A Global Electronics Leader Assesses Security for Microsoft 365 Copilot Deployment

Background

As the world’s leading test and measurement provider, the company enables innovators to push the boundaries of engineering by quickly solving design, emulation, and test challenges to help create the best product experiences. It is a S&P 500 technology company, headquartered in California, US, with offices and manufacturing worldwide. The company owns 2,000+ patents and over 15,000 employees working with nearly 32,000 customers worldwide. The company’s customers span the communications, industrial automation, aerospace and defence, automotive, energy, semiconductor, and general electronics markets.

Challenges

The company intends to further deploy Microsoft Copilot and desires a data security assessment to best understand the current state of data security and data governance prior to a broader Microsoft Copilot deployment.

The company is deeply entrenched in M365 as its primary business infrastructure. It also uses quite a few 3rd party products. The company wanted to ensure that the system and data to be considered for Copilot for Microsoft 365 deployment do not introduce any new or unidentified risk into the organization. It weighed heavily on them to be able to identify all risks associated with such a process and they needed to keep the risks below the accepted internal risk threshold. The goals were set as follows.

• Detailed Content Assessment – SharePoint/OneDrive/Teams
• Discovery – Content Security Policies and Procedures/Access Control/External Sharing/Identification of Sensitive Content/Security Settings for all Sensitive Content
• Workshop – Review findings and recommendations
• Key Learnings and Best Practices – Recommendation for improving security posture

Solution

Netwoven followed a multistage process to conduct an in-depth review of the infrastructure, all Microsoft 365 workloads, users, data and its usage, and the existing security tools and practices. The goal was to assess the present status of each one against Microsoft best practices and provide appropriate recommendations.

Questionnaire

Netwoven started with a detailed security assessment questionnaire and recorded the responses as given by the stakeholders indicating the present security posture of the customer tenant. Some highlights are:

• Regulatory Compliance – GDPR for EU, ITAR, EAR and ISO 27701 for CCPA, Brazil
• Data Protection and Privacy – Information Rights Management (IRM) is in motion using MS Purview but most things are user managed manually.
• Incident Response and Reporting – SOC team works with other functions but no formal regulatory compliance is in place.
• Security Policies and Procedures – A set of tools are used e.g., Zscaler CASB, CrowdStrike, Exabeam, Entra, Midpoint but with minimum integration.
• User Access Management – Hybrid mode (source of truth is on-prem AD). Quest tool used, PIM, SOX compliance.
• Data Security – Some DLP in email using Proofpoint.
• Threat Protection – CrowdStrike, Trend Micro, Proofpoint TAP and TRAP. No central tool but monitoring happens using each product data.
• Emergency Response and Business Continuity – Other than native Microsoft backups and restores, no special backup solution is in use but DR plan is in place.

This helped to understand the lay of the land and prepare for a detailed assessment.

Assessment

A detailed assessment was undertaken to critically inspect every related aspect of the tenant independently. It looked at the following and made recommendations wherever necessary.

General Settings	SharePoint	OneDrive	Teams	Compliance
Identity -Users/Groups/Applications/Devices MFA Conditional Access Policies Privileged Identity Management Secure Score Licenses Admin Roles – Global/SharePoint/Teams	General Settings External Sharing Access Control Term Store User Profiles Search Apps BCS Secure Score Records Management InfoPath Sitess Size External Sharing Usage Pattern	Tenant Settings –Notification/Sharing/Storage/Content	General Settings Teams Upgrade Settings Teams Policies Teams Guest Access Teams External Access Meeting Policies Meeting Settings Audio Conferencing Policies Live Event Policies Teams Inventory	Compliance Score (EU) GDPR Communication Compliance Data Loss Prevention (DLP) Data Lifecycle Management (M365/Exchange) Information Protection Information Barriers Insider Risk Management Record Management Privacy Risk Management

Recommendations

Netwoven provided detailed recommendations for each one of the above as a part of the final assessment report. Interactive workshops were conducted to discuss the findings, and final recommendations were made following best practices. The recommendations were categorized as High/Medium/Low to enable phased implementation. Some of the important recommendations are as follows:

• PIM: Remove the users with Direct Assigned to Eligible assignment to minimize the chance of a malicious actor gaining access.
• Secure Score: Try to improve the Security posture for Devices and Apps.
• Admin Roles: Do not use normal user accounts for any service/automation related jobs. Use Managed Identity/SPN instead.
• External Sharing:
  • Set “Content can be shared with” only people of the organization for SharePoint and OneDrive”
  • Enable “Guest access to a site or OneDrive will expire automatically” in 60 days
  • Set “People who use a verification code must reauthenticate after these many days – 30”
  • Limit external sharing by domain. (List of prescribed domains were recommended)
  • Configure External Sharing Links to Expire
• Teams/SharePoint Security Settings:
  • Configure which users are allowed to be present in Teams meetings
  • Only invited users should be automatically admitted to Teams meetings
  • Restrict anonymous users from joining meetings
  • Limit external participants from having control in a Teams meeting
  • Ensure SharePoint external sharing is managed through domain whitelist/blacklist
  • Sign out inactive users in SharePoint Online
  • Ensure modern authentication for SharePoint applications is required
• Communication Compliance Policies: Potential Threat/Targeted Harassment/Profanity/Discrimination were found in high number of messages
• DLP:
  • Turn on Analytics for risk detection and policy refinement opportunities (preview)
  • Turn on Auto Labelling
  • Configure policies to Monitor or Protect sensitive information on Teams
  • Turn on Automatic File protection for Teams for SharePoint sites and OneDrive accounts
• Insider Risk Management: Configure Insider Risk Settings which is not done yet

Likewise, detailed recommendations were made for each relevant entity to strengthen the security readiness for deployment of M365 Copilot. This was important because Copilot will extract data from the documents, presentations, spreadsheets, emails, calendars, chats, meetings, contacts, and other files. The assessment ensured that the foundation of security controls is in place before Copilot deployment and helped to identify and address potential risks and gaps in infrastructure, data, and security. 

Benefits

This assessment helped the organization with a 360-degree view of its present security posture. It gave them a clear roadmap for a smooth deployment of M365 Copilot. The major business benefits were:

• Increased security while working with Teams/SharePoint/OneDrive.
• Appropriate technology solution optimizing on existing investment.
• Holistic implementation recommendations for a more secure business operation
• Secure foundation to attain improved employee productivity with proposed M365 copilot deployment.