Triggers
- Activities which weaken or disable Office 365 protective security features and tools.
Possible Root Causes
- Attackers will attempt to disable or downgrade Office 365 security mechanisms to blind defenders or to enable further malicious activities without the risk of detection.
- In some cases, administrators may disable security mechanisms while troubleshooting problems.
Business Impact
- ttackers who have successfully degraded, disabled, or bypassed security controls can more easily progress towards their objectives.
- Degraded or disabled security controls increase the potential impact of both present and future attacks against the organization.
Steps to Verify
- Review if this configuration is expected and appropriate in light of any available compensating controls.
- If this is a temporary configuration for troubleshooting purposes, confirm it has been reenabled once that troubleshooting is complete.