M365 Disabling of Security Tools

View all detections
M365 Disabling of Security Tools


  • Activities which weaken or disable Office 365 protective security features and tools.

Possible Root Causes

  • Attackers will attempt to disable or downgrade Office 365 security mechanisms to blind defenders or to enable further malicious activities without the risk of detection.
  • In some cases, administrators may disable security mechanisms while troubleshooting problems.

Business Impact

  • ttackers who have successfully degraded, disabled, or bypassed security controls can more easily progress towards their objectives.
  • Degraded or disabled security controls increase the potential impact of both present and future attacks against the organization.

Steps to Verify

  • Review if this configuration is expected and appropriate in light of any available compensating controls.
  • If this is a temporary configuration for troubleshooting purposes, confirm it has been reenabled once that troubleshooting is complete.