At Microsoft 365 Nation, we view community as solid relationships. So with great pleasure, we want to give a shout out to our friend Scott Bekker (Redmond Channel Partner) for his deep insights into Office 365 customer site security risks and how partners, including Managed Services Providers (MSPs) should respond.
Organizations whose Office 365 environments were set up by third-party partners are at risk of a number of security misconfigurations, a federal computer security watchdog warned on Monday.
In an analysis report titled “Microsoft Office 365 Security Observations,” the Cybersecurity and Infrastructure Security Agency (CISA) described four common security misconfigurations found during a multi-month investigation begun last fall. CISA is the new standalone agency within the Department of Homeland Security that functions as the lead national government unit on civilian cybersecurity.
The investigation focused on customers who have used third-party partners to migrate their e-mail services to Office 365. The CISA report did not say how many customer environments it looked at, how large the organizations were in terms of seats or revenues, how widespread the problems were at those sites, or what kinds of third-party partners were involved.
The conclusion, however, was stark. “The organizations that used a third party have had a mix of configurations that lowered their overall security posture (e.g., mailbox auditing disabled, unified audit log disabled, multi-factor authentication disabled on admin accounts),” the report said. “In addition, the majority of these organizations did not have a dedicated IT security team to focus on their security in the cloud.
Read more HERE!