M365 Advanced Threat Protection: “Potential Nation-State Activity”
Increased nefarious activities by Nation-States has been widely reported and it’s on the increase and they’re not just targeting the multi-nationals or governments, they are going after anyone with data that may be useful or anyone who’s customer base may have useful data.
We believe these threats to be real, that their frequency will increase and that to ignore them would be foolish.
So how do we protect against such threats; surely their resources and technology is so vast and complex and if Governments and Corporations can’t protect themselves then what hope smaller targets have…
Thankfully all is not lost and we can go a long way towards doing this through the use of protection in depth or layers of protection. These layers or tools include:
- Alert staff who watch for something out of the ordinary and report it to their managers or IT support
Your staff are on the front line, they know their daily tasks and should report anything out of the ordinary - Advanced Controls around how your data can be accessed and from where, we call this Conditional Access
We block access to customer data from countries or regions they don’t operate in amongst a few other conditions - The use of Advanced Alerts like the new “Potential Nation-State Activity” being talked about here
- Monitoring other signals across Microsoft 365 platforms (something we do every day)
Microsoft have a proven track record when it comes to tracking, monitoring and mitigating Potential Nation-State Activity and their work with global security outfits like the FBI and others is to be applauded. I am thrilled to report that Microsoft have extended their monitoring platforms to be able to identify the traces and fingerprints that such activity creates within the Microsoft 365 platform.
From Microsoft’s Roadmap: “Nation state threats are defined as cyber threat activity that originates in a particular country with the apparent intent of furthering national interests. These attacks represent some of the most advanced and persistent threat activity Microsoft tracks. 
The Microsoft Threat Intelligence Center follows these threats, builds comprehensive profiles of the activity, and works closely with all Microsoft security teams to implement detections and mitigations to protect our customers”. These events are being integrated into Microsoft’s Defender Security systems across the 365 platform.