From 6ece316fa778a99632083906b09ec05f8cd4fe47 Mon Sep 17 00:00:00 2001 From: Adon Metcalfe Date: Fri, 3 May 2024 10:44:26 +0800 Subject: [PATCH] Update secure-configuration.md added acsc link --- docs/guidelines/secure-configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/guidelines/secure-configuration.md b/docs/guidelines/secure-configuration.md index c7e48db6..aabddddc 100644 --- a/docs/guidelines/secure-configuration.md +++ b/docs/guidelines/secure-configuration.md @@ -90,7 +90,7 @@ Migrate from legacy macros to [Office Scripts and Power Automate](https://learn. Once Azure AD MFA configured, below migrations will get identities and data into compliant states and locations -- Enable [DKIM/DMARC/SPF](https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/email-authentication-about?view=o365-worldwide#how-to-avoid-email-authentication-failures-when-sending-mail-to-microsoft-36) across all registered domains belonging to the organisation +- [Combat fake emails (ACSC)](https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/email-hardening/how-combat-fake-emails) by enabling [DKIM/DMARC/SPF](https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/email-authentication-about?view=o365-worldwide#how-to-avoid-email-authentication-failures-when-sending-mail-to-microsoft-36) across all registered domains belonging to the organisation - If legacy systems/applications dependent on SMTP exist, migrate them to separate subdomains on transactional email platforms such as [mailchimp](https://mailchimp.com/developer/transactional/docs/smtp-integration/), [postmarkapp](https://postmarkapp.com/developer/user-guide/send-email-with-smtp) or [sendgrid](https://docs.sendgrid.com/for-developers/sending-email/getting-started-smtp) to avoid reducing the security of the primary identity domains - [Disable SMTP Auth for Exchange Online](https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission#disable-smtp-auth-in-your-organization) to simplify conditional access policies and avoid reconnaisance and exploitation of primary identity domains and mailboxes - [Migrate file shares to OneDrive, Teams, and SharePoint](https://learn.microsoft.com/en-us/sharepointmigration/fileshare-to-odsp-migration-guide) and enable [Microsoft Purview risk and compliance](https://learn.microsoft.com/en-us/purview/purview-compliance)