In recent weeks, I have noticed a significant uptick in the use of “.onmicrosoft.com” domains for phishing attempts. It seems that the attackers have been setting up multiple trial Microsoft 365 accounts, automatically activating Exchange Online. They are exploiting this as a temporary method to send out phishing emails. At one point, I observed nearly […]
Imagine your organization’s Microsoft 365 tenant as your home. You wouldn’t welcome a stranger with unknown intentions and a shady introduction into your home?Similarly, proactively identifying and mitigating risks associated with guest users in their home tenant is vital for safeguarding your organization’s data and resources within your tenant.It’s a common practice among organizations to […]
In many organizations, the practice of utilizing a local SMTP server integrated with Exchange Online remains quite common.Depending on the SMTP service used, you have different possibilities to both secure the usage of the smtp server and getting insights from the usage. One crucial area often overlooked is the monitoring of unusual spikes in outbound […]
Not too long ago I where involved in a security incident where the attacker used phishing to gain access to several end-users Microsoft 365 credentials.In this case, the customer didn’t have MFA or Conditional Access implemented, leaving them exposed for this type of general attack that unfortunately is really common.To make a long story short, […]
Microsoft 365 Security blog by Pontus Själander