Users should enable and use two factor authentication (2FA) whenever it is available. Sure there are issues with using SMS as a second factor, but 2FA is by far better than just using a user ID and password. The attack vectors are constantly changing and the attacks on Office 365 are no exception. According to a TechRepublic report, multi-factor authentication may not be enough to protect Office 365 users. "Some Office 365 systems are vulnerable to a new cybersecurity attack vector, and multi-factor authentication may not be enough to stop it, according to research from Proofpoint."
To protect from this Exchange Web Services vulnerability, the suggestion for admins is to adhere to these three practices:
- Be fully migrated to O365
- Make sure to use Microsoft's own MFA
- Be in Modern Authentication mode
This Microsoft help article describes how to properly enable or disable modern authentication in Exchange Online.
E-mail: firstname.lastname@example.org Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology