1.1.14 Ensure that LinkedIn contact synchronization is disabled.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

You should disable integration with LinkedIn as a measure to help prevent phishing scams.

Rationale:

Office 365 is the prime target of phishing scams. Phishing attacks are a subset of social engineering strategy that imitate a trusted source and concoct a seemingly logical scenario for handing over sensitive information. Social networking sites have made social engineering attacks easier to conduct.

LinkedIn integration is enabled by default in Office 365 that could lead to a risk scenario where an external party could be accidentally disclosed sensitive information.

Impact:

Users will not be able to sync contacts or use LinkedIn integration.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

To disabled LinkedIn account data sharing, perform the following steps via the Azure Active Directory admin center:

Navigate to https://admin.microsoft.com and login as a Global Admin.

Expand Admin centers then select Azure Active Directory.

Once the Azure AD Admin center is open select Users followed by User Settings then User settings.

Under LinkedIn account connections then click No.

Click Save at the top of the page.

Default Value:

LinkedIn integration is enabled by default.

See Also

https://workbench.cisecurity.org/files/4073