Productivity
Improve Your Workplace Productivity With Microsoft Word: 11 Tips To Make the Most of This Program
Microsoft Word is an indispensable part of most business environments. It has numerous features that
February 28, 2022
EasyITGuys has applied an added layer of security protection to certain managed Microsoft 365 environments in response to an active phishing threat.
Who this applies to: This protection applies only to active EasyITGuys business clients enrolled in a co-managed or fully managed IT and Cybersecurity Department experience (Microsoft 365 security management is included).
A large phishing campaign has been targeting Microsoft 365 users. Because of this, our Cloud Security Team put an additional protection in place to help block suspicious sign-in activity tied to known malicious sources.
In simple terms: We added another layer of protection to help reduce the risk of unauthorized access to covered Microsoft 365 accounts.
Our Cloud Security Team identified an active phishing campaign leveraging device code phishing techniques and other advanced social engineering methods. In some cases, the campaign used personalized AI-generated phishing lures to improve believability and reduce the likelihood of detection.
Due to the scale and effectiveness of this activity, we implemented this added preventative control to help protect covered client Microsoft 365 environments from malicious authentication attempts.
Questions? If you are an active managed client and would like to discuss tighter security settings or additional account protections, please contact your account manager.
For clients who want the additional detail, a Conditional Access policy was deployed to help block sign-in activity associated with known malicious infrastructure.
What this means: A new Conditional Access policy was deployed to help block authentication attempts associated with confirmed adversary infrastructure connected to this phishing campaign.
| Conditional Access Parameter | Value |
|---|---|
| Policy Name | Block – Confirmed Adversary Infrastructure |
| Users or Agents | All Users Included |
| Exclusion Group | CAP – Emergency Access Exclusion |
| Target Resources | All Resources |
| Network / Named Location | Confirmed Adversary Infrastructure |
| Conditions (Locations) | Confirmed Adversary Infrastructure |
| Grant | Block Access |
As part of this deployment, the following supporting items were also created:
The emergency access exclusion group is a standard Microsoft 365 requirement for broad block policies and is empty by default. The named location contains IP ranges associated with known threat activity.
Good to know: This action was taken as a protective measure to strengthen security and reduce exposure to known phishing infrastructure. If you are an active managed client and would like to discuss additional lockdown measures or further hardening options, please contact EasyITGuys.
If you have questions about this alert or would like to review additional Microsoft 365 security restrictions, account protection options, or other protective controls, please contact EasyITGuys.
EasyITGuys helps businesses implement layered IT, cybersecurity, and Microsoft 365 protection with a proactive, standards-driven approach.
Subscribe to get the latest posts sent to your email.
Microsoft Word is an indispensable part of most business environments. It has numerous features that
Your business can benefit a lot from working with an IT provider. However, you need
Making the most of your Microsoft 365 apps requires you to adopt appropriate security measures.Microsoft
You may have state-of-the-art servers, but their efficiency can diminish over time. Managing them is