As sad as it sounds, Sikich has been involved in many breach remediation efforts related to Office 365. Not that the infrastructure or service was compromised in any way, but that the consumers of the services were the weak link. Over the years, this has taken different shapes and forms. For the most part, I would say that either common passwords or a successful phish was the root cause of the breach.
Outside of the actual remediation efforts that are undertaken, I came across a new service enhancement about a year ago (April 2017) called Office 365 Threat Intelligence. This service makes use of the Microsoft Intelligent Security Graph, which “analyzes billions of data points from Microsoft global data centers, Office clients, email, user authentications, signals from our Windows and Azure ecosystems and other incidents that impact the Office 365 ecosystem.” With all of that data available to us, we end up getting really interesting insights into how those threats would impact my (or your) tenant.
Now the cool part. Last month, Microsoft finally made Attack Simulator, a new enhancement to that service, generally available.
As with most security systems, it’s best to have breach prevention in place. In the electronic world, a big part of that prevention deals with training and awareness campaigns with end-users. With the Attack Simulator, an admin can actually test out a variety of simulated attacks (ie. Phishing, Password Spray, Brute-force Attack) against the user community to gauge what parts are, or are not, working in awareness training. I say simulated in that the attacks are not destructive in nature. The generated attacks are real enough to obtain reporting and telemetry details. Results from the Attack Simulator can be used in a variety of training scenarios to further educate users and prevent real breaches from occurring.
How do you get this? If you have an E5 license, you already have it. You can find this tool/service in the Security & Compliance center. If you don’t have an E5 license, you can purchase it as an add-on subscription to a variety of licenses. Have licensing questions or other concerns about Office 365? Contact Sikich. As a Microsoft Partner of the Year who’s helped hundreds of organization with their cloud transformation, we are here to help.