Information
You should disable integration with LinkedIn as a measure to help prevent phishing scams.
Rationale:
Office 365 is the prime target of phishing scams. Phishing attacks are a subset of social engineering strategy that imitate a trusted source and concoct a seemingly logical scenario for handing over sensitive information. Social networking sites have made social engineering attacks easier to conduct.
LinkedIn integration is enabled by default in Office 365 that could lead to a risk scenario where an external party could be accidentally disclosed sensitive information.
Impact:
Users will not be able to sync contacts or use LinkedInintegration.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
To disabled LinkedIn account data sharing, perform the following steps via the Azure Active Directory admin center:
Navigate to https://admin.microsoft.com and login as a Global Admin.
Expand Admin centers then select Azure Active Directory.
Once the Azure AD Admin center is open select Azure Active Directory followed by User Settings.
Under LinkedIn account connections then click No.
Click Save at the top of the page.
Default Value:
LinkedIn integration is enabled by default.