• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Project of the Week
  • About Us
    SEARCH
Compliance, Managed Service, Mobility, Network Security, News, Unified Communications

U.S. Cybersecurity Officials Warn of Attacks on Hastily Deployed Office 365 Solutions

The Department of Homeland Security says organizations may have deployed Office 365 applications for its remote workforce without considering cybersecurity.

April 30, 2020 Zachary Comeau Leave a Comment

Office 365 Cybersecurity

Organizations’ rush to build up remote work programs and deploy cloud-based collaboration solutions may have jeopardized their cybersecurity, says a new alert from the U.S. Department of Homeland Security.

In an advisory through the department’s Cybersecurity and Infrastructure Agency, the government warns that quick rollouts of cloud services like Microsoft 365 – with applications like Microsoft Teams – can lead to oversights in security configurations.

Because of COVID-19 shutting down most of the U.S. and parts of the world, companies were forced to work from home and quickly shift to remote work. They may not have been prepared enough for the cybersecurity issues that follow, the U.S. government says.

“CISA continues to see instances where entities are not implementing best security practices in regard to their O365 implementation, resulting in increased vulnerability to adversary attacks,” the alert says.

CISA recommends organizations follow several steps to maintain security for organizations that are working remotely:

Enable multi-factor authentication for administrator accounts. Azure Active Directory Global Administrators are the first accounts created so admins can begin configuration, but multi-factor authentication is not enabled by default for those accounts. A “secure by default” model has to b enabled by the customer.

Assign administrator roles using Role-Based Access Control: Since Global Administrators have the highest level of default privilege, organizations should only use it when absolutely necessary. Azure has other numerous built-in less-powerful administrator roles to use that can help limit organizational exposure if an account were to be compromised.  Administrators should be assigned the minimum permissions they need to do their job.

Enable Unified Audit Log: Office 365’s logging feature allows administrators to investigate and search for potentially malicious or prohibited actions from Exchange, SharePoint, OneDrive, Azure AD, Microsoft Teams, PowerBI and other 365 services.

Multi-factor authentication for all users: Rank-and-file users of Office 365 don’t have administrator permissions, but they still have access to company data that bad actors may want to access. Compromising these accounts could lead to a more harmful effect on an organization and lead to more phishing attacks.

Disable legacy protocol authentications when appropriate: According to CISA, a number of legacy protocols associated with Exchange Online don’t support MFA features, like Post Office Protocol, Internet Message Acceess Protocol and Simple Mail Transport Protocol. These legacy protocols are often used with older email clients that don’t support modern authentication.

They can be disabled at the tenant or user levels. If your business requires an older email client, the protocols will not be disabled, leaving email accounts accessible through the internet with only the username and password for authentication. CISA recommends taking inventory of users who still need legacy clients and email protocols and only grant access to those protocols for select users. Azure AD Conditional Access policies can help limit the number of users with the ability to use legacy protocol authentication.

Related: The Cyber Security Checklist: Make Sure Employees Follow These 4 Cyber Security Best Practices

Alerts for suspicious activity: Admins can enable activity logging within Azure/Office 365 to help identify malicious activity. Alerts can be enabled to keep users admins aware of abnormal events and reduce the time needed to identify and mitigate those events. At a minimum, CISA recommends alerts for logins from suspicious locations and accounts exceeding sent email thresholds.

Microsoft Secure Score: This built-in tool can measure your security posture with respect to Office 365 and offer recommendations to help provide a centralized dashboard for tracking and prioritizing security and compliance changes.

Integrate Office 365 logs with existing monitoring solutions: Even with Microsoft’s logging solutions, you should still integrate and correlate your Office 365 logs with your other solutions to help ensure you can detect malicious activity across all platforms.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Tagged With: Cybersecurity, Cybersecurity and Infrastructure Agency, Department of Homeland Security, Microsoft, Microsoft Teams

Related Content:

  • Cloud, SASE, Aryaka How the Cloud is Redefining Media Production and…
  • Singlewire Software mass notification interview Singlewire Software on Mass Notification Solutions
  • URI catchbox 1 Catchbox Plus: The Mic Solution That Finally Gave…
  • Engaging virtual meeting with diverse participants discussing creative ideas in a bright office space during daylight hours Diversified Survey: Workplace AV Tech is Falling Short,…

Free downloadable guide you may like:

  • Practical Design Guide for Office SpacesPractical Design Guide for Office Spaces

    Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-face time with co-workers. When designing the office spaces — and meeting spaces in particular — enabling that connection between co-workers is crucial. But introducing the right collaboration technology in meeting spaces can […]

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Contact Us
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSYour Privacy ChoicesTERMS OF USEPRIVACY POLICY

© 2025 Emerald X, LLC. All rights reserved.