Back

How Microsoft Prepares for Emerging Security Threats

By now, we've all heard the scary stories of hackers that have been circulating the last few months.  Luckily, Microsoft is proactive about security threats and ensuring that your data in the cloud is as safe as safe can be.  As a Microsoft Gold Partner, Agile...

3 min read
Published on Nov 18, 2014
How Microsoft Prepares for Emerging Security Threats

By now, we’ve all heard the scary stories of hackers that have been circulating the last few months.  Luckily, Microsoft is proactive about security threats and ensuring that your data in the cloud is as safe as safe can be.  As a Microsoft Gold Partner, Agile IT is proud to move our customers into the Microsoft Cloud, knowing that Microsoft is always one step ahead.  Contact us today to make the move to Office 365, where you can securely, safely access your data from anywhere.

 

If you have been following the From Inside the Cloud series, we regularly bring you an insider’s view on how we operate and manage the Office 365 service for security, privacy and compliance directly from the people behind the service.

 

Recently, there have been a number of cyber security related news articles about vulnerabilities and exploits. If you are wondering if the Cloud increases your data risk, in this week’s episode we focus on the measures that our engineering team has in place to prepare for emerging security threats to the Office 365 service.

 

As we explain in this short video, we operate under the assumption that no computer system is perfectly secure, so we invest heavily in the “Assume Breach” approach.

 

Our colleague, Vivek Sharma, in his discussion on whether your data is safe at rest, highlighted the role of the Red and Blue teams as part of our “Assume Breach” approach.

 

And as core strategists of this approach for Office 365, today’s post focuses further on explaining the role of our Red team, an internal dedicated team of “white hat” hackers from varied industry backgrounds such as broader technology industry, defense and government, who conduct penetration testing on our system.

 

As a team, we push ourselves to creatively anticipate and simulate attacks from real-world adversaries using Tactics, Techniques and Procedures (TTP) that we know from ongoing research on emerging threats and trends. This then leads to the proactive exploration of vulnerabilities during a phase we call “reconnaissance” followed by “exploitation” where we try to bypass protections that may be in place and then lastly attempts to “access” the data. We in fact offer a number of examples of how we may go about this in this video.

 

Of course, as we do this there are clear rules of engagement to ensure that as we test the system we do not target customer data, impact service availability or compromise existing in place security.

 

Further, balancing the Red team is the Blue team whose role it is to monitor activities within the system to detect anomalous behavior and take action. As hard as the Red team is trying to find and exploit vulnerabilities the Blue team is trying to detect, investigate and mitigate security events.

 

Our red and blue teams work together within engineering to fix and harden the service. You can see and hear more on the Blue team’s work in our next post on Office Blogs, with lead engineer Matt Swann, who takes us behind the scenes of intrusion detection.

 

The combined efforts of our teams go toward improving detection by evolving our machine learning algorithms for the detection of anomalous activity as well as incident response.

 

We hope that today’s explanation offers a useful overview of how we prepare and plan for emerging security threats to keep your data safe.

 

Let us know what else you would like us to cover in this series—send us your comments and questions—and of course you can find more by visiting the Office 365 Trust Center.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

CMMC Documentation Requirements: Avoid Assessment Failure

GIGO: Garbage In, Garbage Out: Why Documentation Can Make or Break Your CMMC Success

Strong documentation is critical to CMMC success. Learn the key evidence assessors expect and how to avoid common documentation failures.

Jul 24, 2025
5 min read
Fast-Track CMMC Certification for Urgent Contracts

How to Fast-Track CMMC Certification for Urgent Contracts with AgileThrive JumpStart

Need urgent CMMC certification? AgileThrive JumpStart accelerates compliance for DoD contractors with fast-track assessments, gap analysis, and rapid audit readiness.

Jul 21, 2025
5 min read
Defending Against Email Compromise

Defending Against Email Compromise: Safeguarding Accounting & Procurement

Discover how to defend accounting and procurement teams from email compromise in the Defense Industrial Base. Learn CMMC-aligned best practices using Microsoft 365.

Jul 15, 2025
4 min read
Technical vs. Process Controls in CMMC Compliance

Understanding Technical vs. Process Controls for CMMC Compliance

Understand the difference between technical and process controls in CMMC compliance. Learn how both work together to protect FCI and CUI data effectively.

Jul 14, 2025
4 min read
20 Essential Questions to Ask a Managed Service Provider

Top Questions to Ask Your Managed Service Provider (MSP)

Looking for a new MSP? Stay ahead with the top questions to ask—from security and scalability to pricing and offboarding. Vet your provider with confidence.

Jul 12, 2025
5 min read
Overview of CMMC 2.0 and Its Levels: DoD Compliance Guide

CMMC 2.0 Explained: Levels, Compliance Requirements, and Key Changes

CMMC 2.0 simplifies cybersecurity requirements for DoD contractors. Explore an overview of its levels, key changes from CMMC 1.0, and what each level means for compliance.

Jul 11, 2025
6 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don't want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122