best-practices.txt

Creator - www.ciaops.com
Source - https://github.com/directorcia/Office365/blob/master/best-practices.txt

Email
-----
Mail flow best practices for Exchange Online and Office 365 - https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/mail-flow-best-practices
Best practices for configuring mail flow rules in Exchange Online - https://docs.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/configuration-best-practices
Best practices for configuring standalone EOP - https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/best-practices-for-configuring-eop?view=o365-worldwide
Recommended settings for EOP and Defender for Office 365 security - https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365-atp?view=o365-worldwide
Microsoft 365 and Office 365 email migration performance and best practices - https://docs.microsoft.com/en-us/Exchange/mailbox-migration/office-365-migration-best-practices
Best practices for public folder preparation before migrations - https://techcommunity.microsoft.com/t5/exchange-team-blog/best-practices-for-public-folder-preparation-before-migrations/ba-p/1909222
How to Combat Fake Emails using SPF, DKIM, DMARC  - https://www.cyber.gov.au/acsc/view-all-content/publications/how-combat-fake-emails

Security
--------
Microsoft Security best practices - https://docs.microsoft.com/en-us/security/compass/compass
Microsoft Security Baselines - https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines
Azure Security best practices - https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/security/security-top-10
Azure Identity Management and access control security best practices - https://docs.microsoft.com/en-us/azure/security/fundamentals/identity-management-best-practices
Essential eight - https://www.cyber.gov.au/acsc/view-all-content/essential-eight
CISA - Microsoft 365 Recommendations - https://www.us-cert.gov/ncas/alerts/aa20-120a
Center for Internet Security (CIS) benchmarks - https://docs.microsoft.com/en-us/microsoft-365/compliance/offering-cis-benchmark?view=o365-worldwide
Cybersecurity best practices - https://www.cisecurity.org/cybersecurity-best-practices/
Configure your Microsoft 365 tenant for increased security - https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/tenant-wide-setup-for-increased-security?view=o365-worldwide
Best practices for Conditional Access in Azure Active Directory - https://docs.microsoft.com/en-gb/azure/active-directory/conditional-access/best-practices
NIST Cybersecurity Framework - https://www.nist.gov/cyberframework
Small Business Cyber Security Guide - https://www.cyber.gov.au/acsc/small-and-medium-businesses/acsc-small-business-guide
Strategies to Mitigate Cyber Security Incidents – Mitigation Details - https://www.cyber.gov.au/acsc/view-all-content/publications/strategies-mitigate-cyber-security-incidents-mitigation-details
Microsoft password policy recommendations - https://docs.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations?view=o365-worldwide
Microsoft - Password Guidance - https://www.microsoft.com/en-us/research/publication/password-guidance/
Responding to a compromised email account - https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/responding-to-a-compromised-email-account?view=o365-worldwide
Hardening Microsoft Office 365 ProPlus, Office 2019 and Office 2016 - https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-microsoft-office-365-proplus-office-2019-and-office-2016
Practical guide to securing remote work using Microsoft 365 Business Premium - https://techcommunity.microsoft.com/t5/small-and-medium-business-blog/practical-guide-to-securing-remote-work-using-microsoft-365/ba-p/1354772
Cyber Essentials: Requirements for IT infrastructure - https://www.ncsc.gov.uk/files/Cyber-Essentials-Requirements-for-IT-infrastructure-2-1.pdf
Securing privileged access for hybrid and cloud deployments in Azure AD - https://docs.microsoft.com/en-us/azure/active-directory/roles/security-planning
Securing privileged access - https://docs.microsoft.com/en-us/security/compass/overview
Securing devices as part of the privileged access story - https://docs.microsoft.com/en-us/security/compass/concept-azure-managed-workstation
Top 10 ways to secure Microsoft 365 for business plans - https://docs.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/secure-your-business-data?view=o365-worldwide
End user device (EUD) security guidance - https://www.ncsc.gov.uk/collection/end-user-device-security/platform-specific-guidance
NSA Cybersecurity Advisories & Technical Guidance - https://www.nsa.gov/What-We-Do/Cybersecurity/Advisories-Technical-Guidance/
Operational Security Assurance - https://www.microsoft.com/en-us/securityengineering/osa/practices
Security Design principles - https://docs.microsoft.com/en-us/azure/architecture/framework/security/security-principles
Detect and block potentially unwanted applications - https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus
Four steps to a strong identity foundation with Azure Active Directory - https://docs.microsoft.com/en-us/azure/active-directory/hybrid/four-steps
IT checklist for securing work from anywhere using Microsoft 365 Business Premium - https://cloudpartners.transform.microsoft.com/download?assetname=assets/ITChecklistForSecuringWorkFromAnywhereUsingMicrosoft365BusinessPremium.docx&download=1
Use attack surface reduction rules to prevent malware infection - https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction
Protecting Microsoft 365 from on-premises attacks - https://techcommunity.microsoft.com/t5/azure-active-directory-identity/protecting-microsoft-365-from-on-premises-attacks/ba-p/1751754
Five steps to securing your identity infrastructure - https://docs.microsoft.com/en-us/azure/security/fundamentals/steps-secure-identity
Identity and device access configurations - https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/microsoft-365-policies-configurations?view=o365-worldwide
Azure best practices for network security - https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices
Small Business Cyber Security Guide - https://www.cyber.gov.au/acsc/view-all-content/publications/small-business-cyber-security-guide
Australian Business Cyber Security Assessment Tool - https://digitaltools.business.gov.au/jfe/form/SV_cRMe9MTmaq6QmrA?ref=bga
Cyber security step by step guides - https://www.cyber.gov.au/acsc/small-and-medium-businesses/step-by-step-guides
National Cyber Security Centre UK Device Security Guidance Configuration - https://github.com/ukncsc/Device-Security-Guidance-Configuration-Packs
Securing access to Microsoft 365 - https://www.cert.govt.nz/it-specialists/guides/securing-access-to-microsoft-365/
Best Practices for Preventing Business Disruption from Ransomware Attacks - https://us-cert.cisa.gov/ncas/alerts/aa21-131a
Protected Utility Program - As Built As Configuration - https://desktop.gov.au/blueprint/abac.html
Protected Utility Program - Office 365 - https://desktop.gov.au/blueprint/office-365.html
Protected Utility Program - Security - https://desktop.gov.au/blueprint/security.html
Microsoft’s DART ransomware approach and best practices - https://docs.microsoft.com/en-us/security/compass/incident-response-playbook-dart-ransomware-approach
Microsoft Security alerts - a reference guide - https://docs.microsoft.com/en-us/azure/defender-for-cloud/alerts-reference?azure-portal=true
Submit a driver for analysis - https://www.microsoft.com/en-us/wdsi/driversubmission
Known exploited vulnerabilities catalog - https://www.cisa.gov/known-exploited-vulnerabilities-catalog

