How Falcon Shield helps secure Microsoft 365
Microsoft 365 allows users to create and collaborate on files, spreadsheets, and presentations. CrowdStrike Falcon® Shield supports content and collaboration security by reviewing configurations and alerting the security teams when misconfigurations put everything at risk.
Limit and manage sharing
Limit sharing of folders and access to shared resources such as Mailbox and Calendar:
- Limit shared mailbox sign-in
- Limit external calendar sharing policy
- Monitor publicly available resources, shared with external users
Limit data access
Prevent unauthorized users from accessing sensitive information on Microsoft Copilot:
- Create a minimum of three sensitivity labels to classify data as general use, internal only, and highly confidential
- Limit the number of Copilot users by requiring a manual approval of users with access
Create an audit trail
Ensure investigation teams can review logs and data in the event of a security incident:
- Enable global mailbox auditing
- Turn off mailbox audit bypass
- Turn on mailbox audit logging
- Turn on mailbox delegate auditing
- Turn on mailbox auditing
- Turn on mailbox owner auditing
- Enable audit log search
- Enable audit mail transport rules
Prevent data exfiltration
Protect against data leakage by disabling forward and auto-redirect rules to external addresses:
- Disable BCC transport rule
- Enforce the outbound spam filtering policy
