La sécurisation des environnements Cloud Microsoft

Introduction

Les photos et vidéos sont issues de l’évènement « Atelier Cybersécurité – Des solutions & recommandations pour se protéger » qui s’est déroulé le jeu. 6 décembre 2018 de 18:00 à 20:00 chez BeBooster à Fort-de-France.

La sécurisation des environnements Microsoft Office 365

DecisionDescription
DD-01Enable MFA for all admins
DD-02Enable MFA for all users
DD-03Enable mailbox owner auditing
DD-04Who will review reports?
DD-05Who will review privileged access?
DD-06Enable client rules forwarding block?
DD-07Enable audit data recording?
DD-08Enable additional mailbox auditing?
DD-09Disable external sharing?
DD-10Disable external SIP federation?
DD-11Enable mobile device management services?
DD-12Require mobile devices to use a password?
DD-13Keep Default Policy or create custom policy.
DD-14Malware Detection Response? YES/NO and STANDARD/CUSTOM
DD-15Common Attachment Types Filter? ON/OFF
DD-16Sender Notification? INTERNAL/EXTERNAL/OFF
DD-17Administrator Notification? YES/NO
DD-18Custom Notification? YES/NO
DD-19Enable Standard Settings? YES/NO (overrides Custom Settings)
DD-20Modify SCL level? – Value ?
DD-22Use Default ATP Policy? YES/NO
DD-23Is there need for a specific policy for dedicated recipients? YES/NO
DD-24Enable ATP Safe attachments for all users? YES/NO
DD-25Use redirect in Policy? YES/NO
DD-26Scope by domain? YES/NO
DD-27Ramp up using Distribution Groups? YES/NO
DD-28Turn on ATP for SharePoint, OneDrive, and Microsoft Teams? YES/NO
DD-30Enable check for authentication in ETRs? YES/NO
DD-31Make use of updated reporting add-in? YES/NO
DD-32Implement SPF, DKIM and DMARC? YES/NO
DD-33Implement DMARC with p=reject.
DD-34Use ETRs to Skip Safe Attachments/Safe Links
DD-35Create ETRs to skip ATP internally? YES/NO
Retour en haut