Latest coverage for Office 365
Office 365 is Microsoft's cloud productivity suite, whose identity, email, and data controls make its vulnerabilities and security advisories consequential.
Refine the feed
Search across headline titles and summaries.
Tag briefing
Background for this topic.
Office 365 is Microsoft’s cloud-hosted productivity and collaboration service, encompassing Exchange Online email, SharePoint, OneDrive, Teams, and web and desktop Office applications. Because these services store communications and business documents in a shared cloud environment, the tag includes both attacks against the platform and security issues arising from tenant configuration, identity, and connected applications.
Material risks include phishing or stolen credentials leading to account takeover, malicious OAuth applications gaining delegated access, mailbox forwarding rules, and excessive external sharing of files. Effective defenses include phishing-resistant multifactor authentication, conditional-access policies, least-privilege administration, controlled app consent, data-loss prevention, and review of audit and sign-in logs. Security teams must also track Microsoft advisories and client vulnerabilities, preserve cloud evidence for investigations, and apply retention, privacy, and compliance controls appropriate to the data stored in the tenant.
Volume over time
Weekly headline count for the current query.
A New Era of Email Defense: The Power of KnowBe4 and Microsoft Defender for Office 365
EU Commission and Microsoft Appeal EDPS Office 365 Decision
March Decision Mandated Commission to Stem Data Flows From Its Office 365 UseThe European Commission is appealing a March decision by a continental data regulator that found the commission's use of Microsoft Office apps violated Regulation (EU) 2018/1725. A commission spokesperson said the EDPS decision would undermine its "mobile and integrated IT services."
Microsoft Says Test Account Gave Hackers Keys to the Kingdom
Postmortem: Multiple Customers Also Targeted by Russian Nation-State AttackersA nation-state hacking group run by Russian intelligence gained access to a Microsoft "legacy, non-production test tenant account" and used it to authorize malicious Office 365 OAuth applications, access Outlook, and steal Microsoft and customers' emails and attachments, Microsoft said.