Cikakken Jagora ga Mai Karewa don Office 365: Kare Imel da Fayiloli

Idan kayi amfani Microsoft 365Imel ɗinku da fayilolinku sune makasudin da aka fi so ga maharan, don haka yana da daraja yin mahimmanci game da tsaro. Microsoft Defender don Office 365 yana ƙara maɓalli na kariya game da Kariyar Kan layi ta Musanya, saƙon sa ido, hanyoyin haɗi, haɗe-haɗe, da haɗin gwiwa a cikin OneDrive, SharePoint da Ƙungiyoyi.

A cikin wannan jagorar mai amfani za ku sami cikakkiyar hanya kuma mai aiki: daga ingantaccen imel (SPF, DKIM, DMARC) da ka'idoji masu tsauri da aka riga aka kafa, ga yadda ake ba da fifikon asusu, karɓar rahotannin mai amfani, sarrafa ba da izini/ toshe lissafin, ƙaddamar da kwaikwaiyon phishing, da amsa abubuwan da suka faru. Hakanan zaku duba lasisi, keɓantawa, riƙe bayanai, da dabaru don inganta sakamako ba tare da yin hauka ba, kamar Hana Microsoft Defender toshe amintattun fayiloli.

Mabuɗin buƙatun da izini

Ta hanyar tsoho, Microsoft 365 ya riga ya sanya shingen saƙo na asali a wurin tare da EOP, amma Mai karewa don Office 365 yana haɓaka wannan kariyar tare da abubuwan haɓakawa. Don saita shi a hankali, kuna buƙatar izini masu dacewa.

Hanya mafi sauƙi don wakilta ita ce sanya aikin Mai Gudanar da Tsaro a Microsoft Enter ga waɗanda za su taɓa Defender don Office 365. Idan kun fi son izini mai kyau, zaku iya amfani da izinin Musanya Kan layi ko takamaiman izinin Imel & Haɗin gwiwa a cikin tashar Defender, amma a guji ba da gudummawar Mai Gudanar da Duniya ga kowa kuma yana bin ƙa'idar mafi ƙarancin gata.

Mataki 1: Sanya ingantaccen imel (SPF, DKIM, DMRC, da ARC)

Kafin tunani game da spam ko malware, lokaci ya yi da za a kare tushen. The Tabbacin saƙo yana tabbatar da cewa saƙon halal ne kuma ba a taɓa su ba.Dole ne ku yi amfani da waɗannan ƙa'idodi a cikin wannan tsari don kowane yanki na al'ada wanda ke aika imel daga Microsoft 365.

• SPF (TXT): Bayyana waɗanne runduna aka yarda su aika a madadin yankinku. Buga rikodin SPF daidai don hana kwaikwaya da inganta isarwa.
• DKIim: sa hannu mai fita wanda ke tafiya a cikin rubutun kuma ya tsira da sake aikawa. Kunna shi don yankunanku kuma yi amfani da maɓallan CNAME waɗanda Microsoft 365 ke ba ku.
• DMARC: Yana nuna abin da za a yi idan SPF/DKIM ta kasa. Ya haɗa da manufofin p= ƙi op = keɓewa da masu karɓa don tarawa da rahotanni na shari'a, don haka sabar inda za ku san abin da za ku jira.
• ARC: Idan matsakaicin sabis yana canza saƙonni masu shigowa, shigar da shi azaman amintaccen ARC sealant don ci gaba da ganowa da kuma tabbatar da cewa ba a karye ba.

Idan kun yi amfani da yankin '*.onmicrosoft.com' azaman tushen imel ɗin ku, kun riga kun yi wasu ayyukan. SPF da DKIM an saita su ta tsohuwa, amma kuna buƙatar ƙirƙirar rikodin DMRC da hannu don wannan yanki idan kuna amfani da shi don aikawa.

Mataki 2: Manufofin barazanar da yadda ake amfani da su

Akwai nau'ikan ra'ayi guda uku a cikin Defender don Office 365: tsare-tsaren tsoho, tsare-tsaren tsaro da aka saita, da manufofin al'adaFahimtar bambanci da fifiko zai cece ku da matsala mai yawa.

