With the transition to the cloud, there is a notable rise in security incidents involving cloud platforms and services. Microsoft 365 is highly targeted due to its popularity and the valuable hosted data. Compromising Microsoft 365 tenants allows attackers to remotely access sensitive data in the cloud without having to penetrate the corporate perimeter. Threat actors can access Microsoft 365 tenants by exploiting or compromising:
The Mandiant Security Assessment for Microsoft 365 was developed based on extensive experience responding to incidents where threat actors have compromised and gained access to an organization’s Microsoft 365 tenant. By proactively reviewing and mitigating common misconfigurations, process weaknesses, and exploitation methods, organizations can reduce overall risk and ensure optimized protection and visibility for events occurring within a Microsoft 365 tenant.
The foundation of this assessment includes both the short-term containment and longer-term remediation security controls and configurations required to eradicate attackers from a tenant.