On the show this week, Steve Goodman and Paul Robichaux discuss Storm-0558 and consider how it happened now that more is known, and Microsoft is expecting you to pay attention to your Azure VMs as Cryptojacking is on the rise. New Outlook is on the way and is one of the prereqs for Microsoft 365 Copilot. Could resistance to using the new Outlook hold back your AI journey? Plus, we discuss Roadmap and Message center items – and talk TEC – happening in Atlanta, this week.
Microsoft Post-Mortem on Storm-0558: What does it tell us?
First, on the show, we discuss Storm-0558, which Paul Robichaux wrote in more detail about here. We discussed the seriousness of Storm-0558 and Paul explained the swiss cheese model and how it comes into play in situations like this. For the uninitiated, Storm-0558 is the name given to a recent attack that has been widely attributed to the Chinese government, where a number of Exchange Online mailboxes were compromised. On the show, we give a short explanation of how and dig a little more into the mechanisms that made it possible.
On the subject of compromise: Microsoft is likely to hold you responsible for Azure costs if your subscription is compromised
Not just relevant for big users of Azure – perhaps you have a small environment that you manage in Azure too, alongside your Microsoft 365 environment. Azure policy changes are in response to Cryptojacking, which occurs when someone gains access to your environment and creates expensive GPU VMs in Azure.
It’s a different way for an attacker to steal from you compared to taking and selling data, or holding your business for ransom. The attacker uses the Azure VMs to mine crypto and therefore gets access to the money before you even know it happened.
Microsoft had clearly been picking up the bill for this – they apparently won’t anymore, as an average compromise is valued at $300,000 of Azure compute spend. If you aren’t paying close attention to any Azure environments, you should be.
Microsoft Copilot Updates and Considerations for Deployment
Microsoft 365 Copilot is still on the way and somewhere over the horizon, but it isn’t too early to start thinking about considerations for prerequisites.
As Tony mentioned in Deciding Who Gets Microsoft 365 Copilot Licenses, the New Outlook is a prerequisite for Microsoft 365 Copilot deployment. The question we ask: will it be ready for those you’ll want to get onto Microsoft 365 Copilot first?
Paul joined a session, repeated as a recording here, where Microsoft gives an update on the New Outlook. While it’s progressing swiftly, we’d recommend checking out the current preview builds for any show-stoppers.
Directory security in the news: Not Just Microsoft
We discussed a few compromises that hit the worldwide news recently, which both involved Okta – proving you aren’t completely safe with Microsoft’s primary competitor to Entra ID.
First up, MGM, in Las Vegas got hacked – resulting in their systems being brought down (either as a security measure or as a result of the attack) affecting everything from slot machines to hotel door keys. In a similar attack, Retool suffered compromise too. We discuss both on the show.
Get Patching Your Exchange Servers
Once again you need to patch your Exchange Servers, as the September 2023 release of new Exchange Server CVEs brings more fixes to Exchange. In slightly better news than normal, if you already applied the August 2023 security updates: you are covered (for now).
Personal Planner is Coming Your Way
Beginning October 2023, you can create your own personal Planner without tying it to a Group. Why would you? What’s wrong with To-Do? Paul and I discuss the benefits of both. In summary: some people prefer it, and if they do – then creating a Microsoft 365 Group for a personal planner is a little overkill; so it’s not a bad move from Microsoft.
We’ll be back in a few weeks’ time – with myself and Rich Dean at the helm.