In July 2021, Microsoft's Security Intelligence team warned Office 365 users and admins that the latest phishing attacks use a crafty combination of methods to get past email filters. In follow-up Tweets released on the same day, Microsoft described the campaign that used various detection evasion techniques to be “sneakier than usual.” However, this recent warning to the public wasn’t the first time Microsoft Office 365 accounts have been under attack. In March 2021, Microsoft also made the news following a rise in credential phishing attacks. The attacks involved fake login pages and malicious landing pages intended to steal credentials from employees.
Therefore, it is not uncommon for medium or large companies to exclusively adopt the supplementary component of Office365. This happens for several reasons:
- Security must be layered. Exchange is the most attacked, not because it is vulnerable but because it is the most used. Therefore, trusting in Microsoft 100% will increase your risk and is not considered best practice. We recommend having another brand also to check incoming emails.
- Information compliance issues. There have been issues raised at the federation level of the system, in addition to low visibility of internal auditing. Historically, Microsoft has not proven to be not great with users’ privacy and many users have raised information compliance issues. If an IT admin or an external IT company looks at users’ work-related emails, the users may never be aware.
- The quality of system security. Exchange Online Protection is consecrated to a system with several important functionalities lacking a security base. And only by purchasing the Advanced Threat Protection (ATP) make it possible to have robust filtering, such as a level 2 sandbox system or some level 1 features like safe links and explorer. These features are only present in the top subscription.
Therefore companies look for O365 coupled with another specialized security system within Europe and outside the Azure cloud. Given the reduced visibility and management of the Microsoft system, the focus is on anti-phishing and issues of operationalization of the platform (auditing, message analysis, delegation of administration).