Madgig Logo

Keep your Microsoft 365 environment secure with these tips

Microsoft 365 is one of the most widely used business productivity suites today. From email and collaboration to cloud storage and enterprise content management, the robust features of its cloud-based tools and servers are nothing short of useful. Still, Microsoft 365 presents certain security challenges that businesses must address.

Vulnerabilities in SharePoint

Businesses typically use SharePoint Online and on-premises SharePoint sites to store sensitive information like personally identifiable data. Failing to secure SharePoint content against unauthorized users is one way to expose data and your business to malicious actors. This can be critical for companies that are required to comply with stringent data privacy and protection regulations and may face serious consequences for noncompliance.

To prevent this, limit administrator-level privileges and enable encryption. Additionally, set the necessary security restrictions per user for every application.

Unprotected communication channels

Phishing attacks and malware are two of the most common ways cybercriminals infiltrate a system, but there are other paths of attack. Microsoft 365 applications like Microsoft Teams, which can connect to external networks, may serve as a medium for ransomware and other types of attack.

Train your staff to identify potentially malicious files and links. Also, offer guidelines on how to handle and route sensitive files and communication to safe locations.

Security risks in dormant applications

Organizations using Microsoft 365 often won’t use all the tools and services included in the productivity suite. You may use one or several programs like Word, Excel, and SharePoint but rarely use OneDrive. If your business has been utilizing specific programs, note that some dormant applications may be prone to attack. This is why it’s crucial to identify the apps that aren’t being used, and have an administrator tweak user settings to restrict availability on such apps.

File synchronization

Like most cloud services, Microsoft 365 allows users to automatically sync on-premises files to the cloud, such as in OneDrive. This useful feature is not without security risks, however. If a file stored locally is infected with malware, OneDrive will view the file as changed/updated and trigger a sync to the OneDrive cloud, with the infection going undetected.

Office 365 Cloud App Security, a subset of Microsoft Cloud App Security, is designed to enhance protections for Office 365 apps and provide great visibility into user activity to improve incident response efforts. Make sure your organization’s security administrators set it up on your systems so you can detect and mitigate cyber risks as soon as possible.

Cybercriminals will continue to sharpen their hacking techniques, and your organization must keep up to protect your systems, apps, and devices. Call our team of IT experts now if you want to strengthen your business IT security.

Published with permission from TechAdvisory.org. Source.

What’s new in the Microsoft 365 Apps admin center

The shift to remote work has not been easy, especially for IT administrators. After all, they’re in charge of supervising and securing workflows, devices, and software to ensure optimal user experience and to keep cyberthreats at bay. They are also expected to deploy IT solutions that are within budget so that costs don’t run amuck. Succinctly, they are the backbone of remote working. To help IT administrators do their jobs better and more efficiently, Microsoft has added the following features to its Apps admin center.

Intelligent insights

Intelligent insights include features like Apps Inventory, Add-In Inventory, and Security Currency that allow IT administrators to find and mitigate any issues immediately. With these tools, administrators can gain an in-depth understanding of the organization’s Microsoft 365 environment and be privy to information such as:

  • What devices are running Office apps and which versions they’re running;
  • What Office add-ins are installed or running; and
  • Which servicing channel each device belongs to.

Knowing all this information can help administrators identify and manage unsupported Office versions and add-ins to ensure security and compliance. Data is also easily exportable for reports or audits.

Servicing automation with controls

This feature streamlines and automates Microsoft 365 Apps servicing to eliminate manual deployment and accelerate the rollout of updates and security patches, thus saving effort, time, and costs. With this new feature, admins only need to apply a specific servicing profile to a set of devices to automatically deliver monthly updates for users or groups.

What’s more, IT admins are now able to view, pause, and resume updates on a per-device basis. If a user experiences issues during rollout, for instance, administrators can pause that user’s update and restore their software to a previous version while they troubleshoot.

Admins can also specify exclusion date periods, or when Office apps updates should not run, such as during holidays or company meetings. They can schedule this to happen only once or on a recurring basis, depending on their organization’s schedule. And for compliance purposes, admins can schedule updates to happen at a certain date and time, or they can let users install Office app updates at their most convenient time.

Microsoft 365 Apps health

With Microsoft 365 Apps health, IT admins can see how well Microsoft 365 apps are running during and in between deployments. It also calculates an organization’s overall app health based on three criteria: app reliability, app performance, and supported versions. On top of these, Microsoft 365 Apps health gives pertinent information such as Office app session crash rates and who reported such crashes. This allows admins to quickly identify issues and take actions to increase app performance and reliability.

With these new features, administrators can better manage Microsoft 365 apps, and users can count on better experiences and fewer downtimes. If you want to learn more about how technology can increase your business’s operational efficiency, don’t hesitate to call us. Our IT experts are always ready to help.

Published with permission from TechAdvisory.org. Source.

Office 365 hacking: What you need to know

With over 150 million active subscribers, Office 365 is, unsurprisingly, on top of hackers’ minds. And now, hackers are using a technique that doesn’t even require users to give up their credentials. Learn how they do it and get protected.

A phishing scam that harvests users’ credentials

The latest cyberattack on Microsoft Office 365 involves harvesting users’ credentials. Scammers use this previously unseen tactic by launching a phishing message to users, asking them to click on an embedded link. What makes this scam more insidious than traditional phishing scams is that the URL within the message links to a real Microsoft login page.

How does it work?

The phishing message resembles a legitimate SharePoint and OneDrive file-share that prompts users to click on it. Once they do, they are taken to an Office 365 login page where they will be asked to log in if they haven’t already.

After they’ve logged in, they’ll be prompted to grant permission to an app called “0365 Access.” Users who grant permission effectively give the app — and the hackers behind it — complete access to their Office 365 files, contacts, and inbox.

This technique can easily trick lots of users since the app that requests access is integrated with the Office 365 Add-ins feature. That means that Microsoft essentially generates the request for permission. No, Microsoft is not aiding hackers to breach systems. Rather, the scam is made possible by a feature that allows users to install apps that are not from the official Office Store.

Ways to protect your Office 365 account — and your business

Given their fairly advanced approach, these scammers could effortlessly prey on careless employees. There are ways to make sure that doesn’t happen.

  • Always check the email’s sender account before clicking on any link or granting apps access.
  • Implement a policy that prevents staff from downloading and installing apps that are not from the Office Store.
  • Regularly conduct security awareness training that covers essential cybersecurity topics. Educate employees on how to spot phishing scam red flags (e.g., unknown senders, grammatical and typographical errors, suspicious requests, and the like). Increase their knowledge about more sophisticated attacks and keep everyone informed about current and future cybersecurity risks.

Successful attacks could result in an unimaginable catastrophe to your company. For tips on how to spot this and other nefarious scams and how to plan thorough security practices, contact our experts today.

Published with permission from TechAdvisory.org. Source.

Guide For Managed WiFi For Multi-Tenant Units

WIFI IS REVOLUTIONIZING HEALTHCARE!

Wireless Connections For The Near
Future Whitepaper

This field is for validation purposes and should be left unchanged.

Professional Services To Grow Your
Business Whitepaper

This field is for validation purposes and should be left unchanged.

Experience Guide Hybrid Workforce United

Embrace Change 4 Ways To Prepare For Whats Next

This field is for validation purposes and should be left unchanged.

Madgig Embrace Change a 4-step Plan

This field is for validation purposes and should be left unchanged.