O365 / M365 Management

MFA stands for Multi-Factor Authentication, which is a security process that requires more than one method of authentication from independent categories of authentication methods to grant access to a system or application. This adds an extra layer of security to ensure that the person accessing the system is who they claim to be. Examples of MFA include combining a password with a fingerprint or a security token.

Here’s a great video from Jordan M. Schroeder – a Chief Information Security Officer who has led information security programmes for public and private sector organisations in the US, Canada and the UK.

Multi-Factor Authentication (MFA) is an important security measure that can help protect your Office 365 account from unauthorised access. MFA requires users to provide a second form of verification, in addition to their password, to confirm their identity. This helps to ensure that only authorised users can access your account, even if someone else has your password. It may be a bit annoying, but it is a small inconvenience compared to the potential risks of not having it.

If you’ve lost or had your mobile device stolen, you can take either of the following actions:

• Sign in using your alternative method if you have one set up
• Ask us to reset your MFA method.

We can make the appropriate updates to your account and after your settings have been reset, you’ll be prompted to set up MFA again the next time you sign in.

If you receive a sign-in request that wasn’t you, please contact us immediately so we can take appropriate actions.

You’ll need to set up MFA each time you get a new device.

The quickest way to do this is to:

1. Sign in to your Office 365 account
2. Choose Add method and then follow the instructions onscreen to add a new device.
3. Once you’ve added your new device, Delete the old device from your list of methods.

Alternatively you can set up a new device using the cloud backup and recovery option, see: How to Move Microsoft Authenticator to a New Phone (howtogeek.com)

Tip: Don’t forget to remove your data before getting rid of any old devices – remove MFA from the device, delete all your information, restore it to its factory settings and wipe any memory cards.

Phishing is a type of cyber attack that uses social engineering tactics to trick individuals into giving away sensitive information, such as login credentials or financial information. This is typically done through the use of fake emails or websites that appear legitimate, but are actually controlled by cybercriminals.

To protect your school from phishing attacks, you can implement the following best practices:

• Educate your staff about the dangers of phishing and how to identify and avoid it
• Implement spam filters and anti-phishing tools on your email system to help detect and block phishing emails
• Regularly update your software and systems to protect against known vulnerabilities
• Encourage users to be skeptical of unsolicited emails, especially those that ask for personal information or login credentials
• Use multi-factor authentication (MFA) to protect against the possibility of login credentials being stolen.
• Create a incident response plan to respond quickly and efficiently if a phishing attack is detected
• Regularly review the security logs to detect any suspicious activity

Unfortunately, Yes. Schools can be targeted by cybercriminals for a variety of reasons. Schools often have valuable personal and financial information about students and staff, as well as access to sensitive educational resources, which can make them an attractive target for cyberattacks.

Some common types of cyberattacks that have been reported against schools in the UK include:

• Phishing: Attempts to trick individuals into giving away sensitive information, such as login credentials or financial information.
• Ransomware: Malicious software that encrypts a victim’s files and demands payment in exchange for the decryption key.
• Denial of Service (DoS) attacks: Attempts to disrupt or disable a website or online service by overwhelming it with traffic.
• Data breaches: Attempts to gain unauthorised access to sensitive data, such as personal information or educational resources.

SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting & Conformance) are all email authentication protocols that help to ensure that the email you receive is legitimate and not spam or phishing. Here’s a simple explanation of each:

• SPF is a method for validating the authenticity of the sender of an email message. It works by publishing a list of IP addresses that are authorized to send email on behalf of a domain. When an email is received, the receiving server can check the SPF record to see if the IP address that the email was sent from is on the list of authorized IP addresses.
• DKIM is a method for validating the authenticity of the content of an email message. It works by adding a digital signature to the email’s headers, which can be used to verify that the email’s content has not been modified in transit.
• DMARC is a method for validating the authenticity of both the sender and the content of an email message. It works by building on SPF and DKIM, and allows domain owners to publish a policy that specifies which authentication methods should be used and what to do with messages that fail authentication.

TLS-RPT (Transport Layer Security Reporting) and MTA-STS (Mail Transfer Agent Strict Transport Security) are two methods to increase the security of email communication.

• TLS-RPT: is a reporting mechanism that allows domain owners to receive reports about the use of Transport Layer Security (TLS) encryption for email sent to their domain. This allows domain owners to monitor and ensure that their email is being transmitted securely.
• MTA-STS: Is a security mechanism that allows domain owners to specify, via a policy published in the domain’s DNS, that all mail sent to their domain should be sent over an encrypted connection (TLS) and that only specific mail servers are authorised to send mail on behalf of their domain. This helps to prevent man-in-the-middle attacks and increase the security of email communication.

Both are designed to improve the security of email communication by ensuring that email is transmitted securely, which helps to protect against eavesdropping and tampering. Together, these protocols can help to protect your school from cyber threats and increase the overall security of email communication.

Data Loss Prevention (DLP) is a security feature that helps to prevent sensitive or confidential information from being accidentally shared or leaked. In the context of Office 365, DLP can be used to protect sensitive information stored in various Office 365 services, such as email, SharePoint, and OneDrive.

DLP uses a set of predefined policies and rules to automatically identify, monitor and protect sensitive data in Office 365. For example, a DLP policy can be set to detect credit card numbers or National Insurance numbers in an email and prevent them from being sent outside of the school.

Here’s a simple explanation of how DLP works in Office 365:

• Identify: DLP uses a combination of predefined policies, regular expressions, and machine learning to identify sensitive data, such as credit card numbers, social security numbers, and personal information.
• Monitor: DLP monitors the content of emails, files, and other data stored in Office 365 to detect sensitive information.
• Protect: DLP can take a variety of actions to protect sensitive information, such as blocking an email from being sent, quarantining a file, or alerting an administrator.

DLP can be a powerful tool for protecting sensitive information in Office 365 and can help organizations comply with data protection regulations. It’s important to note that DLP is not a replacement for other security measures, such as firewalls and antivirus software, but it can be a powerful tool for protecting sensitive information.