Nau'in manufofin samuwa

• Tsoffin umarni: suna rayuwa daga lokacin da ka ƙirƙiri mai haya, ko da yaushe shafi duk masu karɓa kuma ba za ku iya canza iyakokin su ba (zaku iya canza saitunan su a wasu lokuta). Su ne gidan yanar gizon ku.
• Manufofin tsaro da aka saita: Rufe bayanan martaba tare da mafi kyawun ayyuka na Microsoft, cikin dandano biyu: Standard y MHaɗaɗɗen hanyar haɗin kai da kariyar haɗe-haɗe ana kunna ta tsohuwa; don Standard/Tsauri, dole ne ku kunna shi kuma ku ayyana masu karɓa da keɓantacce.
• Umarnin al'ada: lokacin da kuke buƙatar takamaiman saiti (katange harshe / ƙasa, keɓancewar al'ada, sanarwar al'ada), ƙirƙira gwargwadon yadda kuke buƙata kuma kuna sanya sharuɗɗa ta masu amfani, ƙungiyoyi ko yanki.

Waɗanda aka saita suna faruwa ta atomatik: Idan Microsoft ya ƙarfafa shawara, an sabunta bayanin martaba Kuma kuna amfana ba tare da taɓa komai ba. A cikin Ma'auni da Tsanani, za ku iya gyara mai amfani da shigarwar kwaikwaiyo da keɓantawa kawai; an saita komai zuwa matakin da aka ba da shawarar.

Tsarin fifiko

Lokacin da aka tantance saƙo ko wani abu, Manufar farko da ta dace ita ce wacce ke ba da umarni sauran kuma ba a la'akari da su. Gabaɗaya, oda shine:

1. Manufofin tsaro da aka saita: na farko Tsanani, sai Standard.
2. Umarnin al'ada na wannan siffa, oda ta hanyar fifiko (0, 1, 2…).
3. Tsohuwar manufar (ko hadedde kariya a cikin yanayin Safe Links/Haše).

Don guje wa sabani masu ban mamaki, amfani da ƙungiyoyin manufa daban-daban a kowane mataki kuma ƙara keɓancewa a cikin Tsanani/Standard don masu amfani za ku yi niyya tare da manufofin al'ada. Wadanda ba su fada cikin manyan matakai ba za a kiyaye su ta hanyar tsoho ko kariyar da aka gina a ciki.

Dabarun da aka ba da shawarar

Idan babu buƙatun da zai tura ku don tsarawa, Yana farawa da Standard manufofin ga dukan kungiyar da Tsayayyen tanadi don ƙungiyoyi masu haɗari. Yana da sauƙi, mai ƙarfi, da daidaitawa kamar yadda barazanar ke canzawa.

Mataki 3: Sanya izini ga masu gudanarwa ba tare da wuce gona da iri ba

Ko da asusunka na farko yana da iko akan komai, Ba kyakkyawan ra'ayi ba ne a ba da gudummawar Global Admin ga duk wanda ke bukatar yin aikin tsaro. A matsayinka na mai mulki, sanya aikin Mai Gudanar da Tsaro a cikin Samun damar Microsoft zuwa masu gudanarwa, ƙwararru, da goyan baya waɗanda za su gudanar da Defender for Office 365.

Idan kawai kuna sarrafa imel, zaku iya zaɓar Musanya izini kan layi ko Ayyukan Imel & Haɗin kai na Portal Defender. Mafi ƙarancin gata, koyaushe don rage hadarin surface.

Mataki na 4: Lissafin fifiko da Tags masu amfani

Mai karewa don Office 365 yana ba da damar yin alama har zuwa masu amfani 250 a matsayin asusun fifiko don haskaka su a cikin rahotanni da bincike da kuma yin amfani da ƙarin ilimin lissafi. Yana da manufa don masu gudanarwa, kuɗi, ko IT.

Tare da Plan 2 kuma kuna da al'ada mai amfani tags zuwa ƙungiyoyin ƙungiya (masu kaya, VIPs, sassan) da bincike na tacewa. Gano wanda ya kamata a yiwa alama daga rana daya

Mataki 5: Saƙonnin da aka ruwaito ta masu amfani

Masu amfani daga hannayensu zinari ne: Abubuwan da ba daidai ba / abubuwan da suke ba da rahoto suna ba ku damar daidaita manufofi kuma horar da matattarar Microsoft.

• Yadda suke bayar da rahoto: tare da maɓallin Rahoton da aka haɗa a cikin Outlook (web/tebur) ko tare da goyan bayan kayan aikin ɓangare na uku wanda ke amfani da tsarin da aka goyan baya; wannan shine yadda za su bayyana a cikin rahoton rahoton mai amfani da ƙaddamarwa.
• Ina suke zuwa?: ta tsohuwa zuwa akwatin saƙon da aka keɓe a cikin Microsoft. Kuna iya canza wannan zuwa akwatin sako kawai (kuma turawa da hannu zuwa Microsoft) ko Microsoft kawai. Ƙirƙirar akwatin saƙo mai kwazo don waɗannan rahotanni; kar a yi amfani da ainihin asusun.