iOS Security
------------
Security Configuration Guide – Apple iOS 14 Devices - https://www.cyber.gov.au/acsc/view-all-content/publications/security-configuration-guide-apple-ios-14-devices
iOS Hardening Configuration Guide - https://www.cyber.gov.au/sites/default/files/2019-03/iOS9_Hardening_Guide.pdf

Android Security
----------------
Security Configuration Guide – Samsung Galaxy S10, S20 and Note 20 Devices - https://www.cyber.gov.au/acsc/view-all-content/publications/security-configuration-guide-samsung-galaxy-s10-s20-and-note-20-devices

Windows 10 Security
-------------------
Hardening Microsoft Windows 10 version 21H1 Workstations - https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-microsoft-windows-10-version-21h1-workstations
Hardening Hardening Microsoft Windows 10 version 1909 Workstations - https://www.cyber.gov.au/sites/default/files/2020-06/PROTECT%20-%20Hardening%20Microsoft%20Windows%2010%20version%201909%20Workstations%20%28June%202020%29.pdf

Defender for Endpoint
---------------------
Recommendations for defining exclusions - https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus#recommendations-for-defining-exclusions
Common mistakes to avoid when defining exclusions - https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus
Report ASR settings on Windows 10 - https://github.com/directorcia/Office365/blob/master/win10-asr-get.ps1
Report Defender settings on Windows 10 - https://github.com/directorcia/Office365/blob/master/win10-def-get.ps1
iOS/iPadOS Enterprise security configuration framework - https://docs.microsoft.com/en-us/mem/intune/enrollment/ios-ipados-configuration-framework
Data protection framework using app protection policies - https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-framework
Android Enterprise security configuration framework - https://docs.microsoft.com/en-us/mem/intune/enrollment/android-configuration-framework
Android Enterprise fully managed security configurations - https://docs.microsoft.com/en-us/mem/intune/enrollment/android-fully-managed-security-settings
Android Enterprise personally-owned work profile security configurations - https://docs.microsoft.com/en-us/mem/intune/enrollment/android-work-profile-security-settings

Microsoft 365
-------------
Network connectivity test - https://connectivity.office.com/

MCAS
----
Cloud App Security best practices - https://docs.microsoft.com/en-us/cloud-app-security/best-practices

OneDrive
--------
Recommended OneDrive sync app configuration - https://docs.microsoft.com/en-us/onedrive/ideal-state-configuration
Best practices for migrating to SharePoint and OneDrive - https://techcommunity.microsoft.com/t5/microsoft-onedrive-blog/best-practices-for-migrating-to-sharepoint-and-onedrive/ba-p/2221548

SharePoint
----------
Branding guidance for SharePoint Online portals - https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/portal-branding
Best practices for migrating to SharePoint and OneDrive - https://techcommunity.microsoft.com/t5/microsoft-onedrive-blog/best-practices-for-migrating-to-sharepoint-and-onedrive/ba-p/2221548

Azure AD
--------
Azure Active Directory feature deployment guide - https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-deployment-checklist-p2

Azure
-----
Resource naming and tagging decision guide - https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/decision-guides/resource-tagging/
Best practices for Azure AD roles - https://docs.microsoft.com/en-us/azure/active-directory/roles/best-practices
Security alerts, a reference guide - https://docs.microsoft.com/en-us/azure/security-center/alerts-reference

Reports
-------
Ransomware Demands continue to rise as Data Exfiltration becomes common, and Maze subdues (Corewave) - https://www.coveware.com/blog/q3-2020-ransomware-marketplace-report

Publications
------------
Australian Cyber Security Centre Publications - https://www.cyber.gov.au/acsc/view-all-content/publications