Limit access and organization between on-prem and cloud
One should limit access and interoperability between on-premises and cloud assets where possible. Yes, we have built trust in this ability to share data and authenticate between cloud assets and the environment, but often it also introduces weaknesses.
A recent ProPublica article states that a whistleblower revealed these risks to Microsoft years before the attacks based on them. While attacks on the SolarWinds supply chain were entry points, it was the misuse of Active Directory Federation Services that allowed attackers to gain additional access. So understand the risks involved and add additional monitoring resources to update validation processes.
Finally, if you’ve been a Microsoft 365 customer for a long time, and you haven’t updated your default security settings and settings, now is the time to update those settings. From Microsoft to the Center for Internet Security, various organizations have revised and updated benchmarks over the years. Some benchmarks have a lot of manual steps and some are more automated.
Source link