Aika rahotanni zuwa Microsoft yana taimakawa tace suna koyi da sauriIdan kun zaɓi akwatin saƙo mai shiga kawai, ku tuna don aika imel masu dacewa don bincike daga shafin Aikawa.

Mataki na 6: Toshe kuma ba da izini tare da kai

Lissafin ba da izini/ toshe masu haya suna da ƙarfi, amma Ba da izinin cin zarafi yana buɗe kofofin da ba dole ba. Yi nasara tare da toshewa da amfani da rangwamen wucin gadi kawai bayan cikakken tabbaci.

• An toshe: ƙara yanki / imel, fayiloli da URLs a cikin shafuka masu dacewa ko aika abubuwa zuwa Microsoft daga Aika don ƙirƙirar shigarwa ta atomatik. Spoofing Intelligence yana nunin katange/ba izini masu aikawa; za ka iya canza shawara ko ƙirƙirar shigarwar aiki.
• Kyale: Kuna iya ƙyale wuraren yanki/wasiku da URLs su soke hukunce-hukuncen girma, wasikun banza, spam mai ƙarfi, ko phishing mara ƙarfi. Ba za a iya barin malware kai tsaye ba ko URLs/yankin da aka yiwa alama a matsayin babban amintaccen phishing; a waɗannan lokuta, ƙaddamar daga Abubuwan da aka ƙaddamar kuma yi alama 'Na tabbatar da cewa yana da tsabta' don ƙirƙirar ban da ɗan lokaci.

Kula da keɓancewa: sake duba su kuma ku ƙare su lokacin da ba a bukatar su. Za ku hana abin da bai kamata ya faru ba saboda izinin tarihi.

Mataki na 7: Kwaikwayo da Horarwa

Tare da Horon Simulation Attack (Shirin 2) zaka iya kaddamar da yakin neman zabe na gaskiya da kuma ba da horo dangane da martanin mai amfani. Taɓa kan takaddun shaida, QR phishing, haɗe-haɗe masu haɗari, ko BEC don rufe bakan.

The telemetry na waɗannan kamfen yana bayyana halayen haɗari kuma yana taimakawa shirin ƙarfafawa. Da kyau, gudanar da kwata kwata kwata don kiyaye bugun jini.

Mataki na 8: Bincike da amsa ba tare da bata lokaci ba

Lokacin da aka kunna faɗakarwa, makasudin a bayyane yake: gane iyaka da magani da sauriMai tsaro don Office 365 yana ba ku fa'idodi guda biyu a cikin aikin ku na yau da kullun.

• Barazana Explorer: Tace ta malware, phish ko URLs da aka gano, yi amfani da kallon yakin neman zabe don ganin duk saƙonnin da abin ya shafa da kuma aiwatar da ayyuka masu yawa (share mai laushi/Tsake) akan saƙon da aka daidaita.
• Bincike ta atomatik da Amsa (AIR) a cikin Tsarin 2: fara bincike, keɓance saƙonni, bincika hanyoyin haɗin gwiwa, yana danganta akwatunan wasiku kuma yana ba da shawara ko aiwatar da gyara.

Bugu da kari, Tsaftace Tsawon Sa'a ta atomatik (Zero-hour Auto)ZAP) na iya janye wasiku bayan isarwa idan an sake tsara shi, wanda rage hasashe taga idan wani abu daga baya aka sake kimanta a matsayin qeta.

Kare OneDrive, SharePoint, da Ƙungiyoyi

Mail shine ƙofa, amma fayiloli sune ganima. Yana ƙara kariya ga OneDrive, SharePoint, da Ƙungiyoyi don yanke cututtuka da tace abun ciki mara kyau a cikin haɗin gwiwa.

• Antimalware a cikin fayiloli: Binciken abin da aka makala Sandbox da fashewa tare da Haɗe-haɗe masu aminci, gami da Isarwa Mai Dauki don kar a daina karanta saƙon yayin bincika fayil ɗin. Hakanan koyi yadda ake duba fayil ɗin da aka sauke.
• Safe Links: Sake rubutun URL na ainihi da bincike a cikin imel, takardu, da Ƙungiyoyi; za ka iya hana danna-ta don toshe watsi da gargadi.
• DLP da alamun hankali (Purview): Yana Hana leken asirin bayanai da kuma ya shafi boye-boye/sarrafawa ta matakin azanci, ko da a wajen ƙungiyar, ko koya ɓoye da kare saƙon imel na sirri.

