The CISA report titled “Microsoft Office 365 Security Observations” makes five recommendations to improve security of an Office 365 tenant. The recommendations are valid, but competent administrators won’t take long to implement them. In fact, the worst thing is that consultants brought in to help organizations didn’t seem to have much expertise in securing Office 365.
Hanging on to old email habits is a bad idea, especially if you use a cloud service like Office 365 where Microsoft introduces a steady stream of new features. The worst bad habit is password sharing. It’s time to stop this now.
Microsoft has issued patch CVE-2018-8340 to fix a problem with Active Directory Federation Services. You should download and install this patch now.