Top 5 lessons learned in defending Microsoft 365

Top 5 lessons learned in defending Microsoft 365

On September 25th I was invited to share my Top 5 lessons learned in defending Microsoft 365 at an event of the Netherlands chapter of ISACA. In Eindhoven a group of some 50 CISOs and other information security professionals learned what my personal eye-openers have been in the past 4 years while building Attic Security.

To set the stage, I started by asking whether the audience felt defending Microsoft 365 should be a priority to them at all. Was quite telling to have some of them answer they feel they should not be bothered as Microsoft should take care of it themselves.

So I used reports by ENISA and CISA to show they actually have an interest to understand what threats actually are related to a service like M365, as those threats seem to be the initial access vector for attackers in 88% of security breaches.

The 5 lessons I shared where:

  1. AiTM & Token Replay
  2. Privilege Management
  3. Public Sites & Teams
  4. Free SIEM
  5. Premium Anti-Phishing

I decided to record a desk version of the presentation as this is probably useful content for a broader audience. So here you go. https://www.youtube.com/watch?v=wYIcShuwUaA