Safeguarding Productivity

Microsoft Search – Nice, but Beware

Microsoft announced the general availability of its new Microsoft Search service this week, using Build 2019 as the platform for doing so. It offers some great stuff, some good forward moves for Search, and some neat ideas for extending the paradigm. Microsoft says that its new Search offers:

an intelligent, enterprise search experience from Microsoft that applies the artificial intelligence technology (AI) from Bing and deep personalized insights surfaced by the Microsoft Graph, to make search more effective for you – so whether you’re looking to complete a task, pick up where you left off, or discover answers or insights, it’s just a click away, across all of your applications, your desktop, and your browser.

Nice. But. The but is that it will amplify and speed up the data loss consequences of a successful account compromise through phishing or spearphishing. If a user’s account is compromised and the user doesn’t know this has happened, the attacker will be able to impersonate the compromised user, see what they have been working on, find relevant documents much faster, and see who else in the user’s domain would represent the next best vulnerable target for lateral movement.

Therefore, protect your user accounts.

  • Multi-factor authentication using an authenticator app (not SMS code) for admins is a must. No exceptions.
  • Multi-factor authentication using an authenticator app for anyone with access to financial systems is a must. No exceptions.
  • Multi-factor authentication using an authenticator app for senior executives is a must. No exceptions.
  • Multi-factor authentication for every single user of your tenant is highly, highly recommended. It should be on for everyone. But if you can’t live with that condition, then you must embrace ongoing analysis of the early warning signals of a compromised account. Office 365 Cloud App Security in Office 365 E5 is a good place to start. Even better is Microsoft Cloud App Security in Microsoft 365 E5. Or any of the other leading CASBs that will report on weird behaviour for login activity, such as impossible travel, login access from weird locations, and the like.