如何在Office 365中设置安全到CIS的建议

我是苏珊·布拉德利，这里是CSO在线。不久前，微软365的用户获得了一些资源。是网络安全中心发来的。它是一个提供基准和清单的组织，以帮助您安全地建立您的组织。它们有窗口检查表，Exchange Server检查表各种检查表。我将在接下来的一篇文章中讨论这些问题。播客。最近，微软博客网站发布了一份专门针对微软365的清单。说明包括两个级别，让您选择，如果您想要轻安全或重安全级别。对于任何系统来说，级别1应该导致很少或没有服务中断，也不会导致功能减少。 Level 2 is recommended security SEC settings for highly secure environments and could result in some reduced functionality. Now to obtain this guidance you follow the link on the blog Web site. You sign up for access on the Center for Internet security. Accept the eula. And you can download the latest benchmarks. You put in your name. Organization, then your industry. And in a few moments you'll get a PDF from the organization. As you can see the number of operating systems they cover and the benchmarks they have is large. Again I'm only going to talk about the Microsoft 365 benchmark today but you want to take a look at these other benchmarks as well. Includes Linux. Apple operating system. Windows servers VM where. Apache Tomcat SQL Server. Docker. Amazon Web Services Google Cloud. Microsoft Azure foundations.

最后但同样重要的是在底部。是微软365基金会的基准。现在，一旦你下载了它，你可以开始滚动内容，看看你有哪些选项。在每个部分，它讨论的项目，他们被计分和未计分。这意味着我之前说过的安全分数。如果您现在还没有认识到多因素身份验证是保护环境的关键，那么您可以从本文了解到这一点。正如你所看到的，它是最重要的建议，它讨论了为所有用户和管理角色启用多因素身份验证。每个部分都有一个描述。它告诉你为什么他们推荐这种设置。当然，它还会告诉你如何审核和验证你选择的设置是否到位。 Way down at the very bottom is an appendix that summarizes all of the different settings that they recommend. As you can see you can. It allows you to check up whether or not it's set correctly or not if you're using it. And you can see all the different items that they recommend. There are 60 recommendations in many different areas including account authentication policies, application permissions, data management, e-mail security auditing policies, storage policies and mobile device management. Again from the Center for Internet Security I highly recommend downloading these checklists and taking a look at them in your organization. Until next time. Thanks for being an insider on CSO Online. This is Susan Bradley.