Summer Regulatory Summit eBook

First page Table of contents Previous page 207 Next page Last page

3. Microsoft 365 Hardening

o The Organization should contract for an independent Microsoft 365 Hardening Assessment to evaluate the environment and ensure the Organization has implemented appropriate controls. o Key areas include risk mitigation surrounding ƒ Malware

ƒ Third-party app access ƒ Data loss prevention ƒ External sharing ƒ Advanced threat protection ƒ Permissions

RECOMMENDATION

o CIS adds additional controls and critical elements with each new version so assessment should be conducted on the same concurrence as the CIS versions.

© SBS CyberSecurity, LLC www.sbscyber.com

11

Made with FlippingBook Digital Publishing Software