The Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security (DHS) issued today an advisory entitled: Microsoft Office 365 Security Observations (Analysis Report: AR19-133A). This advisory is consistent with CISA’s “mission of protecting and strengthening the nation’s critical infrastructure from cyber threats.” In its summary, the advisory states:

“As the number of organizations migrating email services to Microsoft Office 365 (O365) and other cloud services increases, the use of third-party companies that move organizations to the cloud is also increasing. Organizations and their third-party partners need to be aware of the risks involved in transitioning to O365 and other cloud services.

[AR19-133A] provides information on these risks as well as on cloud services configuration vulnerabilities; this report also includes recommendations for mitigating these risks and vulnerabilities.”

The advisory focuses on and discusses configuration vulnerabilities in four areas:

  • “Multi-factor authentication for administrator accounts not enabled by default
  • Mailbox auditing disabled
  • Password sync enabled
  • Authentication unsupported by legacy protocols.”

CAIPHI recommends that your organization review this advisory, paying especial attention to the solutions for the configuration vulnerabilities listed above. 

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt