The Email Phishing Protection Guide is a multi-part blog series written to walk you through the setup of many security focused features you may already own in Microsoft Windows, Microsoft Office 365, and Microsoft Azure. By implementing some or all of these items, an organization will increase their security posture against phishing email attacks designed to steal user identities. This guide is written for system administrators with skills ranging from beginner to expert.
Email Phishing Protection Guide Index:
Introduction: Email Phishing Protection Guide – Enhancing Your Organization’s Security Posture
Part 1: Customize the Office 365 Logon Portal
Part 2: Training Users with the Office 365 Attack Simulator
Part 3: Deploy Multi Factor Authentication (MFA)
Part 5: Define Country and Region Logon Restrictions for Office 365 and Azure Services
Part 6: Deploy Outlook Plug-in to Report Suspicious Emails
Part 7: Deploy ATP Anti-Phishing Policies
Part 8: Deploy ATP Safe Link Policies
Part 9: Deploy ATP Safe Attachment Policies
Part 11: Monitor Phishing and SPAM Attacks in Office 365
Part 12: Discover Who is Attacking Your Office 365 User Identities
Part 13: Update Your User Identity Password Strategy
Part 14: Prevent Brute Force and Spray Attacks in Office 365
Part 15: Implement the Microsoft Azure AD Password Protection Service (for On-Premises too!)
Part 16: Disable Office 365 Legacy Email Authentication Protocols
Part 17: Control Application Consent Registrations in Microsoft Office 365 and Microsoft Azure
Part 18: Increase Security with Microsoft Secure Score
Part 19: Email Phishing Protection Security Checklist
Part 20: Recommended Security and Anti-Phishing Training from Microsoft Ignite 2018
Introduction: Email Phishing Protection Guide – Enhance Your Organization’s Security Posture
Email phishing attacks are a very real concern for every organization. It does not matter who is hosting your email or if you are continuing to host it yourself on-premises, what attackers want now is your user identity. An identity is the username and password that attackers will try every method available to trick a user into providing. Recently I have seen very well crafted phishing emails that appear to be from someone wanting to connect with me on a social media site to a notification that someone wants to share an online file with me. As a technical person, I like to think I will recognize these fake emails that may occasionally slip through even the best email hygiene filters. But, like everyone else, I realize I am still human and prone to mistakes.
Many of us remember the early days of SPAM emails, specifically those from a certain prince asking for money. Those were the days of people trying to trick you into giving them money. Those types of emails have evolved from years ago into the now far more advanced and targeted phishing email campaigns designed to steal money, download data, cripple an organization, or all three. Recent cyber security reports from Microsoft, Verizon, and Cisco, to name just a few, all indicate how wide spread the threat of phishing emails has become. I encourage you to review all three reports that offer in-depth information on cyber security threats seen today across the industry today to understand just how widespread this threat is.
For organizations using Microsoft Office 365, they have some of the best technology available to help defend against these evolving cyber-attacks. I find in many customer conversations that many system administrators, architects, CIOs, etc. are unaware of these options and how they can be used together to increase the security posture of their organization. The solution is to not just put one or two of these items in place, but as many as possible. The more adjustments made to increase your security posture (the more locks you install), the harder it is for the attacker to penetrate your network. Consider the economics of this approach… the more expensive you make it for an attacker to try to penetrate your network, the less likely he or she is to continue the effort.
I have written this multi-part blog series as a guide to deploy and make minor adjustments to several Microsoft Office 365 and Azure services to help further protect your environment from email phishing threats.
I am approaching this series of blogs from a system administrators point of view. In other words, if I were a system administrator using Office 365 what features would I want to implement and adjust to further enhance my organization’s security posture and how would I do it? These are only my personal recommendations based on many years of experience and do not represent any type of official recommendations, support, or guarantees from Microsoft.
The first several blogs in this series is about a concept I call the Human Firewall. This concept is about making the phishing email recipient aware of this constant threat and training them to recognize it as a last line of security defense. There are many ways to raise awareness of this growing threat, but even the best awareness training still has a weakness. The human firewall is after all, human. And, the human will make a mistake. So what are some of the technologies an organization can use to increase the security posture of an environment as well as the human firewall? How can an organization increase its protection from the unsuspecting user ‘clicking’ on a malicious link?
In addition to blogs that highlight the Human Firewall, additional blogs in this series provide information about how to deploy and adjust several of the features in Microsoft Office 365 and Microsoft Azure to further protect your environment. Defending against phishing emails and other cyber security threats is not just a one solution approach, but rather a variety of solutions to use – many of which are included in the Microsoft Office 365 services organizations already subscribe to. The threat telemetry Microsoft receives throughout its global network of 200+ products is constantly analyzed and actioned upon in the Microsoft Intelligent Security Graph. The result is that every organization and every user is protected from these threats. By implementing many of the items in this blog series, security will be increased even more.
At the top of each blog in this series is an index for quick reference. I will continue to create more blogs as this is an ever evolving threat landscape with new protection features being launched all the time. Please leave any questions, comments, and requests for additional articles at the bottom of each blog.