-
Notifications
You must be signed in to change notification settings - Fork 11
/
best-practices.txt
130 lines (121 loc) · 13.2 KB
/
best-practices.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
Creator - www.ciaops.com
Source - https://github.com/directorcia/bp/
Security
--------
Microsoft Security best practices - https://docs.microsoft.com/en-us/security/compass/compass
Microsoft Security Baselines - https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines
Azure Security best practices - https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/security/security-top-10
Azure Identity Management and access control security best practices - https://docs.microsoft.com/en-us/azure/security/fundamentals/identity-management-best-practices
Essential eight - https://www.cyber.gov.au/acsc/view-all-content/essential-eight
CISA - Microsoft 365 Recommendations - https://www.us-cert.gov/ncas/alerts/aa20-120a
Center for Internet Security (CIS) benchmarks - https://docs.microsoft.com/en-us/microsoft-365/compliance/offering-cis-benchmark?view=o365-worldwide
Cybersecurity best practices - https://www.cisecurity.org/cybersecurity-best-practices/
Configure your Microsoft 365 tenant for increased security - https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/tenant-wide-setup-for-increased-security?view=o365-worldwide
Best practices for Conditional Access in Azure Active Directory - https://docs.microsoft.com/en-gb/azure/active-directory/conditional-access/best-practices
NIST Cybersecurity Framework - https://www.nist.gov/cyberframework
Small Business Cyber Security Guide - https://www.cyber.gov.au/acsc/small-and-medium-businesses/acsc-small-business-guide
Strategies to Mitigate Cyber Security Incidents – Mitigation Details - https://www.cyber.gov.au/acsc/view-all-content/publications/strategies-mitigate-cyber-security-incidents-mitigation-details
Microsoft password policy recommendations - https://docs.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations?view=o365-worldwide
Microsoft - Password Guidance - https://www.microsoft.com/en-us/research/publication/password-guidance/
Responding to a compromised email account - https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/responding-to-a-compromised-email-account?view=o365-worldwide
Hardening Microsoft Office 365 ProPlus, Office 2021, Office 2019 and Office 2016 - https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-microsoft-365-office-2021-office-2019-and-office-2016
Practical guide to securing remote work using Microsoft 365 Business Premium - https://techcommunity.microsoft.com/t5/small-and-medium-business-blog/practical-guide-to-securing-remote-work-using-microsoft-365/ba-p/1354772
Cyber Essentials: Requirements for IT infrastructure - https://www.ncsc.gov.uk/files/Cyber-Essentials-Requirements-for-IT-infrastructure-2-1.pdf
Securing privileged access for hybrid and cloud deployments in Azure AD - https://docs.microsoft.com/en-us/azure/active-directory/roles/security-planning
Securing privileged access - https://docs.microsoft.com/en-us/security/compass/overview
Securing devices as part of the privileged access story - https://docs.microsoft.com/en-us/security/compass/concept-azure-managed-workstation
Top 10 ways to secure Microsoft 365 for business plans - https://docs.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/secure-your-business-data?view=o365-worldwide
End user device (EUD) security guidance - https://www.ncsc.gov.uk/collection/end-user-device-security/platform-specific-guidance
NSA Cybersecurity Advisories & Technical Guidance - https://www.nsa.gov/What-We-Do/Cybersecurity/Advisories-Technical-Guidance/
Operational Security Assurance - https://www.microsoft.com/en-us/securityengineering/osa/practices
Security Design principles - https://docs.microsoft.com/en-us/azure/architecture/framework/security/security-principles
Detect and block potentially unwanted applications - https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus
Four steps to a strong identity foundation with Azure Active Directory - https://docs.microsoft.com/en-us/azure/active-directory/hybrid/four-steps
IT checklist for securing work from anywhere using Microsoft 365 Business Premium - https://cloudpartners.transform.microsoft.com/download?assetname=assets/ITChecklistForSecuringWorkFromAnywhereUsingMicrosoft365BusinessPremium.docx&download=1
