atlas.mindmup.com Open in urlscan Pro
18.66.122.75  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Browsers are difficult Please wait, loading your map...

Control devices security

M365 security hardening services


Secure endpoints : 10% of breaches involved ransomeware. (Verizon 2021 DBIR)


Endpoint management intune (Licence required)


Link to Intune interface


Secure O365 app


Link to O365 interface


Microsoft Defender for Endpoin (Licence required)


Link to intune interface


Secure access : 25% attacks are reusing stolen credentials (verizon 2021 DBIR) -
34% of data breaches in 2018 involved internal actors (Verizon).


Secure connection

MFA


Link to O365 interface


Azure conditionnal access policies (licence required)


Link to Azure Ad interface


Block legacy authentication protocols


Link to Azure Ad interface


Secure Authorization

Administrators roles


Link to O365 interface


Third party applications

Azure AD application permissions


Link to Azure AD interface


Scope MS graph Permission to access mailboxes


Office 365 service accounts permissions


Teams apps permissions


Link to O365 interface


Scope access to Exchange web service "Application Impersonation" right


Scope access to Exchange Web service "full_access_as_app" right


Temporary administrator access (licence required)


Link to Azure AD interface


Guest access


Link to Azure AD interface


Scoping Azure AD application rights to somes users. To not allow an app to
access the data of all O365 users

Azure AD app accessing exchange online


Azure AD app accessing teams/skype


Azure AD app accessing sharepoint ; site vs site.selected rights


Can also navigate to a site, generate client id using
/_layouts/15/AppRegNew.aspx at end of url of site and grant access to this
client by adding /_layouts/15/appinv.aspx at end of site and following this link
it


Scoping impersonation access given to O365 account in Exchange Online


Link to MSFT doc


Secure documents sharing : 23% of data breaches are caused by human error (IBM)


Onedrive / Sharepoint sharing options

Sharing links configurations


Link to O365 interface : sharepoint admin center > Policies > Sharing

Sites permissions


Teams sharing options


Link to external access interface


Data loss prevention (DLP) (licence required)

Azure information protection


Link to O365 interface


O365 DLP rules


Link to O365 interface


Protection against unauthorized e-mails forwarding


Link to O365 interface


Guest access


Link to Azure AD interface


Secure e-mailing : 36% of successfull databreach started with a phishing
(verizon 2021 DBIR)


Protect against known commercial spams


Link to O365 interface


Protect against "display name" impersonnation attack (licence required)


Link to O365 interface


Protect against "e-mail address impersonnation attacks" and phishers detection


SPF


Secure emailing services


DKIM


DMARC


Protection against unknown malicious URLs in e-mails (licence required)


Link to O365 interface


Protection against unknown attachments in e-mails (licence required)


Link to O365 interface


Portection against unknown commercial spam


Link to O365 interface


Protection against virus


Link to O365 interface


Protection against potentially dangerous executable


Link to O365 interface


Helping users to report phishing


Link to O365 interface


Protection against unauthorized e-mails forwarding


Link to O365 interface


Protection against fake e-mail servers spoofing your MX records in DNS caches


Protection against "app consent" phishing attacks


Link to O365 interface


Enhance filtering if EOP is not the first in line Antispam


Link to O365


Non-repudiation of actions : M365 and Azure AD logs are kept 90 days. This is
not enought since the average time to identify a breach in 2020 was 228 days
(IBM)


Inspect audit logs and manage logs retention

Exchange audit logs


Cloud SaaS SIEM managed by Oppidum Security


Azure AD audit logs


Cloud SaaS SIEM managed by Oppidum Security


M365 Audit logs


Cloud SaaS SIEM managed by Oppidum Security


MS cloud app security (licence required)


Link to O365


Incident response : The average time to contain a breach was 80 days (IBM)


Detecting an attacks

Security dashboards


Link to O365 interface


O365 security alerts alerts


Link to O365 interface


users feedbacks

Scoping an attacks

Azure AD audit logs


Link to Azure AD interface


O365 audit logs


Link to O365 interface


Exchange audit logs


Link to O365 interface ; compliance > auditing


Link to email threat explorer


Data search


Link to O365 interface


Stopping an attack

Azure AD disabling users


Link to Azure AD


Sender blacklisting


Link to O365


URL blacklisting (licence required)


Link to O365


Mass deletion of malicious e-mails


Management of false positives



×

Created using MindMup.com