Securing Your On-Premises AD for Office 365 Migration

 As we previously discussed, migrating to Office 365 doubles the surface area you’ll need to manage and secure. As a result, it’s critical that any issues with data stored in your on-premises AD are corrected prior to migration. The good news is that making the move to Office 365 offers the opportunity to address any problems that exist while also creating policies that will keep it that way moving forward. So you can move to Office 365 knowing your environment is organized and will stay that way in the future.

Planning to sync your on-premises AD with Azure AD?
Download the Quest e-book Surviving Common Office 365 Security Pitfalls for your free IT survival guide.

Pre-migration: Time to clean house
Many organizations work under the assumption that breaches and other forms of data loss are assumed costs of doing business and employ strategies to minimize risk. Prior to migration, data stored in the on-premises AD should be thoroughly assessed and consolidated to eliminate outdated or non-essential items. Your three goals during this process should be:

  • Shrinking your target — Keep only what users need and eliminate data no longer required for business or compliance reasons; outdated data serves no purpose other than increasing your risk of exposure and non-compliance.
  • Scrutinizing user accounts — Eliminate duplicate IDs and inactive accounts, match user principle names to domain names planned for use in Office 365 and remediate temporary access that may have been granted to users to test Office 365 capabilities.
  • Tightening access protocols — Identify weak passwords and require end-users to strengthen them, update admin rights to reflect current staff and bring user data access up to date.

Migration: Keeping an eye on data
Once excess data and duplicative accounts have been addressed, access issues have been resolved and security protocols have been met, you’re ready to migrate to Office 365. While most of the heavy lifting has already been done, keen attention throughout the migration process will ensure data remains uncompromised. IT admins should have real-time auditing, reporting and alerting to changes during migration to ensure data security. Here are three things to watch:

  • Access — Companies often use third-party consultants to assist with migrations, which usually means granting temporary access to users outside the organization.
  • Legal holds — There will likely be data in transit retained for legal purposes, such as archived email or Outlook PSTs; it’s critical that a clear chain of custody is recorded to minimize any legal or compliance risks.
  • Issues — If any abnormalities related to the data in transfer arise — such as data accessed by non-approved users — respond immediately to fix the issue. When it comes to critical data, “better safe than sorry” is always the rule.

Here’s another thing to keep in mind: Migration to Office 365 offers the opportunity to review your current solution providers. Each vendor should provide options for handling sensitive data throughout the migration to ensure the integrity of your data throughout its lifecycle. If that’s not the case, they may not have your best interests in mind.

Download the complimentary Quest e-book Surviving Common Office 365 Security Pitfalls to learn more about:

  • Prepping your on-premises AD for synchronization with Azure AD
  • Protecting data during migration
  • Best practices for maintaining a more secure hybrid or cloud environment

Download E-Book