Best Practices for M365 Security with the Mammoth Enterprise Browser
By Kanav Gandhi
Microsoft 365 (M365) is an essential tool for enterprises, offering a comprehensive suite of productivity applications and cloud services. However, securing access to M365 in today’s dynamic work environment is increasingly challenging, as users may connect from the office, home, or while on the go.
Microsoft Provides Limited Protection for M365
Microsoft provides security best practices here. The suggested best practices include 5 areas that customers should focus on:
Login Access |
|
Security Policies |
|
Threat Protection |
|
Device Security |
|
Data Loss Prevention (DLP) |
|
However, the recent rise of work-from-home and remote work culture has changed the security needs to protect M365. While Microsoft 365 provides solid foundational security, its protection may not be enough for businesses that require more granular or advanced security controls and has the following limitations:
Microsoft Ecosystem Limitation: Microsoft’s protections are mostly effective within their tightly integrated environment (e.g., Entra ID, Microsoft Edge, Intune). They may not address risks associated with third-party applications, or non-Microsoft ecosystems.
Advanced Attacks: MFA isn’t foolproof. New types of MFA attacks can bypass MFA by stealing session tokens, something that Microsoft cannot prevent.
DLP Limitations: Microsoft DLP is focused on Microsoft apps and might not cover all web interactions. It also lacks controls for common leakage actions like copy- paste, web page printing, and content sharing.
Device Support Limitations: Microsoft’s solutions exhibit significant vulnerabilities on personal and unmanaged endpoints. Their primary recommendation for personal devices is to “encourage users to keep their antivirus protection turned on and up to date.” However, this advice falls short of providing a comprehensive security solution, leaving users to manage their own defenses without robust tools or support from Microsoft.
Policy Limitations: Microsoft’s Conditional Access policies offer robust protection across various contexts, including applications, users, files, devices, and geolocation. However, Conditional Access has limitations in addressing broader customer needs, such as differentiating policies between personal and business accounts, and managing access based on in-office versus remote locations.
How the Mammoth Enterprise Browser Can Better Protect M365
Mammoth Enterprise Browser protects users from internet access and controls M365 access in a comprehensive way. It monitors and controls all aspects of M365 access, including login, data, applications, and devices, to provide extensive protection:
1. Login Access
-
Controlled M365 Access: A big risk with M365 is that it can be accessed by anyone with the correct credentials, which becomes a significant issue if those credentials or login tokens are compromised. The Mammoth Enterprise Browser mitigates this risk by restricting M365 access exclusively through its browser, ensuring that M365 remains protected from unauthorized or malicious access.
-
Defending Against MFA Bypass: MFA is a critical security measure, but it is not foolproof. Recent identity-based attacks have increasingly employed MFA bypass techniques, where hackers steal browser cookies and login tokens to impersonate users and gain unauthorized access to M365 accounts. Once MFA is completed, a browser cookie is generated and stored locally. This cookie acts as proof of authentication, allowing users to stay logged in without reentering credentials. However, if an adversary obtains this cookie, they can bypass MFA through an attack known as “Pass-the-Cookie.” Mammoth Enterprise Browser addresses this vulnerability by encrypting all browser cookies and user profile data. This encryption ensures that even if an attacker gains access to the cookies, the data remains encrypted and unusable. By doing so, Mammoth effectively neutralizes the threat of MFA-bypass attacks, safeguarding user sessions and maintaining the integrity of the authentication process.
-
MFA Protection for All SaaS and Internal Applications: In many scenarios, you may need to add local users, whether for testing purposes, supporting third party contractors/partners or accessing applications where you prefer not to pay for SSO. To ensure security in these situations, Mammoth Enterprise Browser allows you to implement MFA for your local users. This capability ensures that your organization remains secure, even when using local accounts outside of your SSO framework.
2. Security Policies
Mammoth Enterprise Browser offers the most comprehensive policy management across all browser contexts. It allows organizations to set distinct policies for users based on their location (e.g., in-office vs. remote), the type of device (managed vs. personal), and more. This ensures full protection tailored to modern work environments, providing greater flexibility and security beyond what is offered within a sole Microsoft framework.
3. Threat Protection
Malware and Phishing Protection: While M365 comes with anti-phishing protection for email and malware scanning for attachments, it does not provide protection against phishing and malware attacks on SaaS application access. Mammoth Enterprise Browser provides an additional layer of security by automatically blocking all suspicious URLs and scanning every upload and download for potential malware.
4. Device Security
Protecting Access from Personal devices: Mammoth Enterprise Browser enforces Device Trust by ensuring that all devices accessing M365 have up-to-date antivirus software and essential security protections. This measure is crucial for preventing malware and other cyber threats from compromising corporate data. It is especially suited for personal devices since it doesn’t require any additional software to be downloaded and is built into the browser.
5. DLP
-
Secure File Transfer: Mammoth Enterprise Browser ensures the protection of enterprise data through comprehensive malware scanning and sensitive content detection during file transfers.
-
Monitor Sensitivity Labels: Mammoth Enterprise Browser has a native integration with Microsoft Purview Information Protection and ensures that labeled documents are handled according to corporate policies, preventing unauthorized sharing and access. These documents are protected not only within M365 apps but from all web access.
-
Copy and Paste Protections:
-
Websites today offer a wide range of functionality, but they can also inadvertently cause enterprise data leaks. For example, users might accidentally paste sensitive company information into tools like ChatGPT, potentially exposing it to the public. Mammoth Enterprise Browser addresses this risk by controlling the content of copy-paste actions, blocking any paste attempts if sensitive information is detected.
-
Trust Circle: Mammoth Enterprise Browser further enhances data security by restricting copy and paste functionality to approved applications only. This measure effectively prevents data leakage through unauthorized channels, ensuring that sensitive information remains within trusted environments.
-
-
Secure Web Page Content: Mammoth Enterprise Browser offers robust protections for web page content through policy-based controls. These include restrictions on printing, screen capturing, data masking, and watermarking, further enhancing data security within M365 environments.
Conclusion
Securing M365 access requires a multifaceted approach that addresses device authorization, data protection, and user behavior. Mammoth Enterprise Browser offers a comprehensive suite of security solutions that align with best practices, ensuring that your enterprise can leverage the full power of M365 while keeping data safe and secure. Implementing these practices not only enhances security but also helps in maintaining compliance with industry standards and corporate policies.