As a guy responsible for a 1,000 employee O365 tenant, I’ve been watching this with concern.
I don’t think I’m a target of state actors. I also don’t have any E5 licenses.
I’m disturbed at the opaqueness of MS’ response. From what they have explained, it sounds like the bad actors could self-sign a valid token to access cloud resources. That’s obviously a huge concern. It also sounds like the bad actors only accessed Exchange Online resources. My understanding is they could have done more, if they had a valid token. I feel like the fact that they didn’t means something’s not yet public.
I’m very disturbed by the fact that it sounds like I’d have no way to know this sort of breach was even occurring.
Compared to decades ago, I have a generally positive view of MS and security. It bothers me that this breach was a month in before the US government notified MS of it. It also bothers me that MS hasn’t been terribly forthcoming about what happened. Likely, there’s no need to mention I’m bothered that I’m so deep into the O365 environment that I can’t pull out.
Hardly surprising. Any popular app is going to have enough users that it doesn’t make economic sense to stay. A niche app that’s halfway decent will soon have enough users they’ll need to fold to.
As a guy responsible for a 1,000 employee O365 tenant, I’ve been watching this with concern.
I don’t think I’m a target of state actors. I also don’t have any E5 licenses.
I’m disturbed at the opaqueness of MS’ response. From what they have explained, it sounds like the bad actors could self-sign a valid token to access cloud resources. That’s obviously a huge concern. It also sounds like the bad actors only accessed Exchange Online resources. My understanding is they could have done more, if they had a valid token. I feel like the fact that they didn’t means something’s not yet public.
I’m very disturbed by the fact that it sounds like I’d have no way to know this sort of breach was even occurring.
Compared to decades ago, I have a generally positive view of MS and security. It bothers me that this breach was a month in before the US government notified MS of it. It also bothers me that MS hasn’t been terribly forthcoming about what happened. Likely, there’s no need to mention I’m bothered that I’m so deep into the O365 environment that I can’t pull out.