M365 Disabling of Security Tools
Detection overview
Triggers
- Activities which weaken or disable Office 365 protective security features and tools.
Possible Root Causes
- Attackers will attempt to disable or downgrade Office 365 security mechanisms to blind defenders or to enable further malicious activities without the risk of detection.
- In some cases, administrators may disable security mechanisms while troubleshooting problems.
Business Impact
- ttackers who have successfully degraded, disabled, or bypassed security controls can more easily progress towards their objectives.
- Degraded or disabled security controls increase the potential impact of both present and future attacks against the organization.
Steps to Verify
- Review if this configuration is expected and appropriate in light of any available compensating controls.
- If this is a temporary configuration for troubleshooting purposes, confirm it has been reenabled once that troubleshooting is complete.
M365 Disabling of Security Tools
Possible root causes
Malicious Detection
Benign Detection
M365 Disabling of Security Tools
Example scenarios
M365 Disabling of Security Tools
Business impact
If this detection indicates a genuine threat, the organization faces significant risks:
M365 Disabling of Security Tools
Steps to investigate
M365 Disabling of Security Tools
Related detections
No items found.