SOLVED

O365 cyber security information

%3CLINGO-SUB%20id%3D%22lingo-sub-217020%22%20slang%3D%22en-US%22%3EO365%20cyber%20security%20information%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-217020%22%20slang%3D%22en-US%22%3E%3CP%3EWhere%20are%20good%20sources%20of%20information%20about%20cyber%20security%20for%20O365%20and%20Azure%3F%20Blogs%20or%20others%20that%20talk%20about%20any%20alerts%2C%20recommended%20changes%2C%20known%20hacks%20or%20hack%20attempts%2C%20etc.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ei%20think%20O365%20is%20secure%20but%20want%20to%20be%20fact%20based.%20I%20know%20the%20big%20clouds%20are%20silent%20on%20hacks%2C%20but%20looking%20to%20understand%20and%20improve%20our%20posture.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERob.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-217020%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-217301%22%20slang%3D%22en-US%22%3ERe%3A%20O365%20cyber%20security%20information%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-217301%22%20slang%3D%22en-US%22%3E%3CP%3EI%20also%20blog%20regularly%20about%20Office%20365%20security%20at%26nbsp%3B%3CA%20href%3D%22http%3A%2F%2Fo365blog.com%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fo365blog.com%2F%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-217116%22%20slang%3D%22en-US%22%3ERe%3A%20O365%20cyber%20security%20information%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-217116%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20there%20is%20anything%20actionable%2C%20I'd%20hope%20Microsoft%20would%20alert%20customers%20primarily%20via%20MC%2C%20especially%20if%20there%20were%20mitigations%20that%20customers%20could%20carry%20out%20prior%20to%20a%20fix%20being%26nbsp%3Bput%20in%20place%2C%20which%20can't%20always%20be%20done%20straight%20away.%26nbsp%3B%20I%20get%20the%20impression%20they%20just%20fix%20the%20underlying%20issues%20as%20they%20come%20to%20light%20but%20don't%20always%26nbsp%3Bpublicise%20it.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERansomware%20can%20potentially%20effect%20Office%20365%20via%20OneDrive%20syncing%20and%20such.%26nbsp%3B%20Consumer%20OneDrive%20has%20ransomware%26nbsp%3Bdetection%2C%20it%26nbsp%3Bisn't%20clear%20if%20that's%20on%20the%20enterprise%20side%20as%20well.%26nbsp%3B%20The%20newer%20%3CA%20href%3D%22https%3A%2F%2Fsupport.office.com%2Fen-us%2Farticle%2FRestore-your-OneDrive-fa231298-759d-41cf-bcd0-25ac53eb8a15%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Erecover%3C%2FA%3E%20option%2C%20I%20think%20was%20inspired%20by%20the%20risk%20of%20these%20sorts%20of%20incidents.%26nbsp%3B%26nbsp%3BSharePoint%20Online%20has%20%3CA%20href%3D%22https%3A%2F%2Fsupport.office.com%2Fen-us%2Farticle%2Fvirus-detection-in-sharepoint-online-e3c6df61-8513-499d-ad8e-8a91770bff63%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Evirus%20detection%3C%2FA%3E%20by%20the%20way.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20think%20that%20paragraph%20you%20mentioned%20is%20open%20to%26nbsp%3Binterpretation%2C%26nbsp%3BI%20think%20plenty%20of%20customers%20would%20have%20some%20advanced%20security%20in-place%20to%20augment%20what's%20already%20available.%26nbsp%3B%20That%20could%20be%20ATP%26nbsp%3Bor%20some%20of%20the%20advanced%20features%20that%20come%20with%20the%20E5%20licence%20like%26nbsp%3BOffice%20365%20Threat%20Intelligence%2C%20also%20available%20as%20add-ons.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20point%20about%20backups%20has%20been%20discussed%20plenty%20elsewhere.%26nbsp%3B%20Microsoft%20can%20%3CA%20href%3D%22https%3A%2F%2Fblogs.msdn.microsoft.com%2Ftomvan%2F2015%2F12%2F23%2Frestore-options-in-sharepoint-online-must-read%2F%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Erecover%3C%2FA%3E%20a%20SharePoint%20site%20in%20event%20of%20an%20emergency%20outside%20of%20the%20usual%20recovery%20options%20from%20what%20I%20gather%20but%20with%20some%20limitations.%26nbsp%3B%20%26nbsp%3BHere%20are%20some%20general%20thoughts%20on%20the%20topic%20-%26nbsp%3B%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FOffice-365-Blog%2FData-protection-beyond-backup-and-recovery-with-Office-365%2Fba-p%2F142871%22%20target%3D%22_self%22%3EData%20protection%20beyond%20backup%20and%20recovery%20with%20Office%20365%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-217041%22%20slang%3D%22en-US%22%3ERe%3A%20O365%20cyber%20security%20information%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-217041%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F2395%22%20target%3D%22_blank%22%3E%40Cian%20Allner%3C%2FA%3E%26nbsp%3Bthose%20are%20good%20links.