Practical write-ups on Microsoft 365 incidents — what happens, why it happens, and how to stop it.
A sophisticated attack targeting Stryker's Microsoft 365 environment used compromised admin credentials to issue mass Intune device wipes. What the attack chain looked like and which controls would have stopped it.
Read articleHow attackers gain access to Microsoft 365 accounts, what they do once inside, and the steps to contain the damage and recover control of the tenant.
Read articleWhy compromised Office 365 mailboxes get used for spam campaigns, how Microsoft responds with outbound limits, and what remediation actually looks like.
Read articleInternal phishing sent from a trusted Microsoft 365 account is harder to catch and more damaging than external spam. How these attacks propagate and how to investigate them.
Read article