October 3, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has conducted several engagements with customers who have migrated to cloud-based collaboration solutions like O365. In recent weeks, organizations have been forced to change their collaboration methods to support a full “work from home” workforce.

O365 provides cloud-based email capabilities, as well as chat and video capabilities using Microsoft Teams. While the abrupt shift to work-from-home may necessitate rapid deployment of cloud collaboration services, such as O365, hasty deployment can lead to oversights in security configurations and undermine a sound O365-specific security strategy.

CISA continues to see instances where entities are not implementing best security practices in regard to their O365 implementation, resulting in increased vulnerability to adversary attacks.


  • Enable multi-factor authentication for administrator accounts
  • Assign Administrator roles using Role-based Access Control (RBAC)
  • Enable unified Audit log (UAL)
  • Enable multi-factor authentication for all users
  • Disable legacy protocol authentication when appropriate:
  • Enable alert for suspicious activity
  • Incorporate Microsoft secure score
  • Incorporate logs with SIEM solution to get a broader view on infrastructure

Follow a basic hygiene. Close the look holes as much as possible. Be secure , have a broader eye on security devices.

Leave a Reply

%d bloggers like this: