Earlier this week the Department of Homeland Security issued an analysis report on Microsoft Office 365 security observations. In a nutshell, the report states that many Office 365 deployments have not been properly secured giving cybercriminals a weakness to take advantage of to carry out malicious activity.  

The report noted that, “Since October 2018, the Cybersecurity and Infrastructure Security Agency (CISA) has conducted several engagements with customers who have used third-party partners to migrate their email services to O365. 

The organizations that used a third party have had a mix of configurations that lowered their overall security posture (e.g., mailbox auditing disabled, unified audit log disabled, multi-factor authentication disabled on admin accounts). In addition, the majority of these organizations did not have a dedicated IT security team to focus on their security in the cloud. These security oversights have led to user and mailbox compromises and vulnerabilities.” 

DHS’s recommendations for hardening an Office 365 deployment include using multifactor authentication, enabling unified audit and mailbox logging, ensuring that Azure AD password sync is configured correctly, and disabling support for legacy e-mail protocols. 

There are many service providers that offer Office 365 migration and deployment services, but as this DHS report indicates, not all of them are doing a good job of securing those deployments. When it comes to something as mission-critical as Office 365, why trust your deployment to just anyone?  

To learn how Symplexity can help with this and many other technology and security concerns, contact us today at info@symplexity.com or (260)432-1364. 

Ross is the CISO at Symplexity. He has achieved CCIE Security and CISSP certifications, an MBA from the University of Notre Dame, and has 20 years of experience in the fields of computer and network security engineering and consulting. Ross provides virtual CISO services for our Symplexity Secure clients and helps them to identify information security risks and implement administrative, procedural, and technical controls to mitigate. He works effectively with both technical and managerial personnel and is a trusted resource for our clients.

Ready to take your technology to the next level?

Contact Us Now