Office 365

nightfall

Is Microsoft Teams HIPAA Compliant?

Microsoft Teams, and subsequently Microsoft, likely need no introduction. The popular collaboration tool launched in 2016, providing organizations with a powerful way to communicate and share information within the Microsoft ecosystem. Tools like Teams have only become more important post-COVID with teams being hybrid, decentralized, and distributed.

egnyte

New Solutions for Greater Insights and Security Across M365

By the end of 2020, Microsoft 365 was used by more than one million companies worldwide. And for good reason. With the move to remote work, applications like Word and Excel, Teams, OneDrive and SharePoint, provided businesses with a familiar, easy to access, and easy to use productivity suite – all available in the cloud.

egnyte

Data Security and Governance in Microsoft 365

Microsoft 365, as a service, contains many features that focus on security. Each service uses Azure Active Directory for authentication and authorization to access either the app itself or the content that resides within it. Organization-specific security controls and procedures should augment all out-of-the-box configurations.

netwrix

HAFNIUM: Protecting Your Exchange Server from Data Exfiltration

In early March, Microsoft reported a large, coordinated attack that exploited critical vulnerabilities in Exchange Server 2010, 2013, 2016 and 2019 in an attempt to exfiltrate credentials and other sensitive information from organizations’ mailboxes. Microsoft attributed this attack to a sophisticated Chinese group code-named HAFNIUM. The first detected attempts date back to January 2021.

netskope

Netskope Threat Coverage: DearCry Ransomware

On March 2, Microsoft released patches for four zero-day vulnerabilities affecting Exchange Server 2013, 2016, and 2019 (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065). In the following weeks, attackers have been aggressively targeting vulnerable servers to install web shells that provide persistent remote access to infected servers. On March 9, attackers began installing a new ransomware variant known as DearCry or DoejoCrypt on infected servers.

Featured Post

Security Monitoring and Risk Analysis for Office 365 - A maintainable Journey

The NIST framework tells us that it is crucial to treat security as both an action that is not a singular fix but a chorus of proactive and reactive measures. It also teaches us that it is a continuous journey. In this article, we shall apply these concepts of measures and continuous journeys to some real-world examples. Here we choose Office 365 as, for many organizations, it exposes the dominant risk surface.
lookout

On-prem or Cloud? Lessons from the Microsoft Exchange Attack

As I’m writing this blog, malicious actors are actively exploiting vulnerabilities in the Microsoft Exchange Server software. These were zero-day exploits, which means that even organizations that were diligent in their patching were vulnerable. So far the estimates are that more than 60,000 organizations have been compromised.

calligo

Microsoft 365 Comparison: E1 vs. E3 vs. E5

Microsoft offers three levels of Microsoft 365 for enterprise: E1, E3, and E5. But how do you decide which is most relevant to your business? And are they really only suitable for enterprises? As always, it all depends what you need to achieve. Of course, the key difference between enterprise and standard packages is that only enterprise packages can support more than 300 users within a single organization. But this is far from an absolute rule.

egnyte

Mastering Compliance in M365 Cloud Office Environments

With the explosive growth of Microsoft 365, many companies are suddenly experiencing content sprawl at an unprecedented rate. What is content sprawl? It’s when your employees create unstructured content (files, chats, video) in the course of their workday, which then gets stored in multiple repositories, like SharePoint and OneDrive. Accelerate that in the context of a remote workforce, and you suddenly have content sprawling all over the place.

netwrix

Data Classification in Microsoft 365

More and more organizations are recognizing the power and value of data classification. By accurately classifying and labeling the information you store, you can: If your organization is like most, you now rely on cloud platforms like SharePoint Online, OneDrive and Exchange Online, and you need to know exactly what types of data is being stored there so you can ensure sensitive content is properly protected.