Haɓakawa tare da Microsoft Defender don Cloud apps para Gano Shadow IT, yi amfani da manufofi a ainihin lokacin kuma gano abubuwan da ba a sani ba (ransomware, malicious apps) a cikin ayyukan gajimare, duka Microsoft da na ɓangare na uku.

Ba da lasisi da kunnawa da sauri

Ana samun mai tsaro don Office 365 a cikin tsare-tsare biyu: P1 (Safe Links, Safe Haɗe-haɗe da ci-gaba anti-phishing) da P2 (ƙara Barazana Explorer, AIR da simulations). E5 ya hada da P2; tare da E3 zaka iya ƙara P1 ko P2 kamar yadda ake buƙata.

Yanayi	EOP	Shirya 1	Shirya 2
Standard antispam/antimalware	✔	✔	✔
Safe Links	-	✔	✔
Amintattun Haɗe-haɗe	-	✔	✔
Antiphishing tare da IA	-	✔	✔
Barazana Explorer / AIR	-	-	✔
Attack Simulation	-	-	✔

Don kunna shi, je zuwa Microsoft 365 Defender, je zuwa Email & Haɗin kai > Manufofi & Dokoki kuma kunna Standard/Strict. Sanya iyakar (masu amfani, ƙungiyoyi, yankuna) da ayyana keɓantacce inda ya dace.

Gajerar hanyar PowerShell don antiphishing

# Conecta al módulo de Exchange Online
Connect-ExchangeOnline

# Crea política y regla de Anti-Phish básicas
New-AntiPhishPolicy -Name 'AntiPhishCorp' \
 -EnableMailboxIntelligence $true \
 -EnableDomainImpSpoofProtection $true \
 -EnableUserImpSpoofProtection $true

New-AntiPhishRule -Name 'AntiPhishCorpRule' \
 -AntiPhishPolicy 'AntiPhishCorp' -RecipientDomainIs 'midominio.com'

Ka tuna cewa tare da Isarwa Mai ƙarfi a cikin Haɗe-haɗe masu aminci Mai amfani yana karɓar jikin saƙon nan take, kuma an saki abin da aka makala bayan faɗakarwa; wannan yana inganta kwarewa ba tare da sadaukar da tsaro ba.

Mafi kyawun ayyuka, Zero Trust da haɗin kai

Don ƙarfafa matsayin ku, yi amfani da waɗannan jagororin. Ba su buƙatar sihiri, juriya kawai. da hukunci mai amfani.

• DMRC tare da p=keɓewa/ ƙi da DKIM akan duk yankuna don dakatar da zubewa.
• Yi bitar Maki mai aminci na rabin shekara kuma yana nufin ≥ 75%. Aiwatar da shawarwari masu dacewa.
• Saka idanu masu inganci a keɓe kuma daidaita ba tare da wuce gona da iri ba. Kadan shine ƙari.
• Kwata-kwata kwata-kwata don wayar da kan masu amfani da gaske.
• Haɗa tare da Microsoft Sentinel Idan kuna da SIEM, don daidaitawar yanki da yawa da sarrafa SOAR.
• Keɓancewar daftarin aiki (misali, wasu ɓangarorin na uku suna aika haɗe-haɗe da ba a saba gani ba) kuma a sake duba su kowane wata.

A cikin dabara Zero Dogara, Mai kare don Office 365 yana rufe imel da haɗin gwiwa; ya kara da cewa Mai tsaro don Ƙarshen Ƙarshe don rage motsi na gefe da amsa akan na'urar, da jingina SmartScreen don dakatar da gidajen yanar gizo da saukaargas mai haɗari akan ƙarshen ƙarshen, ban da daidaitawa Gudanar da na'urar hannu (MDM).

Bayanai da keɓantawa a cikin Defender don Office 365

Lokacin sarrafa saƙonnin imel da ƙungiyoyi, Microsoft 365 yana sarrafa metadata kamar nuni sunaye, adiresoshin imel, adiresoshin IP da yanki. Ana amfani da su don ML na layi, suna, da iyawa kamar ZAP. Don ƙarin yadudduka, la'akari Kare imel ɗin ku da Imel ɗin Garkuwa.

