Microsoft 365 Security Best Practices: Will CISA Give MSPs, MSSPs A Boost?
Opportunity appears to be knocking for MSPs and MSSPs in the U.S. federal government market, where questions about proper Microsoft 365 security settings are now front-of-mind.
Indeed, the CISA (Cybersecurity and Infrastructure Security Agency) has issued requests for comment (RFCs) on eight Microsoft 365 security configuration baselines. The request is part of a larger Secure Cloud Business Application (SCuBA) project to secure federal civilian executive branch agencies’ (FCEB) cloud environments.
The baseline guidance covers:
- Microsoft Defender for Office 365
- Microsoft Azure Active Directory
- Microsoft Exchange Online
- Microsoft OneDrive for Business
- Microsoft Power BI
- Microsoft Power Platform
- Microsoft SharePoint Online
- Microsoft Teams
It sounds like the CISA may soon seek similar guidance on Google Workspace security.
SaaS Application Security: Growing MSP and MSSP Opportunities
The CISA effort highlights a continuing mind shift in the SaaS market. Indeed, when SaaS applications gained popularity some customers and channel partners assumed that the applications were fully secured by the software providers. Fast forward to present day, and most customers now realize they’ll need to take extra steps to safeguard each SaaS instance, user access and associated data.
Amid that market reality, startup companies such as Augmentt and SaaS Alerts have emerged to help MSPs and MSSPs safeguard Microsoft 365. But the partner opportunities don’t end there. Take a look at the Top 15 Most Popular SaaS Applications for Business, and it’s a safe bet customers will need help monitoring, managing and safeguarding many of those systems.
Still, Microsoft 365’s massive installed base makes it an obvious first target for hackers. Amid that market reality, the CISA is seeking comments about the Microsoft 365 baseline security guidance through November 24, 2022. Indeed, the agency wants “insight on the feasibility, clarity, and usefulness of the baselines. Comments should be submitted [email protected]