The Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security (DHS) issued today an advisory entitled: Microsoft Office 365 Security Observations (Analysis Report: AR19-133A). This advisory is consistent with CISA’s “mission of protecting and strengthening the nation’s critical infrastructure from cyber threats.” In its summary, the advisory states:
“As the number of organizations migrating email services to Microsoft Office 365 (O365) and other cloud services increases, the use of third-party companies that move organizations to the cloud is also increasing. Organizations and their third-party partners need to be aware of the risks involved in transitioning to O365 and other cloud services.
[AR19-133A] provides information on these risks as well as on cloud services configuration vulnerabilities; this report also includes recommendations for mitigating these risks and vulnerabilities.”The advisory focuses on and discusses configuration vulnerabilities in four areas:
- “Multi-factor authentication for administrator accounts not enabled by default
- Mailbox auditing disabled
- Password sync enabled
- Authentication unsupported by legacy protocols.”
CAIPHI recommends that your organization review this advisory, paying especial attention to the solutions for the configuration vulnerabilities listed above.