VulnHub

Real-time Cybersecurity News

The Exchange Online security controls organizations keep getting wrong

Help Net Security
MicrosoftCritical

Overview

In a recent interview, Scott Schnoll, a Microsoft MVP for Exchange, discussed common mistakes organizations make regarding security controls in Exchange Online. He emphasized the importance of understanding the Shared Responsibility Model, where Microsoft manages cloud security while organizations are responsible for their data and configurations. Schnoll pointed out that legacy protocols like SMTP AUTH often remain enabled due to dependencies on older systems, which can create vulnerabilities. He also identified critical controls that are frequently overlooked, such as Conditional Access and Privileged Identity Management (PIM), and noted the gaps in audit logs that can hinder effective monitoring. Organizations need to take immediate action to adjust default settings and implement better security practices to protect their environments.

Key Takeaways

  • Affected Systems: Exchange Online, Microsoft 365, SMTP AUTH, Conditional Access, Privileged Identity Management
  • Action Required: Organizations should change default settings, disable legacy protocols like SMTP AUTH where possible, and implement Conditional Access and PIM.
  • Timeline: Newly disclosed

Original Article Summary

In this Help Net Security interview, Scott Schnoll, Microsoft MVP for Exchange, breaks down the Shared Responsibility Model, where Microsoft secures the cloud while organizations must protect their own data, identities, and configurations. The discussion covers default settings worth changing tomorrow, including legacy protocols like SMTP AUTH that survive due to printer, scanner, and ERP dependencies. Schnoll highlights overlooked controls such as Conditional Access, PIM, and continuous monitoring, plus blind spots in audit logs around … More → The post The Exchange Online security controls organizations keep getting wrong appeared first on Help Net Security.

Impact

Exchange Online, Microsoft 365, SMTP AUTH, Conditional Access, Privileged Identity Management

Exploitation Status

No active exploitation has been reported at this time. However, organizations should still apply patches promptly as proof-of-concept code may exist.

Timeline

Newly disclosed

Remediation

Organizations should change default settings, disable legacy protocols like SMTP AUTH where possible, and implement Conditional Access and PIM. Continuous monitoring of audit logs is also recommended.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Microsoft, Critical.

Read Original Article

Related Coverage

ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access

The Hacker News

The ShadowPad malware is exploiting a recently patched vulnerability in Microsoft Windows Server Update Services (WSUS), identified as CVE-2025-59287, allowing attackers to gain full system access. This exploitation highlights the critical need for organizations to promptly apply security updates to vulnerable systems to prevent unauthorized access.

Nov 24, 2025

⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More

The Hacker News

This week, significant cybersecurity threats emerged as hackers exploited new 0-day vulnerabilities in Fortinet and Chrome, infiltrating supply chains and SaaS tools. The rapid response from major companies like Microsoft, Salesforce, and Google highlights the severity of these attacks and the ongoing challenges in securing trusted applications and software updates.

Nov 24, 2025

Microsoft Highlights Security Risks Introduced by New Agentic AI Feature

SecurityWeek

Microsoft has raised concerns about the security risks associated with its new Agentic AI feature, highlighting the potential for AI agents to engage in malicious activities like data exfiltration and malware installation if not properly secured. This underscores the critical need for robust security controls to mitigate these risks.

Nov 24, 2025

ToddyCat’s New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens

The Hacker News

ToddyCat, a threat actor, has developed a new tool called TCSectorCopy to steal Outlook emails and Microsoft 365 access tokens by exploiting the OAuth 2.0 authorization protocol through users' browsers. This poses a significant threat to corporate email security, as it allows unauthorized access to sensitive information outside the compromised infrastructure.

Nov 25, 2025

Microsoft: Security keys may prompt for PIN after recent updates

BleepingComputer

Microsoft has alerted users that FIDO2 security keys may require a PIN for sign-in following recent Windows updates since September 2025. This change could affect user experience and security practices, particularly for those relying on these security keys for authentication.

Nov 26, 2025

Microsoft to secure Entra ID sign-ins from script injection attacks

BleepingComputer

Microsoft is set to enhance the security of its Entra ID authentication system to protect against external script injection attacks starting in mid-to-late October 2026. This improvement aims to mitigate potential vulnerabilities that could be exploited by attackers to compromise user sign-ins.

Nov 26, 2025