Duk rahotanni suna ƙarƙashin abubuwan ganowa EUPI (pseudonyms) da EUII, tare da waɗannan garanti: ana raba bayanai ne kawai a cikin ƙungiyar ku, an adana su a yankinku da masu amfani masu izini kawai ke da damar shigaAna aiwatar da ɓoyayyen ɓoyewa a sauran ta amfani da ODL da CDP.

Wurin bayanai

Mai tsaro don Office 365 yana aiki a cikin ma'ajin bayanan Microsoft Entra. Don wasu wuraren ƙasa, bayanan da ke hutawa don ƙungiyoyin da aka tanadar ana adana su ne kawai a yankinsu. Yankuna masu wurin zama sun hada da:

• Australia
• Brasil
• Canada
• Tarayyar Turai
• Francia
• Alemania
• India
• Isra'ila
• Italia
• Japan
• Norway
• Poland
• Qatar
• Singapore
• Afirka ta Kudu
• Koriya ta Kudu
• Suecia
• Switzerland
• Ƙasar Larabawa
• Ƙasar Ingila
• Amurka

Daga cikin bayanan da aka adana a sauran a cikin yankin gida (kariyar tsoho a cikin akwatunan wasiku na girgije da kuma a cikin Defender don Office 365) sune faɗakarwa, haɗe-haɗe, lissafin toshe, metadata imel, nazari, spam, keɓewa, rahotanni, manufofi, wuraren banza da URLs.

Riƙewa da rabawa

Ana ajiye mai tsaron bayanan Office 365 Kwanaki 180 a cikin rahotanni da bayanai. Ana ɓoye bayanan sirri da aka ciro kuma ana share su ta atomatik kwanaki 30 bayan lokacin riƙewa. A ƙarshen lasisi da lokutan alheri, bayanan ba a iya dawo da su ba ba daga baya fiye da kwanaki 190 bayan ƙarshen biyan kuɗi.

Mai kare don Office 365 yana raba bayanai tare da Microsoft 365 Defender XDR, Microsoft Sentinel, da rajistan ayyukan dubawa (idan abokin ciniki ya ba shi lasisi), tare da keɓance takamaiman ga girgijen gwamnatin GCC.

Mai da Ransomware a cikin Microsoft 365

Idan, duk da komai, wani abu ya zame, yi sauri: Dakatar da daidaitawar OneDrive da keɓe kwamfutocin da aka lalata don adana kwafi masu lafiya. Sa'an nan kuma yi amfani da zaɓin ɗan ƙasa.

• Ikon sigar: Ajiye juzu'i masu yawa zuwa SharePoint, OneDrive, da Musanya. Kuna iya saita har zuwa 50.000, amma ku kula: Wasu ransomware suna ɓoye duk nau'ikan da kuma ajiya karin asusun.
• Sake bin didi: Yana dawo da abubuwan da aka goge lokacin 93 kwanakinBayan wannan lokacin da matakan sharar gida biyu, zaku iya tambayar Microsoft har zuwa ƙarin kwanaki 14 domin murmurewa.
• Manufofin riƙewa (E5/A5/G5): yana bayyana tsawon lokacin da za a kiyaye da abin da za a iya sharewa; mai sarrafa abubuwan hanawa ta nau'ikan abun ciki.
• Laburaren Tsare-tsare: Tare da riƙon aiki, an adana kwafin da ba zai iya canzawa zuwa OneDrive/SharePoint; yana ba ku damar cire fayiloli mara kyau bayan abin da ya faru.
• Ajiyayyen ɓangare na uku: Microsoft ba ya yi madadin madadin gargajiya na abun ciki na M365; la'akari da mafita madadin SaaS don Neman RTO/RPO da granular farfadowa, ko koyi don Ajiye imel ɗinku.

Don rage shigar da vectors tuna haɗawa Kariyar imel (EOP + Defender), tabbatar da abubuwa da yawa, dokokin rage girman kai hari, da saitunan musayar da ke rage haɗarin phish da spoof.

Tare da duk abubuwan da ke sama a wurin, yanayin ku na Microsoft 365 yana da ƙarfi sosai: Ingantacciyar imel, daidaitattun manufofi tare da bayyananniyar fifiko, amintaccen haɗin gwiwa, masu amfani da rahoto, abubuwan kwaikwayo na ilimi, da bincike na ainihi da damar amsawa. Cire shi tare da sake dubawa na lokaci-lokaci, Secure Score, da ƙarancin keɓewa, kuma zaku sami tsarin da zai dace da kamfen na zamani ba tare da sadaukar da amfani ba.