Use attack surface reduction rules to prevent malware infection - https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction
Protecting Microsoft 365 from on-premises attacks - https://techcommunity.microsoft.com/t5/azure-active-directory-identity/protecting-microsoft-365-from-on-premises-attacks/ba-p/1751754
Five steps to securing your identity infrastructure - https://docs.microsoft.com/en-us/azure/security/fundamentals/steps-secure-identity
Identity and device access configurations - https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/microsoft-365-policies-configurations?view=o365-worldwide
Azure best practices for network security - https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices
Small Business Cyber Security Guide - https://www.cyber.gov.au/acsc/view-all-content/publications/small-business-cyber-security-guide
Australian Business Cyber Security Assessment Tool - https://digitaltools.business.gov.au/jfe/form/SV_cRMe9MTmaq6QmrA?ref=bga
Cyber security step by step guides - https://www.cyber.gov.au/acsc/small-and-medium-businesses/step-by-step-guides
National Cyber Security Centre UK Device Security Guidance Configuration - https://github.com/ukncsc/Device-Security-Guidance-Configuration-Packs
Securing access to Microsoft 365 - https://www.cert.govt.nz/it-specialists/guides/securing-access-to-microsoft-365/
Best Practices for Preventing Business Disruption from Ransomware Attacks - https://us-cert.cisa.gov/ncas/alerts/aa21-131a
Protected Utility Program - As Built As Configuration - https://desktop.gov.au/blueprint/abac.html
Protected Utility Program - Office 365 - https://desktop.gov.au/blueprint/office-365.html
Protected Utility Program - Security - https://desktop.gov.au/blueprint/security.html
Microsoft’s DART ransomware approach and best practices - https://docs.microsoft.com/en-us/security/compass/incident-response-playbook-dart-ransomware-approach
Microsoft Security alerts - a reference guide - https://docs.microsoft.com/en-us/azure/defender-for-cloud/alerts-reference?azure-portal=true
Submit a driver for analysis - https://www.microsoft.com/en-us/wdsi/driversubmission
Known exploited vulnerabilities catalog - https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Best practices for Outlook - https://support.microsoft.com/office/ba3b7674-ad42-468d-9a42-8ff2ba4c81b2
Security training
-----------------
NCSC's cyber security training for staff - https://www.ncsc.gov.uk/training/v4/Top+tips/Web+package/content/index.html#/
Defender for Endpoint
---------------------
Recommendations for defining exclusions - https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus#recommendations-for-defining-exclusions
Common mistakes to avoid when defining exclusions - https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/common-exclusion-mistakes-microsoft-defender-antivirus
Report ASR settings on Windows 10 - https://github.com/directorcia/Office365/blob/master/win10-asr-get.ps1
Report Defender settings on Windows 10 - https://github.com/directorcia/Office365/blob/master/win10-def-get.ps1
iOS/iPadOS Enterprise security configuration framework - https://docs.microsoft.com/en-us/mem/intune/enrollment/ios-ipados-configuration-framework
Data protection framework using app protection policies - https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-framework
Android Enterprise security configuration framework - https://docs.microsoft.com/en-us/mem/intune/enrollment/android-configuration-framework
Android Enterprise fully managed security configurations - https://docs.microsoft.com/en-us/mem/intune/enrollment/android-fully-managed-security-settings
Android Enterprise personally-owned work profile security configurations - https://docs.microsoft.com/en-us/mem/intune/enrollment/android-work-profile-security-settings
Microsoft 365
-------------
Network connectivity test - https://connectivity.office.com/
MCAS
----
Cloud App Security best practices - https://docs.microsoft.com/en-us/cloud-app-security/best-practices
Azure
-----
Resource naming and tagging decision guide - https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/decision-guides/resource-tagging/
Best practices for Azure AD roles - https://docs.microsoft.com/en-us/azure/active-directory/roles/best-practices
Security alerts, a reference guide - https://docs.microsoft.com/en-us/azure/security-center/alerts-reference
