Skip to main content
close search
site logo
Dive Brief

Hasty Office 365 deployments wrought with security configuration holes

Published May 1, 2020
Samantha Schwartz's headshot
Samantha Schwartz Reporter

Dive Brief:

  • Companies rushing deployment of cloud-based collaboration services, including Microsoft Office 365, "may not be fully considering" their security configurations, according to an alert issued by the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA). 
  • The agency offered threat mitigations for deployments, including enabling multifactor authentication (MFA) for Azure Active Directory Global Administrators, or the "equivalent" to an on-premise Domain Administrator. Microsoft customers are responsible for enabling MFA as a default setting. 
  • The agency recommends organizations only use the Global Administrator account "when absolutely necessary" and adopt practices that include identifying user privilege. Office 365's Unified Audit Log requires enablement "before queries can run," according to CISA, because it aids in investigations if malicious activity is found.

Dive Insight:

Microsoft and other collaboration solution providers have seen massive upticks in usage in the last two months. During the company's Q3 2020 earnings, Microsoft revealed Teams had upwards of 200 million daily meeting participants and 75 million daily active users in April. In March, Teams reported 44 million daily active users. 

But the rush to scale services or solutions is throwing up a red flag for the cybersecurity community. Because it's unknown for how much longer offices will remain closed, organizations will constantly have to answer and update these security questions: 

  • How is a remote employee's identity proven? 

  • What is the degree of repudiation?

  • How is a device's trustworthiness verified? 

  • How is the internal network protected by an distrusted external device? 

On the surface, cybersecurity leaders will likely know the answer to these questions. However, as companies onboard new personnel, or if employees use a new device, it becomes a matter of scale and keeping pace with changes. 

Organizations were not given sufficient time to think through service adoption when everyone began working from home. The rush threatens an organization's existing security architecture.

If managers thought they were adopting a solution on a temporary basis, they might be blindsided when they find they can't actually rip it out later on. 

CISA recognized organizations were "forced" to change how they collaborate, which led to "rapid" migrations to Microsoft Office 365 and similar. The hasty deployments could "undermine a sound O365-specific security strategy." 

The near-universal work-from-home policy is challenging traditional modes of protection. With scattered employees, security intrinsically lands on endpoint protection and zero trust.

Zero trust, like the agency recommends, evaluates a user or device's privilege based on their trustworthiness. The Azure Active Directory Global Administrators have the most privilege, and ultimately carry the most risk.

Because the accounts are cloud-hosted, they are internet accessible, according to CISA. Without MFA, a bad actor could "maintain persistence as a customer migrates users to O365."

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
New Research Reveals AI's Impact on Power, Status, and Pay
From 1E
November 21, 2024
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
Editors' picks
Latest in IT Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell