).

Enable multifactor authentication for all O365 Users

We recommend that select users specify how to receive the verification code as having just approve or disapprove buttons may accidentally allow for a threat actor to be approved. SMS compromise is a threat. Victims tend to approve an attacker if the attacker is persistent enough. 

Enable O365 Compliance Score & Secure Score

Both analyze organization security based on activities and security settings in O365 and assign a score. To utilize these features a subscription to Office 365 Enterprise, Microsoft 365 Business Office or Office 365 Business Premium is needed.

Enable O365 Cloud App Security

Provides insight into suspicious activity within O365 through notifications of alerts or suspicious activities, data
access used and suspended user accounts with suspicious activities.

Set up secure mail flow

Enabling unified audit logging provides the identity of the sender of each email message.

Enable mailbox audit logging

By default, mailbox audit logging is not enabled. This logging includes who has logged into mailboxes, sent
messages and other activities performed by the mailbox owner, a delegated user or an administrator. Enabling this
setting assists in the discovery of sensitive data that has been accessed by unauthorized individuals.

Practice data loss prevention

Identify sensitive data and create policies to help prevent users from accidentally or intentionally sharing sensitive
or ePHI data. Email is the most common method where data is sent in an insecure and unencrypted manner.

Enable Customer Lockbox

Allows Microsoft support engineers to access data during a help session. This requires approval or rejection
prior to the Microsoft support engineer accessing the data. Each request has an expiration, and once the issue
is resolved, the request is closed and access is revoked. If credit card data may be transmitted or stored within
O365, this is a must have in a PCI environment.

Through our Managed Detection and Response (MDR) services, Our Security Operations Center (SOC) team can help you
to configure each of these settings and recommend other cybersecurity best practices to prevent threats against your
organization.