Remediation and Hardening Strategies for Microsoft 365 to Defend Against APT29
APT29 and other threat actors have used several methodologies to move laterally from on-premises networks to the cloud, specifically Microsoft 365. This paper will help organizations understand these techniques used by APT29, how to proactively harden their environments, and how to remediate environments where similar techniques have been observed.
It is important to note that there is no formal security boundary between on-premises networks and cloud services provided by Microsoft 365. If an organization discovers evidence of targeted threat actor activity in their on-premises network, a thorough review of the cloud environment is often necessary as well.