• phase_change
    link
    fedilink
    English
    arrow-up
    20
    ·
    edit-2
    1 year ago

    As a guy responsible for a 1,000 employee O365 tenant, I’ve been watching this with concern.

    I don’t think I’m a target of state actors. I also don’t have any E5 licenses.

    I’m disturbed at the opaqueness of MS’ response. From what they have explained, it sounds like the bad actors could self-sign a valid token to access cloud resources. That’s obviously a huge concern. It also sounds like the bad actors only accessed Exchange Online resources. My understanding is they could have done more, if they had a valid token. I feel like the fact that they didn’t means something’s not yet public.

    I’m very disturbed by the fact that it sounds like I’d have no way to know this sort of breach was even occurring.

    Compared to decades ago, I have a generally positive view of MS and security. It bothers me that this breach was a month in before the US government notified MS of it. It also bothers me that MS hasn’t been terribly forthcoming about what happened. Likely, there’s no need to mention I’m bothered that I’m so deep into the O365 environment that I can’t pull out.