%20A%20few%20of%20those%20I%20have%20seen%20and%20could%20have%20listed%20them%20originally.%20I%20think%20your%20last%20paragraph%20is%20on%20point%20for%20me.%20How%20do%20we%20find%20out%20more%20about%20those%20scenarios%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%2C%20is%20anyone%20aware%20of%20any%20Ransomware%20that%20has%20worked%20on%20O365%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20the%20last%20article%20you%20linked%2C%20it%20says%20%3CEM%3E%22we%20always%20recommend%20adding%20a%20layer%20of%20email%20security%20for%20malware%2C%20phishing%2C%20and%20account%20take-over%20to%20protect%20from%20the%20sophisticated%20attacks%20that%20the%20default%20security%20does%20not%20block.%22%3C%2FEM%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20assume%20that%20means%20client-side%20security%20software%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEDIT%3A%20...and%20should%20we%20be%20doing%20an%20independent%20data%20backup%20of%20our%20tenant%3F%20Can%20someone%20point%20to%20a%20link%20about%20whether%20it%20is%20possible%20to%20do%20a%20restore%20with%20MSFT%20if%20something%20happens%3F%20How%20big%20of%20a%20risk%20is%20that%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3CBR%20%2F%3ERob.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-217033%22%20slang%3D%22en-US%22%3ERe%3A%20O365%20cyber%20security%20information%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-217033%22%20slang%3D%22en-US%22%3E%3CP%3EMicrosoft%20has%20a%20lot%20of%20documentation%2C%20white%20papers%20and%20such%20on%20how%20secure%20Office%20365%20is%20and%20the%20methods%20plus%20processes%20around%20this.%26nbsp%3B%20You'll%20find%20a%20lot%20of%20information%20in%20the%20%3CA%20href%3D%22https%3A%2F%2Fservicetrust.microsoft.com%2F%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EService%20Trust%20Portal%3C%2FA%3E%20and%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Ftrustcenter%2Fcloudservices%2Foffice365%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ETrust%20Center%3C%2FA%3E.%20Also%2C%20I%20have%20put%20together%20some%20of%20these%20related%20white%20papers%20in%20this%20%3CA%20href%3D%22https%3A%2F%2Fgallery.technet.microsoft.com%2Fexchange%2FOffice-365-Security-and-555f4d81%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ecollection%3C%2FA%3E.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThere%20is%20also%20the%20official%20blog%20of%20the%20%3CA%20href%3D%22https%3A%2F%2Fblogs.technet.microsoft.com%2Foffice365security%2F%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EOffice%20365%20Security%20team%3C%2FA%3E%20but%20it's%20infrequently%20updated.%20Also%2C%20the%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FSecurity-Privacy-and-Compliance%2Fbg-p%2Fsecurityprivacycompliance%22%20target%3D%22_self%22%3ESecurity%2C%20Privacy%20and%20Compliance%20Blog%3C%2FA%3E%26nbsp%3Band%20%3CA%20href%3D%22https%3A%2F%2Fcloudblogs.microsoft.com%2Fmicrosoftsecure%2F%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EMicrosoft%20Secure%20blog%3C%2FA%3E%20are%20available.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20you%20don't%20always%20see%20is%20an%20acknowledgement%20of%20particular%20vulnerabilities%2C%20that%20I%20have%20noticed%20anyway.%26nbsp%3B%20A%20recent%20example%20is%26nbsp%3BbaseStriker%20if%20there%20was%20an%20official%20public%20response%2C%20I%20can't%20find%20it.%26nbsp%3B%20%3CA%20href%3D%22https%3A%2F%2Fwww.avanan.com%2Fresources%2Fbasestriker-vulnerability-office-365%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EbaseStriker%3C%2FA%3E%3CSPAN%3E%26nbsp%3Bbypassed%20email%20checks%20on%20malicious%20links%20by%20splitting%20the%20base%26nbsp%3Bdomain%20and%20path%20separately.%26nbsp%3B%26nbsp%3BWhile%20this%20got%20fixed%2C%20taking%20a%20couple%20of%20weeks%2C%20it%20was%20only%20the%20researcher%20who%20discovered%20the%20issue%20that%20disclosed%20this%20resolution.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Super Contributor

