The US Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has issued security advice for organizations that were forced to rush the deployment of Office 365 to support their newly remote workforce. This warning comes following CISA seeing incidents of organizations failing to utilize proper security measures with their newly established use of Office 365. One of the first issues which CISA wanted to bring to many organizations’ attention is the need to lock down Azure Active Directory (AD) Global Administrators in Office 365 with Multi-Factor Authentication (MFA). Failure to do so could give an attacker an easy means of escalating user privileges. CISA also recommends that organizations utilize other administrator roles within Azure’s Active Directory and to not utilize the Global Administrator account unless “absolutely necessary.”
Analyst Notes
Organizations of any size can suffer from tunnel vision when needing to quickly implement new solutions. This tunnel vision can keep an organization focused more on usability and connectivity while forgetting about security. Any accounts with elevated privileges should be protected with MFA whenever possible. CISA also highly recommends the utilization of Microsoft’s Secure Score tool which will measure and score an organization’s security posture for Office 365. More information and advice can be found at https://www.zdnet.com/article/microsoft-office-365-us-issues-security-alert-over-rushed-remote-deployments/
CISA’s notice can be found at https://www.us-cert.gov/ncas/alerts/aa20-120a