Reports
-------
Ransomware Demands continue to rise as Data Exfiltration becomes common, and Maze subdues (Corewave) - https://www.coveware.com/blog/q3-2020-ransomware-marketplace-report
Publications
------------
Australian Cyber Security Centre Publications - https://www.cyber.gov.au/acsc/view-all-content/publications
Incident response
-----------------
Incident response plan - https://www.cyber.gov.au/acsc/view-all-content/glossary/incident-response-plan
Incident response training - https://www.cisa.gov/incident-response-training
Cyber incident management plan - https://www.vic.gov.au/cyber-incident-Management-Plan
Incident response with Microsoft 365 Defender - https://learn.microsoft.com/en-us/microsoft-365/security/defender/incidents-overview?view=o365-worldwide
Incident response overview - https://learn.microsoft.com/en-us/security/compass/incident-response-overview
Incident response playbooks - https://learn.microsoft.com/en-us/security/compass/incident-response-playbooks
Incident response planning - https://learn.microsoft.com/en-us/security/compass/incident-response-planning
Incident response process - https://learn.microsoft.com/en-us/security/compass/incident-response-process
Incident response Reference Guide - https://www.microsoft.com/en-us/download/details.aspx?id=103148
NIST Computer Security Incident Handling Guide - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Export Unified audit log - https://learn.microsoft.com/en-us/microsoft-365/compliance/audit-log-export-records?view=o365-worldwide
Search Unified audit log - https://learn.microsoft.com/en-us/microsoft-365/compliance/audit-log-search-script?view=o365-worldwide
Auditing M365 user logins - https://blog.ciaops.com/2018/09/11/auditing-office-365-user-logins-via-powershell/
Script - https://github.com/directorcia/Office365/blob/master/o365-login-audit.ps1
AIR - https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/air-about?view=o365-worldwide
What alert policies trigger automated investigations? - https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/air-about?view=o365-worldwide#which-alert-policies-trigger-automated-investigations
Disable user script - https://github.com/directorcia/Office365/blob/master/o365-user-off.ps1
Collect investigation package from devices - https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/respond-machine-alerts?view=o365-worldwide#collect-investigation-package-from-devices
Threat investigation and response - https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/office-365-ti?view=o365-worldwide
Incident investigations in Microsoft Defender for Endpoint - https://www.youtube.com/watch?v=Jvbp43RjkDo
Investigate incidents in Microsoft Defender for Endpoint - https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/investigate-incidents?view=o365-worldwide
SANS Incident Handler's Handbook - https://www.sans.org/white-papers/33901/
Computer Security Incident Handling Guide - https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-61r2.pdf
Report a data breach - https://www.oaic.gov.au/privacy/notifiable-data-breaches/report-a-data-breach
Audit log search - https://learn.microsoft.com/en-us/microsoft-365/compliance/audit-log-search?view=o365-worldwide#audited-activities
Search Audit log using PowerShell - https://learn.microsoft.com/en-us/microsoft-365/compliance/audit-log-search-script?view=o365-worldwide
Search Audit log script - https://github.com/directorcia/Office365/blob/master/o365-login-audit.ps1
Advanced hunting queries for Microsoft Threat Protection - https://github.com/microsoft/MTP-AHQ
MDATP Advanced hunting sample queries - https://github.com/microsoft/windowsdefenderatp-hunting-queries
Advanced hunting query best practices - https://docs.microsoft.com/en-us/microsoft-365/security/defender/advanced-hunting-best-practices?view=o365-worldwide
https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries
https://github.com/Azure/Azure-Sentinel
Identity governance - https://www.youtube.com/watch?v=VzEn_7Kkv38
Good UAL Hunting - https://techcommunity.microsoft.com/t5/microsoft-security-experts-blog/good-ual-hunting/ba-p/3718421
Forensic artifacts in Office 365 and where to find them - https://techcommunity.microsoft.com/t5/microsoft-security-experts-blog/forensic-artifacts-in-office-365-and-where-to-find-them/ba-p/3634865