Where are good sources of information about cyber security for O365 and Azure? Blogs or others that talk about any alerts, recommended changes, known hacks or hack attempts, etc. 

 

i think O365 is secure but want to be fact based. I know the big clouds are silent on hacks, but looking to understand and improve our posture. 

 

Rob. 

4 Replies
Highlighted
Best Response confirmed by Rob O'Keefe (Super Contributor)
Solution

Microsoft has a lot of documentation, white papers and such on how secure Office 365 is and the methods plus processes around this.  You'll find a lot of information in the Service Trust Portal and Trust Center. Also, I have put together some of these related white papers in this collection

 

There is also the official blog of the Office 365 Security team but it's infrequently updated. Also, the Security, Privacy and Compliance Blog and Microsoft Secure blog are available. 

 

What you don't always see is an acknowledgement of particular vulnerabilities, that I have noticed anyway.  A recent example is baseStriker if there was an official public response, I can't find it.  baseStriker bypassed email checks on malicious links by splitting the base domain and path separately.  While this got fixed, taking a couple of weeks, it was only the researcher who discovered the issue that disclosed this resolution.

Highlighted

Thanks @Cian Allner those are good links. A few of those I have seen and could have listed them originally. I think your last paragraph is on point for me. How do we find out more about those scenarios? 

 

Also, is anyone aware of any Ransomware that has worked on O365?

 

In the last article you linked, it says "we always recommend adding a layer of email security for malware, phishing, and account take-over to protect from the sophisticated attacks that the default security does not block." 

I assume that means client-side security software?

 

EDIT: ...and should we be doing an independent data backup of our tenant? Can someone point to a link about whether it is possible to do a restore with MSFT if something happens? How big of a risk is that?

 

Thanks,
Rob.

Highlighted

If there is anything actionable, I'd hope Microsoft would alert customers primarily via MC, especially if there were mitigations that customers could carry out prior to a fix being put in place, which can't always be done straight away.  I get the impression they just fix the underlying issues as they come to light but don't always publicise it. 

 

Ransomware can potentially effect Office 365 via OneDrive syncing and such.  Consumer OneDrive has ransomware detection, it isn't clear if that's on the enterprise side as well.  The newer recover option, I think was inspired by the risk of these sorts of incidents.  SharePoint Online has virus detection by the way.

 

I think that paragraph you mentioned is open to interpretation, I think plenty of customers would have some advanced security in-place to augment what's already available.  That could be ATP or some of the advanced features that come with the E5 licence like Office 365 Threat Intelligence, also available as add-ons.

 

The point about backups has been discussed plenty elsewhere.  Microsoft can recover a SharePoint site in event of an emergency outside of the usual recovery options from what I gather but with some limitations.   Here are some general thoughts on the topic -  Data protection beyond backup and recovery with Office 365.

Highlighted

I also blog regularly about Office 365 security at http://o365blog.com/