In several of my most recent IT and Cyber Security Audits I have encountered problems similar to those in this report from the US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) – misconfigurations.
NSA and CISA Release Advisory on Top Ten Cybersecurity Misconfigurations | CISA
The ones listed in the report will cause cyber security issues. I am always finding issue #2 – “Improper separation of user/administrator privilege” but I regularly find a splattering of the other 9, plus others. All need to be corrected.
Did you configure your own Microsoft 365 environment and the associated user and security steps and DNS setting associated with it all? Is it correct?
Now is the time to check before you have an issue.
Clive Catton MSc (Cyber Security) – by-line and other articles