Security roadmap - Top priorities for the first 30 days, 90 days, and beyond
Important
The improved Microsoft 365 security center is now available in public preview. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. Learn what's new. This topic might apply to both Microsoft Defender for Office 365 and Microsoft 365 Defender. Refer to the Applies To section and look for specific call-outs in this article where there might be differences.
This article includes top recommendations from Microsoft's cybersecurity team for implementing security capabilities to protect your Microsoft 365 environment. This article is adapted from a Microsoft Ignite session — Secure Microsoft 365 like a cybersecurity pro: Top priorities for the first 30 days, 90 days, and beyond. This session was developed and presented by Mark Simos and Matt Kemelhar, Enterprise Cybersecurity Architects.
In this article:
Roadmap outcomes
These roadmap recommendations are staged across three phases in a logical order with the following goals.
Time frame | Outcomes |
---|---|
30 days | Rapid configuration:
Tenant configuration. Prepare stakeholders. |
90 days | Advanced protections:
Visibility into compliance, threat, and user needs. Adapt and implement default policies and protections. |
Beyond | Adjust and refine key policies and controls. Extend protections to on-premises dependencies. Integrate with business and security processes (legal, insider threat, etc.). |
30 days — powerful quick wins
These tasks can be accomplished quickly and have low impact to users.
Area | Tasks |
---|---|
Security management |
|
Threat protection | Connect Microsoft 365 to Microsoft Cloud App Security to start monitoring using the default threat detection policies for anomalous behaviors. It takes seven days to build a baseline for anomaly detection. Implement protection for admin accounts:
|
Identity and access management |
|
Information protection | Review example information protection recommendations. Information protection requires coordination across your organization. Get started with these resources:
|
90 days — enhanced protections
These tasks take a bit more time to plan and implement but greatly increase your security posture.
Area | Task |
---|---|
Security management |
|
Threat protection | Implement enhanced protections for admin accounts:
|
Identity and access management |
|
Information protection | Adapt and implement information protection policies. These resources include examples: Use data loss prevention policies and monitoring tools in Microsoft 365 for data stored in Microsoft 365 (instead of Cloud App Security). Use Cloud App Security with Microsoft 365 for advanced alerting features (other than data loss prevention). |
Beyond
These are important security measures that build on previous work.
Area | Task |
---|---|
Security management |
|
Threat protection |
|
Identity and access management |
|
Information protection | Refine information protection policies:
|
Also see: How to mitigate rapid cyberattacks such as Petya and WannaCrypt.