Skip to content

Microsoft 365 Shared Responsibility

M365 Shared Responsibility

How is your Microsoft Secure Score? If you are going to or have gone live with Microsoft 365, it is important to understand who has responsibility for what. Microsoft has a Shared Responsibility Model, and it is important to understand what this means to your business.

Microsoft Secure Score – Security 365

The Secure Score is a measure of an organisation’s security posture—your score increases in proportion to the number of actions you have taken. The analysis is run on your business, and you can get an idea of how it compares against other companies in your industry segment.

Security score

You are given points for actions such as:

• Configuring recommended security features
• Performing security-related tasks; and
• Addressing the improvement action with a third-party application or software, or alternative mitigation.

Actions to review

Authentication is an excellent example of a service offered by Advantage. Enhanced security includes MFA but also features such as branded logons.

In the Microsoft 365 world, the logon typically looks identical for any company, so it becomes relatively easy to spoof. Hackers can, therefore fool people into logging onto a page that looks real in volume. However, by including branding and logos unique to the company in the logon screen, such that staff know that if they don’t see the branding, they should not log on, your secure profile will increase and your risk profile improve.

A lot of people have the misconception that because your Office 365 documents are online, it is up to Microsoft to make sure they are protected. That is only half of the story.

Microsoft takes responsibility for the maintenance, availability, and operation of the infrastructure for Microsoft 365 applications. They look after secure access control, hosting, data replication, but that doesn’t include backups and full data protection. If you accidentally delete important files and don’t discover they are gone for a couple of months, Microsoft won’t have copies of them anymore. That is your problem. Their responsibility is to maintain files for up to 30 days in a replicated environment. Delete those files, and they will replicate the deletion.

Backup 365

If staff leave the company, accidentally delete files, files are dropped, and no one has noticed, then after 30 days without a local backup, that data could be lost forever.

With Veeam, Advantage provides offsite backup of all data including OneDrive, Email, Office 365 Exchange Online, and SharePoint. We will back up end-to-end data which is hosted offsite in a secure data site in New Zealand.

That backup can be further replicated to another geolocation for added security. Advantage offers a fully managed backup service, which for many organisations means that they no longer have to maintain their backup servers and delivers peace of mind.

Contact us

Facebook
Twitter
LinkedIn

Related Posts

Telecom Fiji has partnered with Advantage New Zealand to enhance its cybersecurity product portfolio through a Managed Detection and Response (MDR) service powered by SentinelOne technology.
Seasoned information security professional Gary Botha has joined Palmerston North-headquartered national cybersecurity and managed services specialist Advantage as Technical Director.
One of the most important things to remember about hackers, miscreants, malcontents, criminals and the like is that they’re not stupid.