In today’s dynamic IT landscape, safeguarding your data — no matter where it lives — is non-negotiable. Doing so, however, is much easier said than done. Success requires the diligence to look under every rock for vulnerabilities and gaps in retention, even (and especially) in places you wouldn’t expect. Take Microsoft 365, for example. It’s no secret that it has changed productivity in the workplace forever.

Trustwave SpiderLabs is tracking a spike in usage of the Greatness phishing kit to attack Microsoft 365 users to distribute malicious HTML attachments that steal login credentials. Greatness is a phishing-as-a-service platform developed by a threat actor known as "fisherstell," and has been available since mid-2022 that provides a ready-made infrastructure and tools for anyone to launch phishing campaigns charging $120 per month in Bitcoin.

Most organizations today rely on Entra ID (formerly Azure AD) and Microsoft 365 (formerly Office 365) for core business operations. But how secure are these vital platforms against ransomware? This article explores the key concern concerns in Entra ID and Microsoft 365 and details the key security controls they offer to block, detect and recover from ransomware. Then it offers a robust solution that can further safeguard your data and IT systems.

As of 2023, Microsoft Office 365 is utilized by over a million companies globally, according to a recent Statista report. It has become an indispensable tool for organizations as they adapt to hybrid workforces and a global economy, leveraging its collaborative power and the need for a robust data protection strategy. At the core of Microsoft 365’s security framework lies the Shared Responsibility Model, delineating the responsibilities of Microsoft and organizations using their services.

Microsoft 365 (formerly Office 365) is Microsoft's cloud-based suite of productivity tools, which includes email, collaboration platforms, and office applications. All are integrated with Entra ID (referred to as Azure AD in this post) for identity and access management. M365’s centralized storage of organizational data, combined with its ubiquity and widespread adoption, make it a common target of threat actors.

Regularly reviewing user permissions is important to reduce the risk of data overexposure and breaches. Overpermissioned users pose a significant security risk. Restricting access to only necessary information for individuals to perform their jobs can significantly reduce risk. By conducting regular permissions audits in Microsoft 365 and SharePoint, organizations can ensure that sensitive information access remains appropriate, safe and secure.