Defending Against Rules and Forms Injection

Over the last year, Office 365 security has been tracking an emergent attacker persistence mechanism in the Exchange Online ecosystem. The release of a security research tool called Ruler enables an attacker to install a persistence mechanism once an account has been breached to maintain access even through a password roll. While we haven’t seen…

0

Using the Office 365 Secure Score API

The Office 365 Security Engineering team is pleased to announce the availability of the Office 365 Secure Score API. This API is fully integrated into the Microsoft Graph. If you are wondering what the Office 365 Secure Score is, get the low down here, or visit the experience here: https://securescore.office.com. Why Collect Secure Score Data?…

0

New Security Analytics Service: Finding and Fixing Risk in Office 365

Microsoft is pleased to announce the preview availability of a new security analytics service called the Office 365 Secure Score. The Secure Score is a security analytics tool that will help you understand what you have done to reduce the risk to your data in Office 365, and show you what you can do to…


Using Office 365 activity data to improve your Cybersecurity stance and capability

Overview and Contents As an Office 365 customer and tenant administrator, you have access to a wide variety of user activity events logged from your Exchange Online, SharePoint Online and Azure Active Directory services. Office 365 provides detailed activity logs that can be acquired and analyzed to facilitate self-service forensic investigations to scope and remediate a…

4

How to fix a compromised (hacked) Microsoft Office 365 account

One of the most common security support requests we receive from our Office 365 customers is for assistance with remediating an account compromise. The most common scenario is that a member of their organization became the victim of a phishing scam and the attacker obtained the password for their account. (Note: If you are not…

0